To enhance the learning and knowledge process, this course uses learning strategies designed to increase your comprehension and retention.

The format includes traditional headings and subheadings, as well as highlighting and text borders to bring attention to critical concepts and facts that will help you pass the exam.

1. Highlighting: Pay particular attention to areas highlighted in yellow. Understanding concepts and facts contained within these areas are critical to successful completion of the final examination.

2. Text Borders: In order to reinforce certain material in the text it will be set apart through the use of text borders such as the one surrounding this para- graph. When you encounter text surrounded by a text border, pay particular attention to the point being made. Material within the text border will be reinforced later in the course through the use of review questions.

3. Case Studies: Some of the more variable concepts will be illustrated using case studies. These case studies are designed to reinforce the concept being discussed and it is recommended that you take the necessary time to digest the points made within the case studies.

4. For Insurance Licensees in Non-Monitored States, our exclusive web-based search feature allows quick retrieval of important data for maximizing the learning process. Simply execute Ctrl + F (the Ctrl and F keys at the same time) and enter keyword(s) or key phrase(s) to locate those items electronically in the course material.

Understanding all of the material in this text is necessary to achieve the overall learning strategies that have been incorporated to Success Continuing Education copyrighted courses to increase exposure to portions of the text that are fundamental to the learn-ing process and help you pass the test.

*Not all courses currently have review questions or case studies.

How to Get the MostKnowledge from This Course!

BBEESSTT IINNSSUURRAANNCCEE EETTHHIICCAALL PPRRAACCTTIICCEESS

COPYRIGHT © 2009 AFFORDABLE-SUCCESS-FIRSTCHOICE--CLIENTELL CONTINUING EDUCATION 2 Corporate Plaza Drive, Suite 100 Newport Beach, CA 92660 (949) 706-9425 (A member of the Success CE family of Companies.)

© Copyright 2009 ClienTell Continuing Education All Rights Reserved. No part of this publication may be used or reproduced in any form or by any means, transmitted in any form or by any means, electronic or mechanical, for any purpose, without the express written permission of ClienTell Continuing Education, Inc. This publication is designed to provide general information on the seminar topic presented. It is sold with the understanding that the publisher is not engaged in rendering any legal or professional services. Although professionals prepared this seminar, it should not be used as a substitute for professional services. If legal or other professional advice is required, the services of a professional should be sought.

TTaabbllee  ooff  CCoonntteennttss  BEST INSURANCE ETHICAL PRACTICES .................................................................. 1 Chapter 1............................................................................................................................. 1

Sales Conduct.................................................................................................................. 1 Responsibility 1: Ethical Sales................................................................................... 1 Responsibility 2: Long-term Development of Ethics ................................................ 2 Responsibility 3: Understanding the Concept of Integrity ........................................ 9 Responsibility 4: Correct Selection of Insurance Company .................................... 10 Responsibility 5: Product Selection.......................................................................... 14 Chapter 1 – Review Questions.................................................................................. 16

Chapter 2........................................................................................................................... 17 Sales Conduct................................................................................................................ 17

A solutions based approach ...................................................................................... 17 The importance of insurance applications ................................................................ 18 Agency Contracts...................................................................................................... 19 Effective communication .......................................................................................... 20 Policy exchanges and replacements.......................................................................... 21 Product knowledge.................................................................................................... 22 Formal disclosures .................................................................................................... 22 Accurate illustrations and projections....................................................................... 22 Appropriate coverage................................................................................................ 23 Implementing standard practices .............................................................................. 24 Money matters .......................................................................................................... 24 Underwriting responsibly.......................................................................................... 24 Responsible referrals................................................................................................. 25 Insolvency................................................................................................................. 26 Safeguarding client liquidity..................................................................................... 26 Protecting client privacy ........................................................................................... 26 Policy delivery .......................................................................................................... 26 Handling client concerns........................................................................................... 26 Call Centers............................................................................................................... 29 Client retention.......................................................................................................... 30 Chapter 2 Review Questions..................................................................................... 34

Chapter 3........................................................................................................................... 35 Insurance and the Internet............................................................................................. 35

History....................................................................................................................... 35 Internet Conduct........................................................................................................ 36 Internet sales of insurance......................................................................................... 37 Need to acquire Internet skills .................................................................................. 38 Methods of insurance sales via the Internet.............................................................. 38 Benefits and drawbacks of Internet sales of insurance ............................................. 39 Insurance consumers................................................................................................. 43 Electronic insurance payments ................................................................................. 44

CAN-SPAM Act of 2003.......................................................................................... 45 Electronic signatures................................................................................................. 47 Cyber fraud ............................................................................................................... 49 Internet security ........................................................................................................ 50 Chapter 3 Review Questions..................................................................................... 52

Chapter 4........................................................................................................................... 53 Privacy Procedures........................................................................................................ 53

Information sharing: To do or not to do?................................................................. 53 Agent's role ............................................................................................................... 54 Privacy concerns explained....................................................................................... 54 Specific privacy laws and regulations....................................................................... 59 Drawbacks of privacy compliance............................................................................ 70 Choices in sharing confidential information............................................................. 71 Power over financial information ............................................................................. 71 Maintaining client privacy online ............................................................................. 72 Privacy safeguards for online transmissions............................................................. 74 Agent involvement in maintaining privacy............................................................... 76 Privacy rules for concerned parties........................................................................... 79 Client queries about privacy ..................................................................................... 81 Example of actual privacy disclosures...................................................................... 85 Chapter 4 Review Questions..................................................................................... 89

Chapter 5........................................................................................................................... 90 Loss Control & Risk Management ............................................................................... 90

Risk Management ..................................................................................................... 90 What is safety management? .................................................................................... 95 Suggestions for loss control ...................................................................................... 98 Adequacy of insurance coverage and limits of liability............................................ 99 Litigation................................................................................................................. 101 Insurance for businesses ......................................................................................... 104 Concealment ........................................................................................................... 104 Misrepresentation.................................................................................................... 105 Chapter 5 Review Questions................................................................................... 106

Chapter 6......................................................................................................................... 107 Agent Duties and Responsibilities .............................................................................. 107

Duty to the client..................................................................................................... 107 Duty to the insurance company............................................................................... 108 Integrity................................................................................................................... 108 Maintaining proper licenses and records ................................................................ 108 Unfair trade practices.............................................................................................. 109 Ethical practices ...................................................................................................... 110 Office procedures manual ....................................................................................... 113 Chapter 6 Review Questions................................................................................... 115

Chapter 7......................................................................................................................... 116 Consumer protection................................................................................................... 116

Advertising in Insurance ......................................................................................... 116 Consumer protection laws....................................................................................... 118

Chapter 7 Review Questions................................................................................... 121 Answer Key to Review Questions .................................................................................. 122

1

CChhaapptteerr 11 Sales Conduct Most transactions involving buying and selling are conducted under the premise that the buyer must beware. It is, however, unethical to generalize the application of the “buyer beware” theory to the sales of insurance because the consequences of incorrect policy purchases and sales have far more serious outcomes than the purchase of, for example, a fake designer hand bag. The magnitude of the negative consequences of unethical insurance sales practices underscores the need for sales conduct that is beyond reproach. Ethical sales conduct fosters the good reputation of both agent and insurance company and helps prevent costly litigation in the event a consumer files a complaint. Conducting ethical sales practices also leads to higher commissions that stem from lower operating costs and enhanced public trust. Underwriter may also be limited when submitting agents have experienced no sales conduct violations. A number of distinct responsibilities are components of appropriate sales conduct.

Responsibility 1: Ethical Sales A code of moral conduct is not inherited. It develops over a lifetime of experiences. Although the comprehensive results of practicing ethical behavior may not be evident in immediate gains, concrete benefits do exist. They include increased policy sales and minimized risk of legal action. Application of ethical principles within the insurance industry requires that policy sales should be governed by the needs of the client, not the size of the commission anticipated by the agent. It has become popular in the media to highlight cases of malpractices in insurance policy sales. This tactic is counteracted by the work of various insurance associations and sales speakers. These associations include the Society of Certified Insurance Counselors, (CIC) , Chartered Property and Casualty Underwriters (CPCU), American Society of Chartered Life Underwriters (CLU) and Chartered Financial Consultants (ChFC), the International Association of Financial Planning, and the Million Dollar Round Table. A number of workshops, lectures, insurance continuing education courses, and publications focus on disseminating and propagating a code of ethics within the insurance industry that cannot be overlooked. Some crucial elements of the insurance industry’s code of ethics include:

• Recognizing that the client's interests supersede the agent's interests; • Safeguarding the trust of the client by maintaining confidentiality; • Maintaining a level of competence and expertise commensurate with

advancements in the field so as to provide the best possible advice and service; • Disclosing all relevant facts so the clients can make the best possible buying

decision;

2

• Providing information that is part of one's knowledge and does not violate licensing regulations; and

• Respecting competitors and providing an honest overview of all policies when making comparisons to policies of peer companies.

