Sections 44-9001 to 44-9011 shall be known and may be cited as the Risk Management and Own Risk and Solvency Assessment Act.

(1) The purposes of the Risk Management and Own Risk and Solvency Assessment Act are to provide requirements for maintaining a risk management framework and completing an own risk and solvency assessment and to provide guidance and instructions for filing an own risk and solvency assessment summary report with the director.

(2) The requirements of the act apply to all insurers domiciled in this state unless exempt pursuant to section 44-9008.

The Legislature finds and declares that the own risk and solvency assessment summary report will contain confidential and sensitive information related to an insurer's or insurance group's identification of risks that is material and relevant to the insurer or insurance group filing the report. The information will include proprietary and trade secret information that has the potential for harm and competitive disadvantage to the insurer or insurance group if the information is made public. It is the intent of the Legislature that the own risk and solvency assessment summary report shall be a confidential document filed with the director, that the own risk and solvency assessment summary report shall be shared only as provided in the Risk Management and Own Risk and Solvency Assessment Act and to assist the director in the performance of his or her duties, and that in no event shall the own risk and solvency assessment summary report be subject to public disclosure.

For purposes of the Risk Management and Own Risk and Solvency Assessment Act:

(1) Director means the Director of Insurance;

(2) Insurance group means those insurers and affiliates included within an insurance holding company system as defined in section 44-2121;

(3) Insurer has the same meaning as in section 44-103, except that it does not include agencies, authorities, or instrumentalities of the United States, its possessions and territories, the Commonwealth of Puerto Rico, the District of Columbia, or a state or political subdivision of a state;

(4) Own risk and solvency assessment means a confidential internal assessment, appropriate to the nature, scale, and complexity of an insurer or insurance group, conducted by the insurer or insurance group, of the material and relevant risks associated with the insurer's or insurance group's current business plan and the sufficiency of capital resources to support those risks;

(5) Own risk and solvency assessment guidance manual means the own risk and solvency assessment guidance manual prescribed by the director which conforms substantially to the Own Risk and Solvency Assessment Guidance Manual developed and adopted by the National Association of Insurance Commissioners. A change in the own risk and solvency assessment guidance manual shall be effective on the January 1 following the calendar year in which the change has been adopted by the director; and

(6) Own risk and solvency assessment summary report means a confidential, high-level summary of an insurer's or insurance group's own risk and solvency assessment.

An insurer shall maintain a risk management framework to assist the insurer with identifying, assessing, monitoring, managing, and reporting on its material and relevant risks. This requirement is satisfied if the insurance group of which the insurer is a member maintains a risk management framework applicable to the operations of the insurer.

Subject to section 44-9008, an insurer, or the insurance group of which the insurer is a member, shall regularly conduct an own risk and solvency assessment consistent with a process comparable to the own risk and solvency assessment guidance manual. The own risk and solvency assessment shall be conducted no less than annually but also at any time when there are significant changes to the risk profile of the insurer or the insurance group of which the insurer is a member.

(1) Upon the director's request, and no more than once each year, an insurer shall submit to the director an own risk and solvency assessment summary report or any combination of reports that together contain the information described in the own risk and solvency assessment guidance manual applicable to the insurer or the insurance group of which the insurer is a member. Notwithstanding any request from the director, if the insurer is a member of an insurance group, the insurer shall submit the report required by this subsection if the director is the lead state insurance commissioner of the insurance group.

(2) The report shall include a signature of the insurer's or insurance group's chief risk officer or other executive having responsibility for the oversight of the insurer's enterprise risk management process attesting to the best of his or her belief and knowledge that the insurer applies the enterprise risk management process described in the own risk and solvency assessment summary report and that a copy of the report has been provided to the insurer's board of directors or the appropriate committee thereof.

(3) An insurer may comply with subsection (1) of this section by providing the most recent and substantially similar report provided by the insurer or another member of an insurance group of which the insurer is a member to the insurance commissioner of another state or to a supervisor or regulator of a foreign jurisdiction if that report provides information that is comparable to the information described in the own risk and solvency assessment guidance manual. Any such report in a language other than English must be accompanied by a translation of that report into the English language.

(4) The first filing of the own risk and solvency assessment summary report shall be in 2015.

