Insurance regulation in the U.S. has taken shape through several key U.S. Supreme Court decisions and eventual laws pertaining to who regulates insurance in the U.S. Insurance is mainly regulated on the state level; however, the federal government plays a specific role in regulation as well. Several historical key federal court rulings and laws have helped shape the industry into what it is today.
Regulatory control between the states and federal government has been a back and forth battle for most of its history in the U.S. Throughout the 1800s, the U.S. insurance industry was strictly regulated by the states and was considered outside of the jurisdiction of the federal government. As time went on, the federal government began to view insurance as a form of interstate commerce, thus wanting to regulate it. The following court rulings and laws have paved the way for the current industry regulations.
Paul v. Virginia (1868)
The federal government has jurisdiction over interstate commerce in the U.S., and according to the Supreme Court case Paul v. Virginia, it was one of the first attempts of the federal government to try to regulate insurance as interstate commerce.
The Supreme Court, however, decided that issuing an insurance policy is not considered a transaction of commerce; therefore, it cannot be regulated by the federal government as interstate commerce. Although this ruling would later be reversed, for 75 years following this Supreme Court decision, insurance was not considered to be interstate commerce, nor was it regulated by the federal government.
The Armstrong Investigation (1905)
Another important event, known for creating the New York Insurance Code, led to the investigation into various life insurers in the state of New York. The outcome of this investigation led to stricter regulation of insurance companies by the state, which ultimately led to other states adopting similar insurance regulation.
United States v. Southeastern Underwriters Association (1944)
This Supreme Court case placed the regulation of insurance within the authority of the federal government by defining insurance as a form of interstate commerce. Any state laws that may have been in force at that time that conflicted with the laws of the federal government became void and unenforceable. Due to the conflicts that arose from this Supreme Court decision, Congress later enacted the ‘McCarran-Ferguson Act’ to further define the roles of the federal and state governments.
The McCarran-Ferguson Act (1945)
This Act ratified legislation in all states to conform to federal law; however, Congress still concluded that state regulation of insurance made the most sense from a consumer’s standpoint. Under this act, the business of insurance is primarily regulated by the states, allowing the federal government to regulate in addition to, but not to supersede state insurance laws. Since insurance is considered to be interstate commerce, federal law regulates such business in addition to state regulation.
1958 Intervention by the FTC
In an attempt by the FTC to regulate insurance advertising, the Supreme Court decided, due to the McCarran-Ferguson Act, that a federal agency such as the FTC had no ruling or authority over the states regarding insurance advertising regulation.
1959 Intervention by the SEC
Both annuities and variable life insurance were questioned and concluded to be securities, instead of insurance; therefore, the Supreme Court decided that insurance companies selling variable life products and annuities were to be regulated under the authority of both the Securities and Exchange Commission (SEC), and the states.
Fair Credit Reporting Act (1970)
The Fair Credit Reporting Act states that all consumers have the right to keep personal financial information private between the collecting party and the consumer. At no time may private personal and financial information be given to a non-affiliated third party unless an Initial Privacy Notice, or a notice that accurately reflects the insurer’s privacy policies and practices, is given by the insurer to the consumer regarding disclosure of this information.
This federal consumer privacy regulation requires disclosure of any ‘financial institution’ that denies coverage to a consumer. In addition, if a consumer is denied coverage, he or she has the right to dispute this denial and provide correct information if inaccurate information is portrayed about the consumer.
A Financial Institution is defined as any institution engaged in activities that are financial in nature or incidental to such financial activities.
This Act was created to ensure that correct information is obtained regarding a consumer and that a consumer’s privacy is not at risk. Federal law mandates the following:
Individuals must be notified within three (3) days from the date that a credit report has been requested. In addition, the credit reporting agency must advise the individual of such report being requested as well as provide him or her with a summary of the report within five (5) days, if requested by the individual.
A consumer has the right to know the identity of anyone who is questioned regarding a credit report.
If the consumer is rejected, due to findings in a report, information regarding the consumer reporting agency must be provided to the consumer.
The consumer reporting agency must disclose any information in the event an applicant requests it; however, an insurance company is not obligated to disclose such information to an applicant.
If an individual disagrees with the agency’s report, he or she has the right to file a statement to the insurer that better clarifies any negative issues presented by the insurer.
