An Overview of the National Association of Insurance Commissioners and its Role in Creating Regulations for Compliance with the Gramm-Leach Bliley Act

October 18, 2006

Introduction

The National Association of Insurance Commissioners (NAIC) is a voluntary organization of the U.S. state and territorial insurance commissioners.  The NAIC was formed in 1871, making it the nation’s oldest association of state officials.

The McCarran-Ferguson Act, passed in 1945, gave states the power to regulate the insurance industry, exempting the industry from essentially all federal regulation (i.e., the Sherman Anti-Trust Act, the Federal Trade Commission Act, etc.).  However, the exemption only applies if the states enact regulations; federal regulations apply otherwise.  Because of this exemption from federal regulation, one of the NAIC’s primary roles has been to facilitate the development, and recently the standardization, of state insurance regulations.

The passage of the Financial Modernization Act of 1999, also known as the Gramm-Leach Bliley Act, significantly increased the privacy requirements imposed on financial industries.  The requirements of the Gramm Leach Bliley Act reach the insurance industry, so in 2000, the NAIC adopted the Model Privacy of Consumer Financial and Health Information Regulation (“Model Regulations”), which have been passed, at least in part, in most states.

This article will provide a brief overview of the NAIC, as well as a discussion of the NAIC’s Model Regulations and their impact on the insurance industry.

The NAIC

The overall purpose of the NAIC is to assist state regulators in the performance of their regulatory oversight function with regard to the insurance industry.  In doing so, there is a fundamental tension between the desire for local control and the need for some degree of national uniformity and the resultant efficiency.

The NAIC’s membership consists of 55 state and territorial insurance regulators, and it aims to serve them by pursuing the following basic goals:

The NAIC membership elects leadership from among the member insurance commissioners.  There is a regional level of leadership, and all members also serve on committees.  By working together, the members are able to pool their resources and efforts in pursuing common goals.


Much of the NAIC’s efforts are directed at formulating policy through the development and promotion of model regulations, testifying before legislative bodies, and meeting with elected officials.  In addition to these lobbying efforts, the NAIC provides training, networking opportunities, and publications for state insurance regulators.  To a more limited degree, the NAIC also creates informative brochures for insurance consumers.  Moreover, the many natural disasters of recent years, along with the newly-realized threat of terrorist activities, have highlighted another function of the NAIC: the coordination of efforts and resources in response to major insurance events.  Finally, the NAIC is the clearinghouse for financial information on virtually all U.S. insurers, and provides actuarial, financial, and other information to members as they seek to fulfill their obligations as regulators of the insurance industry.

A recent achievement of the NAIC has been the formation of the Interstate Insurance Product Regulation Compact.  The Compact became operational in June of 2006, when Ohio became the 26th state to join.  The Compact will further standardize state regulations in hopes of increased efficiency and freer competition among insurance providers.  Member states now include Alaska, Colorado, Georgia, Hawaii, Idaho, Indiana, Iowa, Kansas, Kentucky, Maine, Maryland, Minnesota, Nebraska, New Hampshire, North Carolina, Ohio, Oklahoma, Pennsylvania, Puerto Rico, Rhode Island, Texas, Utah, Vermont, Virginia, Washington, West Virginia, and Wyoming.

A major ongoing battle of the NAIC is the fight against the National Insurance Act of 2006 ( S.B. 2509).  Sponsored by Republican Senator John Sununu of New Hampshire and co-sponsored by Democrat Senator Tim Johnson of South Dakota , the bill would create a federal insurance regulatory office within the Department of the Treasury.  Insurers would have the option to continue to be regulated by the states, or to opt for a single national regulatory scheme.  The NAIC is vigorously opposing this bill, which is still in the earliest stages of the legislative process.

Model Privacy of Consumer Financial and Health Information Regulation

Significantly increased privacy requirements in the insurance industry are one part of the Financial Modernization Act of 1999 (GLB Act).  The main goal of the GLB Act was to repeal Depression-era divisions between banking, insurance, and other financial service industries in order to allow multiple financial services to be offered by one company.  This raised the prospect of such merged companies sharing consumer information, leading to privacy concerns.  Consequently, Title V of the GLB Act created two new privacy-related requirements: the notice requirement and the opt-out notification requirement.

