Skip to main content Skip to office menu Skip to footer
Capital IconMinnesota Legislature

SF 1846

2nd Engrossment - 92nd Legislature (2021 - 2022) Posted on 08/03/2021 03:25pm

KEY: stricken = removed, old language.
underscored = added, new language.

Current Version - 2nd Engrossment

Line numbers 1.1 1.2 1.3 1.4 1.5 1.6 1.7 1.8 1.9 1.10 1.11 1.12 1.13
1.14 1.15 1.16 1.17 1.18
1.19 1.20 1.21 1.22 1.23 1.24 1.25 2.1 2.2 2.3 2.4 2.5 2.6 2.7 2.8 2.9 2.10 2.11 2.12 2.13 2.14 2.15 2.16 2.17 2.18 2.19 2.20 2.21 2.22 2.23 2.24 2.25 2.26 2.27 2.28 2.29 2.30 2.31 2.32 2.33 2.34 3.1 3.2 3.3 3.4 3.5 3.6 3.7 3.8 3.9 3.10 3.11 3.12 3.13 3.14 3.15 3.16 3.17 3.18 3.19 3.20 3.21 3.22 3.23 3.24 3.25 3.26 3.27 3.28 3.29 3.30 3.31 3.32 4.1 4.2 4.3 4.4 4.5 4.6 4.7 4.8 4.9 4.10 4.11 4.12 4.13 4.14 4.15 4.16 4.17 4.18 4.19 4.20 4.21 4.22 4.23 4.24 4.25 4.26 4.27 4.28 4.29 4.30 4.31 4.32 4.33 4.34 5.1 5.2 5.3 5.4 5.5 5.6 5.7 5.8 5.9 5.10 5.11 5.12 5.13 5.14 5.15 5.16 5.17 5.18 5.19 5.20 5.21 5.22 5.23 5.24 5.25 5.26 5.27 5.28 5.29 5.30 5.31 5.32 5.33 6.1 6.2 6.3 6.4 6.5 6.6 6.7 6.8 6.9 6.10 6.11 6.12 6.13 6.14 6.15 6.16 6.17 6.18 6.19 6.20 6.21 6.22 6.23 6.24 6.25 6.26 6.27 6.28 6.29 6.30 6.31 6.32 6.33 6.34 6.35 7.1 7.2 7.3 7.4 7.5 7.6 7.7 7.8 7.9 7.10 7.11 7.12 7.13 7.14 7.15 7.16 7.17 7.18 7.19 7.20 7.21 7.22 7.23 7.24 7.25 7.26 7.27 7.28 7.29 7.30 7.31 7.32 8.1 8.2 8.3 8.4 8.5 8.6 8.7 8.8 8.9 8.10 8.11 8.12
8.13 8.14 8.15 8.16 8.17 8.18 8.19 8.20 8.21 8.22 8.23 8.24 8.25 8.26 8.27 8.28 8.29 8.30 8.31 8.32 8.33 9.1 9.2 9.3 9.4 9.5 9.6 9.7 9.8 9.9 9.10 9.11 9.12 9.13 9.14 9.15 9.16 9.17 9.18 9.19 9.20 9.21 9.22 9.23 9.24 9.25 9.26 9.27 9.28 9.29 9.30 9.31 9.32 9.33 10.1 10.2 10.3 10.4 10.5 10.6 10.7 10.8 10.9 10.10 10.11 10.12 10.13 10.14 10.15 10.16 10.17 10.18 10.19 10.20 10.21 10.22 10.23 10.24 10.25 10.26 10.27 10.28 10.29 10.30 10.31 10.32 11.1 11.2 11.3 11.4 11.5 11.6 11.7 11.8 11.9 11.10 11.11 11.12 11.13 11.14 11.15 11.16 11.17 11.18 11.19 11.20 11.21 11.22 11.23 11.24 11.25 11.26 11.27 11.28 11.29 11.30 11.31 11.32 11.33 12.1
12.2 12.3 12.4 12.5 12.6 12.7 12.8 12.9 12.10 12.11 12.12 12.13 12.14 12.15
12.16 12.17 12.18 12.19 12.20 12.21 12.22 12.23 12.24 12.25 12.26 12.27 12.28 12.29 12.30 12.31 12.32 13.1 13.2 13.3 13.4 13.5 13.6 13.7 13.8 13.9 13.10 13.11 13.12 13.13 13.14 13.15 13.16 13.17 13.18 13.19 13.20 13.21 13.22 13.23 13.24 13.25 13.26 13.27 13.28 13.29 13.30 13.31 14.1 14.2 14.3 14.4 14.5 14.6 14.7 14.8 14.9 14.10 14.11 14.12 14.13 14.14 14.15 14.16 14.17 14.18 14.19 14.20 14.21 14.22 14.23 14.24 14.25 14.26 14.27 14.28 14.29 14.30 14.31
15.1 15.2 15.3 15.4 15.5 15.6 15.7 15.8 15.9 15.10 15.11 15.12 15.13 15.14 15.15 15.16 15.17 15.18 15.19 15.20 15.21 15.22 15.23 15.24 15.25 15.26 15.27 15.28 15.29 15.30 15.31 15.32 16.1 16.2 16.3 16.4 16.5 16.6 16.7 16.8 16.9 16.10 16.11 16.12 16.13 16.14 16.15 16.16 16.17 16.18 16.19 16.20 16.21 16.22 16.23 16.24 16.25 16.26 16.27 16.28 16.29 16.30 16.31 16.32 17.1 17.2 17.3 17.4 17.5 17.6 17.7 17.8 17.9 17.10 17.11 17.12 17.13 17.14 17.15 17.16 17.17 17.18 17.19 17.20 17.21 17.22 17.23 17.24 17.25 17.26 17.27 17.28 17.29 17.30 17.31 18.1 18.2 18.3 18.4 18.5 18.6 18.7 18.8 18.9 18.10 18.11 18.12 18.13 18.14 18.15 18.16 18.17 18.18 18.19 18.20 18.21 18.22 18.23 18.24 18.25 18.26 18.27 18.28 18.29 18.30 18.31 18.32 19.1 19.2 19.3 19.4 19.5 19.6 19.7 19.8
19.9 19.10 19.11 19.12 19.13 19.14 19.15 19.16 19.17 19.18 19.19 19.20 19.21 19.22 19.23 19.24 19.25 19.26 19.27 19.28 19.29 19.30
20.1 20.2 20.3 20.4 20.5 20.6 20.7 20.8 20.9 20.10 20.11 20.12 20.13 20.14 20.15 20.16 20.17 20.18 20.19 20.20 20.21 20.22 20.23 20.24 20.25 20.26 20.27 20.28 20.29 20.30 21.1 21.2 21.3 21.4 21.5 21.6 21.7 21.8 21.9 21.10 21.11 21.12 21.13 21.14 21.15 21.16 21.17 21.18 21.19 21.20 21.21 21.22 21.23 21.24 21.25 21.26 21.27 21.28 21.29 21.30 21.31 21.32 21.33 22.1 22.2 22.3 22.4 22.5 22.6 22.7 22.8 22.9 22.10 22.11 22.12 22.13 22.14 22.15 22.16 22.17 22.18 22.19 22.20 22.21 22.22 22.23 22.24 22.25 22.26 22.27 22.28 22.29 22.30 23.1 23.2 23.3 23.4 23.5 23.6 23.7 23.8 23.9 23.10 23.11 23.12 23.13 23.14 23.15 23.16 23.17 23.18 23.19 23.20 23.21 23.22 23.23 23.24 23.25 23.26 23.27 23.28 23.29 23.30 23.31 23.32 23.33 24.1 24.2 24.3 24.4
24.5 24.6 24.7 24.8 24.9 24.10 24.11 24.12 24.13 24.14 24.15
24.16 24.17 24.18 24.19 24.20 24.21 24.22 24.23 24.24 24.25 24.26 24.27 24.28 24.29 24.30 24.31 24.32 24.33 25.1 25.2 25.3 25.4 25.5 25.6 25.7 25.8 25.9 25.10 25.11 25.12 25.13 25.14 25.15 25.16 25.17 25.18 25.19 25.20 25.21 25.22 25.23 25.24 25.25 25.26 25.27 25.28 25.29 25.30 25.31 25.32
26.1 26.2 26.3 26.4 26.5 26.6 26.7 26.8 26.9 26.10 26.11 26.12 26.13 26.14 26.15 26.16 26.17 26.18 26.19 26.20 26.21 26.22 26.23 26.24 26.25 26.26 26.27
26.28 26.29 26.30
27.1 27.2 27.3 27.4 27.5 27.6 27.7 27.8 27.9 27.10 27.11 27.12 27.13 27.14 27.15 27.16 27.17 27.18 27.19 27.20 27.21 27.22 27.23 27.24 27.25 27.26 27.27 27.28 27.29 27.30 27.31 27.32 28.1 28.2 28.3 28.4 28.5 28.6 28.7 28.8 28.9 28.10
28.11
28.12 28.13 28.14 28.15 28.16 28.17 28.18 28.19 28.20 28.21 28.22 28.23 28.24 28.25 28.26 28.27 28.28 28.29 28.30 28.31 28.32
29.1 29.2 29.3 29.4 29.5 29.6 29.7 29.8 29.9 29.10 29.11 29.12 29.13 29.14 29.15 29.16 29.17 29.18 29.19 29.20 29.21 29.22 29.23 29.24 29.25 29.26 29.27 29.28 29.29 29.30 29.31 30.1 30.2 30.3 30.4 30.5 30.6 30.7 30.8 30.9 30.10 30.11 30.12
30.13 30.14 30.15 30.16 30.17 30.18 30.19 30.20 30.21 30.22 30.23 30.24 30.25 30.26
30.27 30.28 30.29 30.30
30.31 30.32 31.1 31.2 31.3 31.4 31.5 31.6 31.7 31.8 31.9 31.10 31.11 31.12 31.13 31.14 31.15 31.16 31.17 31.18
31.19 31.20 31.21 31.22 31.23 31.24
31.25 31.26 31.27 31.28 31.29 31.30 32.1 32.2 32.3 32.4 32.5 32.6 32.7
32.8 32.9 32.10 32.11 32.12 32.13 32.14 32.15 32.16 32.17 32.18 32.19 32.20 32.21 32.22 32.23 32.24 32.25 32.26 32.27 32.28 32.29 32.30 32.31 33.1 33.2 33.3 33.4 33.5 33.6 33.7 33.8 33.9 33.10 33.11 33.12 33.13 33.14 33.15 33.16 33.17 33.18 33.19 33.20 33.21 33.22 33.23 33.24 33.25 33.26 33.27 33.28 33.29 33.30 33.31 34.1 34.2 34.3 34.4 34.5 34.6 34.7 34.8 34.9 34.10 34.11 34.12 34.13 34.14 34.15 34.16 34.17 34.18 34.19 34.20 34.21 34.22 34.23 34.24 34.25 34.26 34.27
35.1 35.2 35.3 35.4 35.5 35.6
35.7 35.8 35.9 35.10 35.11
35.12 35.13 35.14 35.15 35.16 35.17 35.18 35.19 35.20 35.21 35.22
35.23 35.24 35.25 35.26 35.27 35.28
35.29 35.30 35.31 36.1 36.2
36.3 36.4 36.5 36.6 36.7 36.8 36.9 36.10 36.11 36.12 36.13 36.14 36.15 36.16 36.17 36.18 36.19
36.20 36.21 36.22 36.23
36.24 36.25 36.26 36.27 36.28 36.29 37.1 37.2
37.3 37.4 37.5
37.6 37.7 37.8 37.9 37.10 37.11 37.12

A bill for an act
relating to commerce; modifying various provisions governing or administered
by the Department of Commerce; modifying allowance of reinsurance credit;
establishing an insurance data security law; making technical changes; requiring
a report; amending Minnesota Statutes 2020, sections 60A.092, subdivision 10a,
by adding a subdivision; 60A.0921, subdivision 2; 60A.71, subdivision 7; 61A.245,
subdivision 4; 79.55, subdivision 10; 79.61, subdivision 1; 80G.06, subdivision
1; 82.57, subdivisions 1, 5; 82.62, subdivision 3; 82.81, subdivision 12; 82B.021,
subdivision 18; 82B.11, subdivision 3; 332.33, subdivision 3, by adding a
subdivision; 386.375, subdivision 3; proposing coding for new law in Minnesota
Statutes, chapters 60A; 80G; 332; repealing Minnesota Statutes 2020, sections
45.017; 60A.98; 60A.981; 60A.982.

BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF MINNESOTA:

Section 1.

Minnesota Statutes 2020, section 60A.092, subdivision 10a, is amended to read:


Subd. 10a.

Other jurisdictions.

The reinsurance is ceded and credit allowed to an
assuming insurer not meeting the requirements of subdivision 2, 3, 4, 5, deleted text beginordeleted text end 10, new text beginor 10b, new text endbut
only with respect to the insurance of risks located in jurisdictions where the reinsurance is
required by applicable law or regulation of that jurisdiction.

Sec. 2.

Minnesota Statutes 2020, section 60A.092, is amended by adding a subdivision to
read:


new text begin Subd. 10b. new text end

new text begin Credit allowed; reciprocal jurisdiction. new text end

new text begin (a) Credit shall be allowed when
the reinsurance is ceded to an assuming insurer meeting each of the following conditions:
new text end

new text begin (1) the assuming insurer must have its head office in or be domiciled in, as applicable,
and be licensed in a reciprocal jurisdiction. A "reciprocal jurisdiction" means a jurisdiction
that is:
new text end

new text begin (i) a non-United States jurisdiction that is subject to an in-force covered agreement with
the United States, each within its legal authority, or, in the case of a covered agreement
between the United States and the European Union, is a member state of the European
Union. For purposes of this subdivision, a "covered agreement" means an agreement entered
into pursuant to the Dodd-Frank Wall Street Reform and Consumer Protection Act, United
States Code, title 31, sections 313 and 314, that is currently in effect or in a period of
provisional application and addresses the elimination, under specified conditions, of collateral
requirements as a condition for entering into any reinsurance agreement with a ceding insurer
domiciled in Minnesota or for allowing the ceding insurer to recognize credit for reinsurance;
new text end

new text begin (ii) a United States jurisdiction that meets the requirements for accreditation under the
National Association of Insurance Commissioners (NAIC) financial standards and
accreditation program; or
new text end

new text begin (iii) a qualified jurisdiction, as determined by the commissioner, which is not otherwise
described in item (i) or (ii) and which meets the following additional requirements, consistent
with the terms and conditions of in-force covered agreements:
new text end

new text begin (A) provides that an insurer which has its head office or is domiciled in such qualified
jurisdiction shall receive credit for reinsurance ceded to a United States-domiciled assuming
insurer in the same manner as credit for reinsurance is received for reinsurance assumed by
insurers domiciled in such qualified jurisdiction;
new text end

new text begin (B) does not require a United States-domiciled assuming insurer to establish or maintain
a local presence as a condition for entering into a reinsurance agreement with any ceding
insurer subject to regulation by the non-United States jurisdiction or as a condition to allow
the ceding insurer to recognize credit for such reinsurance;
new text end

new text begin (C) recognizes the United States state regulatory approach to group supervision and
group capital, by providing written confirmation by a competent regulatory authority, in
such qualified jurisdiction, that insurers and insurance groups that are domiciled or maintain
their headquarters in this state or another jurisdiction accredited by the NAIC shall be subject
only to worldwide prudential insurance group supervision including worldwide group
governance, solvency and capital, and reporting, as applicable, by the commissioner or the
commissioner of the domiciliary state and will not be subject to group supervision at the
level of the worldwide parent undertaking of the insurance or reinsurance group by the
qualified jurisdiction; and
new text end

new text begin (D) provides written confirmation by a competent regulatory authority in such qualified
jurisdiction that information regarding insurers and their parent, subsidiary, or affiliated
entities, if applicable, shall be provided to the commissioner in accordance with a
memorandum of understanding or similar document between the commissioner and such
qualified jurisdiction, including but not limited to the International Association of Insurance
Supervisors Multilateral Memorandum of Understanding or other multilateral memoranda
of understanding coordinated by the NAIC;
new text end

new text begin (2) the assuming insurer must have and maintain, on an ongoing basis, minimum capital
and surplus, or its equivalent, calculated according to the methodology of its domiciliary
jurisdiction, on at least an annual basis as of the preceding December 31 or on the date
otherwise statutorily reported to the reciprocal jurisdiction, in the following amounts:
new text end

new text begin (i) no less than $250,000,000; or
new text end

new text begin (ii) if the assuming insurer is an association, including incorporated and individual
unincorporated underwriters:
new text end

new text begin (A) minimum capital and surplus equivalents, net of liabilities, or own funds of the
equivalent of at least $250,000,000; and
new text end

new text begin (B) a central fund containing a balance of the equivalent of at least $250,000,000;
new text end

new text begin (3) the assuming insurer must have and maintain, on an ongoing basis, a minimum
solvency or capital ratio, as applicable, as follows:
new text end

new text begin (i) if the assuming insurer has its head office or is domiciled in a reciprocal jurisdiction
defined in clause (1), item (i), the ratio specified in the applicable covered agreement;
new text end

new text begin (ii) if the assuming insurer is domiciled in a reciprocal jurisdiction defined in clause (1),
item (ii), a risk-based capital ratio of 300 percent of the authorized control level, calculated
in accordance with the formula developed by the NAIC; or
new text end

new text begin (iii) if the assuming insurer is domiciled in a Reciprocal Jurisdiction defined in clause
(1), item (iii), after consultation with the reciprocal jurisdiction and considering any
recommendations published through the NAIC Committee Process, such solvency or capital
ratio as the commissioner determines to be an effective measure of solvency;
new text end

new text begin (4) the assuming insurer must agree and provide adequate assurance in the form of a
properly executed Form AR-1, Form CR-1, and Form RJ-1 of its agreement to the following:
new text end

new text begin (i) the assuming insurer must provide prompt written notice and explanation to the
commissioner if it falls below the minimum requirements set forth in clause (2) or (3), or
if any regulatory action is taken against the assuming insurer for serious noncompliance
with applicable law;
new text end

new text begin (ii) the assuming insurer must consent in writing to the jurisdiction of the courts of
Minnesota and to the appointment of the commissioner as agent for service of process. The
commissioner may require that consent for service of process be provided to the
commissioner and included in each reinsurance agreement. Nothing in this subdivision shall
limit or in any way alter the capacity of parties to a reinsurance agreement to agree to
alternative dispute resolution mechanisms, except to the extent such agreements are
unenforceable under applicable insolvency or delinquency laws;
new text end

new text begin (iii) the assuming insurer must consent in writing to pay all final judgments, wherever
enforcement is sought, obtained by a ceding insurer or its legal successor, that have been
declared enforceable in the jurisdiction where the judgment was obtained;
new text end

new text begin (iv) each reinsurance agreement must include a provision requiring the assuming insurer
to provide security in an amount equal to 100 percent of the assuming insurer's liabilities
attributable to reinsurance ceded pursuant to that agreement if the assuming insurer resists
enforcement of a final judgment that is enforceable under the law of the jurisdiction in which
it was obtained or a properly enforceable arbitration award, whether obtained by the ceding
insurer or by its legal successor on behalf of its resolution estate;
new text end

new text begin (v) the assuming insurer must confirm that it is not presently participating in any solvent
scheme of arrangement which involves this state's ceding insurers, and agree to notify the
ceding insurer and the commissioner and to provide security in an amount equal to 100
percent of the assuming insurer's liabilities to the ceding insurer, should the assuming insurer
enter into such a solvent scheme of arrangement. The security shall be in a form consistent
with sections 60A.092, subdivision 10, 60A.093, 60A.096, and 60A.097. For purposes of
this regulation, the term "solvent scheme of arrangement" means a foreign or alien statutory
or regulatory compromise procedure subject to requisite majority creditor approval and
judicial sanction in the assuming insurer's home jurisdiction either to finally commute
liabilities of duly noticed classed members or creditors of a solvent debtor, or to reorganize
or restructure the debts and obligations of a solvent debtor on a final basis, and which may
be subject to judicial recognition and enforcement of the arrangement by a governing
authority outside the ceding insurer's home jurisdiction; and
new text end

new text begin (vi) the assuming insurer must agree in writing to meet the applicable information filing
requirements set forth in clause (5);
new text end

new text begin (5) the assuming insurer or its legal successor must provide, if requested by the
commissioner, on behalf of itself and any legal predecessors, the following documentation
to the commissioner:
new text end

new text begin (i) for the two years preceding entry into the reinsurance agreement and on an annual
basis thereafter, the assuming insurer's annual audited financial statements, in accordance
with the applicable law of the jurisdiction of its head office or domiciliary jurisdiction, as
applicable, including the external audit report;
new text end

new text begin (ii) for the two years preceding entry into the reinsurance agreement, the solvency and
financial condition report or actuarial opinion, if filed with the assuming insurer's supervisor;
new text end

new text begin (iii) prior to entry into the reinsurance agreement and not more than semiannually
thereafter, an updated list of all disputed and overdue reinsurance claims outstanding for
90 days or more, regarding reinsurance assumed from ceding insurers domiciled in the
United States; and
new text end

new text begin (iv) prior to entry into the reinsurance agreement and not more than semiannually
thereafter, information regarding the assuming insurer's assumed reinsurance by ceding
insurer, ceded reinsurance by the assuming insurer, and reinsurance recoverable on paid
and unpaid losses by the assuming insurer to allow for the evaluation of the criteria set forth
in clause (6);
new text end

new text begin (6) the assuming insurer must maintain a practice of prompt payment of claims under
reinsurance agreements. The lack of prompt payment will be evidenced if any of the
following criteria is met:
new text end

new text begin (i) more than 15 percent of the reinsurance recoverables from the assuming insurer are
overdue and in dispute as reported to the commissioner;
new text end

new text begin (ii) more than 15 percent of the assuming insurer's ceding insurers or reinsurers have
overdue reinsurance recoverable on paid losses of 90 days or more which are not in dispute
and which exceed for each ceding insurer $100,000, or as otherwise specified in a covered
agreement; or
new text end

new text begin (iii) the aggregate amount of reinsurance recoverable on paid losses which are not in
dispute, but are overdue by 90 days or more, exceeds $50,000,000, or as otherwise specified
in a covered agreement;
new text end

new text begin (7) the assuming insurer's supervisory authority must confirm to the commissioner by
December 31, 2021, and annually thereafter, or at the annual date otherwise statutorily
reported to the reciprocal jurisdiction, that the assuming insurer complies with the
requirements set forth in clauses (2) and (3); and
new text end

new text begin (8) nothing in this subdivision precludes an assuming insurer from providing the
commissioner with information on a voluntary basis.
new text end

new text begin (b) The commissioner shall timely create and publish a list of reciprocal jurisdictions.
The commissioner's list shall include any reciprocal jurisdiction as defined under paragraph
(a), clause (1), items (i) and (ii), and shall consider any other reciprocal jurisdiction included
on the NAIC list. The commissioner may approve a jurisdiction that does not appear on the
NAIC list of reciprocal jurisdictions in accordance with criteria developed under rules issued
by the commissioner. The commissioner may remove a jurisdiction from the list of reciprocal
jurisdictions upon a determination that the jurisdiction no longer meets the requirements of
a reciprocal jurisdiction, in accordance with a process set forth in rules issued by the
commissioner, except that the commissioner shall not remove from the list a reciprocal
jurisdiction as defined under paragraph (a), clause (1), items (i) and (ii). Upon removal of
a reciprocal jurisdiction from the list, credit for reinsurance ceded to an assuming insurer
which has its home office or is domiciled in that jurisdiction shall be allowed, if otherwise
allowed pursuant to law.
new text end

