Updated | Federal investigators are taking a close look at the Chinese ownership of an American insurance company that has been selling legal liability insurance to senior CIA, FBI and other U.S. intelligence officials and operatives for decades.
The company, Wright USA, was quietly acquired late last year by Fosun Group, a Shanghai-based conglomerate led by Guo Guangchang, a billionaire with high-level Communist Party connections known as “China’s Warren Buffett.”
The links between Guo and Wright USA came under scrutiny from the Treasury Department’s Committee on Foreign Investment in the United States, as well as the Office of Director of National Intelligence, the coordinating body of all U.S. spy agencies, soon after Fosun announced the purchase of Wright’s parent company last November. The FBI has also launched a criminal probe into whether the company made “unauthorized disclosures of government data to outsiders,” according to a well-placed source, who, like others, spoke to Newsweek on condition of anonymity because the information is sensitive.
Fosun vehemently denies the company is under criminal investigation and in early July lobbied Justice Department officials to issue a statement to that effect to Newsweek. Reached by email, however, a department spokesman declined to do so. A Treasury spokesperson says the department is forbidden by law to disclose any information to the public about its investigations.
U.S. officials are concerned the deal gave Chinese spy agencies a pipeline into the names, job titles, addresses and phone numbers of tens of thousands of American intelligence and counterterrorism officials—many working undercover—going back decades.
On June 28, perhaps in response to U.S. government concerns, Fosun announced it was putting Wright USA’s parent company, Bermuda-based insurer Ironshore, up for sale. Fosun spent $2.3 billion over two years acquiring the company, Reuters reported. No timing for a sale was announced.
A Fosun representative says the concerns about the security of Wright USA’s data are baseless. The company is “not connected to the Chinese government,” he says, and “no data on individual Wright policyholders was ever shared with Fosun.” After the Treasury Department’s Committee on Foreign Investment in the United States opened its investigation late last year, he says, “the companies put in place additional measures to protect the Wright policyholder data.”
Wright’s niche insurance business is little known outside U.S. intelligence circles. In 2008, The New York Times described how the company, founded in 1965 by a former FBI agent, had become a financial lifeline for CIA and other officials who came under fire for their conduct in office and needed expensive legal help. Its clients then included former CIA Director George Tenet; Scott Muller, the agency’s former general counsel; John Rizzo, acting general counsel during the George W. Bush administration; and José Rodriguez, the CIA operations chief who in 2005 ordered the destruction of CIA videotapes of the harsh interrogation of two Al-Qaeda operatives.
Wright’s business nearly doubled between 2001 and 2008, from about 17,000 to 32,000 policyholders, “spurred in part by a spate of lawsuits, investigations and criminal prosecutions related to mistreatment of detainees from Iraq to Guantánamo Bay, an immigration crackdown and other aftershocks of 9/11,” wrote Times national security reporter Scott Shane. It was “popular with F.B.I. agents, Secret Service officers, and Immigration and Customs Enforcement workers as well as C.I.A. officers.”
Indeed, Wright USA was the CIA’s preferred source for federal employee professional liability insurance, or FEPLI, a former top CIA official tells Newsweek. “The whole time I was there, they were the underwriter,” he says. “If you wanted FEPLI, that’s where you went.” In the application form, “you have to give a general description of your duties and the kinds of issues you deal with,” he says. But “the people we dealt with were cleared” to handle such sensitive information. A CIA spokesman declined to comment.
Some senior security officials are fatalistic about the potential security breach, in light of China’s alleged cybertheft of 21.5 million federal government employee files last year from the Office of Personnel Management. “They already have our info from that,” a Homeland Security official says. “They probably have a photo of me and other data from my passport. My room’s been tossed every time I’ve gone over there. They don’t even try to hide that they have information on you. They’ve got folders on all of us.”
Nevertheless, some former U.S. intelligence and security officials, alarmed by Wright’s sale to Fosun, have been thinking about how to get the company barred from selling FEPLI to the CIA and other agencies—or maybe even to take over its business. “Wright’s FEPLI insurance business gives it an extraordinary ability to target, collect and aggregate very sensitive information about U.S. intelligence staff and contractors,” Tom Woolston, a former CIA officer, wrote last year in a private report for a group of potential investors. He concluded that Guo’s Beijing connections—he is a delegate to the Chinese People's Political Consultative Conference, a high-level legislative body, among other prestigious positions—made him an unsuitable owner for the company. “The Communist Party of China, for purposes of U.S. intelligence services, is considered a foreign entity hostile to the interests of United States,” Woolston wrote. “Wright USA cannot continue its FEPLI business under foreign ownership,” considering its “30-year relationship with the U.S. intelligence community.”
