81 FR 95312 - Guidance Concerning Stand-Alone Cyber Liability Insurance Policies Under the Terrorism Risk Insurance Program
DEPARTMENT OF THE TREASURY Federal Register Volume 81, Issue 248 (December 27, 2016)
Federal Register Volume 81, Issue 248 (December 27, 2016)
| Page Range | 95312-95313 | |
| FR Document | 2016-31244 |
[Federal Register Volume 81, Number 248 (Tuesday, December 27, 2016)] [Notices] [Pages 95312-95313] From the Federal Register Online [www.thefederalregister.org] [FR Doc No: 2016-31244] ----------------------------------------------------------------------- DEPARTMENT OF THE TREASURY Guidance Concerning Stand-Alone Cyber Liability Insurance Policies Under the Terrorism Risk Insurance Program AGENCY: Department of the Treasury, Departmental Offices. ACTION: Notice of guidance. ----------------------------------------------------------------------- SUMMARY: This notice provides guidance (Guidance) concerning the Terrorism Risk Insurance Program (Program) under the Terrorism Risk Insurance Act of 2002, as amended (``TRIA'' or ``the Act''). In this notice, the Department of the Treasury (Treasury) provides guidance regarding how insurance recently classified as ``Cyber Liability'' for purposes of reporting premiums and losses to state insurance regulators will be treated under TRIA and Treasury's regulations for the Program (Program regulations). DATES: December 27, 2016. FOR FURTHER INFORMATION CONTACT: Richard Ifft, Senior Insurance Regulatory Policy Analyst, Federal Insurance Office, 202-622-2922 (not a toll free number), Kevin Meehan, Senior Insurance Regulatory Policy Analyst, Federal Insurance Office, 202-622-7009 (not a toll free number), or Lindsey Baldwin, Senior Policy Analyst, Federal Insurance Office, 202-622-3220 (not a toll free number). SUPPLEMENTARY INFORMATION: This Guidance addresses the application of certain provisions of TRIA \1\ and the Program regulations \2\ with respect to certain insurance policies covering cyber-related risks. This Guidance may be relied upon by the members of the public unless superseded by subsequent amendments to the Program regulations, or by subsequent guidance. --------------------------------------------------------------------------- \1\ Public Law 107-297, 116 Stat. 2322, codified at 15 U.S.C. 6701, note. As the provisions of TRIA (as amended) appear in a note, instead of particular sections, of the United States Code, the provisions of TRIA are identified below by the sections of the law. \2\ 31 CFR part 50. --------------------------------------------------------------------------- I. Background TRIA was enacted following the attacks on September 11, 2001, to address disruptions in the market for terrorism risk insurance, to help ensure the continued availability and affordability of commercial property and casualty insurance for terrorism risk, and to allow for the private markets to stabilize and build insurance capacity to absorb any future losses for terrorism events. TRIA requires insurers to ``make available'' terrorism risk insurance for commercial property and casualty losses resulting from certified acts of terrorism (insured losses), and provides for shared public and private compensation for such insured losses. The Secretary of the Treasury (Secretary) administers the Program; pursuant to the Dodd-Frank Wall Street Reform and Consumer Protection Act, the Federal Insurance Office assists the Secretary in administering the Program.\3\ The Program has been reauthorized three times, most recently on January 12, 2015, when President Obama signed into law the Terrorism Risk Insurance Program Reauthorization Act of 2015, extending the Program until December 31, 2020.\4\ --------------------------------------------------------------------------- \3\ 31 U.S.C. 313(c)(1)(D). \4\ Public Law 114-1, 129 Stat. 3. --------------------------------------------------------------------------- TRIA requires participating insurers to ``make available'' terrorism risk insurance in connection with ``property and casualty insurance'' as defined in the Act.