Category Archives: Uncategorized

Игроки всегда ценят удобный и стабильный доступ к играм. Для этого идеально подходит зеркало Вавады, которое позволяет обходить любые ограничения, обеспечивая доступ ко всем бонусам и слотам.

Captives under Scrutiny

Posted on by

A mere decade ago, captive insurers were viewed by most regulators as a small, even exotic part of the insurance industry. Most were assumed to be offshore and aroused little attention. Now, captives have gone mainstream. A sizable, but undetermined, portion of the property casualty coverage is placed through, or issued by, captives. A good guess is 30% to 40%, but no one has been able to establish an accurate number. Thirty-nine states have some form of captive or self-insurance law. Captives are now part of everyday life for regulators and the result is more scrutiny.

The issues now on the agenda for captives are significant:

• XXX and AXXX Reinsurance Captives

According to Superintendent Joseph Torti (Rhode Island), 80% to 85% of life and annuity insurance is ceded to reinsurers. Much of the so-called “excess reserves” required by Rules XXX and AXXX are ceded to captive reinsurers or special purpose vehicles owned by the same licensed life and annuity companies which cede the risk. Because the amount of this risk is so large, any trouble collecting this reinsurance could have a major effect on the industry. Some regulators, even a few who approved these cessions, have criticized these arrangements. In some cases, the collateral for the reserves has been subject to parental guarantees, which tends to undermine the confidence which can be placed in the transaction. The NAIC is continuing its examination and has met some stiff resistance from the industry.

• Multistate Insurers 

The proposal to amend the preamble to the NAIC Accreditation Standards to treat captive reinsurers as “multistate insurers” (with some limited exceptions) was withdrawn at the last NAIC meeting in Louisville. A new proposal should be forthcoming (and may have already been issued by the date of publication of this Newsletter). The premise of this proposed change is that non-domiciliary regulators need to know how insurance issued in another state may affect the citizens of their state. The opposite point of view is that the regulators of the domicile have done their job and should be trusted by their regulator colleagues and that the transaction should not affect third parties, anyway. Some say the risk to the domestic captive industry is existential. If enacted and enforced, the proposed change could, ironically, drive much of the industry offshore and therefore beyond the authority of the regulators promoting it.

• Nonadmitted Risk and Reinsurance Act

Captives have been inadvertently drawn into the regulatory structure imposed by this federal legislation intended to streamline the reporting and payment of surplus lines taxes. It has shined a spotlight on the payment (or non-payment) of state self-procurement taxes, but, ironically, does not in any way alter either the application of them or their payment. While risk retention groups (RRGs) were able to get an exemption from the law during its formative phase, captives, because they are (generally) single state entities and therefore not doing business as a “non-admitted” insurer, did not even attempt to get an exemption. Now there is a group, the Coalition for Captive Insurance Clarity, which is seeking a legislative exemption on Capitol Hill.

• Insurance Company Income Taxation

The Internal Revenue Service is investigating several insurance pooling mechanisms and, in some cases, the captives that have utilized them to establish third party risk—which is essential for an insurer to get the benefit of insurance tax treatment. This investigation is presumably a response to the rapid growth of “micro-captives” as mechanisms to assist with avoidance of taxation in estate planning and wealth transfer. This process is in its early stages, but is likely to produce some dramatic results.

• Federal Home Loan Bank (FHLB)

Who would have thought that the FHLB would have anything to do with captives?  It appears that some captives, and at least one risk retention group, are members of the FHLB, which allows them to obtain federal funds at advantageous rates. The Federal Housing Finance Agency (FHFA), which regulates the twelve FHLBs, has proposed a rule that would exclude all captives from membership by defining “insurance company” to mean an entity which “has as its primary business the underwriting of risk for nonaffiliated persons.”

Why is this happening now? While there are numerous reasons for these kinds of actions, there are two primary motivators. First, regulation is always subject to the problem of “what’s worth doing is worth overdoing.” Reasonable minds can differ on the interpretation of statutes and regulations. Each of the above includes an element of “pushing the envelope,” which can be significant or insignificant issues depending on your point of view. Second, captives have been caught in the vortex of regulatory competition. As we have discussed before in this column, the National Association of Insurance Commissioners (NAIC), the Federal Insurance Office (FIO), and the International Association of Insurance Supervisors (IAIS) are jockeying for position and power. Add to the mix the position of the Organization for Economic Cooperation and Development (OECD) that captives may be used as a device to avoid taxation (“base erosion” in OECD parlance), and you have a tumult of regulatory action which at the same time can be challenging and conflicting in its goals and implementation.

