|  Big I New York has unveiled a new resource to help agencies comply with part of the New York financial services cybersecurity regulation. Specifically, it will make it easier for you to comply with the requirements regarding third-party service providers. You now have one-stop access to information about the cybersecurity practices of large publicly traded insurance carrier groups.
The regulation's Section 500.11 requires all covered entities, including insurance agencies and brokers of any size, to “implement written policies and procedures designed to ensure the security of information systems and nonpublic information that are accessible to, or held by, third-party service providers." (See this flowchart to determine who is a third-party service provider for your agency.) The policies and procedures, which the agency must base on its annual or more frequent risk assessments, must address among other things, “due diligence processes used to evaluate the adequacy of cybersecurity practices of such third-party service providers …" If a third-party service provider has access to your computer systems and data, the regulation requires you to investigate what they're doing to prevent data breaches. (I recorded a 20-minute video about this requirement in 2019.) The most common way entities perform this due diligence is to send third parties a questionnaire like the one we created for you to use. However, as I said in the video, the questionnaire is one way to perform the due diligence; it is not the only way. The text I quoted above does not say anything about a questionnaire. It says the policies and procedures must address “due diligence" without telling you how to do it. Section 500.11 requires each covered entity to establish “minimum cybersecurity practices required to be met by such third-party service providers in order for them to do business with the covered entity." What those minimum practices must be are up to you; the regulation does not set them. For example, you could say that every third-party service provider must meet at least the requirements of the New York regulation. I've said it many times: The good thing about this regulation is it gives entities a lot of leeway on how to comply. The bad thing is it gives entities a lot of leeway on how to comply. You must figure out what works best for you. The New York State Department of Financial Services (DFS) has said that an insurance agency is a third-party service provider to a carrier, and a carrier is a third-party service provider to an agency. This means the agency must perform due diligence on its carriers. Getting a response from a large national carrier to a questionnaire may be futile. Our new resource makes that unnecessary. U.S. Securities and Exchange Commission rules require publicly traded companies to report on the cybersecurity programs as part of their annual 10-K reports. The new list posted in the Cybersecurity section of our website links to those sections of the 10-K reports for thirteen carrier groups, including Travelers, The Hartford, AIG, Erie, Progressive, and others that many Big I New York members represent. After you've decided what your minimum requirements are, download the report for the carrier group you're investigating, compare the contents of that report to your requirements, and decide whether the carrier meets them. If they do not, you then must decide whether to continue doing business with them. The regulation does not require you to stop doing business with them. However, if they ever suffer a breach that affects you or your clients, you should be able to justify a decision to do business with them to the DFS. Companies typically make their annual 10-K reports from late January to late February. The links on the list right now are to the year-end 2023 reports. We plan to update the links in March after they've made the 2024 reports. We encourage you to save yourselves some work and use this information as part of your compliance efforts. You'll find links to the list on the main page at www.biginy.org/cyber and on the Compliance Resources page.
|
| 
Last Tuesday, more than 40 Big I New York grassroot advocates gathered in Albany to visit with lawmakers and share their concerns about the state of the property and casualty insurance market. Over the course of the day, members engaged more than 50 state lawmakers! The afternoon began with members of the exclusive Group of 100 (G100) braving the cold as they trekked to the Capitol for visits with lawmakers from every corner of the state. The meetings focused on relationship building and the state of the market. One group was ushered into the Assembly Chamber for an official introduction and photos with their Assembly Member! The G100 then joined the Board of Directors for a legislative reception at the Law Office of Shenker, Russo, & Clark, LLP, home to Big I New York's retained government affairs team. Lawmakers were greeted by members serving their legislative districts. Notable attendees included both Insurance Committee Chairs, Senator Jamaal Bailey and Assemblyman David Weprin, and several other lawmakers in top leadership posts. In addition to building rapport with lawmakers, attendees invited elected officials to attend the New York P&C Insurance Summit. This morning of learning is designed to help policymakers understand how the insurance ecosystem operates, today's challenges, and attainable solutions. Thank you to the members who made this day a resounding success! If you were not able to join us in Albany, you can still support grassroots advocacy efforts right from your computer. Here's how: - Invite your lawmakers to the P&C Insurance Summit: Please consider sending a pre-written note inviting your lawmakers to this important event.
- Become a Key Contact: Help strengthen our legislative influence by sharing your personal and professional legislative relationships.