\5\ By regulation, Treasury has further defined ``property and casualty insurance'' by reference to the classification of certain lines of commercial insurance set forth in the National Association of Insurance Commissioner's Exhibit of Premiums and Losses (commonly known as Statutory Page 14).\6\ Pursuant to the Program regulations, insurance reported on Statutory Page 14 under ``Line 17--Other Liability'' is generally subject to TRIP. However, insurance reported on that page as ``Professional Errors and Omissions Liability Insurance,'' a sub-line within ``Other Liability'' for state regulatory purposes, is expressly excluded from TRIP by the Act.\7\ Under the Program regulations, ``professional liability insurance'' is defined consistently with ``Professional Errors and Omissions Liability Insurance'' as that term is defined for state law purposes.\8\ --------------------------------------------------------------------------- \5\ TRIA sec. 103(c) (``make available'' requirement); id., sec. 102(11) (definition of ``property and casualty insurance''). \6\ 31 CFR 50.4(w). \7\ TRIA sec. 102(11)(xi) (excluding ``professional liability insurance''); see also 31 CFR 50.4(w)(2)(xi). \8\ 31 CFR 50.4(t); compare National Association of Insurance Commissioners, Uniform Property & Casualty Product Coding Matrix (Effective January 1, 2016) (NAIC 2016 P/C Product Coding Matrix), p. 9, available at http://www.naic.org/documents/industry_pcm_p_c_2016.pdf. --------------------------------------------------------------------------- Cyber risk insurance is a broad term that includes insurance products covering risks arising ``from the use of [[Page 95313]] electronic data and its transmission, including technology tools such as the internet and telecommunications networks,'' as well as ``physical damage that can be caused by cyber attacks, fraud committed by misuse of data, any liability arising from data storage, and the availability, integrity, and confidentiality of electronic information.'' \9\ The cyber risk insurance market has evolved significantly since it first emerged approximately two decades ago and is expected to continue experiencing rapid growth.\10\ A 2016 report on cyber insurance noted that 19 different categories of coverage are available to a greater or lesser extent in the cyber insurance market, including first and third party coverage related to data breaches, cyber extortion, business interruption, data and software loss, physical damage, and death and bodily injury.\11\ --------------------------------------------------------------------------- \9\ CRO Forum, ``Cyber Resilience: The Cyber Risk Challenge and the Role of Insurance'' (December 2014), p. 5, available at http://www.thecroforum.org/cyber-resilience-cyber-risk-challenge-role-insurance/. \10\ PricewaterhouseCoopers, ``Insurance 2020 & Beyond: Reaping the dividends of cyber resilience'' (2015), p. 10 (estimating that the global premium market will reach $5 billion by 2018 and at least $7.5 billion by 2020) (PwC Cyber Insurance Report), available at http://www.pwc.com/gx/en/insurance/publications/assets/reaping-dividends-cyber-resilience.pdf. \11\ Cambridge Centre for Risk Studies and Risk Management Solutions, ``Managing Cyber Insurance Accumulation Risk'' (February 2016), pp. 10-11, available at http://static.rms.com/email/documents/managing-cyber-insurance-accumulation-risk-rms-crs-jan2016.pdf. --------------------------------------------------------------------------- Cyber risk insurance remains an evolving insurance market, both in terms of product development and regulatory oversight. Certain insurance policies that may contain a ``cyber risk'' component or which do not exclude losses arising from a cyber event continue to be written in existing TRIP-eligible lines of insurance and are thus subject to the provisions of the Program.