Industry Issues | Surplus Lines Reform

New York Surplus Lines Regulatory Update

Regulatory Update - New York*

The Excess Line Association of New York (ELANY) will host the fall meeting of the Surplus Lines Law Group (SLLG) in New York City on October 11-12. The SLLG is an informal group of more than 100 E&S legal and compliance professionals that meets twice every year to discuss critical issues impacting the E&S market. Many stamping offices are represented and the state-by-state overview of key statutory, regulatory, judicial and business activity is a highlight. PCI will provide an update on various state matters including legislative activity related to domestic surplus lines insurer, and federal developments related to NFIP, TRIA, NARAB and FACTA.

*September 3rd was the deadline for compliance with several New York Department of Financial Services (DFS) cybersecurity regulation requirements, including:
. Audit Trail (Section 500.06)
. Application Security (Section 500.08)
. Limitations on Data Retention (Section 500.13)
. Monitoring (Section 500.14(a))
. Encryption of Nonpublic Information (Section 500.15)

See ELANY's Compliance Advisor on the regulation for more detail. The regulation can be found HERE.

The DFS recently added an FAQ to its website that discusses the status of insurance producers as Third Party Service Providers under the regulation. ELANY notes (Bulletin 2018-27) that the newly published DFS interpretation could prove burdensome to independent agents and brokers, including the comment that insurers could be Third Party Service Providers of their producers, meaning that some producers would have to implement policies and procedures for their insurance company partners vis-à-vis cybersecurity standards. Many brokers and independent agents may be required to develop their own first-party compliance structure (which they are in the process of doing now) and then hope that it matches the requirements imposed by insurers so as not to be forced into conceptually duplicative efforts. Compliance with the Third Party Service Provider requirements is due by March 1, 2019. See the pertinent FAQ below .

Q: Can the same entity be a Covered Entity, an Authorized User, and a Third Party Service Provider? 

A: Yes. Depending on the facts and circumstances, the same entity can be a Covered Entity, an Authorized User, and a Third Party Service Provider. 

This is common in the case of independent insurance agents. For example, a DFS-licensed independent agent that works with multiple insurance companies is a Covered Entity with its own obligation to establish and maintain a cybersecurity program designed to protect the confidentiality, integrity and availability of its Information Systems and Nonpublic Information. See 23 NYCRR 500.02. 

In addition, when the independent agent holds or has access to any Nonpublic Information or Information Systems maintained by an insurance company with which it works (for example, for quotations, issuing a policy or any other data or system access), the independent agent will be a Third Party Service Provider with respect to that insurance company; and the insurance company, as a Covered Entity, will be required under 23 NYCRR 500.11 to have written policies and procedures to ensure the security of its Information Systems and Nonpublic Information that are accessible to, or held by, the independent agent (including but not limited to risk based policies and procedures for minimum cybersecurity practices, due diligence processes, periodic assessment, access controls, and encryption). 

Further, an independent agent will also be an Authorized User if it participates in the business operations, and is authorized to use any Information Systems and data, of an insurance company that is a Covered Entity. In such a case, the insurance company must implement risk-based policies, procedures and controls to monitor the activities of the independent agent, as more fully described in 23 NYCRR 500.14. 

It is also noted that, like any other Covered Entity, an insurance company may also be a Third Party Service Provider and/or Authorized User with respect to another Covered Entity, including an independent insurance agent. 

In all events, each Covered Entity is responsible for thoroughly evaluating its relationships with other entities in order to ensure that it is fully complying with all applicable provisions of 23 NYCRR Part 500.

*ELANY, along with the Professional Insurance Agents of New York, Professional Insurance Wholesalers Association of New York and Big I New York, sent a joint letter to New York Department of Financial Services Executive Deputy Superintendent of Insurance Laura Evangelista requesting that the DFS convene a hearing to consider export list additions. Similar letters were sent by ELANY in 2013 and 2016. The DFS has not yet scheduled a hearing. The joint letter recommends the following for export list consideration:
. Vacant Property Risks Multi-Peril (Package)-Commercial Lines
. Vacant Property Risks Multi-Peril (Package)-Personal Lines
. Expand Pollution to include Contractors Pollution Legal Liability
. Commercial Cyber Liability Insurance
. Trade Credit Insurance Coverage with Non-Cancellable Limits
. Representations & Warranties
. Tax Liability
. Successor Liability
. General Liability Coverage for Guiding & Outfitting
. Professional Liability Coverage for Outdoor Education
. Primary Flood Insurance (Real Property) where insured is NFIP eligible
. Primary Flood Insurance (Personal Property) where insured is NFIP eligible
. Stand-alone Commercial Physical Damage for Black Cars
. Wind Deductible Buyback Coverage (Commercial Lines)
. Wind Deductible Buyback Coverage (Personal Lines)
. Snow Plow/Snow Removal Risks-Liability Auto Coverage
. Pest Control Companies/Applicators-Liability
. Public Swimming Pools-Liability
. General Contractors
. Commercial Lines Multi-Peril Policies for Check Cashing Stores
. Commercial Lines Multi-Peril Policies for Pawn Brokerage Stores
. General Liability for Chemical Manufacturers

*New York Foreign E&S Insurer Surplus Requirement Slated For 2019 Increase.
January 1, 2019 will see the minimum surplus to policyholders required of New York-eligible unauthorized insurers increase from $46 Million to $47 Million. Under Regulation 41 Section 27.13(b)(3), the minimum surplus to policyholders increases by $1M every three years. The $46M requirement has been in place since January 1, 2016.

*The September 2018 issue of ELANY Elaborates delves into a recent New York State Court of Appeals decision that calls into question whether insurers, brokers and policyholders can count on the plain meaning of insurance policies. The court interpreted the phrase "issued and delivered" in a manner that is totally inconsistent with its widely accepted meaning in the industry. According to ELANY, the decision creates uncertainty regarding whether New York courts will honor overseas arbitrations going forward, such as those that are convened pursuant to a dispute under a Bermuda Form.