By Paul Tetrault, State and Policy Affairs Counsel for the National Association of Mutual Insurance Companies.

The rise in government regulation, civil and criminal enforcement, and private litigation aimed at business enterprises that began in the latter part of the twentieth century has only intensified in the first fourteen years of the twenty-first century.1 The gravity of these non-market risks, combined with the realization that a firm’s conscientious effort to fulfill its regulatory obligations can have reputation-enhancing effects,2 provide a strong incentive for businesses to aggressively evaluate their own legal and regulatory compliance.  While self-evaluation is unquestionably in the public interest, businesses’ enthusiasm for conducting such audits is tempered by a powerful disincentive: the possibility that plaintiffs’ lawyers, consumer “advocates,” and other potential adversaries could seek and gain access to the results of internal assessments, which could then be deployed in ways that would be detrimental to the firms that perform them.

Insurance, one of the most heavily regulated industries in America, has an especially strong need for self-evaluation.  The industry’s consumers derive significant benefit from tools that allow companies to ensure compliance with laws designed to protect their interests.  For these reasons, a movement began in the 1990s encouraging state legislatures to adopt a formal self-evaluative (or self-audit) privilege for insurers’ internal compliance activities.

That effort has slowly borne fruit over the past couple of decades, with Illinois adopting the privilege in 1997 and Arizona becoming the most recent state to pass such a law in 2014.  Seven other states and the District of Columbia adopted privilege laws after Illinois and before Arizona.3But for a policy measure whose time seems to have come4 and that offers such commonsense benefits, an insurer self-evaluative privilege is law in less than 20% of the states.  This Legal Backgrounder describes the case for a self-evaluative privilege, discusses the ideas and well-organized initiative supporting its adoption, and argues that passage of Arizona’s law should provide the momentum needed for the idea to proliferate nationwide.

The Case for an Insurance Self-Evaluative Privilege.  As noted above, insurers are subject not only to the many general consumer protection laws and regulations applicable to all businesses, but also to scores of highly specialized ones tailored to insurance practices.  Such laws routinely vary state by state, magnifying the compliance complexity and risk.  Marketing, underwriting, and claims-payment processes, for instance, are all governed by countless state requirements and limitations.

State insurance regulators expect insurers to police themselves, and insurers understand that they have duties to policyholders, shareholders, and the insuring public at large to evaluate whether they are in compliance with these countless laws and regulations, and to make prompt corrections in cases of noncompliance.

The lack of a privilege protecting the fruits of internal audits, however, chills insurers’ willingness to turn the microscope on themselves.  Plaintiffs’ lawyers engaged in class-action litigation against insurers seek such documents through the discovery process, aware that they may provide a roadmap to a multi-million dollar verdict or (more likely) a lucrative settlement.  If internal audit documents are shared with insurance regulators, then enterprising lawyers or other self-interested antagonists will seek their production through freedom-of-information laws.

“The self-evaluative privilege,” one legal academic has written, “although controversial and not widely recognized, strikes the perfect balance between protecting the confidentiality of sensitive corporate information and promoting the public interest in full and fair disclosure of the information required for effective government oversight.”5 And specifically for insurers, one of the earliest states to adopt the privilege detailed its reasoning in the following legislative finding:

The Legislature finds and declares that it is in the public interest for insurance carriers in this State to conduct voluntary internal reviews and audits of their operations, practices and procedures for the purpose of discovering and correcting any operations, practices or procedures which do not comply with applicable law or regulation or which do not comply with recognized industry standards or with the insurance carrier’s own standards and for the purpose of preventing continuing and more serious violations. However, if studies and reports beyond those legally required are available to third parties other than regulators and potentially can result in the insurance carrier’s liability to such third parties, the insurance carrier may be discouraged from making these additional efforts and from sharing these results with regulators. A legal structure that promotes self-policing programs can achieve improved compliance effectively at less cost to the State and to the insurance carriers. Voluntary compliance review, when properly conducted and implemented, results not only in improved compliance with law, but in the adoption of procedures and policies by the insurance carriers that exceed minimum legal requirements, and that save money by benefiting customers, lowering costs and reducing potential liabilities.6

As a common-law concept, the notion of a self-evaluative privilege, not for insurers but rather for medical professionals, can be traced to a 1970 court decision involving the minutes of a medical peer-review meeting.7  Some courts subsequently recognized a privilege in the areas of employment practices, products liability, and environmental practices, among others.8 However, its adoption as a common-law privilege has not been widespread or uniform,9 and thus does not provide reliable protection for businesses conducting internal audits.