\12\ Prior to 2016, some insurers that wrote stand-alone cyber risk insurance may have offered and reported it for state regulatory purposes as Professional Errors and Omissions Liability Insurance, which, as noted above, is expressly excluded under TRIA from the definition of ``property and casualty insurance.'' --------------------------------------------------------------------------- \12\ See, e.g., PwC Cyber Insurance Report, p. 9 (noting likely existence of cyber risk coverage ``within your wider property, business interruption, [and] general liability . . . coverage''). --------------------------------------------------------------------------- As of January 1, 2016, however, state regulators introduced a new sub-line of insurance, identified as ``Cyber Liability,'' under the broader ``Other Liability'' line. ``Cyber Liability'' is defined for state regulatory purposes as follows: Stand-alone comprehensive coverage for liability arising out of claims related to unauthorized access to or use of personally identifiable or sensitive information due to events including but not limited to viruses, malicious attacks or system errors or omissions. This coverage could also include expense coverage for business interruption, breach management and/or mitigation services. When cyber liability is provided as an endorsement or as part of a multi-peril policy, as opposed to a stand-alone policy, use the appropriate Sub-TOI of the product to which the coverage will be attached.\13\ --------------------------------------------------------------------------- \13\ NAIC 2016 P/C Product Coding Matrix, p. 10. ``Sub-TOI'' refers to ``Sub-Type of Insurance.'' This Guidance confirms that stand-alone cyber insurance policies reported under the ``Cyber Liability'' line are included in the definition of ``property and casualty insurance'' under TRIA and are thus subject to the disclosure requirements and other requirements in TRIA and the Program regulations as specified in the following Section. II. Guidance Treasury provides this Guidance to clarify that the requirements of TRIP apply to stand-alone cyber insurance policies reported under a TRIP-eligible line of insurance.\14\ This Guidance is designed to address the application of TRIA and the Program regulations to such cyber risk insurance policies due to the aforementioned developments in this area, which may have caused some marketplace uncertainty. --------------------------------------------------------------------------- \14\ As is the case with all other coverages subject to TRIA, policy losses that do not arise from an ``act of terrorism'' certified by the Secretary of the Treasury would not trigger the Program backstop. For example, an act cannot be certified as an ``act of terrorism'' unless it is, among other things, ``a violent act or an act that is dangerous to human life, property, or infrastructure. . . .'' 31 CFR 50.4(b)(1)(ii). To the extent a cyber event did not satisfy this requirement, the backstop provisions of TRIP would not be implicated. Any specific determination in that regard could not be made in advance and would depend upon the circumstances and considerations presented in any particular case. --------------------------------------------------------------------------- Guidance One (Cyber Liability Included in Property and Casualty Insurance) Effective January 1, 2016, policies reported for state regulatory purposes under the Cyber Liability sub-line on Line 17--Other Liability of the NAIC's Exhibit of Premiums and Losses (commonly known as Statutory Page 14) are considered ``property and casualty insurance'' under TRIA. Guidance Two (Application to In-Force Policies) (a) An in-force policy reported under the Cyber Liability sub-line on Line 17--Other Liability of the NAIC's Exhibit of Premiums and Losses (commonly known as Statutory Page 14), and which provides coverage for insured losses under TRIA, is not eligible for reimbursement of the Federal share of compensation unless: (i) The insurer offered coverage for insured losses subject to the required disclosures under 31 CFR 50 Subpart B; or (ii) The insurer demonstrates that the appropriate disclosures were provided to the policyholder before the date of any certification of an act of terrorism.