Defining and following a clear code of ethical conduct aids both the agent and the client when sorting through the complex collection of available financial services. It is also an additional aid in handling the stress that stems from competitive sales practices. Ethical principles are important if an agent wants to move away from a purely ability-based assessment of competence to a more character-based assessment of outcomes. Success can be measured by more than monetary standards when ethical conduct is part of the process of selling and servicing insurance. The prescription and adoption of a clearly defined set of ethical guidelines results in the outcome that is most desired by agents, insurance companies, and regulatory authorities: meeting client's needs.

Responsibility 2: Long-term Development of Ethics Insurance companies are most interested in development of a code of ethics that spans the lifetime of an agent, as it will create stronger agent-client relationships. Mutual feelings of loyalty and trust will result in increased sales, increased referrals, and increased customer satisfaction.

Defining Ethics Ethics can be understood as a collection of personally adopted values that are closely aligned with those collectively adopted by the society of which an individual is a member. A value is a desirable, or worthy, principle or standard. A person who follows his or her own set of values without harming or infringing on the values of others in society is said to express integrity. A person who expresses continuity in his or her adoption of values in all situations, irrespective of the personal outcomes of said situations, is also said to express integrity. Examples of such integrity are evident in the non-violent protests for peace and democracy espoused by various civil rights leaders around the world.

Gray Areas Theoretically, it seems easy to create a code of ethics that are universally applicable. However, given the great degree of relativity inherent in most social situations, establishing one values system that is agreeable by each member of a society is a Herculean task. For example, at a micro level, an agent's environment may include co-workers, the insurance company, competitors, and clients. While keeping the interests and values of the insurance company in mind, the agent may use all means possible to bring the greatest good to the insurance company. The agent may present an insurance policy as a “better” product when compared to another already held by the client. The agent may use incentives to convince a consumer to purchase the “better” product, such as immediate cash payments or misrepresenting insurance policies as retirement plans with death settlements.

3

These practices may enhance the immediate well-being of the company—because they generated new business sales—however, they violated insurance code and/or ethical insurance practices. They definitely did not enhance the well-being of the clients and, in the long-run, will not enhance the well-being of the agent or insurance company.

Discouraging bubble economies A bubble economy is created when immediate short-term gains are reinforced. Foolhardy investments that generate huge returns, and that are also associated with a much higher level of risk, are considered the norm. Investors’ funds are risked in ventures that are tantamount to gambling and they are given assurance that more money will rapidly flow in to fill in the empty spaces. The important point to remember about a bubble economy is that this breakneck pace cannot be sustained over any appreciable length of time. As is the nature of all bubbles, this one will burst. The Wall Street crash in the late 1990s illustrates how bubble economies may bring rapid and overwhelming benefits in the short term, but the ensuing downswing is directly proportional to, if not exponentially, greater. A number of established firms declared bankruptcy, hundreds of employees worldwide were laid off, and a number of innocent investors saw a lifetime of savings evaporate overnight. An example from the world of insurance is that of a couple, Jason and Amy Cash. Their insurance agent assured them that the best possible policy included a vanishing premium. In their case, the term vanishing premium meant that all premium payments would cease at the end of nine years from the policy’s inception, as long as they paid a minimum level of premiums during those nine years. The couple, based on the assurances of the agent, who claimed to be an expert in the field of life insurance, agreed to purchase the recommended policy. What the Cashes did not know about their new policy was the fact that the cessation of premium payments was not guaranteed. In fact, it was contingent upon a number of factors. Unfortunately, the agent did not inform the Cashes about the contingencies or the lack of a guarantee and, instead, assured the couple that premium payments would definitely end after nine years. At some point before the end of the nine-year period, the Cashes were told by their insurance company that premium payments would need to continue for a longer period than had been initially anticipated. According to experts brought in to assess the ensuing agent’s E & O claim, the agent involved was familiar with the vanishing premium’s contingencies and lack of a guarantee; it was determined that the agent failed to guide the couple appropriate and was fully aware of the insurance company’s trends. This type of unfair practice occurs more often when bubble economies prevail; sometimes, they are encouraged by some in the insurance industry. Although laws can be strengthened to create consequences that are more stringent for those who flout the rules, it is unlikely that laws will prevent such practices from recurring. It makes more sense to create a system of positive reinforcements that supports honest and ethical behavior.

4

A Moral GPS Just as the ship's gyroscope helps maintain the balance of the entire vessel, the leaders of a society (or business industry) are responsible for creating a balanced and ethical environment. Taking the nautical metaphor a little further, leaders who possess a very strong moral compass, or GPS, are most likely to lead other members of society in the correct moral direction. An inbuilt GPS does not mean a leader will do the bare minimum to prevent negative outcomes. An inbuilt GPS means a leader will actually go beyond the minimum requirements and allow a strong sense of right and wrong to guide his or her behavior. A strong, intrinsic ethical system means that the correct thing done irrespective of personal interest. A strong sense of ethics does not preclude good business performance; research shows the very opposite. Businesses that score higher on the scale of virtuosity achieve better business outcomes when compared to those who score lower on the same scale.

Handling moral conflict Moral conflict in the workplace usually results from unrealistic goals, or unhappiness, with current work situations. Frustrations that result from poor decision-making can be alleviated if certain strategies are utilized. First, an individual should take on only as much responsibility as can be realistically handled. When an agent takes on excessive responsibilities, he or she may be tempted to cut corners to meet those responsibilities. When the resources to meet obligations fall short of what is needed, they may lead to less than ethical short cuts. Therefore, it is best to give up short-term goals resulting from overloaded schedules. Agents should keep in mind the long-term goals of stronger relationships based on ethical behavior, which result in positive outcomes. Secondly, everyone involved in a particular situation should be considered a stakeholder. A stakeholder is one who has an investment in what occurs—and in the outcome. The investment need not be monetary; it might be time, effort, or reputation, as well. In addition to shareholders, stakeholders may include clients, insurers, and most importantly, agents. Insurance company well-being is linked to client well-being. An agent's well-being hinges on how well the insurance company is doing and, more importantly, the client’s well-being. Bearing these relationships in mind encourages long-term thinking and creation of trustworthy relationships. Finally, developing a high threshold for handling ambiguous situations or challenges is a good strategy to handle moral conflict. Understanding that grey areas exist and there is an ethical way to resolve these issues helps to handle any unexpected situations that may seem overwhelming.

Controlling liability Ethical behavior does not preclude the idea of risk-prevention. An agent needs to make sure that minor issues do not escalate into major liabilities; following certain guidelines will aid in this process:

5

• Have errors & omissions insurance in place; • Understand the terms and conditions of the policy, including exclusions; • Be aware of what is legally required of an insurance agent and exceed these

requirements only if possessing the level of expertise that permits an extension; • Keep in mind, at all times, a clear and strong ethical framework; • Learn vicariously from the mistakes of other agents and avoid repeating their

mistakes; • Keep abreast of sensitive areas in the industry and steer away from those problem

areas; • Be informed about current trade practices and what constitutes unfair practices; • Treat various client fairly and uniformly; maintain consistency in handling similar

situations over time; and • Disclose all pertinent information to clients and secure all required authorizations

and signatures.

Continuing education Some people may be natural born salespeople, but learning to be a good salesperson takes time, effort, and commitment. The possibility of making mistakes is reduced if agents complete initial and ongoing insurance education pertaining to the most current policies and trade practices. Continuing education ensures that the agent will clearly communicate with the client, thereby reducing the possibility of misunderstandings and conflict. Continuing education also allows an agent to make the best possible recommendations to the client based on the most up-to-date information.

Abuse of authority An agent is in the position to influence crucial and life-altering decisions made by consumers. This position of trust may increase the likelihood of such authority being abused—either knowingly or unknowingly. Misrepresenting oneself as an expert without having the actual expertise to back such a claim up may constitute ethical and, sometimes, legal, violations. Situations where such misrepresentations have led to client dissatisfaction and have resulted in legal reprisal against the agents and insurance companies concerned. For example, in a particular situation, the agent failed to provide the client, who asked for the best possible auto insurance, with enough information to make an informed decision and the client sustained consequent losses. This led to a lawsuit that was upheld by the court as it decided the agent had abused a position of power by claiming an expertise he did not possess. The court also claimed the agent had broken the client's trust. In another instance, a long-standing client wished to obtain additional insurance for a sea wall, but was informed by the agent that such insurance was unavailable. After the sea wall sustained damage during a storm, it became known that insurance to cover the sea wall had been available. The court found the agent guilty of neglecting his duty to the client.

6

Laws and Ethics Although laws and ethics do not completely overlap, they are by no means mutually exclusive. A familiarity of what is deemed right and wrong guides the creation and maintenance of laws in society. It is possible, however, to stick to the letter of the law while performing an unethical action. Lies of omission on an insurance application, although unethical, may not always be considered illegal. As is the case with most disciplines, the field of law has become increasingly complex, with no one lawyer being able to know every single law enacted in his or her jurisdiction. This exposure leads many lawyers to specialize in certain areas of the law and the need for teams of lawyers to cooperate on the same case is often required.

