The changing compliance landscape for multinational risk programs

By Spring Uphoff Neely, Head of International Programs Strategy and Execution, Zurich North America

More U.S. businesses of all sizes are considering opportunities beyond their national borders. In a recent survey, 49% of U.S. multinational companies saw global expansion as their best growth opportunity, a 14% increase from the year before.1 It’s increasingly common for middle market companies to have some kind of cross-border business activity. And according to a recent survey of current Zurich customers, compliance is a key factor for mid-sized companies when choosing an insurance carrier.

Global opportunities come with global challenges. Along with managing things like operations and distribution, multinational companies also must ensure they’re compliant with insurance laws and premium tax regulations, which vary by country. Penalties for non-compliance can be severe, from voided insurance coverages and tax consequences to costly civil and even criminal penalties. For example, if a claims payment is made into Mexico that is deemed non-compliant the penalty can be imprisonment. That’s why it’s critical for multinational companies to understand these changing requirements – and an experienced global insurer like Zurich can help.  

The evolving compliance landscape for global risks

Structuring a global program is completely different than when I first joined Zurich. Everything from underwriting, cross-border data management, and claims handling must now be reviewed with a compliance lens. This change started in 2006 with the launch of Zurich’s Multinational Insurance Application (MIA), a game-changer that set the standard for compliance discussions within the international insurance industry. MIA enabled a proactive view of diverse and evolving global insurance requirements by providing a detailed view of underwriting, claims and risk engineering regulations as well as non-admitted premium tax obligations in 180 countries and for 41 lines of business. With MIA, our underwriters are better able to tailor compliant insurance programs for evolving customer needs and can have conversations regarding claims and risk engineering services before they are needed.

As a member of the original MIA project team, we identified additional challenges facing both large and mid-sized customers in managing global risks. One challenge involves cross-border claims payments in countries where non-admitted insurance is not permitted. These payments can be classified as capital gains and may be heavily taxed due to local country regulations, reducing the amount available to indemnify the loss. These payments are also non-compliant with local country regulations and could open Zurich, our customers and brokers up to increased scrutiny and potential fines. That’s why we created Financial Interest Coverage (FInC), which allows a parent company to be indemnified for the loss of its financial interests in any country where it is doing business.  While FInC does not cover the in-country loss, it does indemnify the parent company for the financial loss.  And, 15 years later, FInC is an industry standard.

Navigating geopolitical changes

The international business environment has always been rife with change. Today, emerging markets account for as much as 59% of total global GDP.2 This represents attractive business opportunities for companies, but also an unfamiliar compliance landscape, especially for mid-sized firms. Political turnover and regional instability can further propel swift changes in insurance laws and regulations. Take the U.S. withdrawal from Afghanistan for example – while we may not know the extent of its broader, global impact there will certainly be regional change.

Staying on top of these changes is no small feat, especially considering there are more than 210 countries and territories in the world. With our MIA tool, Zurich teams (and ultimately our customers) will always have access to the latest regulatory data, compiled from over 140 independent external legal and tax professionals and updated regularly by a dedicated Zurich team.  This ensures we not only structure compliant programs, but also build in the servicing our customers require such as claims handling and risk engineering.

While no one can predict the future, working with an experienced international insurance carrier can provide customers with forward-looking solutions as well as agile, robust servicing capabilities. For example, in 2006 Zurich standardized its Freedom of Services (FOS) policies in the European Economic Area and led the industry in adopting them as Master policies to streamline administration and ensure compliance. At the time, we were criticized as being difficult to work with, and more costly. Despite this negative headwind, we took a leadership position and pushed forward as it was the right thing to do for our customers. When Brexit occurred over a decade later, Zurich’s customers already had compliant multi-country policies in place. And, due to our coordinated network structure, we were able to relocate our FOS hub office from the U.K. to Spain rather quickly, which simplified the transition and minimized disruption for our customers.

Navigating our new normal: data collection, management and privacy

Our increasingly connected world, and the huge swaths of data powering it, is driving more change in the compliance landscape. Data management, security and privacy are a strategic priority for many companies, and as recent high-profile data hacks have shown, it remains a major challenge. Not only do companies need to secure their own data, but they also need to comply with emerging local regulations for how that data must be managed.

