Questions & Answers
I noticed that one of my carriers is requiring me to notify them promptly when one of my staff is leaving: Is that standard?
During the more recent analyses of agency agreements that IA&B has completed, we have become aware that the above notification provision is becoming more and more standard. It likely has less to do with the appointment process, and more to do with information security and due diligence in preventing data breaches. It’s important to pay attention to this provision for various reasons:
1. YOUR BEST INTEREST -- Quite frankly, it’s in your customers’ and your best interest to manage passwords and access to company Web services (that include both company and customer information) in a timely fashion.
2. LEGAL REQUIREMENTS -- With more federal and state laws and regulations on the books, the web of legal requirements grows larger every year, and some of these requirements could easily be overlooked. You may have implemented training and procedures to protect your customer information, but failing to shut down password access to a departing employee, whether disgruntled or not, could be the famous “weakest link.”
For example: Under the HIPAA/HITECH Security rule, password management is one of various “standards” that have to be examined and for which a proper risk management technique must be applied. As part of their risk assessment, companies (and agencies as their business associates) must implement procedures for creating, changing and safeguarding passwords. You must also ensure that staff members are trained on how to safeguard the information and establish guidelines for changing passwords periodically. Your plan should include answers to the following questions:
- Are there policies in place that prevent staff members from sharing passwords with others?
- Is staff advised to commit their passwords to memory?
- Are commonsense precautions taken, such as not writing passwords down and leaving them in areas that are visible or accessible to others?
- Are guidelines established to change passwords periodically? What frequency or criteria determines change cycles?
Another standard that must be reviewed applies to terminated employees, and there again, it addresses password management. For example:
- Does the agency’s Security Program include the deletion of a terminated employee’s user name and password as part of the termination procedure, along with retrieving any office key or changing a door access code?
3. AVOIDING A BREACH OF CONTRACT -- Based on the increase in agency agreements containing such language, you could simply be in breach of contract when failing to address these requirements.
We have many resources on information security plans required under the Gramm-Leach-Bliley Act and under HIPAA/HITECH.
Can a carrier refuse to cancel a policy retroactively?
Not all carriers handle this scenario the same way. And it is one of those situations where even when the insurance carrier is right, it will not look that way to the policyholder … in particular since generally no claim occurred.
Take, for example, a customer who sells his home and who, two months later, asks you to cancel the policy back to the day he sold his home. To the insured, the home was no longer his, and there was no risk to the insurer. He simply forgot to notify the company.
Let’s look at this more closely, taking ISO’s HO-3 as an example.
What does the policy say? ISO’s HO-3 (05 11) cancellation provision states “You may cancel this policy at any time by returning it to us or by letting us know in writing of the date cancellation is to take effect.” This wording does not contemplate retroactive enactment: “Is to take effect” refers to a future date. It would be difficult to argue that the carrier also meant “took effect.”
What about insurable interest? True, coverages A and B cease with the loss of the insurable interest, but several coverages continue until the policy is cancelled. Specifically, coverages C, E and F (personal property, liability and medical payments) remain in effect on a worldwide basis until cancellation.
- How much coverage continues?The personal property is covered in full for 30 days. After 30 days, 10 percent of the old policy’s coverage C limit continues to be available. This could cover the individual if he failed to secure a renter’s policy (if he is now renting) or if he secured an HO policy but his limits were too low. The personal liability coverage could also be triggered if he negligently injures someone or his dog bites a neighbor at the new location.
What do you do as an agent for the company?
Check the policy: We’ve covered that above. Check the carrier’s policy language to see how cancellation can be effected when initiated by the insured.
- Check your authority/procedures: First, do you have the authority to accept a retroactive cancellation? The agency agreement or other guidelines provided by the carrier may provide some guidance in that area and/or any criteria for acceptability. If these types of cancellations occur with some degree of frequency, you may want to confirm with your different carriers how they expect you to handle them when the insured can prove that a new policy was in place. If these cancellations are rare, you may inquire on a case-by-case basis whether the affected carrier is agreeable to the retroactive cancellation whenever it happens.
Where can I find out if a company is licensed to do business in my state?
While the process varies slightly for each of our three states, simply go to the respective Department of Insurance webpage and follow these directions:
- Visit http://www.delawareinsurance.gov/departments/berg/authorizedcompanies.shtml.
- Click the “list of companies” link.
- Download and review the Excel spreadsheet of companies that are admitted, approved, and/or authorized to conduct business.
- NOTE: The spreadsheet is updated quarterly (March, June, September and December). If in doubt about changes, contact DOI BERG Resources at (302) 674-7330.
- Visit https://www.apps.insurance.maryland.gov/CompanyProducerInfo/.
- Choose “An insurance company” from the list of items to search for and then click “next.”
- Select the line of authority and click “next.”
- Review the list provided (which is updated weekly) one page at a time, or search by company name or NAIC number.
- Visit https://www.insurance.state.pa.us/dsf/gfsearch.html.
- Click on the first letter of the name of the company you wish to search, or type the company’s name or NAIC number and click “search.”
- The information in the Pennsylvania database is updated weekly.
These state databases include company status (active or otherwise), NAIC number, mailing address and phone number, and lines of authority. The lists do not include eligible surplus lines insurers.
How to determine if a carrier is licensed in multiple states
The National Association of Insurance Commissioners (NAIC) maintains a database of these carriers.
- Visit https://eapps.naic.org/cis/index.do.
- In the right column, type the name or NAIC number of the company and click “Find a company.”
- Choose the “licensing” link to the right of the company name.
- NOTE: It’s unknown how often the NAIC database is updated, so it may be wise to use the NAIC database in conjunction with the previously referenced states databases.