Regulation Acceleration

Deloitte Report Hits Key Areas of Concentration For Insurers

With the 2018 mid-term elections over, the Democratic Party leadership has indicated that the House Financial Services Committee will broadly focus its legislative agenda toward protecting consumers and investors, preserving financial sector stability, and encouraging responsible innovation in financial technology. Meanwhile, we expect that the Republican-controlled Senate will continue to focus its legislative agenda on remaining refinements not already addressed in the Economic Growth, Regulatory Relief, and Consumer Protection Act (EGRRCPA) passed in 2018.  Beyond the divided Congress, we note that the regulatory agencies are now all led by President Trump appointees who have discretion, subject to Congressional oversight, to calibrate their supervisory policies and programs.

Regardless of what definitive changes lawmakers and regulators might make, such as the Financial Stability and Oversight Council’s recent de-designation of individual insurers as Systemically Important Financial Institutions, insurance organizations should continue to drive effectiveness and efficiencies across their risk and compliance programs so they can meet applicable laws, regulations, and supervisory expectations.

Cybersecurity and data privacy

Cybersecurity and privacy are critical issues receiving regulatory attention from every direction.

In an age when hacking and data breaches have become so commonplace that they are almost expected, cybersecurity continues to dominate both the headlines and the regulatory agenda. This includes reporting on the cost of cybercrime (and on the investments organizations are making to enhance their cyber risk management programs), as well as a heightened focus on cybersecurity regulation and compliance.

For insurers to remain competitive, they need the ability to acquire and manage vast quantities of data to provide more relevant coverage for consumers. While marketplace innovations such as wearable computers and Internet of Things provide the ability to collect such data, having access to large volumes of contextual data introduces its own risk, related to unintended processing, loss, and theft. The risk is compounded because of changes in business models, such as adoption of cloud-based storage and computing, use of large-scale process automation, and increased adoption of data processors, to name a few.

US policymakers are keeping pace by introducing unprecedented privacy and cybersecurity laws. Governments outside the US are also focusing on cloud and data residency requirements, limiting the movement of data across borders. A selection of key legislative and regulatory developments is presented below to provide insights into the nature of issues that lawmakers are asking organizations to address.

EU General Data Protection Regulation

This year saw the European Union (EU) General Data Protection Regulation (GDPR) take effect in May 2018. The GDPR regulates the processing by an individual, a company or an organization of personal data relating to individuals in the EU.

Among numerous protections offered by GDPR, consumers need to be informed if their data is moved outside the EU; have the right to be “forgotten”; and must be given a chance to contest the use of automated algorithms. Other rights include the right to object to the use of one’s data for marketing purposes, as well as the right to data portability (i.e., the ability to receive one’s data in a machine-readable format and send it elsewhere, perhaps to another insurer competing for that consumer’s business).

Insurers operating in the EU have numerous obligations under the GDPR—many of which are consistent with other data security regulations—including the obligation to appoint a data protection officer. Data transfers from the EU to the US are covered by the EU-US privacy shield framework.

California Consumer Privacy Act

In the United States, the State of California enacted the California Consumer Privacy Act of 2018 (CCPA), that greatly expands data subject rights and introduces provisions for civil class action lawsuits based on statutory or actual damages. The law takes effect in July 2020.

Although there may still be amendments before the law takes effect, for now it provides California citizens with some similar protections to the GDPR. These include the right to access personal information (and to know how a company uses that information), as well as the right to have information removed in some circumstances.

Among other rights, the CCPA “authorizes a consumer to opt out of the sale of personal information by a business and prohibits the business from discriminating against the consumer for exercising this right, including by charging the consumer who opts out a different price or providing the consumer a different quality of goods or services, except if the difference is reasonably related to value provided by the consumer’s data.”

Consumers have a right to private action in response to uncorrected CCPA violations, and the state Attorney General is also empowered to pursue civil penalties. There are certain exemptions that are granted within the law for data that are subject to Health Insurance Portability and Accountability Act (HIPAA) and Gramm-Leach-Bliley Act (GLBA).

New York Department of Financial Services cybersecurity regulation

For US insurers, the New York State Department of Financial Services (NYDFS) regulation was the first of its kind–and the first to directly affect a significant number of insurers. It took effect on March 1, 2017, with a phase-in period concluding on March 1, 2019. The regulation requires nearly 2,000 insurers registered with the state to establish and maintain a risk-based cybersecurity program and supporting capabilities.