Privacy Act (1974)
According to a study conducted by the Privacy Protection Study Commission in the early 1970s, insurance companies were among the top companies that collected personal consumer information. Due to the size and depth of the information collected by insurers, legislation was passed to regulate and safeguard this personal consumer information. The Privacy Act set forth the standards of fair information practices that govern the collection, maintenance, use, and dissemination of personally identifiable information about individuals.
Goals of the Privacy Act:
- To minimize consumer intrusiveness
- To be fair and impartial in collecting and reporting on consumers
- To build public trust regarding the safeguarding of personal information collection
- Financial Services Modernization Act (1999)
Also referred to as the Gramm-Leach-Bliley Act (GLBA) or (GLB Act), the Financial Services Modernization Act, enacted by Congress in 1999, changed the way in which financial institutions such as commercial banks, investment companies and insurance carriers conduct business by allowing these various institutions to merge together into what are commonly called ‘financial supermarkets,’ providing consumers with a larger, more centralized and more diverse selection of financial products.
Under this Act, regulation of financial institutions is based on the type of product or service marketed instead of on the type of company selling the product. This means that a financial institution can become a conglomerate of banking, securities and insurance products, all marketed under the same company’s name. The GLBA reversed previous legislation that limited the financial business of banks, securities companies and insurance carriers based on the company itself, rather than the products or services it sold.
Upon the enactment of the GLBA, financial institutions such as federal and state banks, mutual and stock insurance companies, and mortgage and securities companies began to merge together and offer a wider selection of products such as life and health insurance alongside other financial products and services already provided by the bank or lending institution. As a result of the GLBA, various financial institutions began to capture a larger customer base, and in the process, the disclosure and collection of a larger amount of private consumer information.
Due to the large amount of private information disclosed to theses financial institutions, a major part of the GLBA is the requirement that all financial institutions design, implement and maintain ‘safeguards’ to protect private information obtained from consumers, and to maintain customer privacy once an ongoing relationship is established with the financial institution.
Consumer vs. Customer
The GLBA defines a Consumer as an individual, or the legal representative of such an individual, who obtains, from a financial institution, financial products or services which are to be used primarily for personal, family, or household purposes. A Customer is defined as a consumer who has a continuing ‘customer relationship’ with a financial institution in which it provides one or more insurance products or services to the individual that are to be used primarily for personal, family or household purposes.
A customer has a continuing relationship with a financial institution if he or she is a current policyholder or policyowner of an insurance product issued by or through the financial institution; or if he or she obtains financial, investment or economic advisory services relating to an insurance product or service from the financial institution for a fee.
In protecting both consumers and customers, the privacy requirements of the GLBA include the ‘Financial Privacy Rule,’ which regulates the collection and disclosure of non-public personal information, and the ‘Safeguards Rule,’ which requires financial institutions to set up and maintain a system of protecting consumer and customer records. In addition, the GLBA regulates against attempts to obtain non-public personal information from consumers and customers under false pretenses, a method known as Pre-texting.
Financial Privacy Rule
As mandated by the GLBA, a financial institution must disclose to all consumers in advance of any contractual agreement between the consumer and financial institution that it intends to collect and retain both public and private information on the consumer as part of the contractual agreement between the financial institution and consumer. It requires clear disclosure by all financial institutions of their privacy policy regarding the sharing of non-public personal information with both affiliates and third parties.
The GLBA further clarifies that the disclosure of a financial institution’s privacy policy is required to take place at the time of establishing a ‘customer relationship’ with a consumer, and not less than annually during the continuation of such relationship.
Non-Public Personal Information (NPI)
The term ‘non-public personal information,’ also referred to as NPI, is defined as personally identifiable financial information:
Provided by a consumer to a financial institution
Resulting from any transaction with the consumer or any service performed for the consumer
Otherwise obtained by the financial institution
Non-public personal information includes any list, description or other grouping of consumers (and publicly available information pertaining to them) that is derived using any non-public personal information other than publicly available information.
‘Public personal information’ includes any list, description, or other grouping of consumers (and publicly available information pertaining to them) that is derived without using any non-public personal information.