What does this bode for the future of captives? Once you have been seen on the radar, it is hard to drop off. Captives can expect more of the same for the foreseeable future.

This blog was previously published on the Morris, Manning & Martin, LLP website.

The Case of the $1.7 Million Laptop

Posted on by

Federal regulators are serious about data privacy. Two recent announcements from the Department of Health and Human Services signal a new tough stance on guarding patient information and, in particular, on encrypting portable electronic devices.

The announcements settled cases against Concentra Health and QCA Health Plans and called for substantial payments — .

buy cenforce online imed.isid.org/wp-content/uploads/2023/10/jpg/cenforce.html no prescription pharmacy

7 million for Concentra and $250,000 for QCA — as well as extensive correction programs.  They stemmed from the loss of just two unencrypted laptops.

buy mobic online imed.isid.org/wp-content/uploads/2023/10/jpg/mobic.html no prescription pharmacy

What exactly is encryption?  What are the rules?  What do these two cases tell us?  And how should health care providers respond?

Encryption is the process of encoding or “scrambling” a message in such a way that the information becomes indecipherable to an unauthorized recipient. The message or information is encrypted using an algorithm that renders it unreadable. Only an authorized recipient, using a key, can convert it back into usable text.

HIPAA’s Security Rule is clear: Any electronically stored patient information must be safeguarded by encryption or an alternative reasonable means.  If an organization does not encrypt, it must document its decision and the reasons it was deemed not reasonable and appropriate.

In Concentra’s case, the settlement showed that Concentra Health knew that 163 of its 597 laptops were unencrypted. As luck would have it, the laptop stolen from Concentra ended up being one of the unencrypted devices. The investigation, by HHS’s Office for Civil Rights, revealed that Concentra did not take steps to encrypt this known inventory of unencrypted laptops. On top of that, Concentra did not document its reasons for failing to encrypt, nor did it adopt a reasonable alternative safeguard.

OCR did not look kindly on this. Ultimately, as a result of the investigation, Concentra agreed to a $1.7 million settlement payment as well as a burdensome and lengthy corrective action plan that can expose Concentra to additional penalties.

QCA Health Plans reported the theft of an unencrypted laptop from an employee’s car; an incident that affected only 148 individuals. Despite the low number of individuals affected, QCA paid $250,000 to settle potential violations of the HIPAA Privacy and Security Rules.

The Office of Civil Rights found that QCA had failed on a number of other fronts. They were systematically non-compliant. QCA didn’t establish a security program; they didn’t properly assess the risks of using Electronic Patient Health Information (ePHI) and they didn’t physically guard their equipment.

Doing the math, QCA settled for about $1,690 for each lost record—a hefty sum per person affected, and a cost that would have easily been avoided had the laptop been encrypted or proper security procedures put in place.

Looking at the bigger picture, the cost of encrypting a single laptop can be as low as $100. And larger institutions can obtain volume discounts, which can, at times, drive down costs to as low as $50 to $80 per device.

The message is clear. It makes sense to make sure every single device – without any exceptions – is encrypted. Or, as an alternative, to document the reasons for a different approach. And as the OCR explained in the QCA Health Plans case, a company has to have an established safety program.

buy pepcid online imed.isid.org/wp-content/uploads/2023/10/jpg/pepcid.html no prescription pharmacy

Looking at Concentra Health, it’s worth noting that they had already invested in encryption for nearly three quarters of their portable devices. They could have brought the rest into compliance for a fraction of the ultimate cost. Instead a single stolen laptop cost the company $1.7 million.

How Active Governance Can Advance Proactive Risk Intelligence

Posted on by

Boards, regulators and leadership teams are demanding more and more of risk, compliance, audit, IT and security teams. They are asking them to collaboratively focus on identifying, analyzing and managing the portfolio of risks that really matter to the business.

As risk management programs evolve to more formal processes aligned with business objectives, leaders are realizing that by developing a proactive mindset in risk and compliance management, teams can provide added value to help the organization gain agility by identifying new opportunities as well as managing down-side risk. Organizations with this new perspective are more successful in orchestrating change to provide a 360-degree view of both risk and opportunity.

Risk teams that are further along on the journey of leveraging proactive approaches to risk management look not only within the organization but beyond to supplier, third party and customer ecosystems. This means developing a view across the larger enterprise infocosm, to ensure alignment of people, processes and technologies.