new text begin (c) The commissioner shall timely create and publish a list of assuming insurers that
have satisfied the conditions set forth in this subdivision and to which cessions shall be
granted credit in accordance with this subdivision. The commissioner may add an assuming
insurer to the list if an NAIC accredited jurisdiction has added the assuming insurer to a list
of assuming insurers or if, upon initial eligibility, the assuming insurer submits the
information to the commissioner as required under paragraph (a), clause (4), and complies
with any additional requirements that the commissioner may impose by rule, except to the
extent that they conflict with an applicable covered agreement.
new text end

new text begin (1) If an NAIC-accredited jurisdiction has determined that the conditions set forth in
paragraph (a), clause (2), have been met, the commissioner has the discretion to defer to
that jurisdiction's determination, and add such assuming insurer to the list of assuming
insurers to which cessions shall be granted credit in accordance with this paragraph. The
commissioner may accept financial documentation filed with another NAIC-accredited
jurisdiction or with the NAIC in satisfaction of the requirements of paragraph (a), clause
(2).
new text end

new text begin (2) When requesting that the commissioner defer to another NAIC-accredited
jurisdiction's determination, an assuming insurer must submit a properly executed Form
RJ-1 and additional information as the commissioner may require. A state that has received
such a request will notify other states through the NAIC Committee Process and provide
relevant information with respect to the determination of eligibility.
new text end

new text begin (d) If the commissioner determines that an assuming insurer no longer meets one or
more of the requirements under this subdivision, the commissioner may revoke or suspend
the eligibility of the assuming insurer for recognition under this subdivision in accordance
with procedures set forth in rule. While an assuming insurer's eligibility is suspended, no
reinsurance agreement issued, amended, or renewed after the effective date of the suspension
qualifies for credit, except to the extent that the assuming insurer's obligations under the
contract are secured in accordance with this section. If an assuming insurer's eligibility is
revoked, no credit for reinsurance may be granted after the effective date of the revocation
with respect to any reinsurance agreements entered into by the assuming insurer, including
reinsurance agreements entered into prior to the date of revocation, except to the extent that
the assuming insurer's obligations under the contract are secured in a form acceptable to
the commissioner and consistent with the provisions of this section.
new text end

new text begin (e) Before denying statement credit or imposing a requirement to post security with
respect to paragraph (d) or adopting any similar requirement that will have substantially the
same regulatory impact as security, the commissioner shall:
new text end

new text begin (1) communicate with the ceding insurer, the assuming insurer, and the assuming insurer's
supervisory authority that the assuming insurer no longer satisfies one of the conditions
listed in paragraph (a), clause (2);
new text end

new text begin (2) provide the assuming insurer with 30 days from the initial communication to submit
a plan to remedy the defect, and 90 days from the initial communication to remedy the
defect, except in exceptional circumstances in which a shorter period is necessary for
policyholder and other consumer protection;
new text end

new text begin (3) after the expiration of 90 days or less, as set out in clause (2), if the commissioner
determines that no or insufficient action was taken by the assuming insurer, the commissioner
may impose any of the requirements as set out in this paragraph; and
new text end

new text begin (4) provide a written explanation to the assuming insurer of any of the requirements set
out in this paragraph.
new text end

new text begin (f) If subject to a legal process of rehabilitation, liquidation, or conservation, as applicable,
the ceding insurer, or its representative, may seek and, if determined appropriate by the
court in which the proceedings are pending, may obtain an order requiring that the assuming
insurer post security for all outstanding ceded liabilities.
new text end

new text begin (g) Nothing in this subdivision limits or in any way alters the capacity of parties to a
reinsurance agreement to agree on requirements for security or other terms in the reinsurance
agreement, except as expressly prohibited by applicable law or rule.
new text end

new text begin (h) Credit may be taken under this subdivision only for reinsurance agreements entered
into, amended, or renewed on or after the effective date of this subdivision, and only with
respect to losses incurred and reserves reported on or after the later of: (1) the date on which
the assuming insurer has met all eligibility requirements pursuant to this subdivision; and
(2) the effective date of the new reinsurance agreement, amendment, or renewal. This
paragraph does not alter or impair a ceding insurer's right to take credit for reinsurance, to
the extent that credit is not available under this subdivision, as long as the reinsurance
qualifies for credit under any other applicable provision of law. Nothing in this subdivision
shall authorize an assuming insurer to withdraw or reduce the security provided under any
reinsurance agreement, except as permitted by the terms of the agreement. Nothing in this
subdivision shall limit, or in any way alter, the capacity of parties to any reinsurance
agreement to renegotiate the agreement.
new text end

Sec. 3.

Minnesota Statutes 2020, section 60A.0921, subdivision 2, is amended to read:


Subd. 2.

Certification procedure.

(a) The commissioner shall post notice on the
department's website promptly upon receipt of any application for certification, including
instructions on how members of the public may respond to the application. The commissioner
may not take final action on the application until at least 30 days after posting the notice.

(b) The commissioner shall issue written notice to an assuming insurer that has applied
and been approved as a certified reinsurer. The notice must include the rating assigned the
certified reinsurer in accordance with subdivision 1. The commissioner shall publish a list
of all certified reinsurers and their ratings.

(c) In order to be eligible for certification, the assuming insurer must:

(1) be domiciled and licensed to transact insurance or reinsurance in a qualified
jurisdiction, as determined by the commissioner under subdivision 3;

(2) maintain capital and surplus, or its equivalent, of no less than $250,000,000 calculated
in accordance with paragraph (d), clause (8). This requirement may also be satisfied by an
association including incorporated and individual unincorporated underwriters having
minimum capital and surplus equivalents net of liabilities of at least $250,000,000 and a
central fund containing a balance of at least $250,000,000;

(3) maintain financial strength ratings from two or more rating agencies acceptable to
the commissioner. These ratings shall be based on interactive communication between the
rating agency and the assuming insurer and shall not be based solely on publicly available
information. These financial strength ratings shall be one factor used by the commissioner
in determining the rating that is assigned to the assuming insurer. Acceptable rating agencies
include the following:

(i) Standard & Poor's;

(ii) Moody's Investors Service;

(iii) Fitch Ratings;

(iv) A.M. Best Company; or

(v) any other nationally recognized statistical rating organization; and

(4) ensure that the certified reinsurer complies with any other requirements reasonably
imposed by the commissioner.

(d) Each certified reinsurer shall be rated on a legal entity basis, with due consideration
being given to the group rating where appropriate, except that an association including
incorporated and individual unincorporated underwriters that has been approved to do
business as a single certified reinsurer may be evaluated on the basis of its group rating.
Factors that may be considered as part of the evaluation process include, but are not limited
to:

(1) certified reinsurer's financial strength rating from an acceptable rating agency. The
maximum rating that a certified reinsurer may be assigned will correspond to its financial
strength rating as outlined in the table below. The commissioner shall use the lowest financial
strength rating received from an approved rating agency in establishing the maximum rating
of a certified reinsurer. A failure to obtain or maintain at least two financial strength ratings
from acceptable rating agencies will result in loss of eligibility for certification;

Ratings
Best
S&P
Moody's
Fitch
Secure - 1
A++
AAA
Aaa
AAA
Secure - 2
A+
AA+, AA, AA-
Aa1, Aa2, Aa3
AA+, AA, AA-
Secure - 3
A
A+, A
A1, A2
A+, A
Secure - 4
A-
A-
A3
A-
Secure - 5
B++, B-
BBB+, BBB,
BBB-
Baa1, Baa2, Baa3
BBB+, BBB,
BBB-
Vulnerable - 6
B, B-C++, C+, C,
C-, D, E, F
BB+, BB, BB-,
B+, B, B-, CCC,
CC, C, D, R
Ba1, Ba2, Ba3,
B1, B2, B3, Caa,
Ca, C
BB+, BB, BB-,
B+, B, B-, CCC+,
CC, CCC-, DD

(2) the business practices of the certified reinsurer in dealing with its ceding insurers,
including its record of compliance with reinsurance contractual terms and obligations;

(3) for certified reinsurers domiciled in the United States, a review of the most recent
applicable NAIC annual statement;

(4) for certified reinsurers not domiciled in the United States, a review annually of such
forms as may be required by the commissioner;

(5) the reputation of the certified reinsurer for prompt payment of claims under
reinsurance agreements, based on an analysis of ceding insurers' reporting of overdue
reinsurance recoverables, including the proportion of obligations that are more than 90 days
past due or are in dispute, with specific attention given to obligations payable to companies
that are in administrative supervision or receivership;

(6) regulatory actions against the certified reinsurer;

(7) the report of the independent auditor on the financial statements of the insurance
enterprise, on the basis described in clause (8);

(8) for certified reinsurers not domiciled in the United States, audited financial statements
(audited United States GAAP basis if available, audited IFRS basis statements are allowed,
but must include an audited footnote reconciling equity and net income to a United States
GAAP basis, or, with permission of the commissioner, audited IFRS statements with
reconciliation to United States GAAP certified by an officer of the company). Upon the
initial application for certification, the commissioner will consider audited financial
statements for the last deleted text beginthreedeleted text endnew text begin twonew text end years filed with its non-United States jurisdiction supervisor;

(9) the liquidation priority of obligations to a ceding insurer in the certified reinsurer's
domiciliary jurisdiction in the context of an insolvency proceeding;

(10) a certified reinsurer's participation in any solvent scheme of arrangement, or similar
procedure, which involves United States ceding insurers. The commissioner must receive
prior notice from a certified reinsurer that proposes participation by the certified reinsurer
in a solvent scheme of arrangement; and

(11) other information as determined by the commissioner.

(e) Based on the analysis conducted under paragraph (d), clause (5), of a certified
reinsurer's reputation for prompt payment of claims, the commissioner may make appropriate
adjustments in the security the certified reinsurer is required to post to protect its liabilities
to United States ceding insurers, provided that the commissioner shall, at a minimum,
increase the security the certified reinsurer is required to post by one rating level under
paragraph (d), clause (1), if the commissioner finds that:

(1) more than 15 percent of the certified reinsurer's ceding insurance clients have overdue
reinsurance recoverables on paid losses of 90 days or more which are not in dispute and
which exceed $100,000 for each cedent; or

(2) the aggregate amount of reinsurance recoverables on paid losses which are not in
dispute that are overdue by 90 days or more exceeds $50,000,000.

(f) The assuming insurer must submit such forms as required by the commissioner as
evidence of its submission to the jurisdiction of this state, appoint the commissioner as an
agent for service of process in this state, and agree to provide security for 100 percent of
the assuming insurer's liabilities attributable to reinsurance ceded by United States ceding
insurers if it resists enforcement of a final United States judgment. The commissioner shall
not certify an assuming insurer that is domiciled in a jurisdiction that the commissioner has
determined does not adequately and promptly enforce final United States judgments or
arbitration awards.