The two-year phase-in was intended to provide insurers a glide path toward compliance. Companies subject to the regulation should by now have satisfied most of its requirements, which include: creation of a written cyber security policy; designation of a Chief Information Security Officer (CISO); periodic penetration testing and vulnerability assessment; data preservation that enables accurate reconstruction of all financial transactions; and necessary accounting to respond to a cybersecurity event for at least three years.

To achieve compliance, a company’s board of directors must be involved in the creation of standards and must receive regular reports on cybersecurity. In addition, companies are required to file a risk and safeguards assessment in their annual report to regulators.

The next and final phase of the NYDFS regulation—to be completed by March 1, 2019—is the requirement that financial services organizations establish cyber security controls and protocols for third-party risk management (TPRM). This includes requirements related to developing and implementing a TPRM program, maintaining a third-party inventory for service providers that access nonpublic information (NPI) or information systems, and performing due diligence and ongoing monitoring.

It is important to note that the NYDFS regulation expands the scope of covered third parties beyond typical vendors to include all third parties with access to NPI. Given this broad purview, programmatic essentials such as governance, reporting, and broader end-to-end life cycle management are key for the sustainable management of an effective TPRM program.

In the US, the National Association of Insurance Commissioner’s (NAIC) Insurance Data Security Model Law “requires insurers to implement an information security program and investigate and notify the state insurance commissioner of cybersecurity events.” The specified model bears many functional similarities to the New York regulation. As such, compliance with the New York regulation is considered sufficient to establish compliance with the NAIC model.

Third-Party Risk Management [Call out box by the NYDFS section]

TPRM may now be viewed as a basic regulatory expectation. Examples of leading industry practices for an effective TPRM program related to cybersecurity and data risk include:


Adequate reporting and governance, along with training to facilitate accountability and oversight


Streamlined processes for third-party management, including stakeholders from sourcing, legal, etc.


Appropriate third-party termination practices that address retention and destruction of records

In addition, a comprehensive TPRM program should address broader risk and control management practices, including service level agreement (SLA) performance; exit strategy; financial viability; resiliency; reputational review; and regulatory compliance.

Organizations today should consider investments in revisiting and validating their TPRM programs to formalize the program scope, enhance inventory processes, and optimize due diligence and assessment procedures—and to integrate contract management of their third-party landscape.

All of these components should be managed as part of a broader risk management and information governance effort that stretches beyond the CISO and IT. All data users—whether internal or external—are responsible for data security. However, it is the responsibility of the board and executive leadership to provide the required resources, authority, and accountability to ensure adequate data security across the enterprise. Also, it is critical for the board to lead by example, providing the necessary tone-at-the-top to convey the importance of properly managing this prime operational risk.

NAIC Big Data Working Group

Even as the privacy debate pushes other data-related issues from the headlines, regulators in the US continue their work. The NAIC created the Big Data Working Group to, among other things, “review current regulatory frameworks used to oversee insurers’ use of consumer and non-insurance data” and “assess data needs and required tools for state insurance regulators to appropriately monitor the marketplace and evaluate underwriting, rating, claims and marketing practices.”

Big data concerns cited by the NAIC include the following:


Complexity and volume of data, which may present hurdles for smaller insurers

Insurance regulatory resources for reviewing complex rate filings


Lack of transparency and the potential for bias in algorithms used to synthesize big data


Highly individualized rates that lose the benefit of risk pooling


Collection of information that is sensitive to consumers’ privacy (or potentially discriminatory)

• Cyber threats to stored data

The outlook for cybersecurity and data privacy continues to indicate strong regulatory developments, with several countries either implementing or enhancing existing regulatory requirements. Within the United States, organizations can also expect to see continued attempts toward simplification of regulatory compliance requirements, such as those noted within the Core Principles report from the Treasury, as well as continued efforts toward harmonization of data privacy and cybersecurity laws and regulations.

“Best Standard”

How will Regulation 187’s “best interest” standard affect the life insurance business?

As customer protection regulations for the financial services industry zigzag from the vacating of the Department of Labor’s fiduciary rule to proposed new rules by the SEC in its Regulation Best Interest, the NYDFS has published its final version of Insurance Regulation 187.

