The New York State Department of Financial Services (DFS) today proposed revised changes to its cybersecurity regulation. Today's publication in New York State Register, the state's weekly compilation of regulatory changes, modifies amendments DFS proposed last fall. The revisions proposed today respond to comments Big I New York and others submitted earlier this year on the first proposal.
Most Big I New York members are agencies with eight or fewer employees. Much of the impact of the proposed amendments is on larger organizations such as carriers and banks. However, our preliminary review of today's proposal found some changes that affect all agencies and brokerages.
Last fall's proposal would require all covered entities to implement multi-factor authentication (MFA.) MFA is a technology that helps prevent unauthorized access to computer networks. Many cyber insurance companies require their insureds to implement it. The revised proposal limits the impact on agencies eligible for the limited exemption. These smaller companies will have to use MFA for:
- Remote access to the company's network (such as when staff log in offsite.)
- Remote access to third party software applications from which individuals can access non-public information.
- All system administrator accounts.
The first proposal expanded the annual Certification of Compliance requirement. It would have forced all entities to disclose areas of the regulation where they were not in compliance. Big I New York objected, saying, “Requiring covered entities to document noncompliance and identify specific areas of vulnerability will put NYSDFS in possession of a list of prime targets for cyberattack or extortion, which bad actors will seek to access and exploit." DFS agreed and has dropped the requirement. Instead, entities will have to produce reports upon request.
Last fall's proposal deleted wording from the Third-Party Service Provider (TPSP) section that an “agent, employee, representative or designee" of a covered entity who follows its TPSP security policy need not create its own. Some observers worried that removing it imposed new duties on individuals. DFS confirmed that they removed it because the section on Exemptions has similar wording.
We requested longer transition periods for some new requirements. DFS rejected most of these suggestions but did lengthen the transition period for implementing MFA. That period will be two years from the amendments' effective date, whenever that may be.
DFS rejected other Big I New York's suggestions, including:
- Making entities eligible for the limited exemption if they have less than $10 million in New York gross revenue instead of the current $5 million.
- When determining whether an entity has less than 20 employees (and thus qualifies for the limited exemption,) including only independent contractors who are in the insurance business.
- Clarifying the MFA section to state that entities that do not have a chief information security officer (CISO) may use more secure alternatives to MFA.
- Removing “image and reputation" and “other organizations" from the list of risks entities must identify when they perform their risk assessments.
- Requiring entities to perform risk assessments annually only if their cyber risks have materially changed.
- Under the TPSP security policy section, exempting agencies from having to perform due diligence on carriers and other covered entities, and vice versa.
- Limiting punishable acts only to intentional failures to comply and lengthening the minimum violation period to 72 hours.
DFS has not adopted the proposed amendments yet. Members of the public may submit comments until August 14 by emailing Joanne Berman of DFS. We encourage all of you to review the proposal and the assessment of public comments (see the links below) and submit appropriate comments on the new proposal.
Big I New York will continue to keep you informed on developments regarding this important regulation.
For more information, see:
This week, the New York State legislature adjourned until January of 2024. The legislature passed thousands of bills, including several that will have impacts for your agency. Big I New York actively lobbied on these issues and we are pleased that two of our highest priority bills have passed the legislature and will soon be sent to the governor for action.
Photo Inspection Reform
What the Bill Does: Allow insurance companies to waive CARCO inspections for the next four years. After four years the change will sunset and photo inspections will again be required, unless the bill is extended or further modified.
What it Means for You: This bill will dramatically reduce the amount of photo inspections that are required for insurance. We anticipate that the vast majority of carriers will cease to require photo inspections as they are burdensome and unnecessary to prevent insurance fraud. Data from CARCO testimony in other states suggests the number of inspections required will drop by around 90%. This will save significant staff time for your agency and greatly improve customer experience. Most importantly it will help avoid situations in which customers lose coverage because they were unable to complete an inspection in time.