(g) The certified reinsurer must agree to meet filing requirements as determined by the
commissioner, both with respect to an initial application for certification and on an ongoing
basis. All data submitted by certified reinsurers to the commissioner is nonpublic under
section 13.02, subdivision 9. The certified reinsurer must file with the commissioner:

(1) a notification within ten days of any regulatory actions taken against the certified
reinsurer, any change in the provisions of its domiciliary license, or any change in rating
by an approved rating agency, including a statement describing such changes and the reasons
therefore;

(2) an annual report regarding reinsurance assumed, in a form determined by the
commissioner;

(3) an annual report of the independent auditor on the financial statements of the insurance
enterprise, on the basis described in clause (4);

(4) an annual audited financial statement, regulatory filings, and actuarial opinion filed
with the certified reinsurer's supervisor. Upon the initial certification, audited financial
statements for the last deleted text beginthreedeleted text endnew text begin twonew text end years filed with the certified reinsurer's supervisor;

(5) at least annually, an updated list of all disputed and overdue reinsurance claims
regarding reinsurance assumed from United States domestic ceding insurers;

(6) a certification from the certified reinsurer's domestic regulator that the certified
reinsurer is in good standing and maintains capital in excess of the jurisdiction's highest
regulatory action level; and

(7) any other relevant information as determined by the commissioner.

Sec. 4.

Minnesota Statutes 2020, section 60A.71, subdivision 7, is amended to read:


Subd. 7.

Duration; fees.

(a) Each applicant for a reinsurance intermediary license shall
pay to the commissioner a fee of $200 for an initial two-year license and a fee of $150 for
each renewal. Applications shall be submitted on forms prescribed by the commissioner.

(b) Initial licenses issued under this chapter are valid for a period not to exceed 24 months
and expire on October 31 of the renewal year assigned by the commissioner. Each renewal
reinsurance intermediary license is valid for a period of 24 months. deleted text beginLicensees who submit
renewal applications postmarked or delivered on or before October 15 of the renewal year
may continue to transact business whether or not the renewal license has been received by
November 1. Licensees who submit applications postmarked or delivered after October 15
of the renewal year must not transact business after the expiration date of the license until
the renewal license has been received.
deleted text end

(c) All fees are nonreturnable, except that an overpayment of any fee may be refunded
upon proper application.

Sec. 5.

new text begin [60A.985] DEFINITIONS.
new text end

new text begin Subdivision 1. new text end

new text begin Terms. new text end

new text begin As used in sections 60A.985 to 60A.9857, the following terms
have the meanings given.
new text end

new text begin Subd. 2. new text end

new text begin Authorized individual. new text end

new text begin "Authorized individual" means an individual known
to and screened by the licensee and determined to be necessary and appropriate to have
access to the nonpublic information held by the licensee and its information systems.
new text end

new text begin Subd. 3. new text end

new text begin Consumer. new text end

new text begin "Consumer" means an individual, including but not limited to an
applicant, policyholder, insured, beneficiary, claimant, and certificate holder who is a resident
of this state and whose nonpublic information is in a licensee's possession, custody, or
control.
new text end

new text begin Subd. 4. new text end

new text begin Cybersecurity event. new text end

new text begin "Cybersecurity event" means an event resulting in
unauthorized access to, service level or disruption or misuse of, an information system or
nonpublic information stored on an information system which results in the release of a
consumer's nonpublic information.
new text end

new text begin Cybersecurity event does not include the unauthorized acquisition of encrypted nonpublic
information if the encryption, process, or key is not also acquired, released, or used without
authorization.
new text end

new text begin Cybersecurity event does not include an event with regard to which the licensee has
determined that the nonpublic information accessed by an unauthorized person has not been
used or released and has been returned or destroyed.
new text end

new text begin Subd. 5. new text end

new text begin Encrypted. new text end

new text begin "Encrypted" means the transformation of data into a form which
results in a low probability of assigning meaning without the use of a protective process or
key.
new text end

new text begin Subd. 6. new text end

new text begin Information security program. new text end

new text begin "Information security program" means the
administrative, technical, and physical safeguards that a licensee uses to access, collect,
distribute, process, protect, store, use, transmit, dispose of, or otherwise handle nonpublic
information.
new text end

new text begin Subd. 7. new text end

new text begin Information system. new text end

new text begin "Information system" means a discrete set of electronic
information resources organized for the collection, processing, maintenance, use, sharing,
dissemination, or disposition of nonpublic electronic information, as well as any specialized
system such as industrial or process controls systems, telephone switching and private
branch exchange systems, and environmental control systems.
new text end

new text begin Subd. 8. new text end

new text begin Licensee. new text end

new text begin "Licensee" means any person licensed, authorized to operate, or
registered, or required to be licensed, authorized, or registered by the Department of
Commerce or the Department of Health under chapters 59A to 62M and 62P to 79A.
new text end

new text begin Subd. 9. new text end

new text begin Multifactor authentication. new text end

new text begin "Multifactor authentication" means authentication
through verification of at least two of the following types of authentication factors:
new text end

new text begin (1) knowledge factors, such as a password;
new text end

new text begin (2) possession factors, such as a token or text message on a mobile phone; or
new text end

new text begin (3) inherence factors, such as a biometric characteristic.
new text end

new text begin Subd. 10. new text end

new text begin Nonpublic information. new text end

new text begin "Nonpublic information" means electronic information
that is not publicly available information and is:
new text end

new text begin (1) any information concerning a consumer which because of name, number, personal
mark, or other identifier can be used to identify the consumer, in combination with any one
or more of the following data elements:
new text end

new text begin (i) Social Security number;
new text end

new text begin (ii) driver's license number or nondriver identification card number;
new text end

new text begin (iii) financial account number, credit card number, or debit card number;
new text end

new text begin (iv) any security code, access code, or password that would permit access to a consumer's
financial account; or
new text end

new text begin (v) biometric records; or
new text end

new text begin (2) any information or data, except age or gender, in any form or medium created by or
derived from a health care provider or a consumer that can be used to identify a particular
consumer and that relates to:
new text end

new text begin (i) the past, present, or future physical, mental, or behavioral health or condition of any
consumer or a member of the consumer's family;
new text end

new text begin (ii) the provision of health care to any consumer; or
new text end

new text begin (iii) payment for the provision of health care to any consumer.
new text end

new text begin Subd. 11. new text end

new text begin Person. new text end

new text begin "Person" means any individual or any nongovernmental entity,
including but not limited to any nongovernmental partnership, corporation, branch, agency,
or association.
new text end

new text begin Subd. 12. new text end

new text begin Publicly available information. new text end

new text begin "Publicly available information" means any
information that a licensee has a reasonable basis to believe is lawfully made available to
the general public from: federal, state, or local government records; widely distributed
media; or disclosures to the general public that are required to be made by federal, state, or
local law.
new text end

new text begin For the purposes of this definition, a licensee has a reasonable basis to believe that
information is lawfully made available to the general public if the licensee has taken steps
to determine:
new text end

new text begin (1) that the information is of the type that is available to the general public; and
new text end

new text begin (2) whether a consumer can direct that the information not be made available to the
general public and, if so, that such consumer has not done so.
new text end

new text begin Subd. 13. new text end

new text begin Risk assessment. new text end

new text begin "Risk assessment" means the risk assessment that each
licensee is required to conduct under section 60A.9853, subdivision 3.
new text end

new text begin Subd. 14. new text end

new text begin State. new text end

new text begin "State" means the state of Minnesota.
new text end

new text begin Subd. 15. new text end

new text begin Third-party service provider. new text end

new text begin "Third-party service provider" means a person,
not otherwise defined as a licensee, that contracts with a licensee to maintain, process, or
store nonpublic information, or is otherwise permitted access to nonpublic information
through its provision of services to the licensee.
new text end

Sec. 6.

new text begin [60A.9851] INFORMATION SECURITY PROGRAM.
new text end

new text begin Subdivision 1. new text end

new text begin Implementation of an information security program. new text end

new text begin Commensurate
with the size and complexity of the licensee, the nature and scope of the licensee's activities,
including its use of third-party service providers, and the sensitivity of the nonpublic
information used by the licensee or in the licensee's possession, custody, or control, each
licensee shall develop, implement, and maintain a comprehensive written information
security program based on the licensee's risk assessment and that contains administrative,
technical, and physical safeguards for the protection of nonpublic information and the
licensee's information system.
new text end

new text begin Subd. 2. new text end

new text begin Objectives of an information security program. new text end

new text begin A licensee's information
security program shall be designed to:
new text end

new text begin (1) protect the security and confidentiality of nonpublic information and the security of
the information system;
new text end

new text begin (2) protect against any threats or hazards to the security or integrity of nonpublic
information and the information system;
new text end

new text begin (3) protect against unauthorized access to, or use of, nonpublic information, and minimize
the likelihood of harm to any consumer; and
new text end

new text begin (4) define and periodically reevaluate a schedule for retention of nonpublic information
and a mechanism for its destruction when no longer needed.
new text end

new text begin Subd. 3. new text end

new text begin Risk assessment. new text end

new text begin The licensee shall:
new text end

new text begin (1) designate one or more employees, an affiliate, or an outside vendor authorized to act
on behalf of the licensee who is responsible for the information security program;
new text end

new text begin (2) identify reasonably foreseeable internal or external threats that could result in
unauthorized access, transmission, disclosure, misuse, alteration, or destruction of nonpublic
information, including threats to the security of information systems and nonpublic
information that are accessible to, or held by, third-party service providers;
new text end

new text begin (3) assess the likelihood and potential damage of the threats identified pursuant to clause
(2), taking into consideration the sensitivity of the nonpublic information;
new text end

new text begin (4) assess the sufficiency of policies, procedures, information systems, and other
safeguards in place to manage these threats, including consideration of threats in each
relevant area of the licensee's operations, including:
new text end

new text begin (i) employee training and management;
new text end

new text begin (ii) information systems, including network and software design, as well as information
classification, governance, processing, storage, transmission, and disposal; and
new text end

new text begin (iii) detecting, preventing, and responding to attacks, intrusions, or other systems failures;
and
new text end

new text begin (5) implement information safeguards to manage the threats identified in its ongoing
assessment, and no less than annually, assess the effectiveness of the safeguards' key controls,
systems, and procedures.
new text end

new text begin Subd. 4. new text end

new text begin Risk management. new text end

new text begin Based on its risk assessment, the licensee shall:
new text end

new text begin (1) design its information security program to mitigate the identified risks, commensurate
with the size and complexity of the licensee, the nature and scope of the licensee's activities,
including its use of third-party service providers, and the sensitivity of the nonpublic
information used by the licensee or in the licensee's possession, custody, or control;
new text end

new text begin (2) determine which of the following security measures are appropriate and implement
any appropriate security measures:
new text end

new text begin (i) place access controls on information systems, including controls to authenticate and
permit access only to authorized individuals, to protect against the unauthorized acquisition
of nonpublic information;
new text end

new text begin (ii) identify and manage the data, personnel, devices, systems, and facilities that enable
the organization to achieve business purposes in accordance with their relative importance
to business objectives and the organization's risk strategy;
new text end

new text begin (iii) restrict physical access to nonpublic information to authorized individuals only;
new text end

new text begin (iv) protect, by encryption or other appropriate means, all nonpublic information while
being transmitted over an external network and all nonpublic information stored on a laptop
computer or other portable computing or storage device or media;
new text end

new text begin (v) adopt secure development practices for in-house developed applications utilized by
the licensee;
new text end

new text begin (vi) modify the information system in accordance with the licensee's information security
program;
new text end

new text begin (vii) utilize effective controls, which may include multifactor authentication procedures
for employees accessing nonpublic information;
new text end

new text begin (viii) regularly test and monitor systems and procedures to detect actual and attempted
attacks on, or intrusions into, information systems;
new text end

new text begin (ix) include audit trails within the information security program designed to detect and
respond to cybersecurity events and designed to reconstruct material financial transactions
sufficient to support normal operations and obligations of the licensee;
new text end

new text begin (x) implement measures to protect against destruction, loss, or damage of nonpublic
information due to environmental hazards, such as fire and water damage, other catastrophes,
or technological failures; and
new text end

new text begin (xi) develop, implement, and maintain procedures for the secure disposal of nonpublic
information in any format;
new text end

new text begin (3) include cybersecurity risks in the licensee's enterprise risk management process;
new text end

