Terrorism Risk Insurance: Market Is Stable but Treasury Could Strengthen Communications about Its Processes
Fast Facts
Terrorism risk insurance can help businesses rebuild after damage from a terrorist attack. If coverage is expensive or hard to get, new building ventures and other business can be delayed.
A federal program was created after 9/11 to make this insurance available and affordable—with the government and insurers sharing losses from certified acts of terrorism. Now, the terrorism insurance market is stable. But there’s some uncertainty about when the Treasury Department considers certifying events as terrorism for insurance purposes.
Our 3 recommendations include communicating better with the public when Treasury considers certifying events.
construction
Highlights
What GAO Found
With the support of a program established under the Terrorism Risk Insurance Act (TRIA) in which the federal government and insurers would share losses in the event of a certified act of terrorism, terrorism risk insurance is generally available and affordable in the United States. For example, the majority of commercial policyholders generally purchased terrorism risk insurance in recent years, according to Department of the Treasury (Treasury) data. The insurance market would be significantly disrupted without a loss-sharing program such as that established under TRIA. Specifically, insurers generally would not have to offer terrorism risk coverage and likely would charge higher premiums in the absence of a loss-sharing arrangement and cap on losses, according to GAO's review of policies and interviews with industry stakeholders, including insurers and insurer associations. Without access to affordable coverage, new building ventures could be delayed and employers could struggle to find affordable workers' compensation coverage.
Treasury has processes for certifying terrorist events and fulfilling claims under the program, but a lack of communication about aspects of Treasury's certification process could pose challenges for insurers.
Some industry stakeholders, such as insurers and representatives of insurer associations, raised issues about Treasury communications on certification. They cited confusion over why the 2013 Boston Marathon bombing was not certified when they clearly viewed it as a terrorist attack. These industry stakeholders also expressed concern that Treasury never communicated whether it was reviewing the event for certification or its reasons for not certifying it. Most insurers GAO interviewed said such lack of communication by Treasury again could lead to uncertainty about whether to pay claims, putting them at risk of violating state laws and their policyholder agreements.
TRIA regulations on certifying acts of terrorism include some public notification requirements but do not require Treasury to communicate when it is considering reviewing an event for certification.
One purpose of TRIA is to stabilize the insurance market after a terrorist attack. Public communication of when Treasury is considering an event for certification would reduce uncertainty about which claims insurers should pay and lessen potential disruptions to the market after an attack.
One step in determining when to certify an event is Treasury's consultation with offices in the Department of Homeland Security (DHS) and Department of Justice (DOJ) to obtain law enforcement, intelligence, and homeland security information. However, GAO found that DHS had a different understanding of its role in this staff consultation process, and Treasury had not documented agreements with either agency. By documenting agreements between Treasury and the two consulting agencies, Treasury can better ensure a smooth and timely certification process.
Once an event is certified as an act of terrorism, Treasury has a process for fulfilling claims that uses a web-based system developed and operated by a contractor. As of February 2020, the system had not yet been used because Treasury had not certified any acts of terrorism or paid claims under the program.
Why GAO Did This Study
TRIA created a federal program to help ensure the availability and affordability of terrorism risk insurance. Insurers must make terrorism risk coverage available to commercial policyholders. The federal government and insurers share losses on such policies resulting from a certified act of terrorism causing at least $5 million of insurance losses. Annual coverage for losses by insurers (who have met their insurer deductible) and the government is limited to $100 billion. The program is set to expire December 31, 2027.
GAO was asked to review TRIA. This report examines (1) the current market for terrorism risk insurance and the program's role in the market, and (2) Treasury's processes to certify acts of terrorism and fulfill claims. GAO reviewed Treasury reports and related industry studies, Treasury's guidance and procedures for the program, and insurance policy language. GAO also interviewed Treasury officials and industry stakeholders, including a nongeneralizable sample of insurers of different sizes providing various types of insurance.
Recommendations
GAO is making three recommendations, including that Treasury publicly communicate when it is considering reviewing an event for TRIA certification and document agreements with both DHS and DOJ on the agencies' roles in the process. Treasury agreed with the recommendations.
Recommendations for Executive Action
Agency Affected | Recommendation | Status |
---|---|---|
Federal Insurance Office | The Director of the Federal Insurance Office should publicly communicate information about when it is considering certifying an event as an act of terrorism under TRIA. (Recommendation 1) |
In February 2022, Treasury noted that it had received comments from a November 2020 Federal Register Notice on public communications about the certification process, in addition to issuing a final rule in July 2021 that addressed some definitional issues. In July 2023, Treasury was reviewing potential revisions to the certification process and planned to consider this issue with the program's advisory committee at its July 2023 meeting. As of August 2024, Treasury reported it was considering the program advisory committee's recommendations to the TRIP certification process, as well as the implications of the nexus between cyber risk and terrorism risk. We will continue to monitor Treasury's actions in response to this recommendation.
|
Federal Insurance Office | The Director of the Federal Insurance Office should document an agreement with DHS about DHS's role, and how the agencies share information, during the process of certifying an event as an act of terrorism under TRIA. (Recommendation 2) |
In December 2021, Treasury and DHS finalized a certification consultation framework document that identifies points of contact at each agency during the certification process, and generally outlines the certification coordination process.
|
Federal Insurance Office | The Director of the Federal Insurance Office should document an agreement with DOJ about DOJ's role, and how the agencies share information, during the process of certifying an event as an act of terrorism under TRIA. (Recommendation 3) |
In December 2021, Treasury and DOJ finalized a certification consultation framework document that identifies points of contact at each agency during the certification process, and generally outlines the certification coordination process.
|