What's Next: The bill will soon be sent to the governor at which point she will have 10 days to sign or veto it. This bill is the same as the proposal the Governor included in her executive budget proposal, so we are in a strong position for her to sign it. It will take effect 180 days after signature into law.
Unfair Quoting Practices
What the Bill Does: Requires verification of driving history when used as a rating or underwriting factor for private passenger motor vehicle insurance. This bill takes aim at the practice by some carriers of binding coverage based on an initial quote and questionnaire with the insured, and then raising the premium following a check of the insured's driving history.
What It Means For You: This will help level the playing field between independent agents and direct writers, and protect customers from misleading unfair quoting practices.
What's Next: The bill will be sent to the governor at which point she will have 10 days to sign her veto it currently it is unknown when the bill will be sent, but it must happen by the end of the year. The law will take effect 180 days after it is signed by the governor.
What the Bill Does: Voids noncompete agreements and permits covered individuals to bring civil actions against employers or people alleged to have violated the law. The bill does not affect non-solicitation agreements or non-piracy agreements and employers will still be permitted to prohibit employees from disclosing trade secrets confidential information or soliciting agency clients.
What It Means for You: If signed into law, businesses will no longer be permitted to use noncompete agreements, However, existing non-compete agreements will remain enforceable.
What's next: The bill will soon be sent to the governor for her signature or veto, and would become effective 30 days after it is signed into law. Big I New York, along with the larger employer community opposed this bill and similar bills that have been proposed in the past. We will work closely with the business community to urge the governor to veto or favorably amend this bill. At a minimum, this legislation must include an exemption to allow non-competes in the sale of a business.
Wrongful Death Expansion
What the Bill Does: Expand the wrongful death law to allow emotional damages including for grief or anguish and loss of affection and companionship in wrongful death cases and add others such as siblings or cousins to the list of family members eligible for damages. Big I NY and a broad coalition of business, municipal, and healthcare groups strongly oppose this bill as it will significantly impact insurance costs and costs to taxpayers.
What it Means for You: If signed into law, we anticipate it will impact the cost and possibly the availability of insurance coverage, with the most severe impacts in general liability, municipal coverage, and medical malpractice. A recent study found that this legislation could increase average annual premiums for New York residents and businesses by $2.2 billion or 12.6%.
What's Next: This bill will be sent to the governor at which point she will have 10 days to sign her veto it currently it is unknown when the bill will be sent, but it must happen by the end of the year. The bill is substantially similar to a bill the Governor vetoed in January 2023, citing cost concerns to taxpayers and businesses. Big I NY will continue to work closely with our allies to urge this bill be vetoed.
More than 20 Big I NY members traveled to Washington, DC on April 26-27 for the Big I National Legislative Conference. They had a total of 13 meetings with members of Congress to discuss federal issues impacting independent agents and their clients including small business tax credits, national prohibition of most non-compete agreements, National Flood Insurance Program and others. The weather was perfect and many found a bit of time to take in the sights, including a group tour of the Capitol. Big I NY is the voice of independent agencies in New York!
Big I NY Photo Inspection Reform Bill Clears Legislature:
This week, we celebrated a major milestone in our campaign to end mandatory CARCO inspections, with the State Senate passing our photo inspection reform bill by a vote of 55-8. The bill passed the Assembly in March, meaning that final step is for the Governor to sign it into law. The bill next must be “sent" by the Assembly to the Governor, which triggers a ten-day period for her to take executive action. Big I NY is working with the Governor and Assembly to ensure this process happens swiftly. We are optimistic the bill will be signed, as the language is identical to language that Governor Hochul included in her own executive budget proposal earlier this year. Nonetheless, we are urging all agents to call the Governor and register their support for this common-sense reform.
