December 20, 2019

CEFLI Educational Webinar

Series

Looking Back and

Looking Forward

Top Compliance Challenges

2019 and 2020

2019 Premier Partners

2019 Premier Partners

• CEFLI’s Antitrust Policy.

• Presentation.

• Q & A.

• Post-meeting Survey.

Agenda

• Mary Jo Hudson

Partner

Squire Patton Boggs

• Sue Stead

Of Counsel

Squire Patton Boggs

Webinar Faculty

• Susan Voss

General Counsel

American Enterprise

• Don Walters

President & CEO

CEFLI

• Key Compliance Challenges 2019.

– NYDFS Regulation 187 (Annuities) / SEC Regulation

Best Interest /Revised DOL Fiduciary Rule.

– Suitability.

– Privacy / Data Governance.

– Cybersecurity.

– New Product and Innovation Initiatives.

– Unclaimed Property.

Key Compliance Challenges 2019

• Key Compliance Challenges 2020.

– NYDFS Regulation 187 (Life) / SEC Regulation

Best Interest / NAIC Suitability in Annuity

Transactions Model Regulation.

– Privacy/Data Governance.

– DOL Fiduciary Rule.

– Unclaimed Property.

– Antifraud.

Key Compliance Challenges 2020.

• Industry media suggests that we can

anticipate a revised DOL Fiduciary Rule in

early 2020.

• DOL has reportedly been working closely with

the SEC to follow Regulation Best Interest.

• New DOL Secretary Scalia has received

clearance to participate in the rulemaking

process.

Revised DOL Fiduciary Rule.

• On June 5, 2019, the SEC adopted

Regulation Best Interest and Form CRS

Summary.

• The proposed regulation received some of

the highest volume of comments ever

received by the SEC.

• Regulation Best Interest impacts the

standards associated with retail sales through

broker-dealers and investment advisers.

SEC Regulation Best Interest.

• Four Obligations:

– Best Interest.

– Disclosure.

– Care.

– Compliance.

• Requires identification of conflicts of interest

and efforts to mitigate material conflicts of

interest.

SEC Regulation Best Interest.

• Regulation becomes effective June 30, 2020.

• FINRA will be the regulatory authority

conducting examinations for compliance with

Regulation Best Interest.

– FINRA will be examining before June 30, 2020 to

determine the degree of readiness to comply with

Regulation Best Interest.

• Impacted the development of revisions to the

NAIC Suitability in Annuity Transactions

Model Regulation.

SEC Regulation Best Interest.

• Amendments to NYDFS Regulation 187

became effective for annuities on August 1,

2019.

• Introduced a best interest standard into the

life insurance product marketplace.

• Companies were challenged to develop new

policies and procedures.

• Significant training and documentation

requirements for producers.

NYDFS Regulation 187 (Annuities).

• Amendments to NYDFS Regulation 187

become effective for life insurance products

on February 1, 2020.

• Companies are still evaluating their

compliance strategies.

• Examples of key issues:

– Collection of suitability information for life

insurance products.

– Where will the suitability analysis reside?

NYDFS Regulation 187 (Life).

• Future annuity sales will take place under a best

interest rather than a suitability standard.

• Follows the organizational format of Regulation

Best Interest.

– Best interest obligation.

– Care obligation.

– Disclosure obligation.

– Conflict of interest obligation.

– Documentation obligation.

NAIC Suitability in Annuity Transactions

Model Regulation.

• Broader “safe harbor” provision.

– Applicable to broker-dealer and investment

adviser transactions.

• Challenge to train producers to operate under

a best interest standard.

• Key compliance questions:

– NAIC might have a final rule by March 2020

– Effective date?

– Adoption by the states?

NAIC Suitability in Annuity Transactions

Model Regulation.

• Trend: More laws restricting use of consumer

data and giving consumers more rights.

‒ California Consumer Privacy Protection Act

(CCPA) (and regulations).

‒ General Data Protection Regulation (GDPR).

• Trend: Breach laws amended to expand

definitions of breach and personal data (e.g.

biometric info, email address, IP address),

and to increase reporting obligations.

Privacy and Data Governance.

Privacy and Data Governance.• Trend: Private causes of action provided by statute.

• Trend: Actual not necessarily required for standing to sue

– invasion of legal right may be sufficient.

• Trend: Regulators increasingly focused on security of

company systems as well as security of consumer data.

– Exam standards, enterprise risk reporting.

– NAIC Insurance Data Security Model Law (#668).

