(215 ILCS 5/155.35)
    (Text of Section before amendment by P.A. 103-897)
    Sec. 155.35. Insurance compliance self-evaluative privilege.
    (a) To encourage insurance companies and persons conducting activities regulated under this Code, both to conduct voluntary internal audits of their compliance programs and management systems and to assess and improve compliance with State and federal statutes, rules, and orders, an insurance compliance self-evaluative privilege is recognized to protect the confidentiality of communications relating to voluntary internal compliance audits. The General Assembly hereby finds and declares that protection of insurance consumers is enhanced by companies' voluntary compliance with this State's insurance and other laws and that the public will benefit from incentives to identify and remedy insurance and other compliance issues. It is further declared that limited expansion of the protection against disclosure will encourage voluntary compliance and improve insurance market conduct quality and that the voluntary provisions of this Section will not inhibit the exercise of the regulatory authority by those entrusted with protecting insurance consumers.
    (b)(1) An insurance compliance self-evaluative audit document is privileged information and is not admissible as evidence in any legal action in any civil, criminal, or administrative proceeding, except as provided in subsections (c) and (d) of this Section. Documents, communications, data, reports, or other information created as a result of a claim involving personal injury or workers' compensation made against an insurance policy are not insurance compliance self-evaluative audit documents and are admissible as evidence in civil proceedings as otherwise provided by applicable rules of evidence or civil procedure, subject to any applicable statutory or common law privilege, including but not limited to the work product doctrine, the attorney-client privilege, or the subsequent remedial measures exclusion.
    (2) If any company, person, or entity performs or directs the performance of an insurance compliance audit, an officer or employee involved with the insurance compliance audit, or any consultant who is hired for the purpose of performing the insurance compliance audit, may not be examined in any civil, criminal, or administrative proceeding as to the insurance compliance audit or any insurance compliance self-evaluative audit document, as defined in this Section. This subsection (b)(2) does not apply if the privilege set forth in subsection (b)(1) of this Section is determined under subsection (c) or (d) not to apply.
    (3) A company may voluntarily submit, in connection with examinations conducted under this Article, an insurance compliance self-evaluative audit document to the Director, or his or her designee, as a confidential document under subsection (f) of Section 132.5 of this Code without waiving the privilege set forth in this Section to which the company would otherwise be entitled; provided, however, that the provisions in subsection (f) of Section 132.5 permitting the Director to make confidential documents public pursuant to subsection (e) of Section 132.5 and access to the National Association of Insurance Commissioners shall not apply to the insurance compliance self-evaluative audit document so voluntarily submitted. Nothing contained in this subsection shall give the Director any authority to compel a company to disclose involuntarily or otherwise provide an insurance compliance self-evaluative audit document.
    (c)(1) The privilege set forth in subsection (b) of this Section does not apply to the extent that it is expressly waived by the company that prepared or caused to be prepared the insurance compliance self-evaluative audit document.
    (2) In a civil or administrative proceeding, a court of record may, after an in camera review, require disclosure of material for which the privilege set forth in subsection (b) of this Section is asserted, if the court determines one of the following:
        (A) the privilege is asserted for a fraudulent
    
purpose;
        (B) the material is not subject to the privilege; or
        (C) even if subject to the privilege, the material
    
shows evidence of noncompliance with State and federal statutes, rules and orders and the company failed to undertake reasonable corrective action or eliminate the noncompliance within a reasonable time.
    (3) In a criminal proceeding, a court of record may, after an in camera review, require disclosure of material for which the privilege described in subsection (b) of this Section is asserted, if the court determines one of the following:
        (A) the privilege is asserted for a fraudulent
    
purpose;
        (B) the material is not subject to the privilege;
        (C) even if subject to the privilege, the material
    
shows evidence of noncompliance with State and federal statutes, rules and orders and the company failed to undertake reasonable corrective action or eliminate such noncompliance within a reasonable time; or
        (D) the material contains evidence relevant to
    
commission of a criminal offense under this Code, and all of the following factors are present:
            (i) the Director, State's Attorney, or Attorney
        