Excess Lines Reform Bill Advances in Senate:
Big I NY-priority legislation to eliminate the “diligent effort" requirement for commercial excess lines policies cleared the Senate Insurance Committee and advanced to the Senate floor, where it will soon be voted on by the full chamber. The bill must also pass the Assembly Insurance Committee and a floor vote by the full Assembly before being sent to the Governor.
State Insurance Fund Reform Bill Introduced:
On April 3rd, Assemblyman David Weprin, Chair of the Assembly Insurance Committee, introduced comprehensive legislation which would level the playing field between the State Insurance Fund (SIF) and private carriers. The bill would require that the State insurance Fund be licensed by the Department of Financial Services (DFS) and subject to the same requirements as other insurance companies providing workers' compensation insurance, and would require that the Superintendent of DFS approve the rules adopted by SIF for the conduct of its business. It would also eliminate the requirement for SIF policyholders to provide 30 days' notice to withdraw from the Fund, and allow the payment of commissions. Big I NY strongly supports this bill and will work with Chairman Weprin to advance it this session.
This week, the NYS Assembly passed A.3172-A, our bill to allow carriers to waive CARCO inspections for the next four years, by a vote of 116-25. The bill was sent to the Senate, where it must pass the Insurance Committee and floor vote before being sent to the Governor. This is a major advancement in our campaign and it would not have not have been possible without the engagement of our agents, and the leadership of the bill's sponsor, Assemblyman Ken Zebrowski. With passage by the Assembly, we are increasingly optimistic about the prospects of this bill being passed and signed into law this session.
Also this week, the Assembly unanimously passed Big I NY priority legislation to require insurers to verify an applicant's driving history before binding coverage. Currently, certain insurance carriers will bind auto coverage based on an initial quote and questionnaire. The insurer later runs the insured's motor vehicle record (MVR), typically resulting in a higher premium. This practice is misleading to consumers. Like our photo inspection bill, this bill now heads to the Senate for a committee vote.
Lastly, on March 22nd, Senator Neil Breslin introduced S.5896, a Big I NY priority bill to exempt certain commercial lines insurance transactions from the diligent effort requirement. This bill would eliminate both a process and excessive data reporting which provides no benefits to insureds. The bill is currently in the insurance committees in both the Senate and Assembly.
UPDATE: This bill passed the Assembly on March 29th.
Recently, we shared the news that the Senate and Assembly removed photo inspection reform legislation from their “one house" budget proposals, meaning it is unlikely that our bill will be included in the final budget. However, this is not a death blow to the campaign and in fact, we are still in a strong position to pass the bill this session.
First, a quick refresher. In 2022, the Senate and Assembly both passed our bill to allow carriers to waive CARCO inspections. That bill was sent to the Governor, and in November of 2022, she vetoed it. Following the veto, we worked closely with her office and reached a compromise: allow carriers to waive CARCO inspections for the next four years. Governor Hochul then reaffirmed her commitment by including the bill language in her executive budget proposal. We rallied behind her and urged the legislature to follow suit in their own respective budget proposals. The legislature declined, not because they oppose the bill, but because they prefer the budget to focus only on fiscal matters. Now, the Governor and legislative leaders will negotiate on the final budget, due April 1st.
We don't expect photo inspection reform will survive the budget negotiations. But the state budget is just one way to pass a bill; we can also pass a stand-alone bill, like we did last year. And we are already moving swiftly. A bill identical to the Governor's proposal has been introduced in both houses, and already the Assembly passed the bill through the relevant committees and to the floor. On March 22nd, it was laid out for consideration, and "laid aside" for further debate. This is a strong sign it poised to pass the full chamber. We feel strongly the Senate will do the same. Given the Senate and Assembly both passed a nearly identical bill last year, little objection has been raised to passing these bills again. That just leaves the Governor…and it's the same bill she included in her own budget.
So, what's next?
The bill could be up for a vote by the full Assembly as soon as this week, so we need everyone to call their Assemblymember. Then, stay tuned as we push the Senate to follow suit. We can't - and won't let up the pressure!