\15\ --------------------------------------------------------------------------- \15\ See 31 CFR part 50, subpart G. --------------------------------------------------------------------------- (b) An insurer that did not make an offer for coverage for insured losses under an in-force policy reported under the Cyber Liability sub- line on Line 17--Other Liability of the NAIC's Exhibit of Premiums and Losses (commonly known as Statutory Page 14) is not required to do so at this time. Guidance Three (Application to New Offers and Renewals of Coverage) Effective April 1, 2017, and consistent with TRIA and the Program regulations, an insurer must provide disclosures and offers that comply with TRIA and the Program regulations on any new or renewal policies reported under the Cyber Liability sub-line on Line 17--Other Liability of the NAIC's Exhibit of Premiums and Losses (commonly known as Statutory Page 14). Dated: December 20, 2016. Michael T. McRaith, Director, Federal Insurance Office. [FR Doc. 2016-31244 Filed 12-23-16; 8:45 am] BILLING CODE 4810-25-P
![95312 Federal Register / Vol. 81, No. 248 / Tuesday, December 27, 2016 / Notices
Treasury specifically invites Dated: December 20, 2016. affordability of commercial property
comments on: (a) Whether the proposed Michael T. McRaith, and casualty insurance for terrorism
collection is responsive to the statutory Director, Federal Insurance Office. risk, and to allow for the private markets
requirement; (b) the accuracy of the [FR Doc. 2016–31238 Filed 12–23–16; 8:45 am] to stabilize and build insurance capacity
estimate of the burden of the collections BILLING CODE 4810–25–P to absorb any future losses for terrorism
of information (see below); (c) ways to events. TRIA requires insurers to ‘‘make
enhance the quality, utility, and clarity available’’ terrorism risk insurance for
of the information collection; (d) ways DEPARTMENT OF THE TREASURY commercial property and casualty losses
to use automated collection techniques resulting from certified acts of terrorism
or other forms of information Guidance Concerning Stand-Alone (insured losses), and provides for shared
technology; and (e) estimates of capital Cyber Liability Insurance Policies public and private compensation for
or start-up costs and costs of operation, Under the Terrorism Risk Insurance such insured losses. The Secretary of
maintenance, and purchase of services Program the Treasury (Secretary) administers the
to maintain the information. Program; pursuant to the Dodd-Frank
AGENCY: Department of the Treasury,
Comments are being sought with Wall Street Reform and Consumer
Departmental Offices.
respect to the collection of information Protection Act, the Federal Insurance
ACTION: Notice of guidance.
Office assists the Secretary in
in connection with data collection.
SUMMARY: This notice provides guidance administering the Program.3 The
Treasury previously analyzed the Program has been reauthorized three
(Guidance) concerning the Terrorism
potential burdens associated with the times, most recently on January 12,
Risk Insurance Program (Program) under
data collection process. See 81 FR 18950 2015, when President Obama signed
the Terrorism Risk Insurance Act of
(April 1, 2016). As explained into law the Terrorism Risk Insurance
2002, as amended (‘‘TRIA’’ or ‘‘the
previously, the data collection rules Program Reauthorization Act of 2015,
Act’’). In this notice, the Department of
propose a mandatory annual data extending the Program until December
the Treasury (Treasury) provides
collection process (beginning in 2017) 31, 2020.4
guidance regarding how insurance
which will continue from year to year TRIA requires participating insurers
recently classified as ‘‘Cyber Liability’’
as the Program remains in effect. The to ‘‘make available’’ terrorism risk
for purposes of reporting premiums and
information sought by Treasury will insurance in connection with ‘‘property
losses to state insurance regulators will
comprise data elements that insurers and casualty insurance’’ as defined in
be treated under TRIA and Treasury’s
currently collect or generate, although the Act.5 By regulation, Treasury has
regulations for the Program (Program
not necessarily grouped together the further defined ‘‘property and casualty