General has a compelling need for the information;
            (ii) the information is not otherwise available;
        
and
            (iii) the Director, State's Attorney, or Attorney
        
General is unable to obtain the substantial equivalent of the information by any means without incurring unreasonable cost and delay.
    (d)(1) Within 30 days after the Director, State's Attorney, or Attorney General makes a written request by certified mail for disclosure of an insurance compliance self-evaluative audit document under this subsection, the company that prepared or caused the document to be prepared may file with the appropriate court a petition requesting an in camera hearing on whether the insurance compliance self-evaluative audit document or portions of the document are privileged under this Section or subject to disclosure. The court has jurisdiction over a petition filed by a company under this subsection requesting an in camera hearing on whether the insurance compliance self-evaluative audit document or portions of the document are privileged or subject to disclosure. Failure by the company to file a petition waives the privilege.
    (2) A company asserting the insurance compliance self-evaluative privilege in response to a request for disclosure under this subsection shall include in its request for an in camera hearing all of the information set forth in subsection (d)(5) of this Section.
    (3) Upon the filing of a petition under this subsection, the court shall issue an order scheduling, within 45 days after the filing of the petition, an in camera hearing to determine whether the insurance compliance self-evaluative audit document or portions of the document are privileged under this Section or subject to disclosure.
    (4) The court, after an in camera review, may require disclosure of material for which the privilege in subsection (b) of this Section is asserted if the court determines, based upon its in camera review, that any one of the conditions set forth in subsection (c)(2)(A) through (C) is applicable as to a civil or administrative proceeding or that any one of the conditions set forth in subsection (c)(3)(A) through (D) is applicable as to a criminal proceeding. Upon making such a determination, the court may only compel the disclosure of those portions of an insurance compliance self-evaluative audit document relevant to issues in dispute in the underlying proceeding. Any compelled disclosure will not be considered to be a public document or be deemed to be a waiver of the privilege for any other civil, criminal, or administrative proceeding. A party unsuccessfully opposing disclosure may apply to the court for an appropriate order protecting the document from further disclosure.
    (5) A company asserting the insurance compliance self-evaluative privilege in response to a request for disclosure under this subsection (d) shall provide to the Director, State's Attorney, or Attorney General, as the case may be, at the time of filing any objection to the disclosure, all of the following information:
        (A) The date of the insurance compliance
    
self-evaluative audit document.
        (B) The identity of the entity conducting the audit.
        (C) The general nature of the activities covered by
    
the insurance compliance audit.
        (D) An identification of the portions of the
    
insurance compliance self-evaluative audit document for which the privilege is being asserted.
    (e) (1) A company asserting the insurance compliance self-evaluative privilege set forth in subsection (b) of this Section has the burden of demonstrating the applicability of the privilege. Once a company has established the applicability of the privilege, a party seeking disclosure under subsections (c)(2)(A) or (C) of this Section has the burden of proving that the privilege is asserted for a fraudulent purpose or that the company failed to undertake reasonable corrective action or eliminate the noncompliance with a reasonable time. The Director, State's Attorney, or Attorney General seeking disclosure under subsection (c)(3) of this Section has the burden of proving the elements set forth in subsection (c)(3) of this Section.
    (2) The parties may at any time stipulate in proceedings under subsections (c) or (d) of this Section to entry of an order directing that specific information contained in an insurance compliance self-evaluative audit document is or is not subject to the privilege provided under subsection (b) of this Section.
    (f) The privilege set forth in subsection (b) of this Section shall not extend to any of the following:
        (1) documents, communications, data, reports, or
    
other information required to be collected, developed, maintained, reported, or otherwise made available to a regulatory agency pursuant to this Code, or other federal or State law, rule, or order;
        (2) information obtained by observation or monitoring
    
by any regulatory agency; or
        (3) information obtained from a source independent of
    