‘Opting Out’ of Information Sharing and Disclosure
Although information is collected by a financial institution at the time of establishing a customer relationship with a consumer, the GLBA requires a notice to consumers and an opportunity to Opt Out, or allow a consumer the opportunity to prevent the sharing of certain non-public financial information with non-affiliated third parties, subject to certain exceptions.
A financial institution may not disclose non-public personal information to a non-affiliated third party unless:
Such financial institution clearly and conspicuously discloses to the consumer, in writing or in electronic form or other form permitted, that such information may be disclosed to such third party
The consumer is given the opportunity, before the time that such information is initially disclosed, to direct that such information not be disclosed to such third party, and
The consumer is given an explanation of how the consumer can exercise that nondisclosure option
A non-affiliated third party that receives (from a financial institution) non-public personal information shall not, directly or through an affiliate of such receiving third party, disclose such information to any other person that is a non-affiliated third party of both the financial institution and such receiving third party.
A financial institution shall not disclose, other than to a consumer reporting agency, an account number or similar form of access number or access code for a credit card account, deposit account, or transaction account of a consumer to any non-affiliated third party for use in telemarketing, direct mail marketing or other marketing through electronic mail to the consumer.
Life and Health Insurance: ‘Opting In’
In regards to life and health insurance, consumers (insurance applicants) Opt In, or give permission to an insurer to disclose and share non-public personal information. Because an insurer often times needs to disclose and share specific applicant information with a third party such as a doctor’s office or credit agency in order to issue a policy, the insurer must first obtain the applicant’s permission before sharing non-public personal information with necessary third parties involved in the issuance of the policy.
Safeguards Rule
- Also mandated by the GLBA, appropriate standards were established to protect consumer privacy including technical, administrative, and physical safeguards:
- To insure the security and confidentiality of customer records and information
- To protect against any anticipated threats or hazards to the security or integrity of such records, and
- To protect against unauthorized access to or use of such records or information which could result in substantial harm or inconvenience to any customer
Customer Information Systems are the electronic or physical methods used to access, collect, store, use, transmit, protect or dispose of non-public personal information, whether that information is maintained in paper, electronic or other form.
A Service Provider is defined as any person or entity that maintains, processes, or otherwise is permitted access to customer information through its provision of services directly to the licensee.
Pre-texting Regulation
It is a violation of the GLBA for any person to obtain or attempt to obtain, or cause to be disclosed or attempt to cause to be disclosed to any person, customer information of a financial institution relating to another person:
- By making a false, fictitious, or fraudulent statement or representation to an officer, employee, or agent of a financial institution;
- By making a false, fictitious, or fraudulent statement or representation to a customer of a financial institution; or
- By providing any document to an officer, employee, or agent of a financial institution, knowing that the document is forged, counterfeit, lost, or stolen, was fraudulently obtained, or contains a false, fictitious, or fraudulent statement or representation
National Do-Not-Call Registry
Do-Not-Call Implementation Act
Enacted in 2003, the Do-Not-Call Implementation Act was created to provide consumers with the opportunity to restrict telemarketers’ access to telephone numbers by adding them to the National Do-Not-Call Registry and reduce the amount of unwanted telemarketing communication on both an intra- and interstate basis.
Under the original Implementation Act, phone numbers added to the registry were protected for a period of 5 years, at which time each phone number would need to be renewed for an additional 5 years. This renewal was later replaced by a permanent status, allowing consumers to register only once and remain permanently within the national registry.
The National Do-Not-Call Registry is managed by the Federal Trade Commission (FTC) and is enforced by both the FTC and the Federal Communications Commission (FCC), as well as by each state’s government. As is the case with insurance laws, in addition to federal legislation, each state’s government has the authority to provide even more stringent consumer privacy laws.
How it Works
Once a consumer registers his or her phone number with the FTC, the phone number is added to the registry the next day and can no longer be used for telemarketing purposes. Initially, the registry’s process includes a 31 day ‘removal period’ to allow for proper removal of such phone numbers from consumer databases and company calling lists before being able to enforce any penalty against a soliciting business or commercial entity. After this 31-day period, a consumer can file a complaint with the FTC through the National Do-Not-Call Registry website or toll-free by phone.
The national registry is applicable to all telemarketing solicitation throughout the country and is subject to some exceptions. Penalties for soliciting to any number listed on the registry include being subject to up to a $16,000 fine to the telemarketing company in violation of the law, as well as other civil and/or criminal penalties.