The NCOIL Model.  Because the common law did not provide adequate protection, “[h]istorically, if an insurer provided information to a regulator, it waived any protection against subsequently being forced to disclose that information in litigation.”10In 1998, some state legislators stepped into the breach with ideas for a legislative solution.  The National Conference of Insurance Legislators (NCOIL), a national organization of state legislators with a particular interest in insurance, developed the Insurance Compliance Self-Evaluative Privilege Model Act.

The model act provides that, subject to exceptions, “an insurance compliance self-evaluative audit document is privileged information and is not discoverable, or admissible as evidence in any legal action in any civil, criminal, or administrative proceeding.”

“Insurance compliance audit” is defined in the model act as “a voluntary, internal evaluation, review, assessment, audit, or investigation for the purpose of identifying or preventing noncompliance with, or promoting compliance with laws, regulations, orders, or industry or professional standards,” conducted by or on behalf of a licensed insurer.

The model legislation provides protections for persons or entities involved in an insurance compliance audit from being compelled to testify in any proceeding regarding the audit or audit documents.  And it provides that the insurer does not waive the privilege if it submits the audit documents to an insurance commissioner.  Privilege protection is conditioned on the insurer’s prompt correction of the noncompliance identified by the internal audit.

Illinois became the first state to adopt an insurance self-evaluative privilege, and it did so the year before NCOIL approved its model.11 Since the model’s adoption, eight additional states and the District of Columbia have enacted some version of the privilege, with all of the laws being based to some degree on the NCOIL model.  New Jersey and North Dakota enacted laws in 1999, Michigan and Oregon did so in 2001, the District of Columbia in 2003, Kansas and Texas in 2005, Hawaii in 2007, Oklahoma in 2012 and, as noted, Arizona in 2014.12

NAIC Activity.  In addition to NCOIL, the National Association of Insurance Commissioners (NAIC) is another organization that plays a leading role in formulating insurance policy, often including the development of model laws that are implemented in the states.  In March 2000, the NAIC adopted a white paper addressing the privilege in the context of the confidentiality of insurer information.13  The paper recognized that “the self-critical analysis privilege, where recognized, will become more important to the insurance industry in the future because insurers are now generating more confidential internal self-evaluative communications or reports.”

The paper did not, however, issue a general recommendation that states legislatively enact a privilege.  It noted insurance regulators’ concern that, without “well-defined terms and conditions,” the privilege could be invoked excessively.  The paper did, however, recommend that regulators “generally support the insurance industry’s increased use of self-audits as one helpful way to promote compliance” and indicated that the privilege “can be crafted so that it protects such analysis against third-party access while continuing to allow for regulatory access.”  Two years after NAIC released its white paper, a Self-Critical Analysis Working Group considered draft language for legislation, but never approved an official NAIC model.14]

Toward Nationwide Adoption.  Supporters of an insurance self-evaluative privilege are hoping to build off of their 2014 success in Arizona during 2015.  Insurers and their policyholders are enjoying the benefits of increased compliance and more effectively managed regulatory and liability risks in the District of Columbia and the nine states with statutory privileges.  But in the other 41 states, insurers’ efforts to self-police are chilled by the lack of a privilege, and those that perform internal audits run the risk of being sued or fined for their proactive measures to become better corporate actors, with the attendant costs passed on to policyholders.  Will insurers that operate in all fifty states perform across-the-board self-audits if the results are privileged in only nine of them?  Not doing so compromises the performance and consumer benefits that self-evaluation offers.

The lack of success of insurer self-evaluative privilege legislation in 41 states is not due to lack of ongoing support by insurance-interested state legislators.  NCOIL has a process under which model laws are re-evaluated periodically.  After the model law’s initial adoption in 1998 it was reconsidered, albeit in a presumably less intensive manner than initial deliberations, and readopted in 2001, 2004, 2006, and most recently in 2012.  Additionally, no state that has established the privilege has seen fit to subsequently abolish it.