Maintaining privacy Privacy concerns are always paramount in the field of insurance, which deal with personal nonpublic financial, health, and other information. A number of laws and other safeguards are in place so a consumer’s private information is not shared inappropriately. Consumers possess certain rights, including the right to decide what information they are comfortable sharing with others. In cases where it is imperative to divulge personal information, the client must be notified in advance. The idea of how privacy can become a source of contention is illustrated by the following case. A large insurance firm employed Edward Bean as an exclusive career agent. In the course of his employment, he used a computer, peripherals, and software he leased from the insurance company. The insurance company clearly stated its continuing ownership of, and right to monitor, the equipment and communications conducted using it. Various agents across the state met and decided to form a chapter of independent contractors, of which Bean became a chapter member and assumed the additional responsibility of writing a newsletter. The insurance company was unwilling to accept the validity of the chapter. Following their refusal to affirm Bean’s membership in the chapter, Bean reported some allegedly unethical business practices conducted by the insurance company. His report, and its subsequent investigation, resulted in the insurance company having to pay a fine and make an assurance that the unethical business practices would cease. These preceding actions were reported in the chapter newsletter. The insurance company retaliated to the publicity by reminding all employees, via a memo, that although they were entitled to freedom of speech, reporting false information was not encouraged, nor would it be permitted. The insurance company warned that it would meet future actions of this nature with legal reprisal. Simultaneously, the insurance company set in motion a plan to provide direct insurance coverage to clients without the assistance or servicing of an agent. The chapter of agents countered this plan of action by creating a letter which it proposed to send to the insurance company’s competitors. The letter included the idea of probable cessation of professional relationships between the agents and the insurance company, as well as the

7

possible defection of a number of clients to rival companies. The letter, although not widely circulated, was e-mailed to one other insurance company. The insurance company then sent out another memo delineating improper communications and carried out a search of agent's e-mails that were stored on the company server for the purpose of locating a copy of the letter. After finding communication regarding the offending letter in Edward Bean's account, the insurance company terminated his employment and retrieved all equipment in his possession. An internal review board upheld the insurance company's right to conduct the e-mail search and to terminate Edward Bean, as they found a breach of trust had occurred due to Bean's actions. In the ensuing legal battle that focused on interception and freedom of speech, the court once again upheld the insurance company's right to obtain the information from the servers as it was not intercepted in real time, but merely taken from the servers after the communication had occurred. It was also deemed that in view of the insurance company being a private corporation, it was not bound by the parameters regarding freedom of speech. This case highlights various nuances in the maintenance of privacy, and the need to be aware of all the aspects of such issues, especially in ambiguous situations.

Sharing personal information Various institutions, such as credit card companies and collection agencies, require sensitive personal information to conduct their screening processes. This type of information is also required by travel agents, contest companies, telephone companies, and insurance companies. Various agencies, including credit bureaus, have in the past, sold this type of information to marketing agencies. This dissemination of nonpublic, private information makes it important for clients to be aware of their rights. Agents need to be aware of two concerns. The first concern places the onus of protecting privacy directly on the institution, while the second concern is oriented towards the customer. The first concern is legally requirement and is called the opt-out option. This option requires the client to state clearly that he or she does not wish private information to be shared with other parties. Until the consumer “opts out,” the institution is free to share the information without informing the customer. The more stringent opt-in option, although not adopted legally, was the requirement consumer advocates strongly promoted. According to the opt-in option, client information cannot be shared unless the customer clearly states, in advance, that they allow it. A few issues should be considered before making a determination about the ethical superiority of one or the other of these options:

• Opt-in can, in some situations, actually undermine the privacy of customers by opening the way for fraud and identity-theft. If the institution does not have all information regarding customer, behavior trends cannot be determined and the institution will be unable to detect deviations from their usual patterns in time to stop unauthorized activity. Once fraud occurs, the personal information is required anyway.

8

• Opt-in operating costs are higher and are passed on the customer, thereby increasing the cost of available services. It also is wasteful in terms of diffuse marketing strategies that are spread over a wider section of the population, as opposed to being tailored to a specific demographic. This increase in cost may be especially applicable to those who shop via catalogues. Because many catalog shoppers fall in a lower socio-economic stratum than those who do not shop via catalogues, it is likely they will be the most negatively impacted by this option.

• On-line shopping may actually benefit from the opt-in option, as most people who utilize it are those who have deep concerns about identity-theft and other such privacy issues. By assuring them that the institution will not share private information unless directed otherwise, it may boost sales, which will offset any increase in operational costs.

• As operating costs of institutions increase due to the opt-in option, smaller businesses with narrower profit margins may be edged out. In addition, consumers may prefer to exercise the opt-in option with larger, more familiar institutions and this will severely restrict the customer pool for smaller businesses. With the proliferation of e-commerce, however, such operating costs may be significantly reduced and even-out the playing field for businesses of all sizes.

Maintaining client confidentiality It is crucial to maintain complete confidentiality of client information in order to create a sound fiduciary relationship and to comply with both the law and the accepted ethical practices of the insurance industry. While privacy issues deal primarily with the obtaining of information, maintaining and safeguarding confidentiality of that information is also addressed by the law. Technical and legal finesse is required to ensure that confidential information is not inadvertently divulged to parties who are not entitled to receive it. In a world of increasing Internet usage, the chances of divulging client information through inappropriate forwarding of messages, or not using secure passwords, may cause breaches in confidentiality.

Making an ethical decision The decision-making process involving what is in the client’s best interests, and what is ethical, can be challenging. Following certain steps may make the process less difficult. These steps include:

• Obtain all the pertinent facts before making the decision; • Be clear about the problem; • Explore alternative solutions that may resolve the problem, including and

consequences of these alternatives; • Use the power of conviction when attempting to influence the conflicting parties

about the ethical validity of a solution; • Balance the long-term outcomes against the immediate gains and risk-taking, but

only where they are ethically justified; • Explore all available options and be clear about those that may create the best

possible result without being unethical; • Make sure the client is agreeable with the method selected; the client should make

an informed decision based on complete understanding of all available facts; and

9

• Revisit the decision and evaluate it in an objective manner.

Resolving unethical behavior In a world where it is considered correct to “live and let live,” it is crucial to understand how such apathy can be counter-productive to ethical practice. Active participation is needed to in resolve instances of actual, or potential, dishonest behavior. Some techniques that can discourage such behavior include being candid about what an agent considers acceptable or unacceptable behavior. In the event a member of management asks an agent to subtly push a client toward a specific policy, although it may not be the policy that best suits a consumer’s needs, an agent can clearly ask management if it is advisable to provide a less than optimal service to the client. Another method for resolving such a conflict might be to present other instances where such cases have led to legal reprisal from the client. Finally, one clear way to discourage such behavior is to make sure that at no point is such behavior endorsed or authorized in any form by the organization. In a hypothetical situation, an insurance company is under fire for allegedly ratifying an agent's unethical practice. It bodes well for the insurance company to have taken action as soon as the fraudulent practices have some to light, even before there is a chance of legal action from the client.

Ethics at a macro-level Each agent makes a personal choice when following certain moral principles. However, the environment the individual occupies may actually encourage and support that personal choice. It is the insurance company atmosphere that dictates how supported an individual will feel when making moral decisions. A structure that positively reinforces honest practices makes it easier for members of the organization to adhere to their principles without experiencing conflict.

Responsibility 3: Understanding the Concept of Integrity Integrity is universally understood to encompass a consistency when exhibiting moral behavior in all situations--without consideration of personal outcomes. The law, however, includes additional criteria to define the concept of integrity. An agent needs to know the criteria to ensure integrity becomes a component his or her life--not just personally, but professionally, as well. Having integrity implies that the agent possesses all the professional qualifications required to practice, including various licensing requirements. These licenses may not be granted to agents whose integrity is compromised by past instances of incompetence or misconduct, even outside the field of insurance. Similarly, current violations of trust can also lead to the revoking of professional licenses. If an agent does not abide by the law, misleads clients, or fails to provide a service her or she is legally obliged to provide, the agent may be subject to a license revocation.

10

Other fraudulent practices such as misrepresentation may also generate valid reasons for a license revocation or suspension. In one case, an agent tried to attract consumers who were considered high-risk auto insurance policyholders. He claimed to provide less expensive insurance premiums due to the high number of the policies the insurance company issued. The policies also appeared to have originated from the Department of Motor Vehicles, further misleading potential clients. The extremely high rate of interest charged when clients adopted a monthly premium payment plan was another important violation. These actions of the insurance agent resulted in the revocation of his insurance license. It should also be noted that any actions violating the public interest are also considered violations of integrity and as such, are punishable by the law.

Responsibility 4: Correct Selection of Insurance Company A duty required of all insurance agents is to make sure they place their clients’ insurance coverage with the best possible insurance company, given the requirements and needs of the clients. Although this duty may seem obvious, it cannot be overstated. Agents must possess adequate knowledge of the insurance companies they represent. An area where agents often lack sufficient knowledge pertains to the financial strength of their insurers. The importance of possessing all relevant information for disclosure to clients is crucial for the well-being of both the client and agent. A client is best served when the best possible match is made between what he or she needs and the insurance company providing them the insurance coverage. An agent who makes this match protects himself or herself against litigation that can arise due to poorly thought out matches that result in client dissatisfaction and loss. An agent can arrange for the delivery of desired outcomes with respect to client-company matches by using a combination of various techniques that include periodic monitoring, disclosure, knowledge of regulations, consideration of multiple carriers, and product diversification. These techniques lead to outcomes that are acceptable at ethical and legal levels by assuring that the needs of the client are met.