Exceptions to the Law
As defined and stated by the FCC, the following situations are exempt from the National Do-Not-Call Registry:
- Calls from organizations in which a consumer has established a business or customer relationship
- Calls made with permission from the consumer
- Calls made by or on behalf of non-profit, tax-exempt groups and organizations
- Calls which are not commercial or do not include ‘unsolicited advertisements’ including calls from political organizations, charities and telephone surveyors
The FCC defines Unsolicited Advertisements as any material advertising the commercial availability or quality of any property, goods or services, which is transmitted to any person without that person’s prior express invitation or permission, in writing or otherwise.
The FTC defines an Established Business Relationship (EBR) as a prior or existing relationship formed by a voluntary two-way communication between a person or entity and a business or residential subscriber with or without an exchange of consideration (payment), on the basis of an inquiry, application, purchase or transaction by the business or residential subscriber regarding products or services offered by such person or entity, which relationship has not been previously terminated by either party.
As stated by the FTC, an established business relationship with a company exists for three (3) months after the inquiry or application.
Improvements to the Do-Not-Call Act
Since its inception, additional provisions have been added to the original Do-Not-Call Act, providing even more control to consumers, as well as businesses attempting to properly solicit their products or services to the general public.
Improving upon the efficiency and privacy of the original Act, the Do-Not-Call Improvement Act of 2007 implemented additional efforts in removing disconnected and re-assigned phone numbers, as well as retaining phone numbers within the National Do-Not-Call Registry on a permanent basis, as compared to the original 5-year renewal requirement.
A Claims Made Liability Insurance Policy
A claims made insurance policy covers insurance claims filed during a given period of time. Generally speaking, a claim must be filed while a claims made policy is still in effect in order for it to be covered by the insurance carrier. This type of policy form is generally less expensive than an occurrence policy as there isn’t any automatic coverage in place once the policy has ended. Business owners who typically purchase claims made with GL or professional liability insurance coverage include contractors, attorneys and medical professionals. The most common types of policies written on a claims made basis include professional liability, directors and officers E&O, as well as employment practices liability insurance (EPLI).
Understanding the difference between a claims made form policy and an occurrence form policy for business liability insurance.
An important consideration with claims made policies is tail coverage. Tail coverage (also known as an Extended Reporting Endorsement) is an additional policy most business owners will need to buy when they decide to retire or exit their business. Otherwise, a claim filed for work done in the past will not be covered under the claims made form. Unfortunately, there isn’t any guarantee an insurance company will write a tail coverage policy and the premium may be expensive depending on prior policy claims.
The Occurrence Policy for Liability Insurance
An occurrence policy provides coverage for losses or claims that are related to a policy term. A claim can be filed years later for a liability caused during a prior period of time as long as there was active coverage in place when the cause of the claim was created. While an occurrence policy form may be more expensive for some types of business, there isn’t any future cost associated with buying tail coverage.
An occurrence policy is the more common from of coverage and a better choice for most business owners. It is more reasonable to have the coverage in place indefinitely for work performed than it is to gamble on finding tail coverage, or avoiding a future claim. In many instances, the additional cost of an occurrence policy form is minimal compared to purchasing a claims made policy.
Why are There Two Types of Policies?
Claims made insurance coverage is more similar to early insurance programs when groups of businesses would form private insurance pools as a means to cover potential losses. As insurance products and companies evolved into an industry, the idea of protecting risks based on a claims made basis followed. The primary reason claims made coverage is still around is because there is a demand and because insurance companies may only be willing to write certain types of risk on a claims made basis.
Insurance Company Regulation
The insurance industry is a highly regulated industry, regulated by each state independently, as well as through federal legislation. This means that although each state follows federal regulation, the individual states maintain the power and authority to regulate insurance laws within each state. Insurance carriers, agencies, and all insurance agents are required by law to be licensed in each state in which they conduct business.
Each state maintains its own division or department of insurance, consisting of regulating officers and an insurance commissioner or superintendent. Upon review of a business or individual insurance license application, the state’s insurance commissioner or superintendent has the authority to approve or deny the application to solicit insurance within the state.
A Certificate of Authority is provided to an insurance company as proof of licensure within the state. Once certified by the state, the insurer is considered to be Admitted and is authorized to conduct insurance business within the state.
