Home Email Operations Computers Regulation WebSites Leads Systems Phones Security Outsourcing Stories
Field Notes Product Critical Illness Lapse Support Universal Life Burial Insurance Finite Insurance Expense Control Sarbanes Oxley How
  Using Consultants 
Reinsurance                 Last update November 8, 2005



Regulation comes not only from state insurance departments, but more and more from federal initiatives. Some make sense and some don't, but compliance is always necessary. Well designed compliance procedures can be good business, and it is often possible to comply in a way that is helpful to the company and the policyholder. A good example is the recently adopted federal privacy legislation which created a huge wasted mailing expense. Many companies mailed out legalistic documents that were incomprehensible to the policyholder, and in the process of covering every possible eventuality, managed to convey a vague sense that the company was going to do something untoward with the policyholders private information. Other companies took a different approach and included a straightforward statement that they would not be releasing any policyholder information outside the company. And a few included the notice with other communication of interest to the policyholder or helpful to the company, e.g. an address or email request or references to the company web site, thereby getting some value out of the postage.

Often a company will become its own worst enemy, meeting imaginary requirements that were never intended by the legislature or the insurance department. There are also situations where in a technical interpretation the rule might possibly apply, but your experience tells you the insurance department will have no interest in it. The first rule for the manager is to read the law or regulation himself. Never rely on what someone else tells you it says, even if the person is your company lawyer. The common sense question is "what is the intended purpose here, and does my situation have anything to do with it?" If the interpretation you are being given makes no sense, it probably really isn't the law. Get a second opinion.

Regulation is coming hot and heavy, particularly from the federal side. A few links might help. Sarbanes-Oxley. CAN-SPAM. Do Not Call. E-Sign. Violent Crime Act. US Patriot Act and HIPAA. We have a new potent form of regulation, the lawsuits by the New York Attorney General. See Finite Insurance.



One important general comment. As you set about to comply with each new set of regulations, you must MAKE A PLAN. It doesn't matter how simple your action will be, or how obvious. Actually, you can make the plan by having someone write up what you have already done, or better yet, record the steps as they are taking place. Sound silly? Sure. But you have to remember that regulators (or those with whom you do business when seeking CYA from regulation) never ask about what you actually do, they ask "do you have a plan" or "do you have a formal procedure"? Think I am kidding? Check the story to the right.

A true story. One company got an early jump on preparing its computer code for the Year 2000 problem. By starting early and getting all the programmers to work part of the day on reviewing code, the company had completed the changes by the middle of 1999, which happened to be about the time that the insurance departments were waking up to the problem. You will remember that every department then sent out a long detailed questionnaire, and the first question was "do you have a formal plan for dealing with...?" The executive involved, having an off day, replied that no, there was no plan, because the work was already completed. The response was an order appointing outside auditors to make a full investigation (at the company's expense, of course) and to recommend remedial action. Frustrated calls to the department got no relief, and finally the person in charge of the department's belated year 2000 project advised that it didn't make any difference whether the work had already been completed, the job of the department was to determine that every company had a plan for dealing with the problem. The company quickly made a plan, but it was too late to avoid the expensive Y2K audit.

Another caution. With each new regulatory initiative there are going to be people figuring out how to make money out of it. The offers will include special audits, special software for fixing things or guiding your efforts, or just plain consulting (well, maybe not consulting, as that can be an excellent value). And of course, there are the lawyers. Moving to compliance with each new deal is usually not rocket science, so be careful of all those rocket scientists. Are you sure you can't do it yourself?

Another example from the turmoil of the Y2K era. You may not be aware of it, but the odds are pretty good that your IT department spent money buying software to "fix" your PCs for the year 2000. There were a number of vendors, and all produced voluminous reports of all the defects, the marvelous fix applied, and a final certification that this computer was certified Y2K ready. Of course, the catch was that there was nothing that needed fixing. Some of the older PCs would require rebooting and a resetting of the clock, but the ones manufactured within the last several years required nothing. The same was true of the common software that ran on PCs, but you could buy programs that would "test" the software and give you any necessary assurances. My unscientific survey puts companies into one of three categories. Those that had sharp professionals who laughed at the vendors, those that bought, and those that "can't remember" what they did.

A surge in the production of new business often causes a shortage of statutory surplus. A major factor is usually agent balances, since advances reduce cash without adding a corresponding asset which is admitted in statutory accounting. If balances are secured by vested renewals, a handy way to handle this is to finance agent balances through the "sale" of portions of individual balances. All that is necessary is that the renewals securing the balances be vested, at least to the extent of the balance owed, which is the universal practice.