Regulation 187 applies a “best interest” standard to annuity and life insurance product recommendations that becomes effective on August 1, 2019 for annuities, and on February 1, 2020 for life insurance products.

This regulation will have far-reaching impacts on insurers for a number of reasons, including (1) its scope of applicability and (2) its interconnected effects on agents/producers and insurers—particularly the obligation for insurers to supervise, monitor, and take corrective action for any consumer or other third party harmed by an agent/producer. In essence, insurers may potentially be responsible for paying when a consumer is affected by agents and producers failing to act in the consumer’s best interest.

Scope of applicability:


Includes insurers, producers, life insurance, annuities, and in-force policies/contracts

Applies to policies and contracts delivered—or issued for delivery—in New York


Applies to recommendations relating to entering into a policy, or to refraining from entering into any transaction


Includes transactions for which recommendations are made at the point of sale for an insurance product, and post-sale during the servicing of the product for the consumer (e.g., election of a contractual provision)

Integrated end-to-end requirements:


Agents/producers
. Recommendations for the purchase, replacement, or retention of life and annuity products must meet a best interest standard of care or suitability obligation, must cover many disclosures, and must appropriately address consumer insurance needs and their financial objectives.


Supervision by insurers
. Insurers must establish and maintain a system of supervision—along with standards and procedures—reasonably designed to achieve insurer and producer compliance.


Oversight by insurers
. Insurers must establish a system of audit that is reasonably designed to achieve compliance with the insurer’s and producer’s responsibility.


Books and records
. Insurers must maintain all records, including appropriate information about a customer’s financial situation and the complexity of the transaction, as well as documentation to support the agent/producer recommendation.

Regulation 187 may present significant challenges

The requirements of Regulation 187 come at a time when the life insurance industry is already facing difficult challenges to drive revenue and manage costs. For example, there is increased competition to grow and differentiate its products, increase agent retention, and expand margins. Digitization is expected to accelerate the ability for life insurance carriers and agents/distributors to provide consumers with a more interactive and informative discussion of product alternatives. Regulation 187 in New York is added complexity in an already-difficult business environment. Regulation 187 will require insurers to adapt their sales process, producer training, and home office supervisory and compliance operations. Aside from annuities, there is the added complexity of life insurance for which there are fewer solutions presently available. The confluence of these factors, along with uncertainty about whether other states might follow New York’s lead, will present significant potential challenges in 2019 and into 2020.

Conduct risk

Key trends related to conduct risk and its link to corporate culture

We continue to see global interest across jurisdictions in advancing a conduct and culture agenda. This suggests that conduct risk is an issue that is here to stay.  Outside the US there has been a general shift from approaches that are pragmatic and principles-based to approaches that are more rules-based (such as Market Abuse Regulation [MAR] and Markets in Financial Instruments Directive [MiFID II]).

Within the US, the Federal Reserve Bank (FRB) is most active around conduct in the capital markets space. The FRB Board of Governors is executing horizontal exams via its Large Institution Supervision Coordinating Committee (LISCC), with a focus on how firms are addressing business conduct and compliance risk, and on firms’ capabilities related to detection and prevention of misconduct.

As a concept, conduct risk has taken on greater meaning since the financial crisis. Ten years ago, “business practices” and “conduct” started becoming a more prominent topic. Five years ago, firms began establishing frameworks to identify, manage, and monitor conduct as a new dimension of risk. Today, numerous industries are coming to terms with how to proactively prevent employee misconduct and manage company culture.

Key trends

Enterprise view of conduct risk. Large US institutions are expected to have an enterprise-wide conduct risk management program and an enterprise-wide conduct risk function. The regulatory focus is on (1) continuous monitoring of conduct and improvement and (2) detection and prevention mechanisms to influence how strategic objectives are being achieved.

The traditional focus on employee conduct is converging with a newer focus on market conduct, business practices, and impact on clients and markets. Also, there is significant focus on development of internal controls, creating a need to rationalize activities in order to efficiently manage the program. This may lead to some realignment of supervisory/ surveillance activities.

Analytics and predictive intelligence applied to conduct and culture. Firms are looking to generate meaningful insights on employee conduct for the board, senior management, and regulators. The ability to predict and prevent employee misconduct is a business imperative across institutional, retail, and wealth management sectors. Firms are looking to identify employees with poor conduct sooner; proactively identify the next population of at-risk employees and activities; and develop improved approaches for heightened supervision and targeted surveillance/monitoring.

