Skip to Content

Translate | Disclaimer

Enterprise Risk Management

Pursuant to Insurance Law sections 1503(b), 1604(b), and 1717(b), a holding company that directly or indirectly controls an insurer and a domestic insurer with subsidiaries (including a domestic corporation subject to Insurance Law Article 43) must adopt a formal enterprise risk management (“ERM”) function and file an enterprise risk report by April 30 of each year.

Regulation 203 (11 NYCRR 82) sets forth ERM function objectives and the information that must be discussed in an enterprise risk report.  Regulation 203 also requires domestic insurers that have annual direct written premium and unaffiliated assumed premium, including international direct and assumed premium, but excluding premiums reinsured with the Federal Crop Insurance Corporation and Federal Flood Program, of $500 million or more and that are not part of an Insurance Law Article 15, 16, or 17 system to adopt an ERM function and file an enterprise risk report by April 30 of each year.

Holding companies and insurers must submit their enterprise risk reports electronically through the Department’s portal application used for submitting holding company and parent corporation filings (even if not part of an Article 15, 16, or 17 system).  Instructions on creating a portal account are available here.

The Department does not require an enterprise risk report to follow a certain format.  However, a holding company or an insurer must address in its report all of the items listed in section 82.2(b) of Regulation 203.  To facilitate the Department’s review, a holding company or an insurer is encouraged to include a table of contents that provides an overview of the materials submitted; notations should be made, as needed, to indicate where in its filing each item in section 82.2(b) is addressed.

Report submissions should be explanatory in nature.  Commentary should be provided, as needed, to describe content and its relevance to ERM.  Finally, a holding company or an insurer should define any acronyms used and consider including in its report a glossary of these acronyms.

A holding company or an insurer is requested to provide the following, as applicable, in a cover page:

  • Name of filing entity
  • NAIC Company Name(s)
  • NAIC CoCode(s)
  • NAIC Group Code ID
  • Report date
  • Contact person’s name, e-mail address and phone number

Note:  A holding company or an insurer must submit its report as a searchable document, such as an Adobe pdf file, provided, however, that it need not submit the signature page as a searchable Adobe pdf file.

Please direct all questions regarding an enterprise risk report to the appropriate person below.

Bureau/Division Name and Title of Representative E-mail Address


David Hee, Supervising Insurance Examiner


Michael Sheiowitz, Assistant Chief


Christine Gralton, Assistant Chief

Capital Markets

Caryn Bailey, Supervising Risk Management Specialist

Updated 07/28/2014

About DFS

Contact DFS

Reports & Publications


Connect With DFS

DFS Facebook page

Follow NYDFS on Twitter

AccessibilityContact UsDisclaimerPrivacy PolicySite MapPDF Reader Software