One former company executive who handled claims for Wright USA also warned Ironshore that Chinese ownership could bar it from doing business with U.S. intelligence agencies—and urged the company to sell it to one of its security-cleared owners, he tells Newsweek on condition of anonymity to discuss internal deliberations. But when the owner raised the idea, “they just arrogantly blew him off,” and then removed the executive in charge of U.S. government accounts, including those of the intelligence agencies.
Fosun evidently felt the combined heat of federal investigations and media inquiries. On June 6, eight months after it was acquired by Fosun, Wright USA sent a letter to policyholders headlined “updates on our ownership and privacy policies.” It announced the company’s November 2015 purchase by Fosun, which it described only as “a multinational corporation headquartered in China.” It made no mention of Guo or his Chinese Communist Party connections. (Likewise, Fosun’s ownership of Ironshore and Wright USA goes unmentioned on their websites.)
In his 2015 memo, Woolston advised that Wright’s “failure to prospectively disclose” its foreign ownership could leave it liable to civil and criminal prosecution.
None of the half-dozen former CIA officials contacted by Newsweek say they remember receiving any notice of Fosun’s ownership of Wright, including the company’s June 6 letter to policyholders. One CIA operative, who recently retired as a “State Department officer,” says the letter looked like junk mail, so he “didn’t pay any attention to it.” Prompted by Newsweek, he retrieved the envelope and opened it. “It’s shocking,” he says. “It’s amazing that nobody else has mentioned it. It’s an administrative nightmare, for sure.”
U.S. counterintelligence officials face a quandary on how to respond to the possible security breach, well-informed sources say. If a Chinese spy service has real-time access to Wright’s transactions, one says, they may be monitoring policy cancellations for clues to the identities of undercover officials. “It’s one thing to say the [Chinese] government hacked it; it’s another thing to suggest Wright was somehow complicit in facilitating a transfer of information,” the Fosun official says. "It was not."
After repeated inquiries from Newsweek and facing multiple investigations, Fosun announced in late June that it was selling Ironshore, Wright USA’s Bermuda-based parent company, “as soon as possible.” The company also owns Lexon Surety Group, which is based in Nashville, Tennessee, and issues surety bonds (completion guarantees) to government contractors, some of whom work on such sensitive projects as U.S. military bases, nuclear power facilities, embassies, subway systems and water supply tunnels.
“With that,” says a source who asked for anonymity to discuss the firm’s business, Lexon and “Ironshore/Fosun have direct access to plans and specs, site information and other sensitive information directly related to these key projects and sites.” Lexon did not return repeated calls for comment.
Philip Manuel, a former Pentagon counterintelligence agent and lead investigator for the Senate Permanent Subcommittee on Investigations, who is also advising potential investors in Wright, says the security concerns over the company’s ownership are justified, considering the historically close relations between Chinese businesses and Beijing’s spy services. He points to the Obama administration’s response to Chinese ownership of New York City’s famed Waldorf Astoria hotel, which "led our counterintelligence people to keep the president and U.S. officials from staying [there] once it was ascertained that the relevant suites and rooms had been equipped with listening devices."
Michelle Van Cleave, who served as the national counterintelligence executive during the first George W. Bush administration, says Fosun’s ownership of Wright USA poses a grave security risk, whether it knowingly provided information to its Chinese parent company or not. The breach only begins, she says, when intelligence officials, including undercover personnel, provide Wright with their real names, home addresses, telephone numbers and email addresses. But it widens considerably when officials file claims because a federal or congressional investigation causes them to hire a lawyer.
“Knowing that an individual in a sensitive position may have a problem at work is red meat to an espionage service looking to recruit inside sources,” Van Cleave tells Newsweek. “Usually, spies have to work hard for that information. Owning the insurance company means that the unwitting American is filling out the forms that say ‘target me.’”
In an earlier version of this story, Philip Manuel misstated the name of one of the companies involved. It is Ironshore, not Ironstone. This story has been updated to include information about Lexon Surety Group and an interview with a former company executive who handled claims for Wright USA.