Challenges and opportunities from emerging technologies. Technology continues to disrupt how firms engage, deliver, monitor, and interact with customers. As a disruptor, technology gives rise to new business practices that can lead to new or increased conduct risks and challenges (e.g., digital banking, robo-advisers, electronic/algorithmic trading, new products such as cryptocurrency). However, it also creates opportunities to implement and refine controls that support sound conduct risk management (e.g., harnessing the increased availability of data to better predict—or more quickly detect—employee misconduct).

Compensation and remuneration focus. This continues to be a significant area of attention for regulators. The FSB is planning to release recommendations on how firms can enhance their capacity to consider and monitor the effectiveness of compensation tools. The FSB’s recommendations are also expected to highlight mechanisms for promoting good conduct and addressing misconduct risk. In Australia, the Banking Royal Commission reviewed a number of financial services institutions and identified remuneration as one of the root causes of misconduct.

Market conduct

Insurers can expect increased regulatory scrutiny of market conduct.

Market conduct has become a hot topic in insurance regulation recently, and its importance will likely continue to grow.

The financial crisis forced insurance supervisors worldwide to reexamine their approaches to regulation, and to evaluate the industry’s potential systemic risk. In 2015, the International Association of Insurance Supervisors (IAIS) released an issues paper noting, “In the aftermath of the financial crisis, supervisors’ immediate priorities were to focus on prudential regulatory issues, including strengthening capital. As the concept of conduct of business risk now gathers momentum globally, it is timely that the IAIS considers this form of risk in more detail within the context of supervision of the insurance sector.”

Today, efforts that incorporate new or changed approaches to solvency regulation are nearing completion, or have been completed. These include: the Solvency Modernization Initiative in the US; Solvency II in Europe; and Common Framework for the Supervision of Internationally Active Insurance Groups (ComFrame), and the International Capital Standard at the global level. Regulators are now freer to focus on other aspects of insurance supervision, particularly market conduct regulation. This increased focus on market conduct may be aided by the increased availability of analytical and technological tools for regulators; insurers would do well to proactively review their own practices to help achieve compliance.

What are companies doing to mitigate
insurance fraud?

Despite the barriers reported by the NAIC survey, a number of companies have taken steps to identify and reduce insurance fraud, waste, and abuse—with varying degrees of success. A recent study by the Coalition Against Insurance Fraud found that a growing number of insurers are embracing and expanding their use of technology to improve their anti-fraud capabilities. Companies typically use automated red flags and/or business rules to identify insurance fraud; however, while such capabilities do add value, they are not sufficient to combat the more sophisticated fraud rings, or to detect many types of soft fraud.

More advanced analytics techniques include:


Data exploration. Identifying trends, outliers, and circumstantial anomalies through exploratory data analysis.


Geospatial analysis. Using geographic coordinates to identify spatial patterns and anomalies.


Social networking. Visualizing and analyzing relationships to identify key players and uncover hidden patterns.


Machine learning. Leveraging advanced modeling techniques such as neural networks, random forests, and regression to uncover subtle fraud patterns.

Advanced analytics techniques go beyond the traditional red flags and business rules, enabling companies to identify hidden fraud patterns that were previously undetectable. For example, with machine learning, companies can quickly and efficiently uncover situations where a person is fraudulently filing multiple claims with different insurance companies using slight modifications of their name (e.g., John Smith, J Smith, John Smyth). Another example might be where machine learning detects that subtle circumstances or data signals for a claim fall outside the boundaries of data normalcy across a broad population of past and current claims. Advanced capabilities such as these are rapidly improving, giving insurance companies new and powerful weapons to fight back against the fraud epidemic.

Capital standards

Ongoing efforts to develop international and US capital standards for insurers are making progress.

A decade ago, the survival of the world’s financial system seemed at risk, prompting governments and regulators to undertake various actions to ensure the system’s survival. In the aftermath of the crisis, legislators and regulators began work to minimize the possible systemic risk posed by various sectors of the financial services industry.

A five-year confidential reporting and monitoring period will begin in 2020, during which the IAIS and group-wide supervisors will monitor the results. This could lead to further changes to the ICS; however, stability is generally expected, in contrast to the significant changes that typically occurred in the field-testing period. During the monitoring period, the ICS will not be considered a prescribed capital requirement (PCR), and thus will not in and of itself trigger supervisory action.

