Earlier this month, an unauthorized third-party breached the National Association of Insurance Commissioners (NAIC) systems, exposing 2.1 million insurer regulatory filings PDFs, 40,000 quarterly filings, and over 45,000 licensed rating agency files from Moody’s Fitch, S&P, and others. To add insult to injury, NAIC waited nearly a full week before disclosing this publicly, despite the 72-hour disclosure standard that it requires of the insurers it oversees.
This stunning data breach occurred at the same time that the NAIC also has a current proposal to arbitrarily increase its supervisory powers over rating agencies and expand regulations — which will further entrench its own reach and pass higher costs down to consumers.
All the while, the NAIC is a 501(c)(3) nonprofit entity that does not file Form 990 disclosures like virtually every other nonprofit in America, and the organization circumvents any formal APA notice and comment process, allowing the NAIC and its members to unilaterally write regulations to the detriment of policyholders.
Taken together, these failures call into question everything NAIC is currently pursuing. An organization this unaccountable should not be expanding its regulatory footprint. The NAIC should pause all policy development until elected officials, who are accountable to the public, can get a full grasp of the NAIC’s unaccountable and potentially collusive behavior.
Read letters from leading trade associations with details on the NAIC’s June cybersecurity incident:
More from Pinpoint:
Subscribe to Pinpoint Policy Institute