Solvency of companies An agent needs to accurately assess and continually monitor the ongoing solvency of all insurance companies he or she represents—especially insurance companies that insure current clients. When recommending an insurer, it is crucial to assess its current credit-worthiness. Securing the insurance company’s financial rating is just the beginning of the process for which an agent is responsible. An agent is accountable to the client. Bearing that in mind, an agent should continually monitor the financial ratings of its insurers, as well as monitor other aspects of its business operations. This process allows an agent to perform his or her duties in the best possible manner. Because agents are considered experts in securing appropriate coverage for their clients, they are holders of their clients trust and, as such, must make sure this trust is maintained.

11

The solvency of insurance companies can be monitored in several ways. These procedures are well worth the time invested in them, as they translate into better agent-client relationships that lead to ethical and monetary benefits.

Rating agencies With the proliferation of rating agencies in the 1980s, insurance agents began having a number of quick and reliable methods to assess the reliability of various insurance companies. Some of the more well-know rating agencies are the A.M. Best Company, Moody’s Investors Services, and Standard & Poor’s. These agencies assign ratings to insurance companies that reflect their ability to pay customer claims. In cases where the insurance company's financial standing is rated poorly, the lack of financial credibility can lead to policy cancellations and a downward trend in premium volumes. It is best to bear in mind that insurance company financial ratings (especially downgrades) are not always objective. There may be other factors responsible for severe or extreme ratings. It is recommended that agents review financial ratings from multiple rating agencies for the same insurance company and to be sensitive to situations where the ratings vary widely between agencies. Large variances between agencies may be indicative of some underlying problems.

Continued supervision of policy Although it is necessary to assess solvency of an insurance company when the policy is purchased, agents have not always been required to continue supervision of solvency after a policy was issued. The current trend, however, is however giving way to the idea that an agent is responsible for keeping the client abreast of any shifts in the solvency of the insurance company that issued a client’s policy. Also, in cases where policy replacements are recommended, it is important to ensure that along with better client-policy fit, the new insurance company is as well, if not better, rated than the current insurance company.

Evaluating company offers A number of insurance companies offer “deals” they claim are better when compared to the products offered by their competitors. It is best to treat these “deals” with the caution they deserve. Past instances have shown that, in some cases, unsound financial investments allow for provision of these “deals.” Although the lure of a great deal is strong, caution must be exercised, since the well-being of the client is at stake.

Coverage with multiple insurance companies In order to safeguard client interests, it may make practical sense to try a multiple company approach or use a number of various items in an insurance company’s list of products. An example of such diversification could be when a person's life insurance may be segmented into universal, term, and/or whole life insurance. When deciding which insurance companies to select for the coverages needed, the agent should check to see what other types of coverage the insurance company provides, as well. This process is recommended because, if there is a problem with any one line of

12

coverage provided by the company, the consequences may affect other areas of coverage that the company provides. For example, the effect of health legislation on a health insurance line of coverage within an insurance company may indirectly affect the life insurance line of the company, as well. Another agent responsibility is to make the client aware of the structure of various insurers. It is important for the client to be aware of situations where an insurer may not be covered by state protection and other similar exceptions. An agent is also accountable to the client for knowing about risks that result from ownership of the insurance company. It is crucial to know which other companies are owned by the same owner and/or insurer. Are they profit-making enterprises? What are the financial ratings of companies that may be merged with the insurer? Is there a chance that an owner with other businesses interests may use the insurer to bail them out of financial trouble? These are just some of the questions an agent must obtain answers to in order to safeguard client interests.

Handling conflict of interest Agents most receive compensation in the form of commission instead of an hourly or salaried wage. The rate of commission is dependent on the type policy purchased by the client--based on the agent's recommendations. As is evident, the topic of agent compensation is fertile ground for the emergence of a conflict of interest. Should an agent recommend a policy that is less suited to the client's needs than another policy, but pays a higher rate of commission, serious consequences may result. Consequences may also result when policies are equally suitable for the client but involve widely different commission levels for the agent. Agents should always carefully research insurance companies offering excessively high rates of commission. Oftentimes, such offers are tied to risky investing.

Insuring the insurer Reinsurance is one way of risk-aversion and safeguarding client interests. The stronger the reinsurer, the better the financial safety net of the primary insurance company. Some useful points to bear in mind regarding reinsurance include:

• The level of reinsurance should not be excessive (between 0.5-1.3 of the company surplus).

• If letters of credit are used for reinsurance, they should be reviewed as these, and other indirect means, may not be a completely secure method of obtaining the needed reinsurance.

• Is the reinsurance simple and single-layered or is it complex and multileveled? The more convoluted the structure, the more convoluted the liquidation process.

• Finally, it is important to pay heed to the reinsurance surplus relief policy of any insurance company. This is a type of reinsurance that covers the usual first year losses that most starting insurance companies sustain. Reinsurance is provided with the understanding that profits from future years will be considered collateral. This surplus reinsurance in the first twelve months of losses helps boost the financial standing of the company. There have been major abuses of this system

13

in the past and it is may now be increasingly difficult and expensive to obtain adequate reinsurance.

Size of the insurance company The generally accepted idea seems to favor insurance companies that have assets exceeding a minimum of $50 million. Rating agencies, such as A.M. Best Company, tend to show less severe downgrades for insurance companies with assets exceeding $600 million. The logic involved suggests that larger insurance companies have the strength and resources to weather economic storms that may capsize many smaller insurance companies that have narrower profit margins and fewer bankable assets. This logic, however, is not a given in every situation. There are experts who favor smaller insurance companies with good flows of capital as opposed to large insurance companies that have a hollow core (as happens on the downswing of a bubble economy).

State acceptance For an insurance company to do business in a state, it needs to obtain the required permissions, certificates of authority, and licenses from the state government. This, in and of itself, does not guarantee an insurer of receiving financial remuneration in cases of company insolvency. It does, however, assure clients that the insurance company has met various standards, including those of financial solvency. States provide various ways in which this data can be obtained, including toll-free phone numbers and websites.

Capital sufficiency tests A very reliable, quantitative manner in which the financial soundness of an insurance company can be ascertained is a capital sufficiency test. It helps match actual capital surplus possessed by an insurance company with the capital that is needed by an insurer given the current level of functioning. This tool is based on the Risk-Based Capital guidelines included in the model acts passed in the mid 1990s as a way of regulating the discipline These acts resulted from the desire of regulators to develop standardized methods of conducting accounting and solvency procedures. The organization responsible for these model acts is the National Association of Insurance Commissioners (NAIC). The Risk-Based Capital Model Act makes it mandatory for insurance companies to provide, on an annual basis, their most current financial information on forms created by the National Association of Insurance Commissioners. Based on formulaic calculations, the state reviews the information provided by the insurance company and decides whether the insurance company’s capital surplus is sufficient to handle the various activities for which it is responsible. The state will also declare the level of capital surplus that is needed to fulfill all the obligations the insurer has assumed. Higher the Risk-Based Capital levels reduce the likelihood of the state imposing regulations and sanctions on the insurer. Levels below 70% usually elicit the strongest sanctions, while those above 250% generally assure the insurance company it is home-free for that year.

14

This model of insurance behavior tends to boost some types of investments while it undermines others. Certain categories of investment have higher requirements for reserve accounts as opposed to others (up to 15% for real estate and up to 30% for stocks and bonds). As a result, a desire to offload certain assignments that fall under a C-1 categorization often occurs. In most cases (such as real estate), it is not always possible to avoid such assignments. The desire to give a wide berth to such categories is further underscored by facts such as the fact that scores of 150% and above do not guarantee a home-safe rating. All of this can create a shift in investments so that many areas (such as real estate) may not find many takers. Although the aim to standardize and create a more transparent system is laudable, Risk-Based Capital regulations may create imbalances in the current investment scenario and may also adversely affect insurance companies with portfolios heavy in certain categories of investment. Some in the field also believe them to be overly prescriptive while others have made changes in portfolios to adapt to the modifications in the future.

Responsibility 5: Product Selection When the agent is helping a client make the best possible selection from the variety of products that are available, there are a few points to be kept in mind to avoid future trouble:

• The agent should obtain detailed information about client needs and assets and make sure all policies relevant to the situation are explored and reviewed before making any recommendations.

• The agent should clearly state all relevant information to the client, including the scope of coverage, the duties of all concerned, and, specifically, the responsibilities of the agent. The importance of disclosure is illustrated by a case where an agent did not offer employee dishonesty coverage to a client—nor did he even discuss it. The agent was considered legally responsible for the client’s damages after a case of embezzlement led to the client having a claim declined for lack of coverage. T

• The agent should review sample policies, available options, and endorsements when recommending contracts for purchase by the client.

• The agent should continue to review the policy over time to measure its suitability and ability to meet the client’s needs.

Management of Risk Management of risk is the bottom line when agents assist clients in the decision-making process when purchasing insurance coverage. The most fundamental factor to keep in mind is that the level of risk must be commensurate with the assets of the client. The advantages that result from the risk should outweigh the costs involved. The agent must focus more on the pure risk that a client might face. For example, maximum potential loss without expectation of a profit from an insurance claim. An agent who attempts to balance possible risk with possible profit is focusing on speculative risk, which is not a sound method of handling a client's needs because speculative risks are not insurable.