Enacted in 2018, the European Union’s General Data Protection Regulation (GDPR) altered the character of cyber security and privacy risk facing companies of all sizes. It sets strict guidelines for collecting and processing personal information, and issues substantial fines for breaking the law. Between January 2020 and January 2021, GDPR fines rose by 40% and total penalties reached over $195 million.3

GDPR was a trailblazing regulation, and other countries are following suit. COVID-19 has accelerated this trend by driving digitalization in every aspect of our lives. As a result, there will likely be greater regulatory activity to protect consumer data. For example, China recently passed a Personal Information Protection law as well a Data Security law with major regulations that will require companies to examine their data storage and processing practices to ensure they are compliant. 4

This changing risk landscape raises many important questions for risk managers, who must now ask: With regulatory changes, do I need to update my data management practices? If I’m using claimant data to identify trends like fraud, what do I do if my loss runs no longer include claimant names?

Back in 2018, Zurich led the industry in responding to the GDPR by committing to uphold data privacy and providing full transparency on our stance, which helped guide customers on how to address these new and complicated regulations. And, we haven’t stopped there. Like other compliance-related laws and regulations, we are constantly monitoring data protection and privacy laws, not only because additional countries (more than 125 of them) are putting data regulations into place — but also because it’s the right thing to do.

A proven commitment to compliant risk solutions – and innovation for whatever comes next

As a leading global insurer in over 210 countries and territories, Zurich understands what it takes to help businesses of all sizes create compliant risk management portfolios with the coverage and services they may need in case of a loss. A Zurich International Program offers:

• A dedicated, 75-person servicing team, regionally located and specialized by line of business, provides proactive, flexible servicing solutions with real-time data and insights for your Zurich risk portfolio
• A globally consistent Claims experience from 7,100 Claims professionals in 32 countries, helping you get back to business with prompt money movement and a single Claims contact across all lines of business
• Real-time country data that helps your company keep pace with current, local-country laws and regulations
• Forward-looking tools, such as our new Global Program Support tool (replacing MIA for Brokers) for creating compliant international program structures in a user-friendly digital app and accessible through the My Zurich portal

With almost 150 years providing insurance and risk management services to customers around the globe, Zurich possesses a unique historical perspective in managing the risks of a changing world. We draw upon that experience as we continue to innovate and move the needle on products, services and global insights we provide to businesses seeking opportunities abroad.

At Zurich, we turn complexity into clarity, helping our customers successfully — and responsibly — take on the world.

Spring Uphoff Neely is the Head of International Programs Strategy and Execution for Zurich North America. She has more than 17 years of Property and Casualty insurance experience, including over 15 years managing complex international financial program structures.

Why compliance matters

These real-world examples illustrate the importance of understanding and complying with local insurance laws and regulations … and the potential consequences of failure:

- A German company with non-admitted insurance coverage in India decided to manage and resolve a claim made by its Indian subsidiary. It sent the claim payment, between $15 to $20 million, to India. Indian tax regulators considered it a capital gain and thus subject to the country’s prevailing tax rate. The German company was forced to pay millions in taxes.

(Zurich would have placed a local policy in India and/or used our Financial Interest Coverage endorsement, which amends a Master policy to cover a multinational’s financial interest in its worldwide subsidiaries when non-admitted coverage is not permitted.)

- An international chain’s hotels in Mexico suffered serious hurricane damage and wanted advance payment. Their insurance company sent a payment to Mexico, which not only exceeded the stated amount but also triggered Mexico’s strict money-laundering laws. The situation took months to resolve, and the process resulted in the hotel chain paying exorbitant legal fees, which were not covered.

(Zurich would have structured the program using FInC, as a non-Mexican entity cannot send money into Mexico (it is not permitted). During the claims process, Zurich would have contacted its Mexican branch, confirming what was required and doing the necessary paperwork before issuing the claim.)

- Brazil has strict regulations regarding insurance premiums, premium payments and claim payments for non-admitted coverage. A company with non-admitted insurance coverage not only can be slapped with stiff financial penalties, but if the total amount is high enough for Brazilian authorities to consider it as impactful to their economy, the company’s executives could also do prison time. In Brazil, this is tantamount to a white-collar crime.

(Zurich is careful to place business through Brazil’s government-regulated channels.

Using our industry-leading digital tools such as MIA, our Zurich-owned office in Brazil collaborates closely with our U.S. International servicing team to review local requirements and ensure compliance with them.)

¹. “International Expansion Strategies: Executive Summary.” Standard Chartered. March 2021.
². Kay, Jason. “Top 6 Reasons to Expand Your Business Globally.” Worldfirst. 12 January 2021.
³. “18 Biggest GDPR Fines of 2020 and 2021.” Tessian.com. 21 May 2021.
⁴. UNCTAD, unctad.org/page/data-protection-and-privacy-legislation-worldwide 2021.