This week, the Senate and Assembly released their “one-house" budget proposals, which are a statement of each house's priorities for the state budget. Both the Senate and Assembly rejected virtually all the Governor's policy proposals, including legislation to allow carriers to waive photo inspections for the next four years. This means it is unlikely, but not impossible, that photo inspection reform will be adopted as part of the final state budget.
While disappointing, this outcome was not entirely unexpected.
In recent years, the state legislature has increasingly pushed back on the inclusion of legislative policy in the budget, preferring to address only matters with a direct fiscal impact to the state. We have confirmed that photo inspection reform was removed for this reason, not due to substantive objections with the bill. We will continue to advocate for the inclusion of this proposal in the state budget, and have already secured commitments from the bill's sponsors to advance it as a stand-alone bill once the budget has been completed.
Also this week, the Senate Insurance Committee voted in favor of Big I NY-supported legislation to allow an insurer to retroactively cancel a policy in the event of fraud or a staged accident. This would eliminate an incentive to commit insurance fraud and help contain rising auto insurance costs. The bill must pass a vote by the full senate, as well as a committee vote and floor vote in the Assembly, before being sent to the Governor to sign or veto.
On March 9th, the NYS Assembly unanimously passed Big I NY-supported legislation to eliminate an unnecessary burden on customers by repealing the anti-arson application statewide.
Section 3403 of the Insurance Law requires the completion of an “anti-arson application" for people seeking property insurance for fire or explosion to complete. If a policyholder fails to complete this application, which is required upon initial application for insurance and on each subsequent renewal of the policy, the insurer must cancel the policy.
Technology has advance dramatically since the application was first required, and the law has outlived its usefulness. Insurance companies today are required by law to have fraud prevention plans, which are filed with the State, on how they detect, investigate, and prevent fraudulent activities. These fraud prevention plans are far more effective than the anti-arson application form which simply asks a series of questions. The law is just a paperwork burden for policyholders who risk losing coverage if the paperwork is not completed. Recent legislation scaled back the current law to remove cities with a population of less than 1 million, leaving New York City as the last jurisdiction with this requirement.
Big I NY thanks the bill's sponsor, Assemblyman Daniel Rosenthal (D, Brooklyn) for championing this critical pro-customer reform. The bill must now pass the Senate and be signed by the governor before becoming law. Email your senator today and urge them to pass this bill!
This week, independent agents from across the state participated in virtual meetings with state lawmakers, urging them to pass photo inspection modernization as part of the state budget. Governor Hochul's executive budget proposal includes legislation to allow carriers to waive CARCO inspections, and we are pushing the Senate and Assembly to follow suit in their respective budget proposals.
Independent Agents Advocacy Week began with a kickoff session keynoted by Senator Neil Breslin, chairman of the influential Senate Insurance Committee and sponsor of photo inspection reform legislation. “On photo inspection, we're pushing it again very hard…hopefully we'll get it passed and signed into law and we'll all be happy," said Senator Breslin.
Throughout the week, Big I NY members met with nearly two dozen senior lawmakers and staff members who have direct influence on the legislative budget proposals. Agents shared stories of how their customers are impacted by this antiquated requirement and urged lawmakers to act swiftly to pass common-sense reform. The response from lawmakers was overall positive.
Additional legislative meetings will be held in the coming weeks, as the budget process advances toward the April 1st deadline.
One question we frequently get from members is whether a specific type of information is "nonpublic information" that the New York cybersecurity regulation requires them to protect. We've created an easy-to-use decision tree to help you figure that out. Simply answer the yes-no questions in order and you will be able to determine whether the regulation requires you to protect it or not.
This file will be permanently posted in the Compliance Resources section of the Cybersecurity page on our website (www.biginy.org/cyber). Click here to download it now. Note: If you want to print it, you may have to adjust the print settings to shrink the file to 95% or so.