– N.Y. Cybersecurity Regulation (20 NYCRR 500).

• Trend: Insurance regulators are increasingly focused on

the nature of consumer data used in insurance and

potential for bias.

• Effective 1/1/20.

• Broad definition of PI: information that identifies,

relates to, describes, is capable being

associated with or could reasonably be linked to

a particular consumer or household.

• Includes, among other data: biometric data, online

identifier, email address, street address, IP address,

browsing history, and interactions with websites, geo

location data, and “inferences” drawn from data to

create a profile.

• Applies to employee data (2021).

• Notice at or before collection of PI from consumers.

• Use of PI limited to purposes disclosed in notice.

• Consumer rights: know what PI is held; request deletion

of PI; opt-out of sales of PI.

• Training and record retention for consumer inquiries,

opt-outs, opt-ins.

• Online privacy policy required.

• Notices for both online and offline interactions.

• Partial exemption for entities subject to GLBA.

• Challenges for insurance industry.

‒ Scope of GLBA exemption.

‒ Moving target.

‒ Identifying impacts – data and operations.

‒ Data mapping and gap assessments.

‒ Developing compliant operational changes.

‒ Coordination with state insurance privacy laws,

California Financial Information Privacy Act, and

California Online Privacy Protection Act, among

others.

‒ Limit operational changes to California?

Cybersecurity.

• Recent laws:

‒ New York regulation (23 NYCRR 500).

‒ NAIC Insurance Data Security Model Law (adopted

in AL, CT, DE, MI, MS, NH, OH, SC).

• Requirements are very similar except:

‒ New York is prescriptive while the model allows

more flexibility and discretion in determining

necessary elements of cybersecurity program.

‒ Incident reporting obligations are significantly

greater under the NAIC Insurance Data Security

Model Law.

Cybersecurity.

• Compliance Challenges

‒ Uniformity.

‒ Finding the expertise.

‒ Oversight of third-party vendors.

• Anti-inducements/anti-rebating.

• Accelerated underwriting/predictive modeling

‒ NY Circular 1.

‒ NAIC Task Forces (Big Data, Accelerated UW, AI).

• Direct to consumer distribution.

• Illustrations and narratives.

New Product and Innovation Initiatives.

• Regulators have encouraged companies to

bring innovation initiatives to them.

• Need to be careful to identify those states that

may be receptive to innovation initiatives.

New Product and Innovation Initiatives.

• Anti-inducement/rebating.

‒ States are updating statutes/regulations.

‒ Alabama (482-1-163-.03 ), Arizona (Bul. 2019-01),

Maryland (Bul. 19-21), North Dakota (26.1-04-06),

Ohio (Bul. 2019-04, 05), Washington (48.30.140),

West Virginia (Info. Ltr. 205).

‒ Value Add clarifications.

‒ Premium inducement limitations.

New Product and Innovation Initiatives

• Accelerated Underwriting.

– Significant debate & discussion at NAIC.

• NY Circular 1 – First written guidance.

– Data not related to the medical condition of

applicant; data serving as a “lifestyle indicator.”

– OK - MIB, criminal and MVR data.

– Concern for unlawful discrimination (i.e., disparate

impact) – burden on insurer.

New Product and Innovation Initiatives

• NY Circular 1.

– Concern for unfair discrimination.

o Actuarially sound.

o Meets insurance code requirements.

o Is there a valid rationale for differential treatment.

– Compliance with FCRA/state equivalents.

o Adverse underwriting decision includes inability of

applicant to use expedited or accelerated process.

– Circular 1 – Next steps?

New Product and Innovation Initiatives

• Direct to consumer distribution.

– Producer licensing.

– Disclosure delivery / signatures.

– Advertising on unlicensed partner sites.

• Illustrations and Disclosures.

– NAIC debate regarding IUL Illustrations & Life

Disclosure Models.

o No resolution.

o Discussion to continue in 2020.

New Product and Innovation Initiatives.

• Unclaimed property challenges continue.

• New RUUPA.

– “Date of death” dormancy trigger.

– Open-ended authority for auditors to conduct DMF

Searches of Life Insurers.

– Enacted: CO, IL, KY, ME, TN.

– Proposed: DC, WA, VT, SC, UT (amend).

• NCOIL Model – 35 states enacted.

– “Knowledge of death” dormancy trigger.

Unclaimed Property

Final Thoughts?

Questions and Answers.

Compliance & Ethics Forum for Life Insurers

www.cefli.org