It may be, then, simply a matter of inertia and competing priorities in state legislatures.  For example, in any given year, insurance industry representatives and their allies in the statehouses may have many legislative proposals they want to promote as well as those they would oppose.  An insurer self-evaluative privilege may appear on a list of legislative priorities but perhaps not at the top.  On the other hand, enacting the self-evaluative privilege may be simply unlikely in certain jurisdictions for a variety of political reasons such as opposition from the trial bar or skepticism from that state’s insurance regulators.  Legislative change in general can be a notoriously slow process, requiring years of momentum-building work.  Consider, for instance, that legislators first introduced NCOIL’s model in the Arizona legislature in 1999, but that body did not adopt the self-evaluative privilege until last year.15

Insurers have been working for similarly long periods in many other states to advance a privilege for their internal audits.  The scope of the privilege and its benefits have been clearly elucidated.  It is limited and narrowly tailored to achieve a public interest goal: compliance with consumer protection laws.  Insurers that fail to correct the noncompliance they discover will lose the privilege’s benefits, and it does not shield businesses’ fraudulent or criminal activity.  Perhaps on the momentum provided by the privilege’s passage in Arizona, 2015 will prove to be the year for broader adoption.

Paul Tetrault is State and Policy Affairs Counsel for the National Association of Mutual Insurance Companies.


  1. See, for example, Unprincipled Prosecution: Abuse of Power and Profiteering in the New “Litigation Swarm,” Oct. 2014, available at This report by the U.S. Chamber of Commerce describes an “explosion” of activity in the past 10 years in which “a company (or an entire industry) is targeted by up to fifty state attorneys general, multiple state regulators, and one or more federal agencies, all acting in concert with private class action lawyers.” available at
  2. See, for example, Myra C. Selby, Lu Carole West, Why Strong Internal Compliance Programs Are Good Business, September, 2013, Ice Miller E-Newsletter, available at, observing: “Many customers seek out and want to do business with vendors and suppliers who share their values and compliance culture. Having a strong compliance program can be a valuable sales asset and help establish lasting and trusted business relationships.”
  3. Hawaii; Kansas; Michigan; New Jersey; North Dakota; Oregon; Texas; and Washington, D.C.
  4. Kurtis B. Reeg and Matthew A. Temper, The Self-Critical Analysis Privilege: It is Time for Formal Adoption, Federation of Defense & Corporate Counsel Quarterly, Fall, 2011.
  5. Theodore R. Lotchin, No Good Deed Goes Unpunished? Establishing a Self-Evaluative Privilege for Corporate Internal Investigations, 46 Wm. & Mary L. Rev. 1137, 1142 (2004).
  6. N.J. Stat. § 17:23C-1.
  7. Bredice v. Doctors Hosp., Inc., 50 F.R.D. 249, 250-51 (D.D.C. 1970).
  8. Lotchin, supra note 3 at 1161.
  9. Daniel D. Santos, The Self-Evaluative Privilege: An Alternative for Protecting Sensitive Internal Documents, Saul Ewing LLP Insurance Practice Group, Aug. 2010, available at
  10. Id., citing Bank of America, N.A. v. Terra Nova Insurance Company, 212 F.R.D. 166 (S.D.N.Y. 2002).
  11. 215 ILCS 5/155.35.
  12. N.J. Stat. § 17:23C-1; N.D. Cent. Code § 26.1-51; Mich. Comp. Laws § 500.221; Or. Rev. Stat. § 731.760 D.C. Code § 31-851; Kan. Stat. § 60-3351; Tex. Ins. Code § 751.251; Haw. Rev. Stat. § 431:2D-107; Okla. Stat. § 6830; Ariz. Rev. Stat. §§ 20-3301-3302.
  13. Regulatory Access to Insurer Information: the Issues of Confidentiality and Privilege, Mar. 2000, available at  The paper was drafted by the NAIC’s Special Insurance Issues (G) Committee.
  14. See Insurers Support NAIC’s Draft on Self-Audit Privilege, Insurance Journal, February 20, 2002, at, and NAMIC Urges State Legislators to Introduce Insurance Compliance Self-Evaluative Privilege Model Act, Insurance Journal, July 12, 2001, at
  15. SB 1106, 44th Leg., 1st Reg. Sess., (Ariz. 1999), available at; see also See Stephen Bressler, Gregory Harris, and Neel Kothari, Arizona Enacts Limited Privilege for Insurance Self-Audits, Lewis Roca Rothgerber E-Alert, Aug. 27, 2014, available at