new text begin (4) stay informed regarding emerging threats or vulnerabilities and utilize reasonable
security measures when sharing information relative to the character of the sharing and the
type of information shared; and
new text end

new text begin (5) provide its personnel with cybersecurity awareness training that is updated as
necessary to reflect risks identified by the licensee in the risk assessment.
new text end

new text begin Subd. 5. new text end

new text begin Oversight by board of directors. new text end

new text begin If the licensee has a board of directors, the
board or an appropriate committee of the board shall, at a minimum:
new text end

new text begin (1) require the licensee's executive management or its delegates to develop, implement,
and maintain the licensee's information security program;
new text end

new text begin (2) require the licensee's executive management or its delegates to report in writing, at
least annually, the following information:
new text end

new text begin (i) the overall status of the information security program and the licensee's compliance
with this act; and
new text end

new text begin (ii) material matters related to the information security program, addressing issues such
as risk assessment, risk management and control decisions, third-party service provider
arrangements, results of testing, cybersecurity events or violations and management's
responses thereto, and recommendations for changes in the information security program;
and
new text end

new text begin (3) if executive management delegates any of its responsibilities under this section, it
shall oversee the development, implementation, and maintenance of the licensee's information
security program prepared by the delegate and shall receive a report from the delegate
complying with the requirements of the report to the board of directors.
new text end

new text begin Subd. 6. new text end

new text begin Oversight of third-party service provider arrangements. new text end

new text begin (a) A licensee shall
exercise due diligence in selecting its third-party service provider.
new text end

new text begin (b) A licensee shall require a third-party service provider to implement appropriate
administrative, technical, and physical measures to protect and secure the information
systems and nonpublic information that are accessible to, or held by, the third-party service
provider.
new text end

new text begin Subd. 7. new text end

new text begin Program adjustments. new text end

new text begin The licensee shall monitor, evaluate, and adjust, as
appropriate, the information security program consistent with any relevant changes in
technology, the sensitivity of its nonpublic information, internal or external threats to
information, and the licensee's own changing business arrangements, such as mergers and
acquisitions, alliances and joint ventures, outsourcing arrangements, and changes to
information systems.
new text end

new text begin Subd. 8. new text end

new text begin Incident response plan. new text end

new text begin (a) As part of its information security program, each
licensee shall establish a written incident response plan designed to promptly respond to,
and recover from, any cybersecurity event that compromises the confidentiality, integrity,
or availability of nonpublic information in its possession, the licensee's information systems,
or the continuing functionality of any aspect of the licensee's business or operations.
new text end

new text begin (b) The incident response plan shall address the following areas:
new text end

new text begin (1) the internal process for responding to a cybersecurity event;
new text end

new text begin (2) the goals of the incident response plan;
new text end

new text begin (3) the definition of clear roles, responsibilities, and levels of decision-making authority;
new text end

new text begin (4) external and internal communications and information sharing;
new text end

new text begin (5) identification of requirements for the remediation of any identified weaknesses in
information systems and associated controls;
new text end

new text begin (6) documentation and reporting regarding cybersecurity events and related incident
response activities; and
new text end

new text begin (7) the evaluation and revision, as necessary, of the incident response plan following a
cybersecurity event.
new text end

new text begin Subd. 9. new text end

new text begin Annual certification to commissioner. new text end

new text begin (a) Subject to paragraph (b), by April
15 of each year, an insurer domiciled in this state shall certify in writing to the commissioner
that the insurer is in compliance with the requirements set forth in this section. Each insurer
shall maintain all records, schedules, and data supporting this certificate for a period of five
years and shall permit examination by the commissioner. To the extent an insurer has
identified areas, systems, or processes that require material improvement, updating, or
redesign, the insurer shall document the identification and the remedial efforts planned and
underway to address such areas, systems, or processes. Such documentation must be available
for inspection by the commissioner.
new text end

new text begin (b) The commissioner must post on the department's website, no later than 60 days prior
to the certification required by paragraph (a), the form and manner of submission required
and any instructions necessary to prepare the certification.
new text end

Sec. 7.

new text begin [60A.9852] INVESTIGATION OF A CYBERSECURITY EVENT.
new text end

new text begin Subdivision 1. new text end

new text begin Prompt investigation. new text end

new text begin If the licensee learns that a cybersecurity event
has or may have occurred, the licensee, or an outside vendor or service provider designated
to act on behalf of the licensee, shall conduct a prompt investigation.
new text end

new text begin Subd. 2. new text end

new text begin Investigation contents. new text end

new text begin During the investigation, the licensee, or an outside
vendor or service provider designated to act on behalf of the licensee, shall, at a minimum
and to the extent possible:
new text end

new text begin (1) determine whether a cybersecurity event has occurred;
new text end

new text begin (2) assess the nature and scope of the cybersecurity event, if any;
new text end

new text begin (3) identify whether any nonpublic information was involved in the cybersecurity event
and, if so, what nonpublic information was involved; and
new text end

new text begin (4) perform or oversee reasonable measures to restore the security of the information
systems compromised in the cybersecurity event in order to prevent further unauthorized
acquisition, release, or use of nonpublic information in the licensee's possession, custody,
or control.
new text end

new text begin Subd. 3. new text end

new text begin Third-party systems. new text end

new text begin If the licensee learns that a cybersecurity event has or
may have occurred in a system maintained by a third-party service provider, the licensee
will complete the steps listed in subdivision 2 or confirm and document that the third-party
service provider has completed those steps.
new text end

new text begin Subd. 4. new text end

new text begin Records. new text end

new text begin The licensee shall maintain records concerning all cybersecurity
events for a period of at least five years from the date of the cybersecurity event and shall
produce those records upon demand of the commissioner.
new text end

Sec. 8.

new text begin [60A.9853] NOTIFICATION OF A CYBERSECURITY EVENT.
new text end

new text begin Subdivision 1. new text end

new text begin Notification to the commissioner. new text end

new text begin Each licensee shall notify the
commissioner of commerce or commissioner of health, whichever commissioner otherwise
regulates the licensee, without unreasonable delay but in no event later than five business
days from a determination that a cybersecurity event involving nonpublic information that
is in the possession of a licensee has occurred when either of the following criteria has been
met:
new text end

new text begin (1) this state is the licensee's state of domicile, in the case of an insurer, or this state is
the licensee's home state, in the case of a producer, as those terms are defined in chapter
60K and the cybersecurity event has a reasonable likelihood of materially harming:
new text end

new text begin (i) any consumer residing in this state; or
new text end

new text begin (ii) any part of the normal operations of the licensee; or
new text end

new text begin (2) the licensee reasonably believes that the nonpublic information involved is of 500
or more consumers residing in this state and that is either of the following:
new text end

new text begin (i) a cybersecurity event impacting the licensee of which notice is required to be provided
to any government body, self-regulatory agency, or any other supervisory body pursuant
to any state or federal law; or
new text end

new text begin (ii) a cybersecurity event that has a reasonable likelihood of materially harming:
new text end

new text begin (A) any consumer residing in this state; or
new text end

new text begin (B) any part of the normal operations of the licensee.
new text end

new text begin Subd. 2. new text end

new text begin Information; notification. new text end

new text begin A licensee making the notification required under
subdivision 1 shall provide the information in electronic form as directed by the
commissioner. The licensee shall have a continuing obligation to update and supplement
initial and subsequent notifications to the commissioner concerning material changes to
previously provided information relating to the cybersecurity event. The licensee shall
provide as much of the following information as possible:
new text end

new text begin (1) date of the cybersecurity event;
new text end

new text begin (2) description of how the information was exposed, lost, stolen, or breached, including
the specific roles and responsibilities of third-party service providers, if any;
new text end

new text begin (3) how the cybersecurity event was discovered;
new text end

new text begin (4) whether any lost, stolen, or breached information has been recovered and, if so, how
this was done;
new text end

new text begin (5) the identity of the source of the cybersecurity event;
new text end

new text begin (6) whether the licensee has filed a police report or has notified any regulatory,
government, or law enforcement agencies and, if so, when such notification was provided;
new text end

new text begin (7) description of the specific types of information acquired without authorization.
Specific types of information means particular data elements including, for example, types
of medical information, types of financial information, or types of information allowing
identification of the consumer;
new text end

new text begin (8) the period during which the information system was compromised by the cybersecurity
event;
new text end

new text begin (9) the number of total consumers in this state affected by the cybersecurity event. The
licensee shall provide the best estimate in the initial report to the commissioner and update
this estimate with each subsequent report to the commissioner pursuant to this section;
new text end

new text begin (10) the results of any internal review identifying a lapse in either automated controls
or internal procedures, or confirming that all automated controls or internal procedures were
followed;
new text end

new text begin (11) description of efforts being undertaken to remediate the situation which permitted
the cybersecurity event to occur;
new text end

new text begin (12) a copy of the licensee's privacy policy and a statement outlining the steps the licensee
will take to investigate and notify consumers affected by the cybersecurity event; and
new text end

new text begin (13) name of a contact person who is familiar with the cybersecurity event and authorized
to act for the licensee.
new text end

new text begin Subd. 3. new text end

new text begin Notification to consumers. new text end

new text begin (a) If a licensee is required to submit a report to
the commissioner under subdivision 1, the licensee shall notify any consumer residing in
Minnesota if, as a result of the cybersecurity event reported to the commissioner, the
consumer's nonpublic information was or is reasonably believed to have been acquired by
an unauthorized person, and there is a reasonable likelihood of material harm to the consumer
as a result of the cybersecurity event. Consumer notification is not required for a
cybersecurity event resulting from the good faith acquisition of nonpublic information by
an employee or agent of the licensee for the purposes of the licensee's business, provided
the nonpublic information is not used for a purpose other than the licensee's business or
subject to further unauthorized disclosure. The notification must be made in the most
expedient time possible and without unreasonable delay, consistent with the legitimate needs
of law enforcement or with any measures necessary to determine the scope of the breach,
identify the individuals affected, and restore the reasonable integrity of the data system.
The notification may be delayed to a date certain if the commissioner determines that
providing the notice impedes a criminal investigation. The licensee shall provide a copy of
the notice to the commissioner.
new text end

new text begin (b) For purposes of this subdivision, notice required under paragraph (a) must be provided
by one of the following methods:
new text end

new text begin (1) written notice to the consumer's most recent address in the licensee's records;
new text end

new text begin (2) electronic notice, if the licensee's primary method of communication with the
consumer is by electronic means or if the notice provided is consistent with the provisions
regarding electronic records and signatures in United States Code, title 15, section 7001;
or
new text end

new text begin (3) if the cost of providing notice exceeds $250,000, the affected class of consumers to
be notified exceeds 500,000, or the licensee does not have sufficient contact information
for the subject consumers, notice as follows:
new text end

new text begin (i) e-mail notice when the licensee has an e-mail address for the subject consumers;
new text end

new text begin (ii) conspicuous posting of the notice on the website page of the licensee; and
new text end

new text begin (iii) notification to major statewide media.
new text end

new text begin (c) Notwithstanding paragraph (b), a licensee that maintains its own notification procedure
as part of its information security program that is consistent with the timing requirements
of this subdivision is deemed to comply with the notification requirements if the licensee
notifies subject consumers in accordance with its program.
new text end

new text begin (d) A waiver of the requirements under this subdivision is contrary to public policy, and
is void and unenforceable.
new text end

new text begin Subd. 4. new text end

new text begin Notice regarding cybersecurity events of third-party service providers. new text end

new text begin (a)
In the case of a cybersecurity event in a system maintained by a third-party service provider,
of which the licensee has become aware, the licensee shall treat such event as it would under
subdivision 1 unless the third-party service provider provides the notice required under
subdivision 1.
new text end

new text begin (b) The computation of a licensee's deadlines shall begin on the day after the third-party
service provider notifies the licensee of the cybersecurity event or the licensee otherwise
has actual knowledge of the cybersecurity event, whichever is sooner.
new text end