15

Risk management usually involves focusing on four specific areas: 1. Accurately estimate the level of pure risk a client may face by making a thorough

inventory of client income, possessions, and other holdings that could be considered as assets. T his will involve obtaining information about salaries, business practices, real estate holdings, stock portfolios, contracts, leases, etc.

2. Once areas of risk have been pinpointed from step #1, the next step is addressing the risk. What areas of the client's life need future insurance? The main issue here is balancing cash flow from current investments with payments toward future security. Should the client cover as many insurance bases as possible—today—in exchange for a secure tomorrow or invest the same money in the present and enjoy a better lifestyle now? It is the agent's responsibility to inform clients that those payments of premiums in no way guarantee a return on the investment unless the conditions necessary for the return are created (premature death, accidental injuries, natural calamities, etc.).

3. The next step is actually securing the insurance coverage that is deemed necessary to meet the client’s needs. During the previous period of exploration, the client will be given a number of alternatives. The client may be overwhelmed by the scope and impact of the quantity of information needed to make a decision in a relatively brief period. It is during this step that an agent needs to guide the client sensitively toward the most beneficial choice. An agent also needs to make sure all contractual requirements are in place, the various policy options and endorsements/riders have been clearly explored, and the selection of the appropriate insurer has been properly performed.

4. Once the insurance coverages have been decided upon, the agent is not absolved of further responsibility. The need for ongoing monitoring has already been emphasized earlier in this chapter and should never be far from the agent’s mind. This step doubly underscores the need for the agent to continue reviewing the client’s policies annually, keeping up with trends in the field, and informing clients of any changes that might need to be made.

A final comment is necessary concerning the correct choice of policy coverages that pose the minimum amount of risk to the client: Be careful about being swayed by policies that appear to be far superior to comparable policies offered by competitors in the marketplace. Dramatic differences between policies of different insurers that should be similar may stem from unsound insurance company or agent practices. A careful selection of products is essential to avoid harming the client in the long-term. It is best for the client to make an informed decision based not only upon policy illustrations but also upon a through questioning of the basis of the quotes and projections of these seemingly superlative policies.

16

Chapter 1 – Review Questions 1. Ethical sales conduct fosters the good reputation of all of the following EXCEPT? [a] the consumer [b] the agent [c] the insurance company [d] the insurance industry 2. Defining and following a clear code of ethical conduct aids both the agent and

which of the following? [a] the state [b] the federal government [c] the client [d] the NAIC 3. Who is responsible for creating a balanced and ethical environment within a

society or business industry? [a] the state [b] the federal government [c] law enforcement [d] the leaders of the society or business industry 4. Someone who has an investment in what occurs, and in the outcome, is called

which of the following? [a] a client [b] a stakeholder [c] an agent [d] a regulator 5. Which of the following ensures that the agent will clearly communicate with the

client, thereby reducing the possibility of misunderstanding and conflict? [a] state regulations [b] federal regulations [c] insurance code [d] continuing education 6. All of the following are insurance company rating agencies EXCEPT? [a] NAIC [b] A.M. Best Company [c] Standard & Poor’s [d] Moody’s Investor’s Services

17

CChhaapptteerr 22 Sales Conduct The previous chapter focused on the importance of following ethical and legal standards in the execution of agent duties. These duties, however, do not form the whole of appropriate agent behavior. Along with these aspects, an agent is also duty-bound to follow sound procedural standards. This process has the added benefit of automatically ensuring that both legal and ethical requirements are being met. There are number of such practices of which an agent needs to be aware. The most general and, consequently, the most crucial of these practices include a focus on fulfilling client needs and not promoting a self-serving agenda. A full and open disclosure of relevant facts, along with a solutions-based approach, is key. It is beyond the scope of this material to discuss every single practice available. A few prominent practices are explored in the following pages. A more extensive list of these procedures is available at the end of the chapter.

A solutions based approach When an agent helps a client find the policy that is best suited for his or her needs, the process is more than simply doing a job. The client has approached the agent with a problem they are unable to solve without the expertise and recommendations of the agent. From the client’s perspective, the agent is, therefore, a problem-solver who is responsible for providing the best possible solution to the client's problem. Any problem-solving process of this nature involves three components:

• Listening to the client's problem and accurately determining the client’s needs; • Offering the client multiple options and discussing, in detail, the options offered;

and • Assessing the client's actual understanding of the options discussed and

explaining any areas that might involve a lack of understanding. When listening to the client’s explanation of his or her situation, and the request for assistance, it is crucial for the agent to seek the appropriate information from the client. Various aspects of a client profile need to be understood and incorporated into the solution-providing process and the only way an agent can elicit this information from the client is to ask questions. Basic information should be requested, such as age, financial status, risk-resilience, net worth, health risks, number and ages of dependents, assets, job status, total income, and total liabilities, are some of the most important details to obtain so the agent may tailor solutions to meet the needs of the client. In order to discuss the various options available to the client, it is essential for the agent to have a sound knowledge of the various products and policies contained in the portfolios of the insurance companies he or she represents. Understanding these products by conscientious study is a prerequisite. If an agent is unclear about details, his or her

18

lack of clarity will be communicated to the client and will hamper informed decision-making and may impair the agent-client relationship. Additionally, responsibility for the client also generates a strong responsibility on the part of the agent toward himself or herself. Although recordkeeping is sometimes tedious, it is always advantageous for both the client and the agent. A responsible, dependable agent makes accurate and concise notes regarding every conversation with a client, and every transaction involving a client. Proper recordkeeping includes the documentation of policy details and what types of coverage were both available and offered, client needs-analysis, and suitability options. Thorough recordkeeping helps the client by compelling the agent to be well-informed. Accurate records are invaluable to an agent in cases where questions arise. Human memory is fallible and prone to various mutations. An agent who keeps clear and concise notes and records after every session involving a client may invest more time, however, the extra minutes will seem well worth the effort in cases where clients may not remember all the conversation details and accuse an agent of negligence. Creating and following a uniform documentation process for every transaction or conversation that includes keeping meticulous records is what helped one agent who was at the receiving end of legal action instigated by a client who accused the agent of not performing his job. In another case, an agent bore the responsibility for not performing required recordkeeping. A client accused the agent of misinforming him about landslide coverage, stating the agent informed the client coverage existed although the policy did not provide landslide coverage. The agent, however, claimed to have mentioned the lack of coverage during one of the numerous consultations they conducted. The agent did not maintain notes during any of the numerous consultations and the case was decided in the client’s favor. The agent could have avoided the contentious situation by jotting down, and maintaining, file notes.

The importance of insurance applications The importance of making sure insurance applications are thoroughly and accurately completed, are clearly understood, and correctly transmitted to the insurance company is underscored by various cases where claims were rejected or lawsuits were filed. It is often recommended that most agents spend substantially longer periods of time completing insurance applications than they are currently spending. Paying particular attention to detail when completing applications precludes the possibility of unnecessary anguish resulting from voided policies, declined claims, and unwelcome lawsuits. Mistakes made when completing applications may cause distress to both agents and clients. Listed below are situations that arose from incorrectly completed applications:

• An agent failed to include an existing medical condition on the application and was sued by the insurance company for the omission. Agents must disclose all medical conditions, and other underwriting issues, of which they are aware.

• An agent made errors when reporting accurate financial data about the client and was sued by the client as a result.

19

• A client was awarded damages in a case where the agent allegedly failed to list certain cardiovascular ailments the client claimed to have revealed to the agent. The client claimed he’d never seen the application and it had been filled out by the agent.

• While faxing an application to the insurance company, an agent overlooked sending a page and the carrier rejected an ensuing claim based on the lack of information that should have been submitted.

• When a client lied to the agent about a medical condition, the claim was upheld because the application was completed by the agent—who attested to the validity of the false information. Both the agent and the insurer were placed in a disadvantageous position.

When pursing best practices during the process of completing insurance applications, an agent should keep the following factors in mind:

• Never allow applicants to sign blank applications or other forms; • Do not backdate or predate applications; • Confirm that every single item and question on the application is understood, and

that each item is answered correctly; • Ensure that all reported information is accurate and complete; in special cases

where the agent represents oneself or family members, it is crucial to be meticulously correct.

• The agent should witness the signing of every document. • The agent should not accept any signed form he or she has not witnessed; • Collect information pertaining to actual health and other underwriting concerns.

Applicants are not required to report fears, guesses, or worries. For example, a client who is afraid of suffering a heart attack although he has received no diagnosis of, or treatment for, cardiovascular problems is not required to report the fear of sustaining a heart attack.

• Do not make any modifications to a form in the absence of a written consent from the applicant, including signing the applicant’s name.

• Make sure that applicants whose applications are rejected are informed of the same, according to company policy and in compliance with state law.