the insurance compliance audit.
    (g) As used in this Section:
        (1) "Insurance compliance audit" means a voluntary,
    
internal evaluation, review, assessment, or audit not otherwise expressly required by law of a company or an activity regulated under this Code, or other State or federal law applicable to a company, or of management systems related to the company or activity, that is designed to identify and prevent noncompliance and to improve compliance with those statutes, rules, or orders. An insurance compliance audit may be conducted by the company, its employees, or by independent contractors.
        (2) "Insurance compliance self-evaluative audit
    
document" means documents prepared as a result of or in connection with and not prior to an insurance compliance audit. An insurance compliance self-evaluation audit document may include a written response to the findings of an insurance compliance audit. An insurance compliance self-evaluative audit document may include, but is not limited to, as applicable, field notes and records of observations, findings, opinions, suggestions, conclusions, drafts, memoranda, drawings, photographs, computer-generated or electronically recorded information, phone records, maps, charts, graphs, and surveys, provided this supporting information is collected or developed for the primary purpose and in the course of an insurance compliance audit. An insurance compliance self-evaluative audit document may also include any of the following:
            (A) an insurance compliance audit report prepared
        
by an auditor, who may be an employee of the company or an independent contractor, which may include the scope of the audit, the information gained in the audit, and conclusions and recommendations, with exhibits and appendices;
            (B) memoranda and documents analyzing portions or
        
all of the insurance compliance audit report and discussing potential implementation issues;
            (C) an implementation plan that addresses
        
correcting past noncompliance, improving current compliance, and preventing future noncompliance; or
            (D) analytic data generated in the course of
        
conducting the insurance compliance audit.
        (3) "Company" has the same meaning as provided in
    
Section 2 of this Code.
    (h) Nothing in this Section shall limit, waive, or abrogate the scope or nature of any statutory or common law privilege including, but not limited to, the work product doctrine, the attorney-client privilege, or the subsequent remedial measures exclusion.
(Source: P.A. 90-499, eff. 8-19-97; 90-655, eff. 7-30-98.)
 
    (Text of Section after amendment by P.A. 103-897)
    Sec. 155.35. Insurance compliance self-evaluative privilege.
    (a) To encourage insurance companies and persons conducting activities regulated under this Code, both to conduct voluntary internal audits of their compliance programs and management systems and to assess and improve compliance with State and federal statutes, rules, and orders, an insurance compliance self-evaluative privilege is recognized to protect the confidentiality of communications relating to voluntary internal compliance audits. The General Assembly hereby finds and declares that protection of insurance consumers is enhanced by companies' voluntary compliance with this State's insurance and other laws and that the public will benefit from incentives to identify and remedy insurance and other compliance issues. It is further declared that limited expansion of the protection against disclosure will encourage voluntary compliance and improve insurance market conduct quality and that the voluntary provisions of this Section will not inhibit the exercise of the regulatory authority by those entrusted with protecting insurance consumers.
    (b)(1) An insurance compliance self-evaluative audit document is privileged information and is not admissible as evidence in any legal action in any civil, criminal, or administrative proceeding, except as provided in subsections (c) and (d) of this Section. Documents, communications, data, reports, or other information created as a result of a claim involving personal injury or workers' compensation made against an insurance policy are not insurance compliance self-evaluative audit documents and are admissible as evidence in civil proceedings as otherwise provided by applicable rules of evidence or civil procedure, subject to any applicable statutory or common law privilege, including, but not limited to, the work product doctrine, the attorney-client privilege, or the subsequent remedial measures exclusion.
    (2) If any company, person, or entity performs or directs the performance of an insurance compliance audit, an officer or employee involved with the insurance compliance audit, or any consultant who is hired for the purpose of performing the insurance compliance audit, may not be examined in any civil, criminal, or administrative proceeding as to the insurance compliance audit or any insurance compliance self-evaluative audit document, as defined in this Section. This subsection (b)(2) does not apply if the privilege set forth in subsection (b)(1) of this Section is determined under subsection (c) or (d) not to apply.
    (3) A company may voluntarily submit, in connection with examinations conducted under this Article, an insurance compliance self-evaluative audit document to the Director, or his or her designee, as a confidential document under subsection (i) of Section 132 or subsection (f) of Section 132.5 of this Code without waiving the privilege set forth in this Section to which the company would otherwise be entitled; provided, however, that the provisions in Sections 132 and 132.5 permitting the Director to make confidential documents public and grant access to the National Association of Insurance Commissioners shall not apply to the insurance compliance self-evaluative audit document so voluntarily submitted. Nothing contained in this subsection shall give the Director any authority to compel a company to disclose involuntarily or otherwise provide an insurance compliance self-evaluative audit document.
    (c)(1) The privilege set forth in subsection (b) of this Section does not apply to the extent that it is expressly waived by the company that prepared or caused to be prepared the insurance compliance self-evaluative audit document.
    (2) In a civil or administrative proceeding, a court of record may, after an in camera review, require disclosure of material for which the privilege set forth in subsection (b) of this Section is asserted, if the court determines one of the following:
        (A) the privilege is asserted for a fraudulent
    