An insurance department will not recognize an agent balance as an asset even if it is certain to be collected, but a bank will. At least a portion of most secured balances are certain enough of collection that it can be sold to a bank for cash, and that cash invested in a CD at that bank. If interest is charged on the balance, the difference between that and the interest the bank pays on the CD is the spread for the bank. Note that there is no reduction in the cash of the bank. If no interest is charged on the balance, the same effect can be had by selling the balance at a discount.

The bank receives all of the renewal commissions credited to the account to liquidate the balance it purchased, in effect giving it priority over the portion of the account retained by the company. The key regulatory test of the validity of the transaction is that the CD owned by the company is not pledged to secure the balance owned by the bank. The company has thus exchanged one good asset, the balance, for another good asset, the CD. Since the first is non admitted and the second is an admitted asset, the surplus is increased. In determining the amount of any given balance to be sold, consider that the balance is money good to the extent of the present value of the vested renewals on the account.

Occasionally an insurance department will take a position on a matter that is important to you which you believe is unreasonable. If the initial exchange of correspondence fails to settle the matter, the best course is to immediately hire a lawyer to deal with the department on your behalf. Obviously this should be a lawyer that practices in the city where the department is located, and one that routinely handles department matters and is well respected by the department personnel.

The temptation is to handle the matter yourself, or have your company lawyer take care of it, possibly with a personal telephone call or a visit to the department. There is an adage that a lawyer who represents himself has a fool for a client. I have tried it both ways over the years. The cheapest, quickest, and most effective way to settle important matters is with a lawyer who can move the matter directly to the decision maker, and request a hearing if the matter is not resolved satisfactorily. If the mater is critical, NEVER concede without exercising your right to elect a hearing. Departments seem to have an aversion to hearings, so the request for one usually moves the discussion to a more reasonable stance. How do you find the right lawyer? Call your Senator or Congressman. They can usually identify someone that has the right relationships. Call the CEO of a life company domiciled in the state. I have found some very effective lawyers that way.

State regulation of online insurance activities. This legal article gives a state by state review of insurance department positions on the extent to which a web site constitutes doing business in the state. Most indicate a "passive" web site that doesn't "solicit" the sale of insurance would not be a problem, but it is hard to see that a state has anything to say about the content of a web site that excludes sales in that state.

Many states require that a web site concerning insurance must disclose the states in which the company is licensed, or where a product shown will not be sold. Unless a company is issuing quasi group products such as "group" life where the trust is the policyholder, and taking the position that it can sell to persons resident where it is not licensed, it is hard to see how a web site can create a problem with a state. If a company offers insurance for sale only in the states where it is licensed, and makes it clear where that is, the site would appear to be "passive" (or less) by definition in the places it says it will not sell. The problem is more pertinent for a site that solicits leads or inquiries and receives compensation from entities that do sell in the target state. The linked article gives some state by state guidance on that issue.

US Patriot Act


The application of the anti-money laundering provisions of the US Patriot Act to life insurance companies is defined in the proposed regulations issued September 18, 2002. Under the rule, a company must establish and maintain a written anti-money laundering program that at a minimum: (i) incorporates internal policies, procedures, and controls based on the company’s assessment of its money laundering risks; (ii) designates a compliance officer; (iii) establishes an ongoing employee training program; and (iv) establishes an independent audit function to test programs.

A separate proposed rule requires a life insurer to report suspicious transactions above a $5,000 threshold and provides examples.

LIMRA has developed an Anti-Money Laundering Training Program that its web site says "is a fast, easy, and exceptionally inexpensive way for insurance companies to meet the training requirements of the USA PATRIOT Act". Having just completed the program (in a little over an hour), courtesy of Bob Wilhelm at LIMRA, I can attest to that, but would go further. The web based program is extremely well done and should be viewed as soon as possible by the top management of every life company, not only to decide on how to implement the training, but to gain an appreciation of what will have to be accomplished internally and with the field force by the effective date of the regulations.

For example, the computer edits implied by the Program (and discussed in the next paragraph) are at least doable, but some of the things expected of the agents will have the agency officer considering retirement:

"KYC [Know Your Customer] begins with the producer gathering a comprehensive set of information about the customer. The producer must identify and verify the beneficiaries of the insurance policy or the beneficial owners of the annuity. The producer must also identify the applicant's source of funds and, in the case of a beneficial owner, verify who or what entity the owner really is. It is the responsibility of the producer to build a detailed and reliable profile of the customer. It is the responsibility of the home office to review the profile and confirm that it is comprehensive and complete."

The LIMRA program will provide the first notice most companies have of some real computer challenges. The Office of Foreign Assets Control maintains a list of names with whom you cannot do business, and that includes issuing a new policy, or continuing an existing policy with a name added to the list after issue. The OFAC says the later policy must be canceled, although I don't know how you could legally do that. Consider the computer programs that are going to be required just to spot list names for further review. The issue system will have to reference the database on every submit, and the master file will have to be run against the list frequently. You will need a new method of marking names on your records that are on the list but investigation has shown are not the list individual. Otherwise you will chase positive hits over and over.