regulations).
way in which insurers currently collect insurance’’ by reference to the
and evaluate the data. Treasury DATES: December 27, 2016. classification of certain lines of
currently anticipates that approximately FOR FURTHER INFORMATION CONTACT: commercial insurance set forth in the
100 Program participants will be Richard Ifft, Senior Insurance National Association of Insurance
required to submit the ‘‘Insurer (Non- Regulatory Policy Analyst, Federal Commissioner’s Exhibit of Premiums
Small) Groups or Companies’’ data Insurance Office, 202–622–2922 (not a and Losses (commonly known as
collection form, 300 Program toll free number), Kevin Meehan, Senior Statutory Page 14).6 Pursuant to the
participants will submit the ‘‘Small Insurance Regulatory Policy Analyst, Program regulations, insurance reported
Insurer’’ form, 400 Program participants Federal Insurance Office, 202–622–7009 on Statutory Page 14 under ‘‘Line 17—
will submit the ‘‘Captive Insurer’’ form, (not a toll free number), or Lindsey Other Liability’’ is generally subject to
and 75 Program participants will submit Baldwin, Senior Policy Analyst, Federal TRIP. However, insurance reported on
the ‘‘Alien Surplus Lines Insurers’’ Insurance Office, 202–622–3220 (not a that page as ‘‘Professional Errors and
form. toll free number). Omissions Liability Insurance,’’ a sub-
Each set of data collection forms is SUPPLEMENTARY INFORMATION: line within ‘‘Other Liability’’ for state
expected to incur a different level of This Guidance addresses the regulatory purposes, is expressly
burden. Treasury anticipates application of certain provisions of excluded from TRIP by the Act.7 Under
approximately 75 hours will be required TRIA 1 and the Program regulations 2 the Program regulations, ‘‘professional
to collect, process, and report the data with respect to certain insurance liability insurance’’ is defined
policies covering cyber-related risks. consistently with ‘‘Professional Errors
for each Insurer (Non-Small) Group or
This Guidance may be relied upon by and Omissions Liability Insurance’’ as
Company, approximately 25 hours to
the members of the public unless that term is defined for state law
collect, process, and report data for each
superseded by subsequent amendments purposes.8
Small Insurer, and approximately 50
to the Program regulations, or by Cyber risk insurance is a broad term
hours to collect, process, and report data
subsequent guidance. that includes insurance products
for each Captive Insurer and Alien
covering risks arising ‘‘from the use of
Surplus Lines Insurer. I. Background
Assuming this breakdown, the TRIA was enacted following the 3 31 U.S.C. 313(c)(1)(D).
estimated annual burden would be attacks on September 11, 2001, to 4 Public Law 114–1, 129 Stat. 3.
38,750 hours (100 insurers × 75 hours + address disruptions in the market for 5 TRIA sec. 103(c) (‘‘make available’’
300 insurers × 25 hours + 400 insurers requirement); id., sec. 102(11) (definition of
asabaliauskas on DSK3SPTVN1PROD with NOTICES
terrorism risk insurance, to help ensure ‘‘property and casualty insurance’’).
× 50 hours + 75 insurers × 50 hours). At the continued availability and 6 31 CFR 50.4(w).
a blended, fully loaded hourly rate of 7 TRIA sec. 102(11)(xi) (excluding ‘‘professional
$85, the cost would be $3,293,750 1 Public Law 107–297, 116 Stat. 2322, codified at liability insurance’’); see also 31 CFR 50.4(w)(2)(xi).
across the industry as a whole, or $6,375 15 U.S.C. 6701, note. As the provisions of TRIA (as 8 31 CFR 50.4(t); compare National Association of
per Insurer (Non-Small) Group or amended) appear in a note, instead of particular Insurance Commissioners, Uniform Property &
sections, of the United States Code, the provisions Casualty Product Coding Matrix (Effective January
Company, $2,125 per Small Insurer, and of TRIA are identified below by the sections of the 1, 2016) (NAIC 2016 P/C Product Coding Matrix),
$4,250 per Captive Insurer or Alien law. p. 9, available at http://www.naic.org/documents/
Surplus Lines Insurer. 2 31 CFR part 50. industry_pcm_p_c_2016.pdf.