In the US, the NAIC has been engaged in a similar effort to develop a group capital calculation (GCC) for US insurance groups.

At the IAIS, work on ComFrame—including the adoption of ICS 2.0—is in its final stages. The next field testing is scheduled to begin in April 2019. One more consultation on ComFrame is then expected in mid-June 2019. Subsequently, in November 2019, the requirements are scheduled for adoption during the IAIS Annual General Meeting.

US state insurance regulators at the NAIC have charged the Group Capital Calculation (E) Working Group with constructing “a US group capital calculation using a risk-based capital (RBC) aggregation methodology; liais(ing) as necessary with the ComFrame Development and Analysis (G) Working Group on international capital developments and consider(ing) group capital developments by the Federal Reserve Board, both of which may help inform the construction of a US group capital calculation.”

It is important to note that while the ICS is ultimately intended to be a prescribed capital requirement, the NAIC has insisted its GCC is just that—a calculated metric designed to help regulators assess the solvency of insurance groups; not a standard. The NAIC’s working group has issued a number of drafts, each time revising its proposed calculation in response to stakeholder feedback. Field testing is expected to further inform development of the GCC.

InsurTech

Technology innovation is shifting the regulatory paradigm.

InsurTech is the next wave of technology innovation in insurance, pushing the entire industry to be more customer-centric, data-driven, and platform-based. This trend is being fueled by the exponential growth of data, computation power, and connected devices—and by data democratization. It is also being fueled by an influx of capital, with more than $10 billion invested in InsurTech companies over the past five years.

InsurTechs are harnessing the power of the latest technologies, including mobile and apps, AI, algorithms and robo-advice, smart contracts, the Internet of Things (IoT), and blockchain/distributed ledger technology (DLT). All of these technology innovations have significant potential benefits for consumers; however, they also pose challenges that may trigger regulatory scrutiny.

So far, InsurTechs have primarily affected the insurance industry by supporting and serving legacy insurers, as opposed to disrupting the established market. In many cases, legacy insurers have acquired technology from InsurTechs and incorporated it into their own ecosystems, or partnered with InsurTechs that provide software-as-a-service (SaaS) or licensing solutions.

Regulators may find it challenging to develop a comfort level with InsurTech innovations and their proposed uses. Also, they may have trouble monitoring and assessing the effect of InsurTech use. For example, while robo-advisers could enable insurance consumers to receive advice at lower price points, regulators need to make sure the provided advice essentially conforms to the same general principles that guide humans when offering similar advice.

Wearables and other biometric devices could potentially enable insurers to gather large amounts of data to perform no-lab underwriting. Also, the ability to track policyholder behaviors could enable insurers to offer health advice (both physical and mental), effectively merging the roles of life insurer and health insurer. Smart devices in homes, vehicles, industrial facilities, and elsewhere could enable insurers to better select, price, and prevent risks. However, for all these innovations, regulators need to be concerned about outcomes—including any possible discriminatory impacts.

Recognizing this need, the NAIC established an Innovation and Technology (EX) Task Force to monitor new InsurTech developments and help regulators stay informed. In a release issued after numerous regulators attended the InsurTech Connect conference in late 2018, NAIC CEO Mike Consedine said, “We’re going to see more insurance innovation in the next 10 years than we’ve seen in the last 150. Regulators and innovators must work together to educate each other about the new technology, its impact on the marketplace and consumers in order to effectively regulate it.”

For regulators, significant concerns are likely to include privacy and transparency, and the level of consumer education in using new products and platforms. For insurers, a significant concern might be how well regulators understand the emerging technologies. Thus, as insurance companies employ more InsurTech, Consedine’s call for regulators and innovators to educate each other might be of prime importance.

For now, the biggest issue may be that regulators will simply say “no” if they do not have sufficient information or expertise to analyze and understand InsurTech innovations. To address this issue, a key goal of the NAIC’s State Ahead strategic initiative—scheduled for completion in 2020—is to provide the resources for state regulators to effectively analyze and regulate new technologies and technology uses.

In the meantime, the best available option for insurers might be to inform and involve regulators early in the process of InsurTech adoption. InsurTech has the potential to transform the relationship between regulators and regulated by emphasizing the importance of working together from the beginning in order to get to “yes.” This could help bring relevant, innovative products to market more quickly, which is something all stakeholders should find appealing.