Add to "don't know how" category the OFAC position that maintaining a life insurance policy which names a resident of Havana, Cuba as beneficiary would violate OFAC requirements. The first problem is practical. There are plenty of companies that still do not carry the beneficiary designation on the master file, or on any electronic record. In most instances the paper containing the designation is filed as paper, or scanned and retained as a TIFF or other non readable file. So just matching beneficiary designations with the database of qualifications, name, residence, and whatever, will require and expanded designation form, and loading the record to be machine readable. Looks like the beneficiary is going to be added to the master file.

Then there is the legal problem. When your perfectly legit policyholder sends in a beneficiary designation naming his daughter in Havana, what do you say? Most authorities agree that the company does not have any say so or responsibility regarding who is designated beneficiary on a life policy. My suggestion would be to revise your systems so you can spot such designations, and then report it and ask the OFAC what to do. You probably won't receive an answer in the lifetime of the insured, but then at least you can let the beneficiary fight with the government.

This question regarding the anti-money laundering provisions of the Patriot Act came by email from Krishna Fells Mathison:

For agents who sell on-line or over the phone it is impossible to know the client to the degree the AML regulations would appear to require. The same would apply to direct writers using the mails. They really don't know anything except the name and address of the person. I use phone and email for my sales, so how am I going to be able to comply?

Most mail and telephone sales involve fairly small policies, and most internet sales are of term life which have no significant cash values. Money launderers, and thus the AML rules, are primarily interested in life policies and annuities that have a large investment element, that is, a capacity to absorb and release large blocks of cash. A universal life policy would have to quite large, at least several hundred thousand dollars in face, to absorb significant cash without exceeding the IRS limits. An excessive deposit would kick out of the company computers, even if the launderer was not concerned about the IRS. A whole life policy would have to be huge, or of the single premium type, to constitute a ML risk. Of course any policy can become an AML problem if a taxable side fund can be attached and large deposits are permitted. If you establish some procedures in writing that prohibit, or identify for further investigation, sales large enough to operate as cash conduits, you should have no problem with the AML rules.

You have a similar situation with the use of money orders to pay premiums. That is considered a "red flag" in the AML program, but size makes the difference. Lots of people with small life policies do not have checking accounts, and the use of money orders shouldn't raise a question there. But who has a large UL policy and no checking account? When you see a large money order come in to top off that policy, you probably have a reportable event.

The Violent Crime Act singles out the insurance industry in Section 1033 . It prohibits anyone convicted of a felony involving dishonesty or breach of trust, or of enumerated crimes involving insurance activities (which may not be felonies) from engaging in the business of insurance without the consent of the insurance department. It also makes it a felony for any individual or entity engaged in the business of insurance to willfully permit the participation of a such a "prohibited person" in the business of insurance.

There are a number of detail discussions available and every insurance department has issued a release regarding compliance and the procedures for submitting an application for waiver by the department. The Act makes the insurance company and any employee or agent a potential felon if they "willfully permit" a prohibited person to "participate". Since there is no reliable database to which a company has access that will identify prohibited persons, due diligence appears to be limited as a practical matter to securing a statement from every employee and agent concerning convictions. It is not clear whether there are any common sense limits to the scope of the Act, for instance that might shield a clerk who happens to know that another clerk has been convicted of a qualifying crime but does not report it. For that reason the employee statement should require reporting any such knowledge, as awkward as that may be.

The company should be leery of relying upon questions in employment or agency forms that were drafted without reference to the act. These "convicted of a felony" questions would miss the non felony insurance related crimes, and do not warn that a false answer would precipitate another felony under the ACT.

The regulations that govern premium collection by ACH include the following:
CFR 205.10(b) ... Preauthorized electronic fund transfers from a consumer's account may be authorized only by a writing signed or similarly authenticated by the consumer....

Once the company has the required authorization on file, a reasonable interpretation is that oral instructions from the policyholder can be accepted in affecting changes, such as redrafts, temporary suspensions of debits, or restarting EFT after a suspension or lapse.

Assuming an insurance company has been drafting an account and has valid written authorization in its file, which, if any, of the following situations will require a new written authorization?
1.The ACH debit comes back unpaid due to insufficient funds, the policyholder sends a check for the missing months, and orally tells the company to resume ACH debits on the next due date.
2. The ACH debit is unpaid and the policy lapses. The policyholder receives the notice of lapse and by telephone tells the company to ACH the missing payments and resume regular drafting.
3. The ACH debit is unpaid, the policy lapses, and the company or its agent telephones the policyholder to reinstate, and the policyholder orally authorizes the resumption of debits.
4. The policyholder telephones to say he has changed banks, and requests the company continue debits, but on the different bank.