new text begin (c) Nothing in this act shall prevent or abrogate an agreement between a licensee and
another licensee, a third-party service provider, or any other party to fulfill any of the
investigation requirements imposed under section 60A.9854 or notice requirements imposed
under this section.
new text end

new text begin Subd. 5. new text end

new text begin Notice regarding cybersecurity events of reinsurers to insurers. new text end

new text begin (a) In the
case of a cybersecurity event involving nonpublic information that is used by the licensee
that is acting as an assuming insurer or in the possession, custody, or control of a licensee
that is acting as an assuming insurer and that does not have a direct contractual relationship
with the affected consumers, the assuming insurer shall notify its affected ceding insurers
and the commissioner of its state of domicile within three business days of making the
determination that a cybersecurity event has occurred.
new text end

new text begin (b) The ceding insurers that have a direct contractual relationship with affected consumers
shall fulfill the consumer notification requirements imposed under subdivision 3 and any
other notification requirements relating to a cybersecurity event imposed under this section.
new text end

new text begin (c) In the case of a cybersecurity event involving nonpublic information that is in the
possession, custody, or control of a third-party service provider of a licensee that is an
assuming insurer, the assuming insurer shall notify its affected ceding insurers and the
commissioner of its state of domicile within three business days of receiving notice from
its third-party service provider that a cybersecurity event has occurred.
new text end

new text begin (d) The ceding insurers that have a direct contractual relationship with affected consumers
shall fulfill the consumer notification requirements imposed under subdivision 3 and any
other notification requirements relating to a cybersecurity event imposed under this section.
new text end

new text begin (e) Any licensee acting as an assuming insurer shall have no other notice obligations
relating to a cybersecurity event or other data breach under this section.
new text end

new text begin Subd. 6. new text end

new text begin Notice regarding cybersecurity events of insurers to producers of record. new text end

new text begin (a)
In the case of a cybersecurity event involving nonpublic information that is in the possession,
custody, or control of a licensee that is an insurer or its third-party service provider and for
which a consumer accessed the insurer's services through an independent insurance producer,
the insurer shall notify the producers of record of all affected consumers no later than the
time at which notice is provided to the affected consumers.
new text end

new text begin (b) The insurer is excused from this obligation for those instances in which it does not
have the current producer of record information for any individual consumer or in those
instances in which the producer of record is no longer appointed to sell, solicit, or negotiate
on behalf of the insurer.
new text end

Sec. 9.

new text begin [60A.9854] POWER OF COMMISSIONER.
new text end

new text begin (a) The commissioner of commerce or commissioner of health, whichever commissioner
otherwise regulates the licensee, shall have power to examine and investigate into the affairs
of any licensee to determine whether the licensee has been or is engaged in any conduct in
violation of sections 60A.985 to 60A.9857. This power is in addition to the powers which
the commissioner has under section 60A.031. Any such investigation or examination shall
be conducted pursuant to section 60A.031.
new text end

new text begin (b) Whenever the commissioner of commerce or commissioner of health has reason to
believe that a licensee has been or is engaged in conduct in this state which violates sections
60A.985 to 60A.9857, the commissioner of commerce or commissioner of health may take
action that is necessary or appropriate to enforce those sections.
new text end

Sec. 10.

new text begin [60A.9855] CONFIDENTIALITY.
new text end

new text begin Subdivision 1. new text end

new text begin Licensee information. new text end

new text begin Any documents, materials, or other information
in the control or possession of the department that are furnished by a licensee or an employee
or agent thereof acting on behalf of a licensee pursuant to section 60A.9851, subdivision
9; section 60A.9853, subdivision 2, clauses (2), (3), (4), (5), (8), (10), and (11); or that are
obtained by the commissioner in an investigation or examination pursuant to section
60A.9854 shall be nonpublic data pursuant to section 13.02; shall not be subject to subpoena;
and shall not be subject to discovery or admissible in evidence in any private civil action.
However, the commissioner is authorized to use the documents, materials, or other
information in the furtherance of any regulatory or legal action brought as a part of the
commissioner's duties. Nothing in this act shall allow the release of information that is
nonpublic data pursuant to section 13.02.
new text end

new text begin Subd. 2. new text end

new text begin Certain testimony prohibited. new text end

new text begin Neither the commissioner nor any person who
received documents, materials, or other information while acting under the authority of the
commissioner shall be permitted or required to testify in any private civil action concerning
any confidential documents, materials, or information subject to subdivision 1.
new text end

new text begin Subd. 3. new text end

new text begin Information sharing. new text end

new text begin In order to assist in the performance of the commissioner's
duties under this act, the commissioner:
new text end

new text begin (1) may share documents, materials, or other information, including the confidential and
privileged documents, materials, or information subject to subdivision 1, with other state,
federal, and international regulatory agencies, with the National Association of Insurance
Commissioners, its affiliates or subsidiaries, and with state, federal, and international law
enforcement authorities, provided that the recipient agrees in writing to maintain the
confidentiality and privileged status of the document, material, or other information;
new text end

new text begin (2) may receive documents, materials, or information, including otherwise confidential
and privileged documents, materials, or information, from the National Association of
Insurance Commissioners, its affiliates or subsidiaries, and from regulatory and law
enforcement officials of other foreign or domestic jurisdictions, and shall maintain as
confidential or privileged any document, material, or information received with notice or
the understanding that it is confidential or privileged under the laws of the jurisdiction that
is the source of the document, material, or information;
new text end

new text begin (3) may share documents, materials, or other information subject to subdivision 1, with
a third-party consultant or vendor provided the consultant agrees in writing to maintain the
confidentiality and privileged status of the document, material, or other information; and
new text end

new text begin (4) may enter into agreements governing sharing and use of information consistent with
this subdivision.
new text end

new text begin Subd. 4. new text end

new text begin No waiver of privilege or confidentiality. new text end

new text begin No waiver of any applicable privilege
or claim of confidentiality in the documents, materials, or information shall occur as a result
of disclosure to the commissioner under this section or as a result of sharing as authorized
in subdivision 3.
new text end

new text begin Subd. 5. new text end

new text begin Certain actions public. new text end

new text begin Nothing in sections 60A.985 to 60A.9857 shall prohibit
the commissioner from releasing final, adjudicated actions that are open to public inspection
pursuant to chapter 13 to a database or other clearinghouse service maintained by the National
Association of Insurance Commissioners, its affiliates, or subsidiaries.
new text end

new text begin Subd. 6. new text end

new text begin Classification, protection, and use of information by others. new text end

new text begin Documents,
materials, or other information in the possession or control of the National Association of
Insurance Commissioners or a third-party consultant pursuant to sections 60A.985 to
60A.9857 are classified as confidential, protected nonpublic, and privileged; are not subject
to subpoena; and are not subject to discovery or admissible in evidence in a private civil
action.
new text end

Sec. 11.

new text begin [60A.9856] EXCEPTIONS.
new text end

new text begin Subdivision 1. new text end

new text begin Generally. new text end

new text begin The following exceptions shall apply to sections 60A.985 to
60A.9857:
new text end

new text begin (1) a licensee with fewer than 25 employees is exempt from sections 60A.9851 and
60A.9852;
new text end

new text begin (2) a licensee subject to and in compliance with the Health Insurance Portability and
Accountability Act, Public Law 104-191, 110 Stat. 1936 (HIPAA), is considered to comply
with sections 60A.9851, 60A.9852, and 60A.9853, subdivisions 3 to 6, provided the licensee
submits a written statement certifying its compliance with HIPAA;
new text end

new text begin (3) a licensee affiliated with a depository institution that maintains an information security
program in compliance with the interagency guidelines establishing standards for
safeguarding customer information as set forth pursuant to United States Code, title 15,
sections 6801 and 6805, shall be considered to meet the requirements of section 60A.9851
provided that the licensee produce, upon request, documentation satisfactory to the
commission that independently validates the affiliated depository institution's adoption of
an information security program that satisfies the interagency guidelines;
new text end

new text begin (4) an employee, agent, representative, or designee of a licensee, who is also a licensee,
is exempt from sections 60A.9851 and 60A.9852 and need not develop its own information
security program to the extent that the employee, agent, representative, or designee is covered
by the information security program of the other licensee; and
new text end

new text begin (5) an employee, agent, representative, or designee of a producer licensee, as defined
under section 60K.31, subdivision 6, who is also a licensee, is exempt from sections 60A.985
to 60A.9857.
new text end

new text begin Subd. 2. new text end

new text begin Deemer. new text end

new text begin A licensee that is in compliance with another jurisdiction's mandated
written insurance data security requirements that are at least as restrictive as this chapter
will be considered to meet the requirements of this act with respect to establishing an
information security program.
new text end

Sec. 12.

new text begin [60A.9857] PENALTIES.
new text end

new text begin In the case of a violation of sections 60A.985 to 60A.9856, a licensee may be penalized
in accordance with section 60A.052.
new text end

Sec. 13.

Minnesota Statutes 2020, section 61A.245, subdivision 4, is amended to read:


Subd. 4.

Minimum values.

The minimum values as specified in subdivisions 5, 6, 7, 8
and 10 of any paid-up annuity, cash surrender or death benefits available under an annuity
contract shall be based upon minimum nonforfeiture amounts as defined in this subdivision.

(a) The minimum nonforfeiture amount at any time at or prior to the commencement of
any annuity payments shall be equal to an accumulation up to that time at rates of interest
as indicated in paragraph (b) of the net considerations, as defined in this subdivision, paid
prior to that time, decreased by the sum of clauses (1) through (4):

(1) any prior withdrawals from or partial surrenders of the contract accumulated at rates
of interest as indicated in paragraph (b);

(2) an annual contract charge of $50, accumulated at rates of interest as indicated in
paragraph (b);

(3) any premium tax paid by the company for the contract and not subsequently credited
back to the company, such as upon early termination of the contract, in which case this
decrease must not be taken, accumulated at rates of interest as indicated in paragraph (b);
and

(4) the amount of any indebtedness to the company on the contract, including interest
due and accrued.

The net considerations for a given contract year used to define the minimum nonforfeiture
amount shall be an amount equal to 87.5 percent of the gross considerations credited to the
contract during that contract year.

(b) The interest rate used in determining minimum nonforfeiture amounts must be an
annual rate of interest determined as the lesser of three percent per annum and the following,
which must be specified in the contract if the interest rate will be reset:

(1) the five-year constant maturity treasury rate reported by the Federal Reserve as of a
date, or average over a period, rounded to the nearest 1/20 of one percent, specified in the
contract no longer than 15 months prior to the contract issue date or redetermination date
under clause (4);

(2) reduced by 125 basis points;

(3) where the resulting interest rate is not less than deleted text beginonedeleted text endnew text begin 0.15new text end percent; and

(4) the interest rate shall apply for an initial period and may be redetermined for additional
periods. The redetermination date, basis, and period, if any, shall be stated in the contract.
The basis is the date or average over a specified period that produces the value of the
five-year constant maturity treasury rate to be used at each redetermination date.

(c) During the period or term that a contract provides substantive participation in an
equity indexed benefit, it may increase the reduction described in clause (2) by up to an
additional 100 basis points to reflect the value of the equity index benefit. The present value
at the contract issue date, and at each redetermination date thereafter, of the additional
reduction must not exceed the market value of the benefit. The commissioner may require
a demonstration that the present value of the additional reduction does not exceed the market
value of the benefit. Lacking such a demonstration that is acceptable to the commissioner,
the commissioner may disallow or limit the additional reduction.

new text begin EFFECTIVE DATE. new text end

new text begin This section is effective the day following final enactment.
new text end

Sec. 14.

Minnesota Statutes 2020, section 79.55, subdivision 10, is amended to read:


Subd. 10.

