WSIA strongly supports the continuation of a state-based regulatory system for insurance and directs significant efforts and resources towards state legislative advocacy.
GovHawk Reports: Pending Legislation & Regulations
WSIA monitors proposed state legislation and regulation that impacts the surplus lines industry. A current list of bills and proposed regulations, including WSIA commentary can be found below. Just click on a state to view pending legislation and regulations or click here to view the entire report on a separate page.
Members may also receive weekly email alerts that include bill progress and hearing schedules. Alerts arrive every Monday morning and contain any updates to bills or regulations that are relevant to the surplus lines industry.
To sign up, just click here to send an email to WSIA and include your signature with name, email address, company and title.
Insurance Industry Cyber/Data Security Requirements
Last Updated: 3/25/20
New York was the first state to implement a comprehensive insurance industry specific cybersecurity regulation in March 2017, when the New York Department of Financial Services (DFS) issued final Cybersecurity Requirements for Financial Services Companies (23 NYCRR 500). This year the New York DFS altered its annual filing date for Certification of Compliance from February 15 to April 15 but then delayed the deadline to June 1, 2020 in response to the COVID-19 outbreak.
The Excess Line Association of New York has partnered with a vendor, Renaissance Systems Inc., to provide CyberCompass, a free, automated online DFS cybersecurity regulation compliance tool to ELANY members. Click here to access the tool.
In 2017 the NAIC passed the Insurance Data Security Model Law which was intended to assist states in establishing standards for data security and investigation and notification of Insurance Commissioners after an insurance related cybersecurity event. Additional information and resources from the NAIC are available on a special Key Issue: Cybersecurity page. Alabama, Connecticut, Ohio, New Hampshire, Michigan, Mississippi and South Carolina all passed legislation enacting the model in some form. In 2020, the following states are pursuing the Insurance Data Security Act:
Connecticut is also pursuing amendments to their established data security law that would clarify the definition of a licensee.
Domestic Surplus Lines Insurance Companies (DSLIs)
U.S. surplus lines carriers are typically domiciled in one state, where they are “admitted” or “authorized” as a surplus lines carrier and they receive a certificate of authority; however, they do not actually write business in that state, rather they “export” surplus lines coverage to another state, generally the home state of the insured. Although it is generally true that a surplus line carrier cannot write surplus lines business in their state of domicile, some states are changing laws that allow surplus lines carriers to do so as a Domestic Surplus Lines Insurance company (DSLI). In order to write surplus lines risks in their domiciliary state, a carrier must be approved or admitted in that state as a DSLI, meaning just because the state has a DSLI law, does not mean they may automatically write surplus lines business in that state. Carriers must take specific action, and that state must actually have a DSLI provision in their insurance code. Historically, if a surplus lines carrier does not have status as a DSLI they often will have two separate corporate entities domiciled in two separate states to allow them to export surplus lines coverage to all states where they are eligible to do business.
To date, 21 have authorized DSLIs, and the numbers of states considering it continues to grow. Currently, the following states have implemented DSLI laws: Arizona, Arkansas, Connecticut, Delaware, Georgia, Illinois, Iowa, Louisiana, Missouri, Nebraska, Nevada, New Hampshire, New Jersey, North Carolina, North Dakota, Oklahoma, Ohio, South Carolina, Texas, Virginia and Wisconsin.