A Non-admitted, or non-licensed, insurer is prohibited from conducting business within a state until it becomes licensed by that state. Whether it be an individual agent or an insurance company, unauthorized solicitation of insurance without the approval of the state’s insurance commissioner or superintendent is prohibited.
Authorized insurance companies oftentimes conduct business in multiple states, and as such, they are authorized based on the state in which the insurance company’s home office is incorporated. Domicile of Incorporation refers to the state (or country) in which the insurance company is incorporated.
The following categories determine the status of an insurance company based on its location of incorporation in relation to the location in which it is conducting business.
Domestic Insurer
A domestic insurer is an insurance company that conducts insurance business in the same state in which it is incorporated, such as an insurance company that is incorporated in Florida and conducts insurance business within Florida.
Foreign Insurer
A foreign insurer is an insurance company that conducts insurance business in any state that it is not incorporated, such as an insurance company that is incorporated in Florida and conducts insurance business in California or New York. Although the insurer is considered to be domestic in its home state, it is considered to be foreign in any other state it conducts insurance business.
Alien Insurer
Any insurance company incorporated outside of the United States is considered to be an ‘alien’ insurer while conducting business within the U.S. and must follow all federal and respective state laws.
Remember, Puerto Rico, Guam, and the U.S. Virgin Islands are U.S. territorial possessions and are within U.S. federal law; therefore, insurance companies incorporated in these territories are categorized as domestic or foreign insurers, depending on the location in which they conduct business.
Financial Structure and Requirements of Insurers
As mentioned, insurance companies are regulated on the state level and are required to maintain adequate capital and company surplus to satisfy insurance claims and pay annual operating expenses. Financial investments made by an insurance company must not endanger the insurer’s solvency or financial wellbeing; therefore, they typically invest in low-risk bonds such as corporate and municipal bonds to ensure that the insurer receives positive returns.
To protect against insurer insolvency, each state’s department of insurance mandates company compliance in reporting financial conditions and results of operations on a quarterly basis. In addition, an annual audited report must be filed with the department and must be completed by an independent certified public accountant chosen by the insurer.
The following financial reports must be provided by the insurer to the department for review:
- An audited annual report from an independent certified public accountant
- A statement of the company’s financial condition
- Balance sheets and statements of cash flow
- A summary of insurer operations
- A statement of the changes in the company’s capital and surplus
The company’s notes related to its financial statements which reconcile any differences between the audited annual report and its quarterly reports
Insurance Company Financial Ratings
An insurer’s ‘financial rating’ represents its financial strength and is based on its claims experience, investment performance, and dividend returns, as well as an insurer’s management team among other factors. Similar to how Consumer’s Reports rates its member companies, financial rating companies such as Standard & Poor’s, Moody’s, and AM Best provide consumers with its financial rating of each insurance company. While each rating company follows its own rating scale, a letter grade ranging from A++ or Aa1 to D is given to each insurer. The higher the rating grade that is given to an insurance company, the better the insurer is financially fit.
Self-Insurance & Inter-Insurance
Self-Insurance
Many businesses choose to self-insure to cover smaller employee claims that can be paid by the company instead of filing a claim through the insurer. A business will ‘self-insure,’ or pay for smaller claims from an established fund maintained by the business mainly to avoid costly insurance premiums for relatively small claims.
Reciprocals
‘Reciprocal’ Insurance, also known as Inter-Insurance, is a type of risk retention between members, known as subscribers, consisting of individual business owners, corporations, or municipalities. Subscribers ‘reciprocate’ in sharing risks and participate in indemnifying members who encounter loss.
As a type of insurance, each member can absorb larger loss by sharing it and through its participation in the reciprocal, it pays a lesser amount of loss since it is shared by the other subscribers in the reciprocal.
A reciprocal is another form of insurance for a business, corporation or municipality that helps spread the risk and costs of loss. This type of self-insurance is administered by an attorney, called an Attorney in Fact (AIF), and is often used by municipalities to ‘cross-indemnify’ each other against potential loss in addition to purchasing formal insurance.
Stock vs. Mutual Insurers
Stock Insurance Company (Non-Participating or ‘Non-Par’)
The majority of private commercial insurance companies in America are considered to be either stock or mutual insurance companies. While both types of organizations provide insurance to consumers, they differ in how they operate.