There does not appear to be any specific ruling by NACHA on these examples, so none should require a new form. On number 4, the standard form names a bank for obvious reasons, but when the policyholder tells you he has moved his account and to continue drafting on the new bank, the original signature should be deemed sufficient.

The ACH regulation requires a signed writing authorizing transfers, and the federal E-Sign law allows this to be an electronic signature. However, most insurance web sites still require an ACH authorization form to be printed, signed, and mailed in. The federal E-Sign law has yet to sink in with the insurance industry, which is ignoring the added convenience to itself as well as the policyholder.

Fortunately NACHA settled any question about it.
NACHA Approves E-Sign for ACH Debits Herndon, VA, June 11, 2001— NACHA – The Electronic Payments Association has approved an E-Sign provision for the NACHA Operating Rules that govern the Automated Clearing House (ACH) Network. Under the new rule, any electronic signature that complies with the Electronic Signatures in Global and National Commerce Act will be deemed to comply with NACHA's requirements for "similarly authenticating" a consumer ACH debit authorization.

See also NACHA Rules on Internet ACH Debits

The federal E-Sign law makes an electronic signature as effective as an ink signature for insurance transactions, and specifically preempts state law to the contrary. The law also prohibits any particular method of giving an ESIGN from being adopted by regulators. A number of companies offer technology as a security blanket, but it appears just as valid to have the signer type his name in a space that makes it clear he intends it to be his e signature.

Even though insurance companies have been slow to utilize e signatures, it is hard to find any reason it should not be accepted for insurance applications, reinstatements, and any services offered to policyholders on the web site. The absence of court cases on the topic may be because no one is challenging e signatures. Time to rethink ink and instead consider what the risk really is if the policyholder should later deny he signed. I would not hesitate to allow a cash withdrawal by an electronic signature as long as I was issuing a paper check, but would draw the line at using ACH to transmit the funds to the policyholder. On a life insurance application, if the concern is defending on the health questions, how can the policyholder deny an e signature for that purpose, but not for the validity of the policy?

The E-Sign law applies to "the designation of any beneficiary in connection with any retirement, pension, or deferred compensation plan, a qualified State tuition program, an insurance or annuity contract, or an agreement to transfer ownership upon the death of a party to a transaction."

There is a quandary. It is possible to get comfortable with a beneficiary designation in the original application made with an electronic signature. But how do you feel about a change of beneficiary with an electronic signature? Suppose the policy owner just sends an email purporting to change the beneficiary. What do you do about that?

Companies commonly put their beneficiary designation form on their web sites, with instructions to print the form, sign it, and mail it in. It would certainly be a convenience to the policyholder to permit the form to be completed, signed, and transmitted electronically. The only difference between that and a paper form with a wet signature is that later, if fraud is claimed, there is a signature for an expert to judge for validity. There is also something unnerving about making it so easy.

Companies are going to resist "accepting" changes without a signature, but do they have that right? When a policy owner attempts to change a beneficiary, the issue is usually intent, not whether he used the company form or procedure. It is also not very smart for the company to put itself in the position of deciding whether a particular method or action is effective or not. A better procedure is to file the email, or other electronic attempt, and send the company form requesting a signature. Whether you get it or not, make sure your company is retaining and filing whatever it receives that purports to change a beneficiary. You can interplead later.

The bankruptcy of an agent raises a number of questions regarding renewal commissions due the agent in the future. The company will assert the right, prior to the claims of other creditors, to credit such future commissions against balances the agent may owe, and balances of sub agents for which the agent may be responsible. The rights of the company as against other creditors may be affected by the difference between the concepts of recoupment and setoff.

Agents may also demand payment of commissions earned after the debts to the company have been discharged. Setoff will not be available to the company to prevent that, but recoupment will, if it applies.


In bankruptcy setoff is subject to the automatic stay, certain limitations and equitable considerations, and requires the preapproval of the trustee. More importantly, for setoff to apply, the debts must have arisen before the filing of the bankruptcy petition. The debt to the agent for future commissions does not exist until the commission is earned.

These restrictions do not apply to recoupment. The difference is in the relationship of the debt to the asset. If the debt arose out of the same transaction as the asset, as would usually be the case in an agent balance created by production advances of commissions, the company will have a right of recoupment. However, on any part of a balance that was not related to production, for example if the agent was "advanced" money to buy a car, recoupment should not be allowed.

To protect its claim to recoupment, the company should avoid commingling commission advances with unrelated loans in the same account. In addition, while there is no requirement that the agent contract provide for setoff or recoupment, there are obvious dangers in specifically claiming a right of setoff with no mention of recoupment. Many companies use forms deficient in this respect, possibly because they were drafted many years ago and never reviewed by management, much less by competent counsel.