(1) An insurer shall be exempt from the requirements of the Risk Management and Own Risk and Solvency Assessment Act if:

(a) The insurer has annual direct written and unaffiliated assumed premium, including international direct and assumed premium but excluding premiums reinsured with the Federal Crop Insurance Corporation and National Flood Insurance Program, of less than five hundred million dollars; and

(b) The insurance group of which the insurer is a member has annual direct written and unaffiliated assumed premium, including international direct and assumed premium but excluding premiums reinsured with the Federal Crop Insurance Corporation and National Flood Insurance Program, of less than one billion dollars.

(2) If an insurer qualifies for exemption pursuant to subdivision (1)(a) of this section, but the insurance group of which the insurer is a member does not qualify for exemption pursuant to subdivision (1)(b) of this section, then the own risk and solvency assessment summary report required pursuant to section 44-9007 shall include every insurer within the insurance group. This requirement may be satisfied by the submission of more than one own risk and solvency assessment summary report for any combination of insurers if the combination of reports includes every insurer within the insurance group.

(3) If an insurer does not qualify for exemption pursuant to subdivision (1)(a) of this section, but the insurance group of which the insurer is a member qualifies for exemption pursuant to subdivision (1)(b) of this section, then the only own risk and solvency assessment summary report required pursuant to section 44-9007 shall be the report applicable to that insurer.

(4) An insurer that does not qualify for exemption pursuant to subsection (1) of this section may apply to the director for a waiver from the requirements of the act based upon unique circumstances. In deciding whether to grant the insurer's request for waiver, the director may consider the type and volume of business written, ownership and organizational structure, and any other factor the director considers relevant to the insurer or insurance group of which the insurer is a member. If the insurer is part of an insurance group with insurers domiciled in more than one state, the director shall coordinate with the lead state insurance commissioner and with the other domiciliary insurance commissioners in considering whether to grant the insurer's request for a waiver.

(5) Notwithstanding the exemptions stated in this section:

(a) The director may require that an insurer maintain a risk management framework, conduct an own risk and solvency assessment, and file an own risk and solvency assessment summary report based on unique circumstances, including, but not limited to, the type and volume of business written, ownership and organizational structure, federal agency requests, and international supervisor requests; and

(b) The director may require that an insurer maintain a risk management framework, conduct an own risk and solvency assessment, and file an own risk and solvency assessment summary report if the insurer has risk-based capital for a company action level event as set forth in section 44-6016, meets one or more of the standards of an insurer deemed to be in hazardous financial condition as defined by rule and regulation adopted and promulgated by the director to define standards for companies deemed to be in hazardous financial condition, or otherwise exhibits qualities of a troubled insurer as determined by the director.

(6) If an insurer that qualified for an exemption pursuant to subsection (1) of this section no longer qualifies for that exemption due to changes in premium as reflected in the insurer's most recent annual statement or in the most recent annual statements of the insurers within the insurance group of which the insurer is a member, the insurer shall have one year after the year the threshold is exceeded to comply with the requirements of the act.

(1) An own risk and solvency assessment summary report shall be prepared consistent with the own risk and solvency assessment guidance manual, subject to the requirements of subsection (2) of this section. Documentation and supporting information shall be maintained and made available upon examination or upon request of the director.

(2) The review of the own risk and solvency assessment summary report, and any additional requests for information, shall be made using similar procedures currently used in the analysis and examination of multistate or global insurers and insurance groups.

(1) Documents, materials, or other information, including the own risk and solvency assessment summary report, in the possession or control of the director that are obtained by, created by, or disclosed to the director or any other person under the Risk Management and Own Risk and Solvency Assessment Act, is recognized by this state as being proprietary and to contain trade secrets. All such documents, materials, or other information shall be confidential by law and privileged, shall not be a public record subject to disclosure by the director pursuant to sections 84-712 to 84-712.09, shall not be subject to subpoena, and shall not be subject to discovery or admissible in evidence in any private civil action. The director may use the documents, materials, or other information in the furtherance of any regulatory or legal action brought as a part of the director's official duties. The director shall not otherwise make the documents, materials, or other information public without the prior written consent of the insurer.

(2) Neither the director nor any person who received documents, materials, or other own risk and solvency assessment related information through examination or otherwise while acting under the authority of the director or with whom such documents, materials, or other information are shared pursuant to the act shall be permitted or required to testify in any private civil action concerning any confidential documents, materials, or information subject to subsection (1) of this section.

