Regulatory Compliance Consulting Firm

Westmont Wire

New York Department of Financial Services Cybersecurity: Action Required for Regulated Entities

The New York Department of Financial Services (NYDFS) requires all regulated entities and licensed persons to file the annual Certification of Compliance for calendar year 2018 on or before February 15, 2019. This filing must be completed electronically via the NYDFS cybersecurity portal: https://myportal.dfs.ny.gov/web/cybersecurity.

From the NYDFS: “Certification of Compliance – All Covered Entities and licensed persons who are not fully exempt from the Regulation are required to submit a Certification of Compliance no later than February 15, 2019 attesting to their compliance for the 2018 calendar year.” Please visit:  https://www.dfs.ny.gov/about/cyber_2019_filings.htm for additional information regarding the Certification of Compliance.

If any regulated entity or licensed person qualifies for an exemption or a partial exemption, their prior exemptions for 2017 and 2018 have now expired. To maintain the exemption or partial exemption for 2019, the regulated entity or licensed person must re-submit an annual Notice of Exemption on or before February 15, 2019.

For more information about Exemptions, please visit: https://www.dfs.ny.gov/about/cyber_exemptions.htm. From the NYDFS, here is the exemption guidance:

From the NYDFS, Exemption Guidance:  To complete a Notice of Exemption, you must identify all exemptions that meet your circumstances. The following are explanations of the exemptions provided for in 23 NYCRR 500.19:

  • 500.19(a)(1) – You are entitled to this exemption when a Covered Entity has fewer than 10 employees, including independent contractors.  This is a limited exemption and you must still design and implement a cybersecurity program that meets some but not all the regulatory requirements.  This includes submitting an annual Certification of Compliance.
  • 500.19(a)(2) – You are entitled to this exemption when a Covered Entity has less than $5,000,000 in gross annual revenue in each of the last 3 fiscal years from NY business.  This is a limited exemption and you must still design and implement a cybersecurity program that meets some but not all the regulatory requirements.  This includes submitting an annual Certification of Compliance.
  • 500.19(a)(3) – You are entitled to this exemption when a Covered Entity has less than $10,000,000 in year-end total assets.  This is a limited exemption and you must still design and implement a cybersecurity program that meets some but not all the regulatory requirements.  This includes submitting an annual Certification of Compliance.
  • 500.19(b) – You are entitled to this exemption when you are an employee, agent, representative or designee of another Covered Entity and you are following that entity’s cybersecurity program.  Under this exemption persons do not need to create their own program, but will be required to identify the Covered Entity’s whose program you are following to claim this exemption.  This exemption requires an employee, agent, representative or designee to be fully covered by the program of another Covered Entity. To submit a Notice of Exemption under 500.19(b) you will be required to provide the name and address of the covered entity that supports the cybersecurity program you are following and the name of an appropriate representative who can confirm that cybersecurity program.
  • 500.19(c) – You are entitled to this exemption if you are a Covered Entity that does not utilize an Information System and that does not, and is not required to, directly or indirectly control, own, access, generate, receive or possess Nonpublic Information.  This is a limited exemption and you must still complete an annual risk assessment to confirm that the company continues to be entitled to this exemption and meet some but not all the regulatory requirements.  This includes submitting an annual Certification of Compliance.
  • 500.19(d) – A captive insurance company that does not control nonpublic information other than information relating to its corporate parent company.  This is a limited exemption and you must still complete an annual risk assessment to confirm that the company continues to be entitled to this exemption and meet some but not all the regulatory requirements.  This includes submitting an annual Certification of Compliance.

Contact Westmont Associates if you have any questions or need support in filing your annual Certification of Compliance or Exemption.

856-216-0220

info@westmontlaw.com

https://www.westmontlaw.com/

Westmont Associates, Inc. tracks developments affecting the insurance industry, in addition to our other services.  If you have any questions, please contact us.

New York Takes a Closer Look at Minimum Loss Ratios

Recently, the New York Department of Financial Services (“NYDFS”) has taken a stricter examination of the minimum loss ratio standards for premiums. These standards require a reasonable premium relative to the claims paid under a policy. Failing to meet the minimum standards exposes insurance companies to heavy fines and penalties.

The NYDFS sets forth the required loss ratio for blanket and group health insurance in N.Y. Comp. Codes R. & Regs. tit. 11, § 52.45(f), which states that the minimum loss ratio for group insurance is 65 percent. Among other exceptions, for groups of less than 50 persons at inception, the minimum loss ratio is 60 percent.

The NYDFS monitors insurers’ rates and loss ratio through periodic examinations of each domestic insurance company and reports conducted by other jurisdictions on all foreign insurers. Additionally, the NYDFS may conduct their own examination into any foreign insurer licensed in New York. If these investigations display any deviation from these standards, the NYDFS may impose a civil penalty in addition to any refund to policyholders.

For any questions regarding the loss ratio standards of New York or any other jurisdiction, please contact Westmont Associates, Inc.

856-216-0220

info@westmontlaw.com

https://www.westmontlaw.com/

Westmont Associates, Inc. tracks developments affecting the insurance industry, in addition to our other services.  If you have any questions, please contact us.

Pennsylvania Adopts a Corporate Governance Annual Disclosure Filing Requirement

On October 24, 2018, Pennsylvania signed into law Senate Bill 1205, which adopts the NAIC Corporate Governance Annual Disclosure (“CGAD”) Model Act.

 

Beginning June 1, 2020, all Pennsylvania domiciled insurers, as well as insurance groups of which Pennsylvania is the lead state, must file annual reports detailing the company’s corporate governance framework, policies, and practices.

There are no exemptions for any insurer and the Pennsylvania Insurance Department will not issue a specific form or format in which the filing should be structured. Instead, insurers will create their own description and documentation of their company’s governance.

 

Though very similar to the NAIC Model Act, Pennsylvania’s SB 1205 differs from the NAIC Model Act by considering premium volume, licensing status, and corporate complexity during the Pennsylvania Insurance Department’s evaluation of the CGAD filings.

 

For any questions regarding Pennsylvania’s new Corporate Governance Annual Disclosure, or any other reporting requirements, please contact Westmont Associates, Inc.

info@westmontlaw.com

https://www.westmontlaw.com/

Westmont Associates, Inc. tracks developments affecting the insurance industry, in addition to our other services.  If you have any questions, please contact us.


CONTACT

1763 Marlton Pike East, #200
Cherry Hill, NJ 08003
Phone: 856-216-0220
Email: nancy@westmontlaw.com