An essential prerequisite to proactive risk management is a shift from passive to active governance. To build an active governance competence effectively, governance needs to be “active, engaged and embedded,” rather than “passive, reactive and irrelevant.”

Active governance means being thoughtful about alignment and interlocks policy, risk, compliance, quality and operational programs. Proactive risk intelligence throughout the organization can help it advance by aligning policies, procedures, facilitating an enterprise view of issues and orchestrating change to mitigate risk.

Align Policies, Procedures and Roles

Once proactive risk intelligence is understood and embraced as a concept, the next step is to develop agile and consistent policies that truly reflect and produce desired behavior. This means aligning business strategy and appetites with prescribed behavior, which is typically described not only through policies, but also through procedures, and embedded in role descriptions. It is important to make governance traceable in this way. Likewise, it is critical to make sure roles and responsibilities are aligned with policies and procedures so that employees, partners and third parties are empowered to do the right thing.

buy symbicort online bristolrehabclinic.ca/wp-content/uploads/2023/10/jpg/symbicort.html no prescription pharmacy

Foundational is consistency between policies and procedures in similar roles across geographies, cultures and business units. Some key things you can do to help your organization include:

  • Align Policies to Business Objectives — Ensure responsible management and oversight of resources by aligning policy to business intent. You can do this by mapping policies to risk tolerances and compliance requirements. Be explicit when defining legal and ethical boundaries.
  • Resolve Global/Local Conflicts in Policies and Procedures — Improve active governance by resolving local/global dissonance—often a policy at one level can contradict a similar overlapping policy at another level—it’s important to iron out discrepancies so that people have confidence in the policy and know it stands for something the organization values.
  • Engage the Right Subject Matter Experts for Policy Creation and Review — Policy life-cycle management can really help. Be sure to include alerts and intelligence to ensure policies reflect compliance to new and changing regulations and business obligations. Establish the right roles and responsibilities for creating, editing, reviewing and publishing polices. Automated workflow can help make this seemingly monumental task achievable. Empower the right decision-making processes for governance of policies and allocation of resources.

Gain an Enterprise View of Issues and Remediation

Now that your organization is looking at risks in the context of appetites, tied to policies that reinforce desired behavior, based on a common language, the next step is rapid, complete issue resolution. Mature organizations can provide a portfolio of issues and incidents, facilitating a 360 view.

By looking at all the incidents and issues tied to a risk, process or asset, your team will begin to develop a preventive capability, and be able to ‘right-size’ remediation investments. Key things you can do to help your organization include:

  • Manage issues as a portfolio — Look at issues across all sources, through a common process, across all aspects of the organization. Not only issues arising from audit, risk management and privacy and compliance teams, IT and security, but also extended to research and development, quality, environmental health and safety and human resource groups.
  • Develop a Proactive, preventive capability  — Think in terms of future changes and what issues may arise in risk and compliance management. For example, getting teams involved early in initiatives such as mergers and acquisitions, new product or service launches or expansion into new markets.
  • ‘Right-Size’ remediation investments — Optimize investments in remediation through end-end root cause analysis—when business units look at an issue in isolation, investments can be made that solve the problem locally, but push symptoms to an upstream or downstream process. Looking at issues across, down and through will help build the 360 views that get at the real root cause and appropriate remediation.

Orchestrate Change across Risk Processes

Creating proactive risk intelligence as a competency is in many ways all about orchestrating change. Continuous value creation is demanded of successful organizations in today’s dynamic world. When collaborative risk teams focus on continuous improvement, they will spot opportunities for operational efficiency and savings that can be used to fund innovations. As organizations mature, collaborative teams can be supported by risk and compliance centers of excellence, shared services and innovation labs.

  • Build a community dedicated to the vision of risk intelligence — Bring people and partners on board with a proactive mindset. Make sure continuous improvement fuels and funds innovation across and within core processes of governance, risk, compliance, privacy and security.
  • Continuously innovate — Manage a portfolio of innovation projects to mature centers of excellence, shared services and distinctive risk and compliance competencies. Leverage technologies to accelerate innovation and gain economies of scale.
  • Continuously improve — A formal investment program identifies synergies and funds strategic initiatives, certification and training programs.