The notice requirement mandates that all financial institutions provide comprehensible notices of privacy practices to individual customers.[1]  Such notices must be given at least annually.  The GLB Act does not specify, other than the “opt-out” requirement, what should be included in the privacy policy.  It only requires that the notice be given.  The “opt-out” provision requires that consumers[2] be informed of their right to prevent the financial institution from sharing personal financial information with third parties.  There are exceptions allowing, for example, a financial institution to share information to the extent necessary to complete a transaction for which the information was provided by the consumer.  Another exception allows for sharing under a joint marketing agreement, while yet another exception allows for sharing information to allow the financial institution to market its products and services.

The authority to develop and enforce regulations to clarify and expand upon the GLB Act’s broad privacy requirements is generally given to federal agencies such as the FDIC, the SEC, and the Federal Reserve Board.  However, because state regulations preempt federal regulations regarding the insurance industry, the federal regulations for the insurance industry promulgated by the Federal Trade Commission serve only as a default in the event that a state chooses not to adopt its own privacy regulations.

To assist states in adopting their own regulations, the NAIC has developed the Model Privacy of Consumer Financial and Health Information Regulation (Model Regulations).  The Model Regulations have been controversial from the time they were adopted in September of 2000, because they go beyond the basic requirements of the GLB Act.  The Model Regulations include provisions dealing not only with a consumer right to “opt-out” of sharing financial information, but with a requirement that consumers affirmatively “opt-in” before medical information can be shared.  This “opt in” requirement applies to information that is shared with third parties as well as to information that is shared within one corporation.

Other than the “opt-in” requirement, the NAIC Model Regulations are basically the same as the federal regulations.  The only other major differences are that the Model Regulations apply to the insurance industry as well as its “licensees,” and the definitions of “consumers” and “customers” are refined to be more appropriate for the insurance industry.

Some financial services trade groups have criticized the Model Regulations for reaching too far and for placing artificial barriers between financial service companies when the GLB Act was intended to remove such barriers.  Interestingly, some consumer advocacy groups criticized the NAIC for not going far enough to protect consumer privacy.

The NAIC called on its members to adopt the Model Regulations by July 31, 2001 .  At this time, all states have adopted some form of privacy regulations, though not necessarily the Model Regulations.  One study indicates that 38 states have adopted some form of the Model Regulations, with a clear majority of states adopting the financial privacy protections.  The NAIC acknowledges that a number of states have not adopted the Model Regulations, but notes that 13 of these states have adopted regulations based on the Insurance Information and Privacy Protection Model Act that was promulgated by the NAIC in the 1980s.  Moreover, the NAIC claims that a majority of states have enacted regulations that exceed the privacy requirements of the GLB Act.

The main concern of the financial services industry has always been the medical information protections of the Model Regulations.  However, Section 20 of the Model Regulations specifies that if a company complies with the requirements of the Health Insurance Portability and Accountability Act’s (HIPAA) privacy rule, than it will be deemed in compliance with the Model Regulation’s medical information privacy protections.  Because the privacy protections of HIPAA have fully taken effect, it does not appear that the heightened requirements of the Model Regulations should be of concern at this point.

Of some concern is the fact that various states have adopted strict rules that exceed the requirements of the GLB Act.  This patchwork of regulations can be a burden on the compliance efforts of multi-state insurance providers, and is presumably part of the impetus behind the National Insurance Act of 2006.  Finally, because the Model Regulations apply to insurance companies as well as their “licensees,” the information contained in this article is of concern to anyone dealing with the insurance industry, not just to the industry itself.

Frost Brown Todd regularly attends the NAIC’s quarterly meetings and actively participates in many of the organization’s task forces and working groups as or on behalf of interested parties.  Should you have any questions or would like additional information concerning our participation with the NAIC, please feel free to contact Greg E. Mitchell at 859-244-7548 or gmitchell@fbtlaw.com or other members of the FBT Insurance Industry Group.



[1] A “customer” is someone who has an on-going relationship with the financial institution.

[2] The term “consumer” includes customers as well as people whose relationship with the financial institution is more transactional as opposed to on-going.

Additional Documents:

Practices

Industries

Top