In an agent bankruptcy, if the company appears to have the right to recoupment, the trustee will normally abandon the right to future renewals. If it appears that the present value of future renewals significantly exceeds the debt on the agents account, the trustee will sometimes negotiate a payment from the company as a condition of abandonment. Such a payment would constitute an additional advance, increasing the debt. The motive is to close the bankruptcy in a reasonable time rather than to wait the number of years it may take for the account to demonstrated a net value.

This question came by the Guest book from Robert W. Cox.
In the event an agent that carries a balance with a particular company, files bankruptcy, meanwhile the account clears due to renewals, is the agent then eligible to receive all future renewals on the same account?

When the trustee abandons an "asset", i.e. an amount owed or to be owing to the bankrupt, it is to the bankrupt, subject to recoupment by the creditor. In the situation of future commissions, the recouping company will retain the earned commissions under its contract with the agent until the balance of the account is paid, after which commissions would be paid to the agent, subject to any further debt created after discharge.

I have heard it argued that the bankruptcy filing itself is a breach of the agent's contract, terminating the obligation of the company to pay future commissions. This is hard to credit for a number of reasons: for one, that it would obviate the whole question of recoupment, defeating the trustees claim, since by definition future commissions would disappear. The rules and preferences in bankruptcy cannot be expanded by private agreement.

Whether a company can safely treat a life insurance agent who works exclusively for it as an independent contractor (rather than an employee) for the purposes of employment taxes was finally settled in the affirmative for most cases by the safe harbor provisions of section 530 of the Revenue Act of 1978. In general, if the company has consistently done so, "the individual shall be deemed not to be an employee unless the taxpayer had no reasonable basis for not treating such individual as an employee." The section provides a set of factors upon which reasonable reliance can be established, and amendments have limited the arguments available to the IRS in challenging such reliance. This site has the current section 530.

Clearly the safe harbor was adopted because Congress became convinced that the incessant battles between the IRS and industries utilizing outside salesmen were counterproductive. The common law tests developed in the courts are necessarily ambiguous, even though most decisions apparently favored the industries. Unfortunately IRC Sec. 3121 introduced the concept of the "statutory employee", singling out several occupations that were to be deemed employees even if independent contractors under the common law, and included "full time life insurance salesman". That seemed clear enough to the IRS, notwithstanding the industry counter that the agent also sold A&H products, making him only a "part-time" life agent. In 1982 Congress not only extended section 530 indefinitely, but created two classes of workers deemed statutory non-employees, qualified real estate agents and direct sellers. The IRC sec. 3508 definitions clearly include life insurance agents paid solely by commission, provided the agency contract provides that the person will not be treated as an employee for Federal tax purposes. I have seem many agency contracts that have not been updated with that provision, a serious oversight should the company fail to qualify for the safe harbor for some reason.

The courts will still look to the common law to determine whether the agent was an employee or an independent contractor for other purposes. It is also important to note that the Section 530 safe harbor is available to the company only, and the individual agent can still be subjected to IRS arguments that he is an employee with regard to the deductibility of non reimbursed business expenses, and other matters. I have not seen that raised in agent audits, but it is a possibility that keeps the common law tests relevant.

None of these factors alone is determinative, but, rather, all aspects of the employment relationship must be assessed and weighed. For example, in the Ninth Circuit recently, the court found a life insurance agent to be an independent contractor even though the insurance company for whom he worked maintained more than a modicum of control over him and treated him like an employee: it provided benefits such as insurance, pension benefits, and a 401K program; the relationship was long-term, lasting 16 years; the company retained the right to terminate his contract at-will; and the company trained him how to be an agent. Barnhart v. New York Life Insurance Co., 141 F.3d 1310 (9th Cir. 1998). Nonetheless, the court found other factors tipping the balance toward independent contractor status: the contract between the parties contained clear language stating that the agent would be considered an independent contractor, not an employee; the agent was free to operate his business as he saw fit without day-to-day intrusions; after his first 3-year term of employment, the agent was paid on a commission basis only; the agent's tax returns reflect that most of his income derived from self-employment; and finally, the agent was not dependent solely upon the company for his income because the agent sold competitors' products. Id. The result: the terminated agent was not deemed an "employee" under either the Employee Retirement Income Security Act (ERISA) or the Age Discrimination in Employment Act (ADEA), and therefore, he was not entitled to benefits under those acts. www.viennapat.com/newsletter/vol3iss7/IndepContractor.htm

Telephone Consumer Protection


The FCC has published its Final Rule implementing the Telephone Consumer Protection Act of 1991 and the Do-Not-Call Implementation Act of 2003. The most publicized change is the adoption of the national do-not-call list which will go into effect October 1, 2003. Under the prior rule, adopted in 1992, individual companies were required to maintain lists of persons who requested not to be called. The company lists will still be required, and will prohibit calls that may be not be covered by the national list, such as the established business relationship exemption.

