Rims to focus on federal approach to cyber and pandemics

US risk management society Rims said in mid-March that advocating for the risk management profession at the highest level is an integral part of its mission. It explained that the society’s external affairs committee, RISK PAC, met in February to review existing and looming legislative activity that could impact the profession, and identified that the potential state-backed pandemic scheme and a federal cyber standard were top priorities.

A spokesman for the society tells Global Risk Manager (GRM) that, during the Rims Legislative Summit in June, its leaders will meet with elected officials to discuss the need for a more uniform national cyber regulation, and progress on the pandemic scheme. “The society will lend its support and volunteer to help with this initiative, should legislation be introduced,” he says of the cyber standard.

There have been various proposals for how to better deal with the economic damage caused by pandemics and outbreaks of communicable diseases in the US since the onset of Covid-19, as well as huge, largely uninsured, business interruption losses triggered by lockdowns.

The main effort supported by Rims is the Pandemic Risk Insurance Act (PRIA), which was originally introduced by Congresswoman Carolyn Maloney (D-NY) in 2020 and then reintroduced on November 2, 2021.

Public-private compensation
“The proposed legislation would create a federal programme that provides a transparent system of shared public and private insurance-backed compensation for business interruption losses resulting from a pandemic or an outbreak of communicable disease. In doing so, it would help create a much softer market for buyers of pandemic risk insurance,” explains Rims.

Rims believes the focus of the bill should be on smaller businesses that are less able to cope with such catastrophes.

The US Congress website explains: “The programme generally provides compensation to property and casualty insurers if they incur losses as a result of coverage related to pandemics and outbreaks of disease. All insurers as specified in the bill must participate in the programme. These insurers must offer, in all property and casualty insurance policies, coverage of losses related to an outbreak of infectious disease or a pandemic for which a covered public health emergency is certified by the Department of Health and Human Services.

“Additionally, these insurers must offer, in all their commercial property insurance policies, coverage to compensate the insured for a portion of 180 days’ fixed costs and payroll triggered upon the certification of a public health emergency and state or local government closure orders, without requiring specific proof of losses,” it continues.

Congress explains that the bill establishes the share of insured losses covered by the programme and conditions for payment to insurers. The bill also provides for the treatment of reinsurance, captive insurers, other self-insurance arrangements, and state residual market insurance entities.

The next step is that the Government Accountability Office will report on the availability and affordability of property and casualty insurance, says Congress.

Cybersecurity
The other big focus is on cybersecurity and data privacy. The big problem for US companies is that there is no joined-up approach currently at federal level, compared with Europe, for example, which has a range of national data protection regulations that all fall under the European Union’s General Data Protection Regulation (GDPR), introduced in 2018.

Companies that operate across borders in Europe may not like the GDPR but at least they know what they are dealing with across the entire continent. They can therefore build their risk management and mitigation strategies around a generally common set of standards.

Rims would like to see a similar approach adopted at Federal level in the US.

“Forty-seven states, the District of Columbia and three territories have enacted varying data breach notification laws that are far from uniform. Rims recognises that for businesses operating in multiple states, compliance with a patchwork of state requirements creates confusion and lessens efficiency. This, and the threat of legal action for non-compliance, is why we believe a national standard for data security and breach notification is critical,” states the society.

“As technology continues to evolve and organisations become more dependent on digital communication and online commerce, Rims’ advocacy efforts in this arena will focus on helping to define a federal framework for protecting privacy and data systems,” Rims says.

Federal cyber approach
Rims points out that the American Data and Dissemination Act, the Consumer Protect Act and the Data Care Act were presented in previous Congressional sessions but, currently, no similar bill is pending. The effort seems to have ground to a halt and Rims would like to see this reinvigorated.

It would be good for all Rims members and international companies that operate in the US if a federal approach were adopted for this critical risk area. Systemic risks such as cyber and pandemics cannot really be effectively dealt with on a state or national basis.

These risks, by their very nature, need a more joined-up approach that cuts across borders and recognise the global nature of the modern economy. If nothing else, insurers will struggle to come up with viable risk transfer solutions to these challenging risks if there are no common standards.

At this time of high geopolitical tension and rising climate change and health risks, representative groups for the risk and insurance management community such as Rims need to work closely with their peers in Europe (Ferma), Asia-Pacific (Parima) and elsewhere to call for a more collective and consistent legal and regulatory framework from their regional and international leaders. The time is now.