The GRC journey is about orchestrating change to gain a competency of risk intelligence. It requires a proactive mindset and anticipation of future problems needs and changes.

buy pepcid online bristolrehabclinic.ca/wp-content/uploads/2023/10/jpg/pepcid.html no prescription pharmacy

Active governance is the first step in supporting change and building a competency of proactive risk intelligence by planning and thinking ahead at every stage of the risk management process.

buy revia online bristolrehabclinic.ca/wp-content/uploads/2023/10/jpg/revia.html no prescription pharmacy

Active governance goes beyond general oversight to ensure alignment and interlock strategy, through policy, procedures and roles in the operational fabric of the organization and carries through to suppliers, customers and third parties. By starting with these core aspects of active governance, you are in your way to creating a competency of proactive risk intelligence in your organization.

Amicus Supports Government’s Position in Mach Mining vs. EEOC

Posted on by

On Nov. 3, six advocacy groups representing the interests of workers and plaintiffs’ class action lawyers filed an amicus brief with the U.S. Supreme Court in Mach Mining v. EEOC, No. 13-1019. A copy is here.

Authored by the Civil Rights Clinic of the Dickinson School of Law and The Impact Fund, the amicus brief represents the collective views of multiple public interest organizations, including the National Employment Lawyers Association, The Impact Fund, the American Association of Retired Person, the Asian Americans Advancing Justice-Asian Law Caucus, Disability Rights California and Public Counsel.

The amicus brief was filed in support of the U.S. Equal Employment Opportunity Commission, which filed its Reply Brief with the SCOTUS on Oct. 27, 2014. In supporting the government’s position, the amicus asserted that the brief represents the “perspective of the victims of workplace discrimination whom Title VII is intended to protect.”

Given the importance of this case and the issue presented, the new amicus brief is well worth a read by employers.

The Context and the Stakes

Mach Mining v. EEOC is a big case for employers and for government enforcement litigation. In a game-changing decision in December 2013, the U.S. Court of Appeals for the Seventh Circuit ruled that an alleged failure to conciliate is not an affirmative defense to the merits of an employment discrimination suit brought by the EEOC.

That decision had far-reaching, real world significance to the employment community, for it means the EEOC is virtually immune from review in terms of the settlement positions it takes prior to suing employers: “pay millions or we will sue and announce it in a media release.”

We have blogged on this case at various points before, as the litigation winded through the lower courts and culminated in the precedent-setting decision of the Seventh Circuit reported at 738 F.3d 171 (7th Cir. 2013). Readers can find the previous posts here and here and here.

In essence, the Seventh Circuit determined that the EEOC’s pre-lawsuit conduct in the context of conciliation activities cannot be judicially reviewed. Subsequently, in what many SCOTUS watchers found ironic, even though the EEOC prevailed in the Seventh Circuit, the Government also backed Mach Mining’s request for SCOTUS review to resolve the disagreement among the courts of appeals regarding the EEOC’s conciliation obligations. Given the stakes, the SCOTUS accepted Mach Mining’s petition for certiorari in short order to resolve this issue.

Amicus Briefs for the Defense

Employer groups have lined up behind Mach Mining to support reversal of the Seventh Circuit’s decision. Seyfarth Shaw LLP submitted an amicus brief to the U.S. Supreme Court on behalf of the American Insurance Association in Mach Mining. For blog readers interested in our amicus brief, a copy is here.

Amicus Brief Filed In Support of the EEOC

The amicus submission to the Supreme Court asserts that interpreting Title VII to allow judicial review of conciliation efforts by the EEOC would harm alleged victims of discrimination by violating the mandate of the statute that conciliation remain confidential. Judicial review, the amicus brief asserts, would chill full and frank settlement discussions; expose sensitive information about pre-lawsuit negotiations to the public, and hurt the cases of allegedly injured workers because federal judges might be potentially influenced by irrelevant settlement communications. The amicus brief also argues that if the SCOTUS interprets the statute to allow judicial review of pre-lawsuit conciliation efforts by the EEOC, dismissal is an overly harsh remedy where those efforts are determined to be inadequate (and instead the parties should be ordered to engage in further settlement negotiations).

The point of the amicus brief about compromising the impartiality of federal judges—by exposing the court to settlement discussions in conciliation—is somewhat surprising. Federal judges conduct mediations and settlement conferences as a matter of course, and are “exposed” to settlement discussions routinely.

Next Up on the Docket

Mach Mining’s answering brief is due on Nov. 26, 2014, and then the SCOTUS will set the case for oral argument for January 2015. We will keep our readers updated as developments occur in this litigation.

This post was previously published on the Seyfarth Shaw website here.