VerDate Sep<11>2014 20:45 Dec 23, 2016 Jkt 241001 PO 00000 Frm 00215 Fmt 4703 Sfmt 4703 E:\FR\FM\27DEN1.SGM 27DEN1](https://thefederalregister.org/doc/81_FR_95560/page/1.svg)
![Federal Register / Vol. 81, No. 248 / Tuesday, December 27, 2016 / Notices 95313
electronic data and its transmission, Stand-alone comprehensive coverage for insured losses under TRIA, is not
including technology tools such as the liability arising out of claims related to eligible for reimbursement of the
internet and telecommunications unauthorized access to or use of personally Federal share of compensation unless:
identifiable or sensitive information due to
networks,’’ as well as ‘‘physical damage (i) The insurer offered coverage for
events including but not limited to viruses,
that can be caused by cyber attacks, malicious attacks or system errors or insured losses subject to the required
fraud committed by misuse of data, any omissions. This coverage could also include disclosures under 31 CFR 50 Subpart B;
liability arising from data storage, and expense coverage for business interruption, or
the availability, integrity, and breach management and/or mitigation (ii) The insurer demonstrates that the
confidentiality of electronic services. When cyber liability is provided as appropriate disclosures were provided
information.’’ 9 The cyber risk insurance an endorsement or as part of a multi-peril to the policyholder before the date of
market has evolved significantly since it policy, as opposed to a stand-alone policy, any certification of an act of terrorism.15
first emerged approximately two use the appropriate Sub-TOI of the product
(b) An insurer that did not make an
to which the coverage will be attached.13
decades ago and is expected to continue offer for coverage for insured losses
experiencing rapid growth.10 A 2016 This Guidance confirms that stand- under an in-force policy reported under
report on cyber insurance noted that 19 alone cyber insurance policies reported the Cyber Liability sub-line on Line
different categories of coverage are under the ‘‘Cyber Liability’’ line are 17—Other Liability of the NAIC’s
available to a greater or lesser extent in included in the definition of ‘‘property Exhibit of Premiums and Losses
the cyber insurance market, including and casualty insurance’’ under TRIA (commonly known as Statutory Page 14)
first and third party coverage related to and are thus subject to the disclosure is not required to do so at this time.
data breaches, cyber extortion, business requirements and other requirements in
interruption, data and software loss, TRIA and the Program regulations as Guidance Three (Application to New
physical damage, and death and bodily specified in the following Section. Offers and Renewals of Coverage)
injury.11 II. Guidance Effective April 1, 2017, and consistent
Cyber risk insurance remains an with TRIA and the Program regulations,
evolving insurance market, both in Treasury provides this Guidance to an insurer must provide disclosures and
terms of product development and clarify that the requirements of TRIP offers that comply with TRIA and the
regulatory oversight. Certain insurance apply to stand-alone cyber insurance Program regulations on any new or
policies that may contain a ‘‘cyber risk’’ policies reported under a TRIP-eligible renewal policies reported under the
component or which do not exclude line of insurance.14 This Guidance is Cyber Liability sub-line on Line 17—
losses arising from a cyber event designed to address the application of Other Liability of the NAIC’s Exhibit of
continue to be written in existing TRIP- TRIA and the Program regulations to Premiums and Losses (commonly
eligible lines of insurance and are thus such cyber risk insurance policies due known as Statutory Page 14).
subject to the provisions of the to the aforementioned developments in
Dated: December 20, 2016.
Program.12 Prior to 2016, some insurers this area, which may have caused some
marketplace uncertainty. Michael T. McRaith,
that wrote stand-alone cyber risk
insurance may have offered and Director, Federal Insurance Office.
Guidance One (Cyber Liability Included [FR Doc. 2016–31244 Filed 12–23–16; 8:45 am]
reported it for state regulatory purposes in Property and Casualty Insurance)
as Professional Errors and Omissions BILLING CODE 4810–25–P
Liability Insurance, which, as noted Effective January 1, 2016, policies
above, is expressly excluded under reported for state regulatory purposes
TRIA from the definition of ‘‘property under the Cyber Liability sub-line on DEPARTMENT OF VETERANS
and casualty insurance.’’ Line 17—Other Liability of the NAIC’s AFFAIRS
As of January 1, 2016, however, state Exhibit of Premiums and Losses
(commonly known as Statutory Page 14) [OMB Control No. 2900–0051]
regulators introduced a new sub-line of
insurance, identified as ‘‘Cyber are considered ‘‘property and casualty
Agency Information Collection
Liability,’’ under the broader ‘‘Other insurance’’ under TRIA.
Activity: (State Approving Agency
Liability’’ line. ‘‘Cyber Liability’’ is Guidance Two (Application to In-Force Reports and Notices 38 CFR 21.4154,
defined for state regulatory purposes as Policies) 21.4250(b), 21.4258, 21.4259)
follows:
(a) An in-force policy reported under AGENCY: Veterans Benefits
9 CRO Forum, ‘‘Cyber Resilience: The Cyber Risk the Cyber Liability sub-line on Line Administration, Department of Veterans
Challenge and the Role of Insurance’’ (December 17—Other Liability of the NAIC’s Affairs.