There was very little enforcement activity generated by the individual company do-not-call lists, and the indication is that the public awareness of the option was very low. Given the high participation in the national list, the results may be quite different this time around.

Note: The FCC Final Rules amending part 64 CFR begin on page 130 of the 164 page release. The first 129 pages are an excellent presentation of history, discussion and findings, but require more patience than the rules themselves. For a summary of the Rule and its effect, see the August 2003 Foley & Lardner Insurance Law Update. There is discussion as to whether the Rule can be applied to the business of insurance under the McCarran-Ferguson Act. The FCC Rule comments:
To exempt the insurance industry from liability under the TCPA would likely confuse consumers and interfere with the protections provided by Congress through the TCPA. Therefore, to the extent that the operation of McCarran-Ferguson on the TCPA is unclear, we will raise this issue in our Report to Congress as required by the Do-Not-Call Act.

Whatever the outcome on the M-F issue, the publicity and high participation in the national do-not-call list indicates that there are going to be serious complaint problems for agencies and the companies they represent if they continue to use predictive dialers without deleting numbers on the national do-not-call list. The complaints to the FCC may not be as damaging as those going to the insurance department. The FCC may not get around to assessing fines against any but the largest telemarketers, but the insurance department totals and reports complaints uncritically, and will at least call for explanations and remedial action. I suspect that most agencies using dialers will not take the trouble to pay the fees and coordinate their lists with the national list, at least until it becomes enough of a problem for the insurance company to take action.


The new rules by the FTC and the FCC on the TCPA go well beyond the national do-not-call list. Significant restrictions and requirements have been added regarding predictive dialer machines. The new requirements provide that every call placed must ring for at least 15 seconds or 4 rings, and be connected to a live telemarketer within two seconds after answer. No more than 3% of the calls are permitted to fail this standard.

The whole purpose of a predictive dialer is to keep several lines dialing for each person on the staff. The dialer can be set to decrease the inevitable number of dropped calls or delays, but one set to meet the new standards is not going to be as efficient at keeping the staff on live calls.

For an agency that may have a small number of people to handle calls, the advantage of the dial largely disappears, that is, if the rule standards are met. It is a good bet that these standards will be ignored, just like the national do-not-call list, until the volume of complaints necessitates some action.

Agents universally call prospects to set appointments seeking a face to face interview. Few would think of these calls as "telemarketing" but the TCPA defines ''telephone solicitation'' as "the initiation of a telephone call . . . for the purpose of encouraging the purchase . . . of . . . property, goods, or services, which is transmitted to any person". This reaches the activities of the individual agent who telephones prospects from newspaper reports of marriages, births, mortgages and the like. The FCC Rule: No person or entity shall initiate any telephone solicitation . . . ."

FCC Rule Comment: In addition, we decline to extend this approach beyond persons that have a personal relationship with the marketer. For example, Vector urges the Commission to adopt an exemption that covers face-to-face appointment calls to anyone known personally to the referring source.168 We note that such relationships become increasingly tenuous as they extend to individuals not personally known to the marketer and thus such calls are more likely to be unexpected to the recipient and more voluminous.

We also decline to establish an exemption for calls made to set face-to-face appointments per se.169 We conclude that such calls are made for the purpose of encouraging the purchase of goods and services and therefore fall within the statutory definition of telephone solicitation. We find no reason to conclude that such calls are somehow less intrusive to consumers than other commercial telephone solicitations.

The TCPA Rule news is better regarding the call by the company or the agent to load existing policyholders, or to attempt reinstatement of a lapsed policyholder. The prior relationship exception runs for 18 months from the date of the last premium payment.

FCC Rule Comment: a company's prior relationship with a consumer entitles the company to call that consumer for eighteen (18) months from the date of the last payment or financial transaction, even if the company does not currently provide service to that customer.359 For example, a consumer who once had telephone service with a particular carrier or a subscription with a particular newspaper could expect to receive a call from those entities in an effort to win back or renew that consumer's business within eighteen (18) months.

Can an insurance company call the policyholders, present or lapsed, of one of its affiliates? Here the TCPA Rule gets fuzzy, and relies on the expectation of the policyholder. Clearly the policyholder is not going to recognize the name of a different insurance company just because it is affiliated, so by that test the practice is going to be troubled.

FCC Rule Comment: The Commission finds that, consistent with the FTC's amended Rule, affiliates fall within the established business relationship exemption only if the consumer would reasonably expect them to be included given the nature and type of goods or services offered and the identity of the affiliate.376 This definition offers flexibility to companies whose subsidiaries or affiliates also make telephone solicitations, but it is based on consumers reasonable expectations of which companies will call them.3

As a practical matter, an agent who gets a referral is going to call the referral for an appointment. The FCC TCPA rule technically reaches such a call, even though complaints should be rare in that situation. While a large agency predictive dialer operation may cause enough complaints to attract the attention of the FCC, it seems unlikely that it will have the resources, or the inclination, to bother an individual agent following up on his referrals. Most companies can be expected to take a wait and see approach to see whether agent calls are really going to be a problem, but will make sure their training materials do not advocate calls which may be in the gray area.