purpose;
        (B) the material is not subject to the privilege; or
        (C) even if subject to the privilege, the material
    
shows evidence of noncompliance with State and federal statutes, rules and orders and the company failed to undertake reasonable corrective action or eliminate the noncompliance within a reasonable time.
    (3) In a criminal proceeding, a court of record may, after an in camera review, require disclosure of material for which the privilege described in subsection (b) of this Section is asserted, if the court determines one of the following:
        (A) the privilege is asserted for a fraudulent
    
purpose;
        (B) the material is not subject to the privilege;
        (C) even if subject to the privilege, the material
    
shows evidence of noncompliance with State and federal statutes, rules and orders and the company failed to undertake reasonable corrective action or eliminate such noncompliance within a reasonable time; or
        (D) the material contains evidence relevant to
    
commission of a criminal offense under this Code, and all of the following factors are present:
            (i) the Director, State's Attorney, or Attorney
        
General has a compelling need for the information;
            (ii) the information is not otherwise available;
        
and
            (iii) the Director, State's Attorney, or Attorney
        
General is unable to obtain the substantial equivalent of the information by any means without incurring unreasonable cost and delay.
    (d)(1) Within 30 days after the Director, State's Attorney, or Attorney General makes a written request by certified mail for disclosure of an insurance compliance self-evaluative audit document under this subsection, the company that prepared or caused the document to be prepared may file with the appropriate court a petition requesting an in camera hearing on whether the insurance compliance self-evaluative audit document or portions of the document are privileged under this Section or subject to disclosure. The court has jurisdiction over a petition filed by a company under this subsection requesting an in camera hearing on whether the insurance compliance self-evaluative audit document or portions of the document are privileged or subject to disclosure. Failure by the company to file a petition waives the privilege.
    (2) A company asserting the insurance compliance self-evaluative privilege in response to a request for disclosure under this subsection shall include in its request for an in camera hearing all of the information set forth in subsection (d)(5) of this Section.
    (3) Upon the filing of a petition under this subsection, the court shall issue an order scheduling, within 45 days after the filing of the petition, an in camera hearing to determine whether the insurance compliance self-evaluative audit document or portions of the document are privileged under this Section or subject to disclosure.
    (4) The court, after an in camera review, may require disclosure of material for which the privilege in subsection (b) of this Section is asserted if the court determines, based upon its in camera review, that any one of the conditions set forth in subsection (c)(2)(A) through (C) is applicable as to a civil or administrative proceeding or that any one of the conditions set forth in subsection (c)(3)(A) through (D) is applicable as to a criminal proceeding. Upon making such a determination, the court may only compel the disclosure of those portions of an insurance compliance self-evaluative audit document relevant to issues in dispute in the underlying proceeding. Any compelled disclosure will not be considered to be a public document or be deemed to be a waiver of the privilege for any other civil, criminal, or administrative proceeding. A party unsuccessfully opposing disclosure may apply to the court for an appropriate order protecting the document from further disclosure.
    (5) A company asserting the insurance compliance self-evaluative privilege in response to a request for disclosure under this subsection (d) shall provide to the Director, State's Attorney, or Attorney General, as the case may be, at the time of filing any objection to the disclosure, all of the following information:
        (A) The date of the insurance compliance
    
