State Issues

WSIA strongly supports the continuation of a state-based regulatory system for insurance and directs significant efforts and resources towards state legislative advocacy.

GovHawk Reports: Pending Legislation & Regulations

WSIA monitors proposed state legislation and regulation that impacts the surplus lines industry. A current list of bills and proposed regulations, including WSIA commentary can be found below. Just click on a state to view pending legislation and regulations or click here to view the entire report on a separate page. 

Members may also receive weekly email alerts that include bill progress and hearing schedules. Alerts arrive every Monday morning and contain any updates to bills or regulations that are relevant to the surplus lines industry.

To sign up, just click here to send an email to WSIA and include your signature with name, email address, company and title.

Insurance Industry Cyber/Data Security Requirements 

Last Updated: 6/1/18

Many states are contemplating or have already implemented regulations and laws specific to the insurance industry relating to cyber or data security. These regulations or laws typically impact the entire insurance market, including surplus lines brokers and carriers. WSIA monitors all legislative and regulatory activities for this developing area, with our focus being on the direct impact to WSIA members. As new laws and regulations are implemented, WSIA will provide information to ensure our members are aware of changes impacting how they are required to maintain information, report breaches and ensure data security for purposes of building compliance their own practices.

NAIC activity

On October 24, 2017, the NAIC passed the Insurance Data Security Model Law. The model is intended to assist states in establishing standards for data security and investigation and notification of Insurance Commissioners after an insurance related cybersecurity event. The NAIC is also considering the creation of a Cybersecurity Insurance Institute that catalog and study breach events, provide information on risk mitigation and coordinate other cyber education initiatives among the states. Additional information and resources from the NAIC is available on a special Key Issue: Cybersecurity page.

State activity

WSIA will produce a state tracking chart as more states have legislative and regulatory activities; however, the below states have taken the following actions:

Michigan introduced an insurance specific data security bill that would only require insurers to disclose a security breach.

New York was the first state to implement a comprehensive insurance industry specific cybersecurity regulation when on March 1, 2017, the New York Department of Financial Services (DFS) issued final Cybersecurity Requirements for Financial Services Companies  (23 NYCRR 500). This regulation impacts surplus lines brokers. The Regulation mandated that each covered entity (including New York surplus lines licensees) must implement an extensive risk-based cybersecurity program to protect information systems and nonpublic information. We encourage WSIA members to look at the Key Dates and FAQs posted by DFS relating to the Regulation to help answer some questions.

Additionally, to help educate WSIA members and prepare for the new requirements, WSIA hosted a webinar on August 1, 2017, prior to one of the first “key dates” for the regulation, providing an overview of the regulation and potential compliance issues. Information presented on the webinar is available at the below links:

To view a recording of the webinar, click here.
To download a copy of the PowerPoint slide deck, click here.
To download a copy of the FAQs, click here.

Rhode Island introduced insurance data security legislation modeled after the NAIC language (pending).

South Carolina was the first state to implement a data security law based on the NAIC model. The law requires all entities licensed and registered with the state to implement and maintain a comprehensive information security program based on the licensee's risk assessment and establish an incident response plan. This law takes effect on January 1, 2019.

Domestic Surplus Lines Insurance Companies (DSLIs)

U.S. surplus lines carriers are typically domiciled in one state, where they are “admitted” or “authorized” as a surplus lines carrier and they receive a certificate of authority; however, they do not actually write business in that state, rather they “export” surplus lines coverage to another state, generally the home state of the insured. Although it is generally true that a surplus line carrier cannot write surplus lines business in their state of domicile, some states are changing laws that allow surplus lines carriers to do so as a Domestic Surplus Lines Insurance company (DSLI). In order to write surplus lines risks in their domiciliary state, a carrier must be approved or admitted in that state as a DSLI, meaning just because the state has a DSLI law, does not mean they may automatically write surplus lines business in that state. Carriers must take specific action, and that state must actually have a DSLI provision in their insurance code. Historically, if a surplus lines carrier does not have status as a DSLI they often will have two separate corporate entities domiciled in two separate states to allow them to export surplus lines coverage to all states where they are eligible to do business.

To date, sixteen states have authorized DSLIs, and the numbers of states considering it continues to grow. Currently, the following states have implemented DSLI laws: Arizona, Arkansas, Connecticut, Delaware, Georgia, Illinois, Louisiana, Missouri, New Hampshire, New Jersey, North Carolina, North Dakota, Oklahoma, Ohio, Texas, Virginia and Wisconsin.