Agency Contracts Forms related to the client are not the only forms to be read carefully. Before the client comes into the picture, the agent needs to know what details are included in, and absent from, their very own contracts with their respective insurers. It is vital for an agent to be aware of what he or she can or cannot be held responsible--per the contracts. Most insurers will try to minimize risk to themselves in cases of legal action; however, the law often views the insurance company and agent as the same entity and may hold the insurer financially accountable in many cases of wrongdoing on the party of the agent. Of course, the final determination of responsibility is dependent upon the finer points of the contract between the agent and the company.

20

The agent-company contract helps clarify the precise nature of the agent’s duties and responsibilities. Reading the contract helps agents to remain within the boundaries of the contract without jeopardizing themselves and their careers. For example, if an agent binds coverage with an insurer without the proper authority to do so, the agent will likely be held liable for any claims resulting from his or her violation of binding authority. Familiarizing himself or herself with the agent-company contract will also prevent an agent from setting himself or herself up as an expert without justification. Purporting to possess specialized knowledge of an area of insurance that is not included in the contract can lead to claims rejection by the insurer. Reading the agent-company contract also helps an agent know in which situations the insurer can or cannot he held responsible and when they may or may not expect assistance from the insurer. In cases when an agent relied on insurer for reimbursement of court costs resulting from a frivolous lawsuit, the insurer was legally absolved of the responsibility to pay for court costs. The contract did contain a clause concerning indemnity in cases where the insurer was deemed legally responsible, but not in cases where the lawsuit was meritless. Other clauses to be on guard for in agent-company contracts include but are not limited to limited protection even when the insurer is responsible, no indemnity if the agent is held responsible in any capacity, fluctuating commission rates, termination with no or minimal notice, etc.

Effective communication The foundation of any good relationship is clear communication. This premise applies equally to the fiduciary relationship between an agent and a client. The importance of good communication is emphasized by the requirements of insurance code. Seemingly minor issues may escalate to those involving the courts, indemnity clauses, and expensive litigation. Any discipline, by virtue of its specialization, creates a specific jargon that includes terms with specialized meanings. It takes a specialist to be aware of, and clearly understand, this specialized language. Although the written word is pervasive in today's world, and most individuals find little trouble comprehending it in everyday interactions, when it comes to understanding insurance jargon the ordinary individual may become overwhelmed. Never has clear and concise communication become more vital than when translating insurance jargon into language the consumer is able to understand. It is vital to provide a client with lucid, comprehensive, and objective details about policy terms and conditions—specifically, coverages, exclusions, benefits, features, provisions, and costs. The agent’s primary aim is to help clients to make the best possible choices, not to impose the agent’s preferences on the clients.

21

Issues with communication can arise in a number of areas, including but not limited to the following:

• Truthfulness and accuracy; • Advertising that has not been approved by the insurer; • Accurate identification of the insurer and the type of product being discussed; • Explanation of policy terms, conditions, and endorsements; • Policy quotes, illustrations, and projected rates; • Comparisons between products offered by the same insurance company; • Comparisons between products of different insurance companies, namely between

the insurance companies represented by the agent and those represented by competitors.

In order to avoid communication-related mishaps with clients, an agent can follow a number of suggestions and recommendations. Being prompt when responding to client inquiries is the most effective tool for an agent to use. The quicker an agent responds, the less time and opportunity exists for confusion and forgetfulness to set in. Agents should avoid letting letters, messages, and e-mails accumulate unanswered. Setting aside specific time each day to return calls and e-mails prevents a pile-up of communication and reduces the agent’s vulnerability to being involved in miscommunication Once case illustrates the negative consequences of responding promptly to client inquiries. The insurer terminated an agent’s contract and the agent had to inform his clients that he’d be transferring their coverage to another insurer. Due to the enormous workload generated by the process, the agent overlooked notifying some of his clients and failed to rewrite coverage with the new insurer. One of the agent’s clients experienced a loss during the time when a coverage gap existed. The agent’s E & O policy responded to the claim.

Policy exchanges and replacements Ethically, and legally, a current insurance policy should only be replaced with another policy when the new policy best serves the client’s interests. Life insurance replacements should not occur when higher premiums are charged due to advancing age, more current surrender charges apply, the client loses privileges that are unavailable in the replacement policy, or the purchase of the replacement policy reduces the value of the existing policy, etc. Property and casualty insurance policies should not be replaced if the terms of the new policy do not provide broader, more comprehensive coverages and limits, or higher premiums without involving correspondingly increased benefits. In cases where it is valid to replace or exchange an existing policy, an agent needs to discuss and compare, in detail, the existing and proposed policies with the client, ensuring that the client is fully cognizant of all aspects of this proposed replacement. An agent must also comprehensively record details about why the proposed change is the best possible choice for the client—currently and in the future. The agent should also be sure to comply with any applicable state replacement laws concerning any policies that have been surrendered, expired, converted, amended,

22

reissued, or assigned as collateral. Failing to complete all required replacement forms, as well as making all required disclosures and explanations to the client, may result in important legal consequences.

Product knowledge An important procedural practice that has been emphasized throughout this course is the significance of an agent possessing an extensive and accurate knowledge of the product being sold. In one case, the client’s disability income policy was amended to extend the benefit period to the lifetime of the insured. Unfortunately, the agent was unaware that the disability income benefit had to be increased to correspond with the increase in the benefit period. After the client suffered a disability and it was discovered that the client did not have the benefit he believed he’d purchased, the agent was actually held liable for fraudulent practices because he was unaware of that crucial difference in policies. It was deemed that he should not have explained, recommended, or discussed a policy he did not understand.

Formal disclosures Disclosure involves the premise that the client must be completely aware of all the factual details related to their policies, along with the consequences of the purchase. The onus of creating this awareness is placed squarely on the agent’s shoulders. Once the needed disclosures have been made, it makes good sense for the agent to formalize this understanding. One way to formalize the understanding so is require the client to sign disclosure agreements that clearly state major policy limitations, exceptions, exclusions, solvency requirements, and premium fluctuation possibilities. Mini-disclosures could also be signed periodically. Many states and insurance companies require that disclosures be completed on standardized forms in certain circumstances; in other circumstances, disclosure forms may be designed form, and adapted to, various situations One example of such a mini-disclosure is, "This counsel is not of a (investment, legal, etc.) nature unless it was mutually accepted in writing beforehand. This issue needs to be discussed with a (financial consultant, lawyer, etc.) due to its complex nature." Along with obtaining all appropriate signatures on disclosure documents, the agent has to make sure certain questions are asked and responses are noted. These questions include:

• Do you have all the data needed from me to help you reach a suitable decision? • Have you accurately and completely understood all the policy information I have

given you? • Do you have any more questions regarding the policy selected to help you reach

the best possible decision?

Accurate illustrations and projections The use of illustrations and proposals varies by policy and, sometimes, state law. Outside regulatory requirements, the insurer establishes the requirements for the preparation of illustrations and proposals for each type of policy it offers. It makes sense for an agent to

23

be aware of the unique illustration restrictions and requirements that apply in order to ensure that no violations occur when providing illustrations to clients. Failing to comply with regulatory and insurance company requirements may lead to extremely serious consequences. Illustrations may be mandatory during the sales process for some policies and may be prohibited in other sales circumstances. Some illustrations and proposals may need to be certified by the insurance company when issued and others may require annual updates. Some best practices for the issuance and use of illustrations and proposals include:

• Do not omit any part of the illustration when presenting it to the client; • Inform the client the illustration guaranteed and non-guaranteed elements and be

sure to explain the differences; • Present the illustration in its entirety without focusing or emphasizing on any

specific sections; • Obtain the signatures of the client and the agent on the illustration; • Obtain a duplicate copy of the illustration for the agent’s files; • Provide a duplicate of the signed illustration to the client; • Be sure to follow insurance company and regulatory requirements when

presenting an illustration; • A policy issued other than as applied for must be accompanied by a new,

replacement illustration in cases where al illustration is required. When providing clients with illustrations and proposals, it is important for an agent to be as detailed as possible. The agent should mention exactly what coverages fall within the policy’s parameters, and what policy coverages are excluded.

Appropriate coverage An agent is expected, both legally and ethically, to sell the best possible coverage available at the time the policy is purchased. A preferred practice of ethical and professional insurance agents is to monitor their client’s policies over time to detect any gaps in coverage that may arise. In one case where “full coverage” was assured to a bar owner, an alcohol-related lawsuit was not covered because liquor liability coverage was not included on the original policy. The agent was held responsible for not just the known lawsuit, but also any other alcohol-related legal actions that occurred before legal liability coverage was actually provided. In this instance, the client’s definition of “full coverage” was different from the agent’s definition was. It order for an agent to identify any gaps that arise, it is important for the agent to ascertain the client’s requirements for coverage, to discuss all available products and endorsements, and to document any discrepancies that exist between the two. The exploration of umbrella liability or difference in conditions insurance, for example, can help bridge gaps by utilizing other policies. As time passes, an agent should continue monitoring the client's policy because such care illustrates the agent’s desire to maintain relationship, and in all cases, is professionally sound investment. Once committed to this course of action, it is important for the agent to follow through. In one case, an agent failed to tell a client that government sponsored health benefits were

24

adequate and equivalent to the coverage they already carried, the agent was held legally responsible for the client having unnecessary coverage in the future—although the harmful situation arose after the original policy was purchased. The court’s ruling was influenced by was the length of the agent-client relationship.