self-evaluative audit document.
        (B) The identity of the entity conducting the audit.
        (C) The general nature of the activities covered by
    
the insurance compliance audit.
        (D) An identification of the portions of the
    
insurance compliance self-evaluative audit document for which the privilege is being asserted.
    (e) (1) A company asserting the insurance compliance self-evaluative privilege set forth in subsection (b) of this Section has the burden of demonstrating the applicability of the privilege. Once a company has established the applicability of the privilege, a party seeking disclosure under subsections (c)(2)(A) or (C) of this Section has the burden of proving that the privilege is asserted for a fraudulent purpose or that the company failed to undertake reasonable corrective action or eliminate the noncompliance with a reasonable time. The Director, State's Attorney, or Attorney General seeking disclosure under subsection (c)(3) of this Section has the burden of proving the elements set forth in subsection (c)(3) of this Section.
    (2) The parties may at any time stipulate in proceedings under subsections (c) or (d) of this Section to entry of an order directing that specific information contained in an insurance compliance self-evaluative audit document is or is not subject to the privilege provided under subsection (b) of this Section.
    (f) The privilege set forth in subsection (b) of this Section shall not extend to any of the following:
        (1) documents, communications, data, reports, or
    
other information required to be collected, developed, maintained, reported, or otherwise made available to a regulatory agency pursuant to this Code, or other federal or State law, rule, or order;
        (2) information obtained by observation or monitoring
    
by any regulatory agency; or
        (3) information obtained from a source independent of
    
the insurance compliance audit.
    (g) As used in this Section:
        (1) "Insurance compliance audit" means a voluntary,
    
internal evaluation, review, assessment, or audit not otherwise expressly required by law of a company or an activity regulated under this Code, or other State or federal law applicable to a company, or of management systems related to the company or activity, that is designed to identify and prevent noncompliance and to improve compliance with those statutes, rules, or orders. An insurance compliance audit may be conducted by the company, its employees, or by independent contractors.
        (2) "Insurance compliance self-evaluative audit
    
document" means documents prepared as a result of or in connection with and not prior to an insurance compliance audit. An insurance compliance self-evaluation audit document may include a written response to the findings of an insurance compliance audit. An insurance compliance self-evaluative audit document may include, but is not limited to, as applicable, field notes and records of observations, findings, opinions, suggestions, conclusions, drafts, memoranda, drawings, photographs, computer-generated or electronically recorded information, phone records, maps, charts, graphs, and surveys, provided this supporting information is collected or developed for the primary purpose and in the course of an insurance compliance audit. An insurance compliance self-evaluative audit document may also include any of the following:
            (A) an insurance compliance audit report prepared
        
by an auditor, who may be an employee of the company or an independent contractor, which may include the scope of the audit, the information gained in the audit, and conclusions and recommendations, with exhibits and appendices;
            (B) memoranda and documents analyzing portions or
        
all of the insurance compliance audit report and discussing potential implementation issues;
            (C) an implementation plan that addresses
        
correcting past noncompliance, improving current compliance, and preventing future noncompliance; or
            (D) analytic data generated in the course of
        
conducting the insurance compliance audit.
        (3) "Company" has the same meaning as provided in
    
Section 2 of this Code.
    (h) Nothing in this Section shall limit, waive, or abrogate the scope or nature of any statutory or common law privilege including, but not limited to, the work product doctrine, the attorney-client privilege, or the subsequent remedial measures exclusion.
(Source: P.A. 103-897, eff. 1-1-25.)