Duties of commissionernew text begin; reportnew text end.

deleted text begin The commissioner shall issue a report by
March 1 of each year, comparing the average rates charged by workers' compensation
insurers in the state to the pure premium base rates filed by the association, as reviewed by
the Rate Oversight Commission. The Rate Oversight Commission shall review the
commissioner's report and if the experience indicates that rates have not reasonably reflected
changes in pure premiums, the rate oversight commission shall recommend to the legislature
appropriate legislative changes to this chapter.
deleted text end

new text begin (a) By March 1 of each year, the commissioner must issue a report that evaluates the
competitiveness of the workers' compensation market in Minnesota, in order to evaluate
whether the competitive rating law is working.
new text end

new text begin (b) The report under this subdivision must (1) compare the average rates charged by
workers' compensation insurers in Minnesota with the pure premium base rates filed by the
association, and (2) provide market information, including but not limited to the number of
carriers, market shares, the loss-cost multipliers used by companies, and the residual market
and self-insurance.
new text end

new text begin (c) The commissioner must provide the report to the Rate Oversight Commission for
review. If after reviewing the report the Rate Oversight Commission concludes that concerns
exist regarding the competitiveness of the workers' compensation market in Minnesota, the
Rate Oversight Commission must recommend to the legislature appropriate modifications
to this chapter.
new text end

Sec. 15.

Minnesota Statutes 2020, section 79.61, subdivision 1, is amended to read:


Subdivision 1.

Required activity.

new text begin(a) new text endAny data service organization shall perform the
following activities:

(1) file statistical plans, including classification definitions, amendments to the plans,
and definitions, with the commissioner for approval, and assign each compensation risk
written by its members to its approved classification for reporting purposes;

(2) establish requirements for data reporting and monitoring methods to maintain a high
quality database;

(3) prepare and distribute a periodic report, in a form prescribed by the commissioner,
on ratemaking includingdeleted text begin,deleted text end but not limited to the following elements:

(i) deleted text begindevelopment factors and alternative derivationsdeleted text endnew text begin losses developed to their ultimate
level
new text end;

(ii) deleted text begintrend factors and alternative derivations and applicationsdeleted text endnew text begin trended lossesnew text end;

(iii)new text begin loss adjustment expenses;
new text end

new text begin (iv)new text end pure premium relativities for the approved classification system for which data are
reported, provided that the relativities for insureds engaged in similar occupations and
presenting substantially similar risks shall, if different, differ by at least ten percent; and

deleted text begin (iv)deleted text endnew text begin (v)new text end an evaluation of the effects of changes in law on loss datadeleted text begin.deleted text endnew text begin;
new text end

deleted text begin The report shall also include explicit discussion and explanation of methodology,
alternatives examined, assumptions adopted, and areas of judgment and reasoning supporting
judgments entered into, and the effect of various combinations of these elements on
indications for modification of an overall pure premium rate level change. The pure premium
relativities and rate level indications shall not include a loading for expenses or profit and
no expense or profit data or recommendations relating to expense or profit shall be included
in the report or collected by a data service organization;
deleted text end

(4) collect, compile, summarize, and distribute data from members or other sources
pursuant to a statistical plan approved by the commissioner;

(5) prepare merit rating plan and calculate any variable factors necessary for utilization
of the plan. Such a plan may be used by any of its members, at the option of the member
provided that the application of a plan shall not result in rates that are unfairly discriminatory;

(6) provide loss data specific to an insured to the insured at a reasonable cost;

(7) distribute information to an insured or interested party that is filed with the
commissioner and is open to public inspection; and

(8) assess its members for operating expenses on a fair and equitable basis.

new text begin (b) The report under paragraph (a), clause (3), shall also include explicit discussion and
explanation of methodology, alternatives examined, assumptions adopted, and areas of
judgment and reasoning supporting judgments entered into, and the effect of various
combinations of these elements on indications for modification of an overall pure premium
rate level change. The pure premium relativities and rate level indications shall not include
a loading for expenses or profit and no expense or profit data or recommendations relating
to expense or profit shall be included in the report or collected by a data service organization.
For purposes of this subdivision, "expenses" means expenses other than loss adjustment
expenses.
new text end

Sec. 16.

Minnesota Statutes 2020, section 80G.06, subdivision 1, is amended to read:


Subdivision 1.

Surety bond requirement.

new text begin(a) new text endEvery dealer shall maintain a current,
valid surety bond issued by a surety company admitted to do business in Minnesota in an
amount based on the transactionsnew text begin conducted with Minnesota consumersnew text end (purchases from
and sales to consumers at retail) during the 12-month period prior to registration, or renewal,
whichever is applicable.

new text begin (b) new text endThe amount of the surety bond shall be as specified in the table below:

Transaction Amount in Preceding
12-month Period
Surety Bond Required
deleted text begin $25,000deleted text endnew text begin $0new text end to $200,000
$25,000
$200,000.01 to $500,000
$50,000
$500,000.01 to $1,000,000
$100,000
$1,000,000.01 to $2,000,000
$150,000
Over $2,000,000
$200,000

Sec. 17.

new text begin [80G.11] NOTIFICATION TO COMMISSIONER.
new text end

new text begin A dealer must notify the commissioner of any dealer representative termination within
ten days of the termination if the termination is based in whole or in part on a violation of
this chapter.
new text end

Sec. 18.

Minnesota Statutes 2020, section 82.57, subdivision 1, is amended to read:


Subdivision 1.

Amounts.

The following fees shall be paid to the commissioner:

(a) a fee of $150 for each initial individual broker's license, and a fee of $100 for each
renewal thereof;

(b) a fee of $70 for each initial salesperson's license, and a fee of $40 for each renewal
thereof;

(c) a fee of $85 for each initial real estate closing agent license, and a fee of $60 for each
renewal thereof;

(d) a fee of $150 for each initial corporate, limited liability company, or partnership
license, and a fee of $100 for each renewal thereof;

(e) a fee for payment to the education, research and recovery fund in accordance with
section 82.86;

(f) a fee of $20 for each transfer;

deleted text begin (g) a fee of $50 for license reinstatement;
deleted text end

deleted text begin (h)deleted text endnew text begin (g)new text end a fee of $20 for reactivating a corporate, limited liability company, or partnership
license; and

deleted text begin (i)deleted text endnew text begin (h)new text end in addition to the fees required under this subdivision, individual licensees under
clauses (a) and (b) shall pay, for each initial license and renewal, a technology surcharge
of up to $40 under section 45.24, unless the commissioner has adjusted the surcharge as
permitted under that section.

Sec. 19.

Minnesota Statutes 2020, section 82.57, subdivision 5, is amended to read:


Subd. 5.

Initial license expiration; fee reduction.

deleted text begin If an initial license issued under
subdivision 1, paragraph (a), (b), (c), or (d) expires less than 12 months after issuance, the
license fee shall be reduced by an amount equal to one-half the fee for a renewal of the
license.
deleted text end new text begin An new text end new text begin initial license issued under this chapter expires in the year that results in the
term of the license being at least 12 months, but no more than 24 months.
new text end

Sec. 20.

Minnesota Statutes 2020, section 82.62, subdivision 3, is amended to read:


Subd. 3.

Timely renewals.

A person deleted text beginwhose application for a license renewal has not
been timely submitted and
deleted text end who has not received notice of approval of renewal may not
continue to transact business either as a real estate broker, salesperson, or closing agent
after June 30 of the renewal year until approval of renewal is received. Application for
renewal of a license is timely submitted ifdeleted text begin:deleted text end new text beginall requirements for renewal, including continuing
education requirements, have been completed and reported pursuant to section 45.43,
subdivision 1.
new text end

deleted text begin (1) all requirements for renewal, including continuing education requirements, have
been completed by June 15 of the renewal year; and
deleted text end

deleted text begin (2) the application is submitted before the renewal deadline in the manner prescribed
by the commissioner, duly executed and sworn to, accompanied by fees prescribed by this
chapter, and containing any information the commissioner requires.
deleted text end

Sec. 21.

Minnesota Statutes 2020, section 82.81, subdivision 12, is amended to read:


Subd. 12.

Fraudulent, deceptive, and dishonest practices.

(a) Prohibitions. For the
purposes of section 82.82, subdivision 1, clause (b), the following acts and practices constitute
fraudulent, deceptive, or dishonest practices:

(1) act on behalf of more than one party to a transaction without the knowledge and
consent of all parties;

(2) act in the dual capacity of licensee and undisclosed principal in any transaction;

(3) receive funds while acting as principal which funds would constitute trust funds if
received by a licensee acting as an agent, unless the funds are placed in a trust account.
Funds need not be placed in a trust account if a written agreement signed by all parties to
the transaction specifies a different disposition of the funds, in accordance with section
82.82, subdivision 1;

(4) violate any state or federal law concerning discrimination intended to protect the
rights of purchasers or renters of real estate;

(5) make a material misstatement in an application for a license or in any information
furnished to the commissioner;

(6) procure or attempt to procure a real estate license for deleted text beginhimself or herselfdeleted text endnew text begin the procuring
individual
new text end or any person by fraud, misrepresentation, or deceit;

(7) represent membership in any real estate-related organization in which the licensee
is not a member;

(8) advertise in any manner that is misleading or inaccurate with respect to properties,
terms, values, policies, or services conducted by the licensee;

(9) make any material misrepresentation or permit or allow another to make any material
misrepresentation;

(10) make any false or misleading statements, or permit or allow another to make any
false or misleading statements, of a character likely to influence, persuade, or induce the
consummation of a transaction contemplated by this chapter;

(11) fail within a reasonable time to account for or remit any money coming into the
licensee's possession which belongs to another;

(12) commingle with deleted text beginhis or herdeleted text endnew text begin the individual'snew text end own money or property trust funds or
any other money or property of another held by the licensee;

(13) new text begina new text enddemand from a sellernew text begin fornew text end a commission deleted text begintodeleted text endnew text begin ornew text end compensationnew text begin tonew text end which the licensee
is not entitled, knowing that deleted text beginhe or shedeleted text endnew text begin the individualnew text end is not entitled to the commissionnew text begin ornew text end
compensation;

(14) pay or give money or goods of value to an unlicensed person for any assistance or
information relating to the procurement by a licensee of a listing of a property or of a
prospective buyer of a property (this item does not apply to money or goods paid or given
to the parties to the transaction);

(15) fail to maintain a trust account at all times, as provided by law;

(16) engage, with respect to the offer, sale, or rental of real estate, in an anticompetitive
activity;

(17) represent on advertisements, cards, signs, circulars, letterheads, or in any other
manner, that deleted text beginhe or shedeleted text endnew text begin the individualnew text end is engaged in the business of financial planning unless
deleted text begin he or shedeleted text endnew text begin the individualnew text end provides a disclosure document to the client. The document must
be signed by the client and a copy must be left with the client. The disclosure document
must contain the following:

(i) the basis of fees, commissions, or other compensation received by deleted text beginhim or herdeleted text endnew text begin an
individual
new text end in connection with rendering of financial planning services or financial counseling
or advice in the following language:

"My compensation may be based on the following:

(a) ... commissions generated from the products I sell you;

(b) ... fees; or

(c) ... a combination of (a) and (b). [Comments]";

(ii) the name and address of any company or firm that supplies the financial services or
products offered or sold by deleted text beginhim or herdeleted text endnew text begin an individualnew text end in the following language:

"I am authorized to offer or sell products and/or services issued by or through the
following firm(s):

[List]

The products will be traded, distributed, or placed through the clearing/trading firm(s)
of:

[List]";

(iii) the license(s) held by the person under this chapter or chapter 60A or 80A in the
following language:

"I am licensed in Minnesota as a(n):

(a) ... insurance agent;

(b) ... securities agent or broker/dealer;

(c) ... real estate broker or salesperson;

(d) ... investment adviser"; and

(iv) the specific identity of any financial products or services, by category, for example
mutual funds, stocks, or limited partnerships, the person is authorized to offer or sell in the
following language:

"The license(s) entitles me to offer and sell the following products and/or services:

(a) ... securities, specifically the following: [List];

(b) ... real property;

(c) ... insurance; and

(d) ... other: [List]."

