BILL REQ. #:  Z-0479.1 

Read first time 01/23/09.   Referred to Committee on Financial Institutions & Insurance.

     AN ACT Relating to business continuity plans for domestic insurers; amending RCW 48.07.160, 48.07.170, 48.07.180, 48.07.190, and 48.07.200; and adding a new section to chapter 48.07 RCW.

BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF WASHINGTON:

Sec. 1   RCW 48.07.160 and 1963 c 195 s 25 are each amended to read as follows:
     It is desirable for the general welfare and in particular for the welfare of insurance beneficiaries, policyholders, claimants, subscribers, and others that the business of domestic insurers be continued notwithstanding the event of a local, state, or national emergency. The purpose of this section ((and)), RCW 48.07.170 through 48.07.200, and section 6 of this act is to facilitate the continued operation of domestic insurers in the event that a local, state, or national emergency is ((caused by an attack on the United States which is)) so disruptive of normal business and commerce ((in this state)) as to make it impossible or impracticable for a domestic insurer to conduct its business in accord with applicable provisions of law, its bylaws, or its charter. When used in this section ((and)), RCW 48.07.170 through 48.07.200, and section 6 of this act the word "insurer" ((includes a fraternal benefit society)) means the same as defined in RCW 48.01.053.

Sec. 2   RCW 48.07.170 and 1963 c 195 s 26 are each amended to read as follows:
     The board of directors of any domestic insurer may at any time adopt emergency bylaws, subject to repeal or change by action of those having power to adopt regular bylaws for such insurer, which shall be operative during such a local, state, or national emergency and which may, notwithstanding any different provisions of the regular bylaws, or of the applicable statutes, or of such insurer's charter, make any provision that may be reasonably necessary for the operation of such insurer during the period of such emergency.

Sec. 3   RCW 48.07.180 and 1963 c 195 s 27 are each amended to read as follows:
     In the event that the board of directors of a domestic insurer has not adopted emergency bylaws, the following provisions shall become effective upon the occurrence of such a local, state, or national emergency as ((above)) described in this chapter:
     (1) Three directors shall constitute a quorum for the transaction of business at all meetings of the board.
     (2) Any vacancy in the board may be filled by a majority of the remaining directors, though less than a quorum, or by a sole remaining director.
     (3) If there are no surviving directors, but at least three vice presidents of such insurer survive, the three vice presidents with the longest term of service shall be the directors and shall possess all of the powers of the previous board of directors and such powers as are granted ((herein)) in this chapter or by subsequently enacted legislation. By majority vote, such emergency board of directors may elect other directors. If there are not at least three surviving vice presidents, the commissioner or duly designated person exercising the powers of the commissioner shall appoint three persons as directors who shall include any surviving vice presidents and who shall possess all of the powers of the previous board of directors and such powers as are granted ((herein)) in this chapter or by subsequently enacted legislation, and these persons by majority vote may elect other directors.

Sec. 4   RCW 48.07.190 and 1963 c 195 s 28 are each amended to read as follows:
     At any time the board of directors of a domestic insurer may, by resolution, provide that in the event of such a local, state, or national emergency and in the event of the death or incapacity of the president, the secretary, or the treasurer of such insurer, such officers, or any of them, shall be succeeded in the office by the person named or described in a succession list adopted by the board of directors. Such list may be on the basis of named persons or position titles, shall establish the order of priority and may prescribe the conditions under which the powers of the office shall be exercised.

Sec. 5   RCW 48.07.200 and 1963 c 195 s 29 are each amended to read as follows:
     At any time the board of directors of a domestic insurer may, by resolution, provide that in the event of such a local, state, or national emergency the principal office and place of business of such insurer shall be at such location as is named or described in the resolution. Such resolution may provide for alternate locations and establish an order of preference.

NEW SECTION.  Sec. 6   A new section is added to chapter 48.07 RCW to read as follows:
     (1) Each domestic insurer must create and maintain a written business continuity plan identifying procedures relating to a local, state, or national emergency or significant business disruption. These procedures must be reasonably designed to enable the insurer to meet its existing obligations to insurance beneficiaries, policyholders, claimants, subscribers, and others. In addition, these procedures must address the insurer's existing relationships with affiliates, third-party service providers, the national association of insurance commissioners, and the commissioner. The business continuity plan must be made available upon request to the commissioner.
     (2) Each insurer must update its plan in the event of any material change to the insurer's operations, structure, business, or location. Each insurer must also conduct an annual review and test of its business continuity plan to determine whether any modifications are necessary in light of changes to the insurer's operations, structure, business, or location.
     (3) The elements that comprise a business continuity plan are flexible and may be tailored to the size and needs of an insurer. Each plan, however, must at a minimum, address:
     (a) Data back-up and recovery (hard copy and electronic);
     (b) Information system disaster recovery (main site and alternate site);
     (c) All financially significant activities and applications;
     (d) Restoration priority based upon a business impact analysis;
     (e) Alternate communications between policyholders or subscribers and the insurer;
     (f) Alternate communications between the insurer and its employees;
     (g) Alternate physical location of employees;
     (h) Regulatory reporting;
     (i) Communications with regulators; and
     (j) How the insurer will assure policyholders' prompt access to their funds and securities in the event that the insurer determines that it is unable to continue its business.
Each insurer must address the categories listed in this subsection to the extent applicable and necessary. If a category is not applicable, the insurer's business continuity plan need not address the category. The insurer's business continuity plan, however, must document the rationale for not including such a category in its plan. If an insurer relies on an affiliate or third-party service provider for any of the categories listed in this subsection or any financially significant system, application, or activities, the insurer's business continuity plan must address this relationship.
     (4) Insurers must clearly describe senior management roles and responsibilities associated with the declaration of an emergency and implementation of the business continuity and disaster recovery plans.
     (5) Insurers must designate a member of senior management to approve the plan and be responsible for conducting the required annual review and test.
     (6) Each insurer must disclose to its policyholders or subscribers how its business continuity plan addresses the possibility of a future significant business disruption and how the insurer plans to respond to events of varying scope. At a minimum, this disclosure must be made in writing to policyholders or subscribers at issuance of policy or account opening, posted on the insurer's internet web site (if the insurer maintains a web site), and mailed to policyholders or subscribers upon request.
     (7) For purposes of this section, "financially significant applications" means computer software, including system programs and application programs, which are used to perform automated processing of a financially significant account balance or set of transactions. This includes financially significant e-business systems.