Implementing standard practices Making sure that a uniform set of procedures is established for use when servicing all clients in an agent’s client base assures that all clients are treated in a non-discriminatory, uniformly fair manner. Establishing and utilizing the same procedures for all clients helps prevent litigation. A consistent way of treating clients should be an automatic process and must consist of:

• Having a uniform set of procedures for all clients that are written and followed by everyone;

• Documenting all transactions and client exchanges that are conducted; • Utilizing current technology that helps to data-stamp and otherwise organize

information for clarity should it be required in the future; • Anticipating and calculating crucial expiration and other service dates for clients

and documenting these dates for future use; • Utilizing a daily routine that involves efficient handling and recording of phone

messages, e-mails, faxes, receipts, records, etc. • Creating a procedure to evaluate and review application forms prior to

submissions, compare issued policies with their applications, claims procedures, etc.

Money matters Client often trust agents with substantial sums of money they expect will secure them a stress-free future. In view of this expectation, it is important for agents to be extremely careful when handling premiums that pass through their hands. Even when premiums were not mishandled by the agent, cases arise where the agent may be held responsible for improprieties. In one case, an agent forwarded client premiums to a broker, who never received the agent’s check. When a client loss occurred soon after the agent believed coverage to be bound, the broker and his insurer declined to pay the loss because coverage had never been bound or issued—because the premium was not received. The agent’s E & O policy covered the loss.

Underwriting responsibly Time is of essence when an agent begins underwriting procedures for a client. In the time it takes to between discussing the purchase of coverage and the binding or issuing of new coverages, the client may have need for insurance coverage. Responsible and ethical agents complete applications meticulously and submit them quickly, after all the facts have been gathered and assessed. An ethical agent also looks at facts and suggested alternative routes when the regular ones may not work (e.g., in cases of developing health problems or other high-risk conditions). The following are some examples where the agent did not possess enough knowledge about underwriting or the case details to prevent negative outcomes from resulting. In

25

the first case, an agent urged a client to discontinue an existing policy and purchase a new, replacement policy. The client, who had certain medical and financial issues unknown to the agent, wound up having his insurance application being rejected by the insurer. The client was left with no insurance coverage and the agent was held responsible. In another case, an agent failed to discuss with a farm owner his need for employee coverage (workers’ compensation). When an employee injury occurred on-the-job, the injury claim was denied by the farm policy and the agent was held accountable for not advising the client appropriately. In a final case, an agent was held responsible for damage to a leased building. The client’s policy did not cover damage to rented property. When the need for coverage to the leased building arose, the agent bore the responsibility for damage.

Safeguarding clients via conditional coverage The importance of uninterrupted and continuous coverage is emphasized by cases where clients have been left without coverage for a variety of reasons. Leaving a client uninsured is a serious breach of trust—one from which an agent seldom recovers if a loss occurs during the period when insurance is not in place. For example, a client can be left without insurance between the time an application is completed and coverage is either bound or issued. With most life and health insurance policies, a small premium payment may cover that gap by providing temporary or conditional insurance. A related concept is binding authority. When agents make promises of coverage, even when they do not have the authority to do so, they are still legally bound to deliver on their promises—even when the insurance company declines coverage due to an agent exceeding binding authority. This underscores the need to be careful about promising coverage that the insurer has no ability or legal obligation to provide. To ensure that the binding authority or conditional receipt is valid, clarify all pertinent details with the insurer. In some cases, insurers make the acceptance of conditional coverage dependent on whether the final policy would have been accepted. This means that in some cases the insurer might reject the final policy to avoid being bound by the conditional coverage. The courts are more sympathetic to clients in such situations and, very often, the insurer sues agents in a bid for self-protection

Responsible referrals In some circumstances, an agent may need to refer clients to other service providers such as attorneys, accountants, bankers, etc. Ethical agents refer their client to other professionals who are completely reliable and dependable. If an agent does not know a reliable, dependable, ethical individual in a particular profession, the agent should refrain from making a referral. In one case, an agent referred a client to an attorney who created a flawed trust for the client. Although the agent was not eventually held responsible because the attorney did not use agent-provided facts, the matter did have negative consequences for the agent.

26

Insolvency Another important procedure that indicate an agent places client interests above the agent’s interests is making sure that all insurance companies represented enjoy solid financial ratings. If an agent promotes an insurer who is insolvent, or approaching that status, significant legal and ethical consequences may result—in addition to the inconvenience to both agent and clients of having to rewrite all insurance placed with the financial unstable insurer.

Safeguarding client liquidity An agent should safeguard a client's liquidity in all respects. Long-term thinking is required, as is a level of care and consideration while guiding a client's decision-making process. Does a client face her child's college tuition within the next 3 years? If so, a deferred annuity with surrender charges over the next 10 years would not be recommended, as it would seriously limit her liquidity.

Protecting client privacy The importance of client privacy has been discussed in this course but it is a subject of such significance that it requires additional reminders. Not maintaining client privacy entails both ethical and legal implications. Clients worry that sensitive personal information regarding finances or health may reach the wrong hands and may be misused. Because the legal representatives of insurance companies and plaintiffs can routinely access client information held by the agent, it is important that agents ensure it is accurate and held safely and securely. In cases involving e-data, it is even more important to be careful how information is forwarded and to know that seemingly deleted personal information could be retrieved by skilled software specialists. It makes sense to encrypt and password-protect very sensitive data. Do not include comments that could be misconstrued because all agent files can be perused by anyone who can access the computer system. Installing a firewall would be a sound financial investment—and is highly recommended.

Policy delivery The sale of an insurance policy is considered complete when the client has received the actual policy. Thus, it is important for the agent to either deliver the policy personally or use a mail service with a formal acknowledgment that it the policy was received by the client. If a client purchases a life or health insurance policy and decides to reverse that decision, he or she may use the policy’s free look provision return the policy to the insurer for a refund. For this reason, it is essential that an agent secure a delivery receipt or acknowledgement signed by the client to determine the beginning of the free look period. For other types of policies, documenting policy delivery or mailing is also recommended.

Handling client concerns As a service provider, it is essential for agents to keep their clients happy. One way to do so is to make sure all client complaints are handled quickly and effectively. A client needs to communicate his or her grievances to the insurer in writing, and an ethical agent

27

will advise an unhappy client about the procedure. In cases where the client concerns known to the agent, it is duty of the agent to forward promptly the client concerns to the insurer and, in many cases, his or her E & O carrier. If the complaint is against the agent, it is doubly important to keep the insurer and E & O carrier in the loop. Along with complaint information, the agent should provide all file documentation and records to support the agent’s case. In circumstances where legal action is being pursued, it is best for the agent to let the insurer and E & O carrier provide all guidance with respect to handling the litigation and all resulting contact and transactions. Agents should not make promises to the client about resolving the issue or trying to strike a deal as such actions often void the E & O policy.

Meeting client needs An agent who carries out sound business practices makes sure that not only are client needs assessed accurately but also that the client’s needs are met. An agent is ethically and legally required to provide a degree of service that leads to consumer satisfaction. An InfoQuest survey conducted in 2001 indicated that over 40,000 businesses were queried; their survey emphasized the need for creating consumer satisfaction. The results showed that a completely satisfied consumer contributes 17 times the returns compared to a somewhat dissatisfied one. A completely dissatisfied client, however, actually brings down the returns by approximately 2 times when compared to the effects of a fully satisfied client. Customer satisfaction leads to increased business in terms of returning clients and increased referrals. It also cuts costs, as it is less expensive to handle more business from existing clients than it is to draw in a new segment of buyers. A good service mantra obviates the need to provide discounts or other such short-term strategies to attract clients. A reputation for providing excellent service is an endorsement and does not need anything else to sweeten the pot. What are the components of good service? The first is being reliable. Reliability implies dependability and consistency--a commitment to the client. The next component is excellence in performance of one's duties. Providing service with expertise builds client's confidence in the agent and leads to more business. A natural outcome of sound execution of one's duty is client confidence. How can a high level of service be attained or made even better? Of the multitude of individual ways in which this can be performed, some of the more basic methods include having a positive outlook. The “never say never” axiom can be applied to various situations where a particular problem may seem insurmountable at the given moment. Visualizing positive outcomes, and trusting that one has the ability to handle difficult situations, can help when riding out the storm. A clear and calm perspective allows solutions a self-defeating mind frame will not. Another practice to bolster client trust is making realistic promises and fulfilling them. This implies being clear about actions that are realistically impossible and informing the client of the same. Because no agent is perfect, and mistakes do happen, it is best for