(b) Determining violation. A licensee shall be deemed to have violated this section if
the licensee has been found to have violated sections 325D.49 to 325D.66, by a final decision
or order of a court of competent jurisdiction.

(c) Commissioner's authority. Nothing in this section limits the authority of the
commissioner to take actions against a licensee for fraudulent, deceptive, or dishonest
practices not specifically described in this section.

Sec. 22.

Minnesota Statutes 2020, section 82B.021, subdivision 18, is amended to read:


Subd. 18.

Licensed real property appraiser.

"Licensed real property appraiser" means
an individual licensed under this chapter to perform appraisals on noncomplex one-family
to four-family residential units or agricultural property having a transactional value of less
than $1,000,000 and complex one-family to four-family residential units or agricultural
property having a transactional value of less than deleted text begin$250,000deleted text endnew text begin $400,000new text end.

Sec. 23.

Minnesota Statutes 2020, section 82B.11, subdivision 3, is amended to read:


Subd. 3.

Licensed residential real property appraiser.

A licensed residential real
property appraiser may appraise noncomplex residential property or agricultural property
having a transaction value less than $1,000,000 and complex residential or agricultural
property having a transaction value less than deleted text begin$250,000deleted text endnew text begin $400,000new text end.

Sec. 24.

Minnesota Statutes 2020, section 332.33, subdivision 3, is amended to read:


Subd. 3.

Termnew text begin and feesnew text end.

Licenses issued or renewed and registrations received by the
commissioner of commerce under sections 332.31 to 332.44 shall expire on June 30. Each
collection agency license shall plainly state the name and business address of the licensee,
and shall be posted in a conspicuous place in the office where the business is transacted.
The fee for each collection agency license is $500, and renewal is $400. The fee for each
collector registration and renewal is $10new text begin, which entitles the individual collector to work at
a licensee's business location or in another location as provided under subdivision 5b. An
additional branch license is not required for a location used under subdivision 5b
new text end. A collection
agency licensee who desires to carry on business in more than one place shall procure a
license for each place where the business is to be conducted.

Sec. 25.

Minnesota Statutes 2020, section 332.33, is amended by adding a subdivision to
read:


new text begin Subd. 5b. new text end

new text begin Work from home. new text end

new text begin An employee of a licensed collection agency may work
from a location other than the licensee's business location if the licensee and employee
comply with all requirements under this section that would apply if the employee were
working at the business location.
new text end

Sec. 26.

new text begin [332.61] INFORMATIVE DISCLOSURE.
new text end

new text begin A lead generator must prominently make the following disclosure on all print, electronic,
and nonprint solicitations, including advertising on websites, radio, or television: "This
company does not actually provide any of the credit services you are seeking. We ONLY
refer you to companies that want to provide some or all of those services."
new text end

Sec. 27.

Minnesota Statutes 2020, section 386.375, subdivision 3, is amended to read:


Subd. 3.

Consumer education information.

(a) A person other than the mortgagor or
fee owner who transfers or offers to transfer an abstract of title shall present to the mortgagor
or fee owner basic information in plain English about abstracts of title. This information
must be sent in a form prepared and approved by the commissioner of commerce and must
contain at least the following items:

(1) a definition and description of abstracts of title;

(2) an explanation that holders of abstracts of title must maintain it with reasonable care;

(3) an approximate cost or range of costs to replace a lost or damaged abstract of title;new text begin
and
new text end

deleted text begin (4) an explanation that abstracts of title may be required to sell, finance, or refinance
real estate; and
deleted text end

deleted text begin (5)deleted text endnew text begin (4)new text end an explanation of options for storage of abstracts.

(b) The commissioner shall prepare the form for use under this subdivision as soon as
possible. This subdivision does not apply until 60 days after the form is approved by the
commissioner.

(c) A person violating this subdivision is subject to a penalty of $200 for each violation.

Sec. 28. new text beginEXCLUSIVITY.
new text end

new text begin Notwithstanding any other provision of law, this act establishes the exclusive state
standards applicable to licensees for data security, the investigation of a cybersecurity event,
and notification of a cybersecurity event.
new text end

Sec. 29. new text beginEXPEDITED RULEMAKING AUTHORIZED.
new text end

new text begin The commissioner shall amend Minnesota Rules, parts 2705.1000, item B, subitem (4);
2705.0200, subpart 7; 2705.1700, subpart 2; and 2705.1800, item B, or other parts of
Minnesota Rules, chapter 2705, as necessary to permit a data service organization to collect
loss adjustment expense data and to consider and include in its ratemaking report losses
developed to their ultimate value, trended losses, and loss adjustment expenses. The
commissioner may use the expedited rulemaking procedures under Minnesota Statutes,
section 14.389.
new text end

Sec. 30. new text beginREPEALER.
new text end

new text begin (a) new text end new text begin Minnesota Statutes 2020, sections 60A.98; 60A.981; and 60A.982, new text end new text begin are repealed.
new text end

new text begin (b) new text end new text begin Minnesota Statutes 2020, section 45.017, new text end new text begin is repealed.
new text end

Sec. 31. new text beginEFFECTIVE DATE.
new text end

new text begin (a) Sections 1 to 3 are effective January 1, 2022, and apply to reinsurance contracts
entered into or renewed on or after that date.
new text end

new text begin (b) Sections 5 to 12, 28, and 30, paragraph (a), are effective August 1, 2021. Licensees
have one year from the effective date to implement Minnesota Statutes, section 60A.9851,
subdivisions 1 to 5 and 7 to 9, and two years from the effective date of this act to implement
Minnesota Statutes, section 60A.9851, subdivision 6.
new text end

APPENDIX

Repealed Minnesota Statutes: S1846-2

45.017 MEDICAL MALPRACTICE INSURANCE REPORT.

(a) The commissioner of commerce shall provide to the legislature annually a brief written report on the status of the market for medical malpractice insurance in Minnesota. The report must summarize, interpret, explain, and analyze information on that subject available to the commissioner, through annual statements filed by insurance companies, information obtained under paragraph (c), and other sources.

(b) The annual report must consider, to the extent possible, using definitions developed by the commissioner, Minnesota-specific data on market shares; premiums received; amounts paid to settle claims that were not litigated, claims that were settled after litigation began, and claims that were litigated to court judgment; amounts spent on processing, investigation, litigation, and otherwise handling claims; other sales and administrative costs; and the loss ratios of the insurers.

(c) Each insurance company that provides medical malpractice insurance in this state shall, no later than June 1 each year, file with the commissioner of commerce, on a form prescribed by the commissioner and using definitions developed by the commissioner, the Minnesota-specific data referenced in paragraph (b), other than market share, for the previous calendar year for that insurance company, shown separately for various categories of coverages including, if possible, hospitals, medical clinics, nursing homes, physicians who provide emergency medical care, obstetrician gynecologists, and ambulance services. An insurance company need not comply with this paragraph if its direct premium written in the state for the previous calendar year is less than $2,000,000.

60A.98 DEFINITIONS.

Subdivision 1.

Scope.

For purposes of sections 60A.98 and 60A.981, the terms defined in this section have the meanings given them.

Subd. 2.

Customer.

"Customer" means a consumer who has a continuing relationship with a licensee under which the licensee provides one or more insurance products or services to the consumer that are to be used primarily for personal, family, or household purposes.

Subd. 3.

Customer information.

"Customer information" means nonpublic personal information about a customer, whether in paper, electronic, or other form, that is maintained by or on behalf of the licensee.

Subd. 4.

Customer information systems.

"Customer information systems" means the electronic or physical methods used to access, collect, store, use, transmit, protect, or dispose of customer information.

Subd. 5.

Licensee.

"Licensee" means all licensed insurers, producers, and other persons licensed or required to be licensed, authorized or required to be authorized, or registered or required to be registered pursuant to the insurance laws of this state, except that "licensee" does not include a purchasing group or an ineligible insurer in regard to the surplus line insurance conducted pursuant to sections 60A.195 to 60A.209. "Licensee" does not include producers until January 1, 2007.

Subd. 6.

Nonpublic financial information.

"Nonpublic financial information" means:

(1) personally identifiable financial information; and

(2) any list, description, or other grouping of consumers, and publicly available information pertaining to them, that is derived using any personally identifiable financial information that is not publicly available.

Subd. 7.

Nonpublic personal health information.

"Nonpublic personal health information" means health information:

(1) that identifies an individual who is the subject of the information; or

(2) with respect to which there is a reasonable basis to believe that the information could be used to identify an individual.

Subd. 8.

Nonpublic personal information.

"Nonpublic personal information" means nonpublic financial information and nonpublic personal health information.

Subd. 9.

Personally identifiable financial information.

"Personally identifiable financial information" means any information:

(1) a consumer provides to a licensee to obtain an insurance product or service from the licensee;

(2) about a consumer resulting from a transaction involving an insurance product or service between a licensee and a consumer; or

(3) the licensee otherwise obtains about a consumer in connection with providing an insurance product or service to that consumer.

Subd. 10.

Service provider.

"Service provider" means a person that maintains, processes, or otherwise is permitted access to customer information through its provision of services directly to the licensee.

60A.981 INFORMATION SECURITY PROGRAM.

Subdivision 1.

General requirements.

Each licensee shall implement a comprehensive written information security program that includes administrative, technical, and physical safeguards for the protection of customer information. The administrative, technical, and physical safeguards included in the information security program must be appropriate to the size and complexity of the licensee and the nature and scope of its activities.

Subd. 2.

Objectives.

A licensee's information security program must be designed to:

(1) ensure the security and confidentiality of customer information;

(2) protect against any anticipated threats or hazards to the security or integrity of the information; and

(3) protect against unauthorized access to or use of the information that could result in substantial harm or inconvenience to any customer.

Subd. 3.

Examples of methods of development and implementation.

The following actions and procedures are examples of methods of implementation of the requirements of subdivisions 1 and 2. These examples are nonexclusive illustrations of actions and procedures that licensees may follow to implement subdivisions 1 and 2:

(1) the licensee:

(i) identifies reasonably foreseeable internal or external threats that could result in unauthorized disclosure, misuse, alteration, or destruction of customer information or customer information systems;

(ii) assesses the likelihood and potential damage of these threats, taking into consideration the sensitivity of customer information; and

(iii) assesses the sufficiency of policies, procedures, customer information systems, and other safeguards in place to control risks;

(2) the licensee:

(i) designs its information security program to control the identified risks, commensurate with the sensitivity of the information, as well as the complexity and scope of the licensee's activities;

(ii) trains staff, as appropriate, to implement the licensee's information security program; and

(iii) regularly tests or otherwise regularly monitors the key controls, systems, and procedures of the information security program. The frequency and nature of these tests or other monitoring practices are determined by the licensee's risk assessment;

(3) the licensee:

(i) exercises appropriate due diligence in selecting its service providers; and

(ii) requires its service providers to implement appropriate measures designed to meet the objectives of this regulation, and, where indicated by the licensee's risk assessment, takes appropriate steps to confirm that its service providers have satisfied these obligations; and

(4) the licensee monitors, evaluates, and adjusts, as appropriate, the information security program in light of any relevant changes in technology, the sensitivity of its customer information, internal or external threats to information, and the licensee's own changing business arrangements, such as mergers and acquisitions, alliances and joint ventures, outsourcing arrangements, and changes to customer information systems.

60A.982 UNFAIR TRADE PRACTICES.

A violation of sections 60A.98 and 60A.981 is considered to be a violation of sections 72A.17 to 72A.32.