FCC Rule Comment: The Commission clarifies that the established business relationship exemption does not permit companies to make calls based on referrals from existing customers and clients,379 as the person referred presumably does not have the required business relationship with the company that received the referral.

Apparently some companies have jumped into active enforcement of the rule, not waiting for the dust to settle. Some have not only warned their agents against calling prospects, but (rumor has it) have threatened to terminate any agent who makes a call to someone on the do-not-call list. It is not quite clear what the thought process is in those situations.


So, looking at the history of the Telephone Consumer Protection Act and the Rules of the FTC and the FCC, what is the likely effect on insurance company and agent practices regarding the telephoning of consumers? In 1992 many of us thought a lot would change, but the mass faxing (then prohibited) kept coming, and the predictive dialer calls, hang ups and dead air, continued to increase every year, and no one heard of any enforcement action.

Perhaps the main consumer relief expected from the 1992 rules was the required company do-not-call list, supported by written procedures and prescribed caller training. Apparently almost everyone forgot this was available. I have been plagued for years by regular calls from the telephone company on my unlisted number. Only since reading the FCC release on the new rules have I thought to ask to be put on their list. So far, no further calls. Why didn't I do that 10 years ago?

So will it be different this time around with the National Do-Not-Call list? May be. Having made the effort to sign up (in some areas more than half the resident numbers have been listed) people are likely to question a call from a telemarketer and are probably a lot more likely to complain. It will be interesting to see what the telephone company, exempted by the established relationship from the national list, has to say when questioned. The individual company list may have a life yet.

Fresh on the heels of the DO-NOT-CALL regulations come the CAN-SPAM Act , which is effective January 1, 2004. Enforcement authority is given to the state insurance departments, with the proviso that if they fail to act, the authority falls to the FTC. Unless some department becomes uncharacteristically creative, or your company panics and starts pettifogging the agents about it (as some did with DO-NOT-CALL), normal insurance company and agent activities with email are highly unlikely to be affected in any way. That includes all of the email suggestions on this site.

The main impact is on "commercial email", defined as the advertisement or promotion of a commercial product or service, and specifically excepted are "transactional or relationship messages.” Most insurance email activity is clearly the later, but what about emails that offer to load existing policyholders, i.e. offer them new products or riders? If this slips over into "commercial email", you would now have the requirement of prominently including an email address or web site reference that the recipient can use to decline future commercial emails. You really don't want to have to label your email to your policyholder an "advertisement", so consider the inclusion of other service offers to keep you in the gray area. It is not a bad idea to refer to your web site, and to include a section on the email preferences of your policyholder.

The Act does not give the recipient a private right of action (as the DO-NOT-CALL Act does), so the major consequence of gray activity is likely to be insurance department complaints. Although your agents can certainly expect more latitude than the company, if you do get a decline of future emails, furnishing that address to your agent will make the company responsible for its use by him.


This got too overwhelming and now has its own page. Go to Sarbanes Oxley.



Not to be outdone, there is always something new on HIPAA. The latest round of standards for the Privacy of Individually Identifiable Health Information If you haven't read the regulation, an brief summary is provided in this TechRepublic Article.

"On April 14, 2003, the Health Insurance Portability and Accountability Act (HIPAA) standards for the privacy of individually identifiable health information (IIHI) took effect. Healthcare organizations—including providers, insurers, and healthcare clearinghouses—must be fully aware of the effect of this pending regulation"

Want to know more on HIPAA? Want to know EVERYTHING? Here is your link site.

The extensive rules deal with how IIHI, Individually Identifiable Health Information must be handled. Generally, information is IIHI if:

The information explicitly identifies an individual, or you can reasonably infer the identity from the data.
The information concerns the physical or mental health of the individual, or the information concerns the provision or payment of healthcare to the individual.

What is the applicability of HIPAA to a life insurance company? The Act directly covers health plans, health care providers, and health care clearinghouses. You are probably not one of those, but you can be indirectly affected by your normal operations. You are an employer, and probably provide a health insurance plan for your employees. Your plan carrier is clearly covered, and you will be as a plan sponsor if you obtain or use health information from your plan carrier regarding your employees. I would think most companies would want to avoid such information. Aside from the burdens of HIPAA, you really shouldn't want to get involved in claims adjudication, a no win game. For a detailed analysis of your exposure as an employer, see this article and this one. Next comes the question of the information you gather to underwrite coverage, or to pay claims.