(3) In order to assist in the performance of the director's regulatory duties, the director:

(a) May, upon request, share documents, materials, or other own risk and solvency assessment information, including the confidential and privileged documents, materials, or information subject to subsection (1) of this section, including proprietary and trade secret documents and materials, with other state, federal, and international financial regulatory agencies, including members of any supervisory college under section 44-2137.01, with the National Association of Insurance Commissioners, and with any third-party consultants designated by the director, if the recipient agrees in writing to maintain the confidentiality and privileged status of the documents, materials, or other information and has verified in writing the legal authority to maintain confidentiality; and

(b) May receive documents, materials, or other own risk and solvency assessment information, including otherwise confidential and privileged documents, materials, or information, including proprietary and trade secret documents and materials, from regulatory officials of other foreign or domestic jurisdictions, including members of any supervisory college under section 44-2137.01, and from the National Association of Insurance Commissioners, and shall maintain as confidential or privileged any documents, materials, or information received with notice or the understanding that it is confidential or privileged under the laws of the jurisdiction that is the source of the document, material, or information.

(4) The director shall enter into a written agreement with the National Association of Insurance Commissioners or a third-party consultant governing sharing and use of information provided pursuant to the act that:

(a) Specifies procedures and protocols regarding the confidentiality and security of information shared with the National Association of Insurance Commissioners or a third-party consultant pursuant to the act, including procedures and protocols for sharing by the National Association of Insurance Commissioners with other state regulators from states in which the insurance group has domiciled insurers. The agreement shall provide that the recipient agrees in writing to maintain the confidentiality and privileged status of the documents, materials, or other information and has verified in writing the legal authority to maintain confidentiality;

(b) Specifies that ownership of information shared with the National Association of Insurance Commissioners or a third-party consultant pursuant to the act remains with the director and that the National Association of Insurance Commissioners' or a third-party consultant's use of the information is subject to the direction of the director;

(c) Prohibits the National Association of Insurance Commissioners or a third-party consultant from storing the information shared pursuant to the act in a permanent database after the underlying analysis is completed;

(d) Requires prompt notice to be given to an insurer whose confidential information in the possession of the National Association of Insurance Commissioners or a third-party consultant pursuant to the act is subject to a request or subpoena to the National Association of Insurance Commissioners or a third-party consultant for disclosure or production;

(e) Requires the National Association of Insurance Commissioners or a third-party consultant to consent to intervention by an insurer in any judicial or administrative action in which the National Association of Insurance Commissioners or a third-party consultant may be required to disclose confidential information about the insurer shared with the National Association of Insurance Commissioners or a third-party consultant pursuant to the act; and

(f) As part of the retention process, requires a third-party consultant to verify to the director, with notice to the insurer, that it is free of any conflict of interest and that it has internal procedures in place to monitor compliance with any conflicts and to comply with the act's confidentiality standards and requirements. The retention agreement with a third-party consultant shall require prior written consent of the insurer before making public any information provided pursuant to the act as required in subsection (1) of this section.

(5) The sharing of information and documents by the director pursuant to the act shall not constitute a delegation of regulatory authority or rulemaking, and the director is solely responsible for the administration, execution, and enforcement of the provisions of the act.

(6) No waiver of any applicable privilege or claim of confidentiality in the documents, materials, or other own risk and solvency assessment information shall occur as a result of disclosure of such documents, materials, or other information to the director under this section or as a result of sharing as authorized in the act.

(7) Documents, materials, or other information in the possession or control of the National Association of Insurance Commissioners or a third-party consultant pursuant to the act shall be confidential by law and privileged, shall not be a public record subject to disclosure by the director pursuant to sections 84-712 to 84-712.09, shall not be subject to subpoena, and shall not be subject to discovery or admissible in evidence in any private civil action.

Any insurer failing, without just cause, to timely file its own risk and solvency assessment summary report as required in the Risk Management and Own Risk and Solvency Assessment Act shall be required, after notice and hearing, to pay a penalty of not to exceed two hundred dollars for each day's delay. The maximum penalty under this section is ten thousand dollars. The director may reduce the penalty if the insurer demonstrates to the director that the imposition of the penalty would constitute a financial hardship to the insurer. The director shall remit any penalties collected under this section to the State Treasurer for distribution in accordance with Article VII, section 5, of the Constitution of Nebraska.