- Join the G100: The Group of 100 is Big I New York's core group of grassroots advocates dedicated to advancing legislative goals that affect independent insurance agencies in New York.
|
|  My Experience with the Big I NY G100by: Yuliya Karpov, Commercial Sales Executive at NBT Insurance Agency
On January 21, I had the incredible opportunity to join the Big I NY G100 advocacy event in Albany, and it was an experience I won't soon forget. As part of the Central New York cohort, I joined insurance professionals from across the state to meet with legislators and share how the current insurance market is impacting New Yorkers.
The day was an eye-opening learning experience, offering a firsthand look at the legislative process and an opportunity to advocate for the needs of our customers and communities. Alongside my colleagues—Jacquie Kelly Kaden of RLK General Insurance Agency, Ashley Franczak from USI, and Larissa Hanslmaier from NYCM—we had the privilege of meeting with representatives from State Senator Chris Ryan's and Senator Pam Helming's offices.
In these meetings, we shared stories of how consumers are grappling with challenges in the current insurance market. We emphasized the need for New York State to take steps to stabilize the market and preserve access to vital insurance solutions. Our goal was clear: to ensure legislators understood the real-life impact of public policies on the people we serve every day.
What stood out most was the responsiveness of the lawmakers. They listened intently as we described the challenges facing policyholders, as well as our commitment to advocating for our customers and the industry. I felt our presence and dedication resonated deeply with them, laying the groundwork for ongoing dialogue on key issues.
In addition to the advocacy work, I thoroughly enjoyed witnessing the energy of an Albany session day. From the bustling halls of the Capitol to the sense of purpose shared by everyone present, the experience was inspiring. I also loved connecting with my assemblymember, Brian D. Miller, who represents the 122nd District. It was wonderful to see familiar faces and build stronger relationships with those shaping our state's policies.
One of the best parts of the day was learning from my colleagues in the industry. Each brought unique insights and perspectives that enriched our conversations with lawmakers. Together, we demonstrated how collaboration across agencies and roles can create a unified voice advocating for positive change.
As I reflect on the day, I'm proud to have been part of such important work. The Big I NY G100 experience reaffirmed my belief in the power of advocacy and the importance of staying engaged in public policy conversations. I look forward to continuing this work and contributing to a stable, accessible insurance market for all New Yorkers.
|
| 
January 2025 has brought with it fresh batches of lake effect snow and a new cybersecurity regulation compliance filing season. Sometime between now and April 15, each agency must log into the NYS Department of Financial Services (DFS) cyber portal and complete and submit one of two forms: Please be aware that neither the agency nor its licensed employees are required to resubmit the Notice of Exemption on the DFS cyber portal unless their circumstances have changed. If nothing has changed, it is unnecessary to complete and submit this form again. In November 2023, DFS adopted amendments to the regulation that implemented a number of changes that are being phased in between Nov. 1, 2023 and Nov. 1, 2025. The bulk of these changes impacted larger entities that do not qualify for the limited exemption. More than 90% of Big I New York members were not impacted by those changes. However, there are some requirements that even small agencies had to meet starting in 2024, with others to follow this year. The following items apply to all agencies: 2024 Changes - Risk assessments must now be done annually.
- The agency's senior officer or its governing body (if it has one) must review and approve the written cybersecurity policies and procedures annually.
- Cybersecurity awareness training, including training on social engineering attacks, must be provided to employees annually.
- Multi-factor authentication (MFA) must be implemented for situations where agency staff access the agency's computer system remotely (from home, cars, restaurants, etc.)
2025 Changes - Implement restrictions on system administrator accounts (effective May 1.)
- Implement written policies and procedures for producing and maintaining an asset inventory of the agency's systems (workstations, mobile devices, phones, printers, etc.) (effective Nov. 1.)