Publications by law firms assume that HIPAA will have an impact on life underwriting, but the emphasis is on the expanded privacy notice:

While this burden is well understood by those within the health care industry, what is less well recognized by the relevant insurers are the effects of these rules on insurers outside the health insurance industry. The HIPAA Rule will affect any insurer that has any need for medical information, regardless of the line of insurance involved. For example, life insurers that rely on medical underwriting will need to adapt their procedures. Workers compensation and automobile insurers, that rely on medical information for claims investigation and payment, also will need to make significant changes because of these laws.

Are they ready? Many insurers that rely on medical information—particularly those that do not also have health insurance components—may know little about the HIPAA rules. The rules may require significant changes to consent/authorization forms—changes that may require 50 state filings (and approvals) for national insurers.


The Thompson Agency site Q&A is directed to the general agent, and notes that the previous medical information release form is unlikely to be HIPPA compliant, so that while life insurance is specifically excluded from HIPPA, the medical provider is covered, and will not/should not release information to a life insurer without a compliant release. The new requirements include:

A statement detailing the right to revoke the authorization and instructions how to revoke it;
A statement that if the person does not sign the authorization, the purpose of the authorization may not be able to be met; and
A statement that the information being disclosed is subject to redisclosure and may not longer be protected by federal privacy regulations.
Thompson Q&A

You receive a HIPAA privacy notice if you are covered by a health plan, governing "individually identifiable health information." You receive a GLB privacy notice from any financial institution with whom you do business, governing "nonpublic personal information". This discussion of the overlap with respect to health insurers raises interesting questions regarding the notice requirements for a life insurer:

Although Congress remained silent as to its understanding of the interaction of GLB and HIPAA's privacy provisions, the Federal Trade Commission and other agencies implementing the GLB privacy provisions noted in the preamble to their GLB regulations that they “would consult with HHS to avoid the imposition of duplicative or inconsistent requirements.” 65 Fed. Reg. 33646, 33648 (2000). Additionally, the FTC also noted that “persons engaged in providing insurance” would be within the enforcement jurisdiction of state insurance authorities and not within the jurisdiction of the FTC. Id.

Because the FTC has clearly stated that it will not enforce the GLB privacy provisions against persons engaged in providing insurance, health plans will not be subject to dual federal agency jurisdiction for information that is both nonpublic personal information and protected health information. If states choose to adopt GLB-like laws or regulations, which may or may not track the federal rules completely, health plans would need to evaluate these laws under the preemption analysis described in subpart B of Part 160.

That is not quite the view of HHS, the HIPAA enforcement agency. In its response to comments regarding the relationship of HIPAA to other federal laws:

Comments: One commenter noted that the Financial Services Modernization Act, also known as Gramm-Leach-Bliley ("GLB"), requires financial institutions to provide detailed privacy notices to individuals. The commenter suggested that the privacy regulation should not require financial institutions to provide additional notice.

Response: We disagree. To the extent a covered entity is required to comply with the notice requirements of GLB and those of our rules, the covered entity must comply with both. We will work with the FTC and other agencies implementing GLB to avoid unnecessary duplication. For a more detailed discussion of GLB and the privacy rules, see the "Relationship to Other Federal Laws" section of the preamble.

While the HIPAA regulations try to make common sense exceptions for disclosure to spouses, relatives and close personal friends there appear to be numerous situations where companies and their clerks are refusing reasonable requests for information, infuriating customers and losing business. For a life company, even one that sells health insurance, it would be unusual, in fact, quite remarkable, for someone to call and request information that qualifies as IIHI. Unless the question requires reference to the application, or a claim form or report, it is hard to see where else IIHI could be found.

You of course receive lots of calls from spouses of insureds regarding paid to dates, coverage, and values. Ask your service manager to tell you what types of information would NOT be released to a spouse of an insured. And it wouldn't hurt to ask a few of the telephone operators. If my experience is a guide, you will find some of the clerks will not even tell a spouse if a premium is due, much less what the cash value or a loan balance is. This is worse than just terrible service. The time spent arguing, and securing an irrelevant release form, storing and referencing it, all is make work. That is not what you need in your service operation, a bunch of clerks looking in the file or on the screen to see if a spouse has been authorized to find out when the premium is due.

HIPAA is a big headache for health service providers, and you can understand some confusion in their operations. But confusion in a life company about disclosing policy status and coverage information is poor management.

Finite Insurance

Regulation is covered in discussion of finite insurance as a product.


Amendments to FCRA

The Fair and Accurate Credit Transactions Act of 2003

Any business that uses consumer reports must adopt procedures for proper disposal. The FTC Disposal Rule, as proposed, defines "consumer information as any record about an individual, in any form, including information that is derived from a consumer report.

Bests Review

Detailed Analysis

FTC release full FCRA including amendments.

Under GLB the safeguards rule (read first)