On February 4, 2021, the New York Department of Financial Services (NYDFS) issued Circular Letter No. 2 announcing a Cyber Insurance Risk Framework (the Framework) that describes industry best practices for New York-regulated property/casualty insurers. Issuance of the Framework is notable as it represents the first official guidance by a U.S. regulator concerning the increasingly critical issue of cyberinsurance. And while circular letters do not establish new legal requirements or have the force of law, they do set forth the department’s interpretation of the requirements of existing laws and regulations.1
Most cybersecurity professionals are aware of the New York Department of Financial Service’s requirement imposed on DFS-licensed entities to certify their cybersecurity program’s compliance on an annual basis (by April 15th of each year), but less well known is that numerous other states impose similar requirements on regulated insurance entities and that deadline for many states is coming up on February 15, 2021.
The National Association of Insurance Commissioners (NAIC) held its Fall 2020 National Meeting (Fall Meeting) December 3-9, 2020. As a result of the continuing COVID-19 pandemic, the NAIC once again met in a virtual format. This Sidley Update summarizes the highlights from this meeting in addition to interim meetings that were held during November in lieu of taking place during the Fall Meeting.
The National Association of Insurance Commissioners (NAIC) held its Summer 2020 National Meeting (Summer Meeting) from July 27 to August 14, 2020. As a result of the COVID-19 pandemic, the NAIC held the Summer Meeting in a virtual format, with conference calls taking place over a three-week period. Despite not being able to meet in-person, the NAIC utilized the Summer Meeting as an opportunity to host conversations among insurance regulators, industry members and consumers regarding recent events, including the impact of COVID-19 on the insurance industry as well as racial inequality and the promotion of diversity in the insurance industry. (more…)
The National Association of Insurance Commissioners (the NAIC) held its Fall 2019 National Meeting (Fall Meeting) in Austin, Texas, from December 7 to 10, 2019. The Fall Meeting was highlighted by the following activities.
The National Association of Insurance Commissioners (NAIC) held its Summer 2019 National Meeting (Summer Meeting) in New York City from August 3 to 6, 2019. The Summer Meeting was highlighted by the following activities.
The National Association of Insurance Commissioners (NAIC) held its Spring 2019 National Meeting (Spring Meeting) in Orlando, Florida, from April 6 to 9, 2019. This post summarizes the highlights from this meeting.
On January 18, 2019, the New York State Department of Financial Services (NYDFS) issued Circular Letter 2019-1 (the Circular Letter), addressing insurers’ use of external consumer data and information sources in underwriting for life insurance. The Circular Letter follows an investigation commenced by NYDFS regarding life insurers’ use of external data, which was initiated in light of reports that insurers were using algorithms and predictive models that include unconventional sources or types of external data. Among other things, the Circular Letter provides guidance that when insurers use external data sources in connection with underwriting decisions, (1) the use of external data sources must not result in any unlawful discrimination, (2) the underwriting or rating guidelines must be based on sound actuarial principle; and (3) life insurers must have adequate consumer disclosures to notify insureds or potential insureds of the right to receive the specific reasons for any adverse underwriting decision based on such data. (more…)
On December 28, 2018, Michigan adopted the National Association of Insurance Commissioners’ (NAIC) Insurance Data Security Model Law in the form of Michigan H.B. 6491 (Act). By doing so, Michigan joins Ohio and South Carolina as the third state to adopt the Model Law and the fifth state – along with Connecticut and New York – to have enacted cybersecurity regulations focused on insurance companies. See CT Gen Stat § 38a-999b (2015); 23 NYCRR 500. (Please see our prior coverage for more information on Ohio and South Carolina’s adoption of the Model Law). Moreover, adoption of the Model Law is still gaining steam with Rhode Island potentially next in line.
On December 19, 2018, Ohio adopted the National Association of Insurance Commissioners’ (NAIC) Insurance Data Security Model Law. By doing so, Ohio joins South Carolina as the second state to have adopted the Model Law and the fourth state – along with Connecticut and New York – to have enacted cybersecurity regulations for insurance companies. See CT Gen Stat § 38a-999b (2015); 23 NYCRR 500. (For more information on South Carolina’s adoption of the Model Law, see our prior coverage.) (more…)