Here are answers to some questions you might have: Do I have to file for both the agency and all my licensed employees? No. Your licensed employees should have long ago submitted Notices of Exemption to the department indicating that they are covered by your cybersecurity program. That makes them exempt from having to complete and submit these forms. Is this something new? No. The first Certification of Compliance was due by February 15, 2018. In 2020, the department pushed the filing deadline back to April 15 (it was actually later that year because of the pandemic, but it is now permanently April 15.) The Acknowledgment of Non-Compliance requirement took effect at the end of 2023. DFS expected entities who may have been out of compliance to complete and submit that form last year. How do I know what sections of the regulation apply to me? If your agency is large enough to not qualify for an exemption, you must comply with all of it. More than 90% of Big I New York members qualify for the limited exemption, and they must comply with only some sections. You can find a list of those sections in our post of Dec. 4, 2023. What do I have to do to comply? We have a comprehensive Cybersecurity section on our website with plenty of content to help an agency comply. The most important parts of that section are the Filing Instructions and Compliance Resources pages. Other pages provide links to the relevant laws in other states, vendors who can assist you, and checklists. Can you help me complete the filing? We encourage you to watch the recording of a webinar Tim Dodge presented last April in which he went step-by-step through the process. Dozens of members attended that webinar and completed their filings in real time. The procedure has not changed since then, so it should be a useful aid for you. Members who wish to have Big I New York staff members provide one-on-one assistance with the filing may obtain that assistance, but there is an additional monetary charge. Why is the State of New York doing this to me? Section 500.0 of the regulation states in part, “Cybercriminals can cause significant financial losses for DFS regulated entities as well as for New York consumers whose private information may be revealed and/or stolen for illicit purposes. The financial services industry is a significant target of cybersecurity threats. … Given the seriousness of the issue and the risk to all regulated entities, certain regulatory minimum standards are warranted, while not being overly prescriptive so that cybersecurity programs can match the relevant risks and keep pace with technological advances. Accordingly, this regulation is designed to promote the protection of customer information as well as the information technology systems of regulated entities." Why are insurance agencies being singled out? They're not. The requirements of this regulation apply to every New York licensed or chartered person or entity in the financial services industry. That includes agencies, carriers, banks, credit unions, investment companies, and so on. It also applies to non-residents who hold New York licenses or charters. Do other states require this? New York was the first state to adopt a cybersecurity regulation for financial services, but at least 22 other states (Connecticut among them) have enacted insurance data security laws based on a model law published by the National Association of Insurance Commissioners (NAIC.) To our knowledge, however, New York is the only state that requires insurance producers to submit annual compliance filings. Where can I find more information? Three excellent resources are: Big I NY Cybersecurity Resources Big I NY Newsfeed – Cyber section NYS DFS Cybersecurity Resources For answers you can't find there, contact Tim Dodge at 800-962-7950 extension 229 or at tdodge@biginy.org.
|
| By Lisa Lounsbury, Big I New York President & CEO
Big I New York is taking bold steps to lead the charge for independent insurance agents, brokers, and their clients. Over the past 18 months, New Yorkers have faced a tough insurance market—rising premiums, shrinking availability, and carriers pulling out and back. It's been a challenge for our members to serve clients, but we're not sitting idly by. Our agent leaders and staff have been relentlessly engaging policymakers and carriers to drive change. While progress has been made, it's not enough. That's why we're thrilled to sponsor the NY Property & Casualty Insurance Summit on February 4. This groundbreaking event, hosted by City & State New York in partnership with NY First, is designed to address the critical issues impacting our industry and the clients you serve. NY First is a Big I New York committee of insurance carriers and agents working together on topics and issues that advance the New York insurance industry. Why This Matters Insurance isn't just a product—it's the foundation of stability for New York businesses and families. As the industry faces rising risks and regulatory and legislative pressures, policymakers must understand how their decisions affect affordability and accessibility. And we need to work together to mitigate risks and build resiliency. That's where Big I New York comes in. We're action-oriented thought leaders driving solutions to ensure a stronger, more resilient future for our industry and New Yorkers. Join Us Through NY First or G100 Insurance carriers who write business in New York are invited to join NY First or contact Kathy Lawler at: klawler@biginy.org. Individuals can join G100 or contact Travis Wattie at tswattie@biginy.org. By joining G100, you gain exclusive access to events like the Summit and play a direct role in shaping legislation and policies that impact your business and clients. This event is geared to New York policymakers and members of NY First and G100. Building a Stronger Community Together Big I New York isn't just a participant—we're leading the conversation. The strength of our association lies in our community of diverse voices, backgrounds and experiences. Our independent agent and broker members are the trusted advisors who stand by their clients during their most challenging moments. The future of New York's insurance industry starts with us. Join Big I New York, join the movement, and let's take action—together.