A Stock insurance company is a private insurance company that is established to provide insurance to policyowners and to make a profit for its stockholders.
This type of insurer is considered to be a Non-Participating, or Non-Par company because the insured policyowners do not own the company, nor do they receive any dividends that the company returns. Stock insurers do not issue participating policies; therefore, two groups exist: shareholders and policyowners – although a shareholder could also be a policyowner.
Mutual Insurance Company (Participating or ‘Par’)
A Mutual insurance company is a private insurance company that is established to provide insurance to policyowners who are also the company’s stockholders (owners).
This type of insurer is considered to be a Participating, or Par company because it issues ‘participating policies’ in which policyowners share in the company’s ownership and receive dividends from the earned surplus of the company’s profits.
Individuals who purchase insurance from a mutual insurer are both a customer (insured) and an owner (shareholder). The insurer’s Earned Surplus is paid out to its shareholders in the form of Dividends, which are an annual reimbursement of excess premiums that remain after the company has set aside its needed reserves and has deducted the necessary amount to cover annual claims and other company expenses.
Demutualizaiton
A mutual insurance company has the ability to change its corporate structure to a stock company status, often to help increase capital needs that is more easily accomplished as a stock insurance company. This process is called ‘demutualization.’
Mutualization
Just as a mutual insurance company can ‘demutualize’, a stock insurance company can also change its corporate structure to become a mutual insurance company, a process called ‘mutualization.’
Reinsurance
The concept of ‘reinsurance’ is the sharing of risk between an insurance company and a re-insurance company, known as a Reinsurer, to provide additional insurance coverage for risks that are too large for the single insurer to adequately cover.
When an insurance company cannot assume an entire risk of an applicant’s request at the time of application, it will transfer part of the risk by purchasing additional insurance coverage from a reinsurance company. A Reinsurance Agreement provides the details of the agreed reinsurance policy, and a reinsurance premium is paid by the Cedent Insurer, to the reinsurer in exchange for the additional coverage.
The agreement between the cedent insurer and the reinsurer does not affect the agreement between the cedent insurer and the insured individual or business and is often times not even known by the insured individual or business. The insured is covered by the insurer, and if necessary, the insurer shares part of its risk with a reinsurer.
As an example, if a business applies for a large insurance policy equaling $20 million and an insurance company is only able to cover a single loss up to $10 million, the insurer will purchase additional insurance from a reinsurer for the remaining $10 million to adequately cover the $20 million request.
Private vs. Government Insurance
The Federal Government provides various programs including health insurance to military veterans, as well as programs that provide catastrophic protection often excluded from private insurance, such as flood insurance, insurance on mortgage loans and unemployment insurance above state limits, to name a few common examples.
The State Government also provides various programs such as state-administered unemployment insurance, workers’ compensation insurance, and state-administered medical expense insurance plans for eligible individuals.
Known as Social Insurance, Social Security, Medicare, and Medicaid are provided to U.S. citizens through federal and state legislation. In comparison to private insurance, government-administered insurance is funded by tax money and is regulated by state and federal laws. These programs are available to all qualified U.S. citizens and are determined based on the qualifying status of the applicant’s age or income status.
Fraternal Associations & Benefit Societies
Fraternal associations are non-profit organizations that are recognized for their social and charitable activities. Associations often consist of social or religious groups such as the Knights of Columbus, local community lodges, or religious organizations. These associations, often called ‘societies,’ offer insurance to its members in addition to other membership benefits.
A social ‘club’ consisting of friends or neighbors that is not established under the law as an organization is not considered to be an association and cannot form a group policy simply for the purpose of providing insurance to friends or neighbors.
Lloyd’s of London
Lloyd’s of London is not actually an insurer, but rather an exchange marketplace consisting of individuals, companies and underwriters who provide ‘high-risk’ insurance products. Lloyd’s is considered the oldest insurance marketplace, essentially serving as a reinsurer, providing services in over 200 countries around the world.
The Lloyd’s marketplace is best known for its diverse and wide range of coverage including property, marine, aviation, and ‘specialty’ coverage policies on the human condition, such as insurance on a ping pong champion’s hands or on a musician’s voice (Bob Dylan and Bruce Springsteen for example), in addition to other unique items.