2014), p. 5, available at http:// Exhibit of Premiums and Losses
www.thecroforum.org/cyber-resilience-cyber-risk- ACTION: Notice.
challenge-role-insurance/. (commonly known as Statutory Page
10 PricewaterhouseCoopers, ‘‘Insurance 2020 & 14), and which provides coverage for SUMMARY: The Veterans Benefits
Beyond: Reaping the dividends of cyber resilience’’ Administration (VBA), Department of
(2015), p. 10 (estimating that the global premium 13 NAIC 2016 P/C Product Coding Matrix, p. 10.
Veterans Affairs (VA), is announcing an
market will reach $5 billion by 2018 and at least ‘‘Sub-TOI’’ refers to ‘‘Sub-Type of Insurance.’’
$7.5 billion by 2020) (PwC Cyber Insurance Report), 14 As is the case with all other coverages subject
opportunity for public comment on the
available at http://www.pwc.com/gx/en/insurance/ to TRIA, policy losses that do not arise from an ‘‘act proposed collection of certain
publications/assets/reaping-dividends-cyber- of terrorism’’ certified by the Secretary of the information by the agency. Under the
resilience.pdf. Paperwork Reduction Act (PRA) of
asabaliauskas on DSK3SPTVN1PROD with NOTICES
Treasury would not trigger the Program backstop.
11 Cambridge Centre for Risk Studies and Risk
For example, an act cannot be certified as an ‘‘act 1995, Federal agencies are required to
Management Solutions, ‘‘Managing Cyber Insurance of terrorism’’ unless it is, among other things, ‘‘a
Accumulation Risk’’ (February 2016), pp. 10–11, violent act or an act that is dangerous to human life, publish notice in the Federal Register
available at http://static.rms.com/email/ property, or infrastructure. . . .’’ 31 CFR concerning each proposed collection of
documents/managing-cyber-insurance- 50.4(b)(1)(ii). To the extent a cyber event did not information, including each proposed
accumulation-risk-rms-crs-jan2016.pdf. satisfy this requirement, the backstop provisions of
12 See, e.g., PwC Cyber Insurance Report, p. 9
extension of a currently approved
TRIP would not be implicated. Any specific
(noting likely existence of cyber risk coverage determination in that regard could not be made in collection, and allow 60 days for public
‘‘within your wider property, business interruption, advance and would depend upon the circumstances
[and] general liability . . . coverage’’). and considerations presented in any particular case. 15 See 31 CFR part 50, subpart G.
VerDate Sep<11>2014 20:45 Dec 23, 2016 Jkt 241001 PO 00000 Frm 00216 Fmt 4703 Sfmt 4703 E:\FR\FM\27DEN1.SGM 27DEN1](https://thefederalregister.org/doc/81_FR_95560/page/2.svg)
Document Created: 2018-02-14 09:13:59
Document Modified: 2018-02-14 09:13:59
| Category | Regulatory Information | |
| Collection | Federal Register | |
| sudoc Class | AE 2.7: GS 4.107: AE 2.106: | |
| Publisher | Office of the Federal Register, National Archives and Records Administration | |
| Section | Notices | |
| Action | Notice of guidance. | |
| Dates | December 27, 2016. | |
| Contact | Richard Ifft, Senior Insurance Regulatory Policy Analyst, Federal Insurance Office, 202-622-2922 (not a toll free number), Kevin Meehan, Senior Insurance Regulatory Policy Analyst, Federal Insurance Office, 202-622-7009 (not a toll free number), or Lindsey Baldwin, Senior Policy Analyst, Federal Insurance Office, 202-622-3220 (not a toll free number). | |
| FR Citation | 81 FR 95312 |
2025 Federal Register | Disclaimer | Privacy Policy
USC | CFR | eCFR