|
| On January 9, State Senator Jamaal Bailey (D-Bronx/Westchester) was named chair of the Senate Insurance Committee. Sen. Bailey succeeds Sen. Neil Breslin (D-Albany), who retired after 28 years of public service in the State Senate. Sen. Bailey represents the 36th State Senate District, which stretches east of the Bronx River Parkway from East Bronx in the south and just north of Mt. Vernon. Sen. Bailey was first elected in 2016 after serving as Community Relations Director for Assembly Speaker Carl Heastie. In the State Assembly, Assembly Member David Weprin (D-Queens) was appointed to a second term as the Chair of the Assembly Insurance Committee. The bulk of legislation affecting the insurance industry must first pass through both the State Senate and Assembly Insurance Committees, making them critically important to our industry. Big I New York congratulates Sen. Bailey and Assemblyman Weprin on their Insurance Committee appointments and looks forward to working with both to foster a healthy and stable property and casualty insurance marketplace. We also want to express our deepest appreciation and best wishes to Sen. Breslin as he embarks on the next chapter in his life. Sen. Breslin and his team prioritized being accessible to Big I NY and our members and were always willing to hear our concerns, ask thoughtful questions, and be responsive to the needs of our members, customers, and industry. Congratulations Sen. Breslin on a remarkable career in public service!
|
| Written by: Cindy Scharf, Agency Consultant
As an independent insurance agent, you juggle many roles—client advocate, team leader, business builder, compliance “cop", and more. Balancing amazing customer service with effective risk management might feel like walking a tightrope, but the right procedures can make it a breeze. Let's dive into five essential strategies to boost efficiency, deepen client trust, and shield your agency from risk.
1. Refine Your Processes
Take a moment to evaluate your current workflows. Don't have formal procedures yet? No worries—give me a call, and we will create a roadmap together! - Clear Communication: Keep clients informed with timely updates. Leverage tech tools like automated reminders for renewals or coverage changes to stay ahead.
- Rock-Solid Documentation: Protect your agency by recording every interaction. For declined recommendations or reduced coverage limits, get signed client acknowledgments.
- Consistency Matters: Standardize workflows to ensure every team member delivers reliable service every time.
2. Ace Client OnboardingFirst impressions matter! Build a seamless onboarding process with a coverage checklist that uncovers exposures and cross-sell opportunities. Not only does this boost production, but it's also your safety net in case of E&O claims. 3. Embrace TechnologyIs your tech stack working for you? Explore AI and automation to handle repetitive tasks, minimize errors, and save time. From centralizing communication to enhancing workflows, tech integration is the secret sauce for operational excellence. 4. Invest in TrainingA well-trained team is a happy team. Offer ongoing training in technical skills, communication, and time management. Encourage your staff to pursue industry certifications—it's a win-win for morale and confidence. Visit www.biginy.org/education to explore the many training offerings. Remember, a knowledgeable team is your best defense against E&O claims. 5. Conduct Internal AuditsWhen's the last time you conducted an internal E&O audit? Regular audits help identify service inconsistencies, close operational gaps, and strengthen your agency's compliance. Think of it as a proactive way to safeguard your business.
By adopting these procedures, you're not just managing risk - you're building a resilient, customer-focused agency. Structured guidelines and thorough processes lay the groundwork for consistency, professionalism, and long-term success. Ready to elevate your agency? Let's make it happen! Operational Services |
Follow javascript: SP.SOD.executeFunc('followingcommon.js', 'FollowDoc', function() { FollowDoc('{ListId}', {ItemId}); }); 0x0 0x0 ContentType 0x01 1100 Item Audit Detail /_layouts/15/images/GORTL.GIF /newsfeed/_layouts/15/AuditingLog/ItemAudit.aspx?ItemId={ItemId}&ListId={ListId} 0x0 0x40000000 ContentType 0x01 300 Compliance Details javascript:if (typeof CalloutManager !== 'undefined' && Boolean(CalloutManager) && Boolean(CalloutManager.closeAll)) CalloutManager.closeAll(); commonShowModalDialog('{SiteUrl}'+
'/_layouts/15/itemexpiration.aspx'
+'?ID={ItemId}&List={ListId}', 'center:1;dialogHeight:500px;dialogWidth:500px;resizable:yes;status:no;location:no;menubar:no;help:no', function GotoPageAfterClose(pageid){if(pageid == 'hold') {STSNavigate(unescape(decodeURI('{SiteUrl}'))+
'/_layouts/15/hold.aspx'
+'?ID={ItemId}&List={ListId}'); return false;} if(pageid == 'audit') {STSNavigate(unescape(decodeURI('{SiteUrl}'))+
'/_layouts/15/Reporting.aspx'
+'?Category=Auditing&backtype=item&ID={ItemId}&List={ListId}'); return false;} if(pageid == 'config') {STSNavigate(unescape(decodeURI('{SiteUrl}'))+
'/_layouts/15/expirationconfig.aspx'
+'?ID={ItemId}&List={ListId}'); return false;}}, null); 0x0 0x1 ContentType 0x01 898
|
|
|