Taking the lead in times of change

Today’s regulatory environment is in the midst of significant and unpredictable change, driven by a variety of forces including political shifts, new social norms and behaviors, and technological innovation. To succeed in this challenging environment, companies need to actively look for ways to improve the effectiveness and efficiency of their compliance strategies and operations. Technology is likely to play an increasingly important role in this pursuit. Robotic process automation, for example, is being widely adopted by compliance-related functions to help them do more with less. At the same time, emerging technologies such as artificial intelligence and advanced analytics are making it possible to do things that have never been done before. Innovations like these can create business value no matter which way the regulatory winds might shift — enabling leaders to take action confidently and decisively in times of significant and ongoing change.

Special Thanks to:

Leadership

Monica O’Reilly

Regulatory & Operational Risk Leader

Managing Director | Deloitte Risk and Financial Advisory

Deloitte & Touche LLP

monoreilly@deloitte.com

Chris Spoth

Executive Director, Center for Regulatory Strategy, Americas

Managing Director | Deloitte Risk and Financial Advisory

Deloitte & Touche LLP

cspoth@deloitte.com

Rich??Godfrey

National Advisory Insurance Leader

Principal | Deloitte Risk and Financial Advisory

Deloitte & Touche LLP

rgodfrey@deloitte.com

Authors

Elia??Alonso

Global Conduct Risk Leader

Principal | Deloitte Risk and Financial Advisory

Deloitte & Touche LLP

elalonso@deloitte.com

George??Hanley

Managing Director | Deloitte Risk and Financial Advisory

Deloitte & Touche LLP

ghanley@deloitte.com

Jordan??Kuperschmid

Insurance Regulatory & Operational Risk Leader

Principal | Deloitte Risk and Financial Advisory

Deloitte & Touche LLP

jkuperschmid@deloitte.com

John??Lucker

Global Advanced Analytics Market Leader

Principal | Deloitte Risk and Financial Advisory

Deloitte & Touche LLP

jlucker@deloitte.com

Howard Mills

Global Insurance Regulatory Leader

Managing Director | Deloitte Risk and Financial Advisory

Deloitte & Touche LLP

howmills@deloitte.com

Jeff??Schaeffer

SOC for Cybersecurity Solution Leader

Managing Director | Deloitte Risk and Financial Advisory

Deloitte & Touche LLP

jschaeffer@deloitte.com

Julie Bernard

Principal | Deloitte Risk and Financial Advisory

Deloitte & Touche LLP

juliebernard@deloitte.com

David??Sherwood

Managing Director | Deloitte Risk and Financial Advisory

Deloitte & Touche LLP

dsherwood@deloitte.com

Bryan??Berkowitz

Senior Manager | Deloitte Risk and Financial Advisory

Deloitte & Touche LLP

bberkowitz@deloitte.com

Andrew Mais

Senior Manager | Deloitte Services LLP

amais@deloitte.com

Nitin Pandey

Senior Manager | Deloitte Risk and Financial Advisory

Deloitte & Touche LLP

npandey@deloitte.com

About the Center

The Deloitte Center for Regulatory Strategy provides valuable insight to help organizations in the financial services, health care, life sciences, and energy industries keep abreast of emerging regulatory and compliance requirements, regulatory implementation leading practices, and other regulatory trends.

Home to a team of experienced executives, former regulators, and Deloitte professionals with extensive experience solving complex regulatory issues, the Center exists to bring relevant information and specialized perspectives to our clients through a range of media including thought leadership, research, forums, webcasts, and events.

This publication contains general information only and Deloitte is not, by means of this publication, rendering accounting, business, financial, investment, legal, tax, or other professional advice or services. This publication is not a substitute for such professional advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified professional advisor. Deloitte shall not be responsible for any loss sustained by any person who relies on this publication.

About Deloitte

Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee (“DTTL”), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as “Deloitte Global”) does not provide services to clients. In the United States, Deloitte refers to one or more of the US member firms of DTTL, their related entities that operate using the “Deloitte” name in the United States and their respective affiliates. Certain services may not be available to attest clients under the rules and regulations of public accounting. Please see www.deloitte.com/about to learn more about our global network of member firms.

Copyright © 2018 Deloitte Development LLC. All rights reserved.