28

agents to admit any errors made and correct them with complete transparency. In circumstances involving litigation, however, an agent’s attorney or E & O carrier may instruct the agent to behave differently. In circumstances where the client takes serious issue with an agent mistake, the agent should not get into a verbal confrontation. Instead, the agent should try taking the client’s perspective in mind; it may help diffuse some of the frustration and consequent need to argue. Being able to soothe the client may clear a problem state; when tempers settle down, the client will most likely value the agent’s way of handling the situation. All clients have an expectation of receiving good service--even those who are difficult to work with. When such clients are the focus of attention, an agent needs to use all the best practices in his or her arsenal, including some that are tailored to situations involving difficult clients. When dealing with difficult clients, being calm and objective in all negotiations is an absolute requirement. Calmness and objectivity can be expressed via body language, speech patterns such as pitch and volume, and eye contact. An aggressive stance contradicts the verbal message involving a soft tone of voice. If possible, the agent should have a standard way of dealing with such situations and should avoid extremes of being either a bully or a pushover. The agent should also set the standards of behavior for the client to follow, pay heed to client’s method of communication, and let the client know the agent has received the client message. The agent should clearly explain that he or she is working on resolving any issues that are causing the client distress. What are some elements that constitute bad service? They vary and, quite often, agents have a high level of self-awareness about problem areas in the service they provide. The unfortunate aspect of self-awareness is that it usually comes after-the-fact. Because clients express their disapproval of bad service by discontinuing their patronage, the cost of bad service is very expensive. To help make necessary changes in the level of service provided, agents should continually monitor their clients’ levels of satisfaction, either formally or informally, by asking those who are most involved in this matter: the client. Just as a teacher improves his or her teaching strategies by obtaining feedback from student evaluation forms, an agent can improve service practices through the utilization of client evaluations. How does an agent deal with clients who discontinue their patronage? Clients will come and clients will go. This should be viewed from an objective perspective. Instead of making the discontinuation personal, the situation can be viewed as a learning experience. An agent should find out why the client wishes to leave and what specific areas need to be worked on to ensure further success. Furthermore, the agent should stay in touch with those who have moved on by providing them with current information that may suit their needs. What are some Best Business Practices that help an agent provide good service? The Independent Insurance Agents and Brokers of America (IIABA) is a group invested in delineating and upholding the best insurance business practices of independent insurance

29

agents. The organization studied a number of insurance agencies as well as the most common business practices among those who were deemed the most successful. The successful insurance agencies utilized a set of sound techniques that created what is known today as the Best Practices. The nine practices that emerged at the core are:

• Client satisfaction and service is considered paramount; • Staying in constant contact with clients to keep them informed about their

products and the process of servicing them; • Use of efficient methods and technology to serve consumer needs; • Good relationship with the suppliers, such that ideologies are shared; • Involved managerial staff who are a part of everyday operations; • Focus on the entire client account and development of higher degree of a client's

accounts; • Continuing education and reinforcement of the staff to help them be motivated; • Far-sighted development where future goals are clearly outlined to help clarify

direction of the company; and • Self-evaluation and constant drive to improving the agency.

Call Centers How does one set up an effective agent call center? The advantage of a technologically advancing society is the plethora of ways in which an agent and client can communicate. Starting with telephones, mobile phones, faxes, and moving on to e-mail, chat rooms, and voice-over internet protocol, it is good for an ethical agent to be aware of, and well-versed in, the use of these and any modes of communication that may emerge. An agent call center consists of all of the modes of communication an agent chooses to implement in client communication. It is important to have these systems running smoothly and efficiently. Such efficiency is bolstered by the use of effective principles of communication. These principles include clear and consistent communication, complete clarification of available options, outlining of outcomes for every choice, confirming client and self-understanding of discussions, and comprehensive documentation of consultations. Some specific pointers regarding various forms of communication, which are a part of the agent call center, are outlined below.

Telephones Most clients today prefer to use this immediate form of contacting their agents. Using the telephone helps clients only when this real-time interaction is handled efficiently. Phone calls answered within three rings, short hold times, prompt return of calls, and helpful and courteous phone manners, all contribute to client satisfaction. One way to check quality of phone service within an organization is to pose as a client and phone at various times during the day. This type of monitoring will establish if the quality of service is uniformly satisfactory—and acceptable. Other pointers for providing excellent telephone communication include avoiding the use of speaker phones, educating all staff members

30

in the use of good phone manners, checking up on clients periodically, and assuring that pre-recorded phone menus and messages are helpful and not confusing.

Cell phones Cell phones increase accessibility but they may also work against both the client and the agent in terms of privacy. Regular and mobile phone conversations have problems in terms of documentation of the discussion. It is a best practice for agents to create a way to date and time stamp each cell phone conversation with clients, and to document such conversations and log them into appropriate areas of the client files in a fashion similar to that used for regular telephone calls.

Automated answering services Automated answering services are also prone to vulnerability, thus leading to serious consequences for agents who fail to document all calls received by the service. It is best to avoid automated answering services for any business-related message taking. If used, their use should be restricted to after hours by providing an alternative number to call in cases of urgency or emergency.

Fax machines Faxed transmissions require the same privacy protection as all other forms of communication. Faxes should be seen by only those for whom a fax is intended and they should not be misdirected during transmission. Faxes should not be used for transmitting confidential documents or information. An agent should verify that faxed documents are stamped with the current data and filed accordingly. As the typeface on fax paper may more prone to fading with time, it is best to avoid accepting signed documents via fax. If such a document must be accepted, it should be supported by receiving the original document at a later date. An agent should also verify that the entire faxed document was both sent and received and should make file notes to support such verification.

E-communication It is important to treat e-messages just as one would treat phone messages. Return them promptly and clearly. Many clients prefer to conduct transactions via this impersonal but speedy method and may use it to gather information, have queries answered, and finalize decisions. It is crucial to have maximum information when conducting business via e-mail and the Internet and to clarify that actual sale of policy, or binding of coverage and coverage changes, can only be effected by a licensed insurance agent.

Client retention How can an agent retain existing clients? Ideally, agents should communicate with clients and check up frequently on their level of current satisfaction. It is five times more expensive to reach out and recruit new clients than it is to retain existing clients. Conducting periodic satisfaction surveys and classifying clients into categories, based on the length of the relationship and other criteria, will determine the varying levels of attention each client requires.

31

Two categories that do not need a change to the level of attention required are those who are considered safe (happy and unlikely to leave) and those considered high risk (unhappy and most likely to leave). The safe clients are satisfied with whatever techniques an agent is using and the high risk ones will eventually move, regardless of the agent’s servicing skills and techniques. Two categories that merit more attention for retention purposes are satisfied mobile (happy and likely to leave) and unsatisfied static (unhappy and unlikely to leave). These categories need extra attention to help them improve both satisfaction levels and likelihood of remaining as a client. One important way to retain existing clients in all categories is to involve clients in the process. When clients are included, they feel a sense of investment in the product they purchased and the relationship, which bodes well for the longevity of the relationship. Some other tips an agent can use to show clients they are valued include:

• Continuously contact clients at the renewal or anniversary of each policy. • Regularly seek client input, which shows clients their opinions are important and

are part of the agent’s servicing goals. • Communicate with clients at least five to six times per year as opposed to simply

a single annual contact. • Conduct satisfaction surveys and share the results to keep customers in the loop

regarding best practices followed by the agency and how client input affects the practices are followed.

• Requesting referrals from clients is a way to communicate with clients and keep them close; it also allows clients to involve themselves in the success of the agent’s business.

• Provide clients with a “bill of rights” so they know what to expect from an agent.

How can an agent understand what a client actually means? During a conversation it us the agent’s responsibility to “decode” client statements and truly understand any subtext. If an agent is not certain of the meaning of a client’s conversation, the agent should ask for more clarification. Listed below are client opinions contained in surveys that explain what services clients seek in their relationship with an agent.

• A competitive quote—but not at the price of good service; • Honesty even when the truth may not always seem like it benefits the client; • Clearly explain all the costs and benefits of any coverage or policy being

considered for purchase; • The agent should work to suit their clients’ schedules and needs as opposed to be

self-serving; • An agent who is always ready to help promptly; • An agent may delegate responsibility to employees or co-workers so long as the

process is transparent and explained beforehand; • An active, creative, proactive agent who generates confidence; • An agent who is open to client evaluation and suggestions and who is open to

hearing about, and monitoring, client levels of satisfaction; • An agent who knows current trends and who is aware of changes in the insurance

industry;

32

• An agent who uses a personalized approach tailored to individual clients rather than handling all clients with the same approach;

• A personal relationship with the agent is preferred over dealing directly with an insurance company to whom the client is just a nameless policy;

• A successful agent usually provides good service and works harder to keep clients;

• Agents who keep their promises and are completely honest with clients earn their clients’ trust;

• Well-trained and skilled employees create happier clients; their care in dealing with clients and safeguarding client interests reflect directly on the agent.

• A follow-up call from an agent after the client terminates the agent-client relationship may influence the client to return if the replacement relationship does not work out;

• Simplicity is important to most clients; when an agent takes the trouble to explain all coverages and options available to the client, it’s much easier for them to want a trusted agent handle all their insurance needs.

• Most people are uneasy with aggressive selling practices. They prefer agents who adapt their paces and styles to those of their clients.

• Most clients are aware that an agent is responsible for handling the needs of both the client and the insurer. An agent who is focused on client needs without being overwhelmed by his or her carriers, is valued.

• An oral commitment is important but clients are most reassured when an agent puts his or her mission statement in writing. This gives clients a point of reference when they are unsure about an agent's scope of duties or future commitments.

• While most people expect a high level of service from their agents, most do not expect their agents to conduct business as if it were social work or volunteer work. What they do expect is value for the money they spend and professionalism.

• Agents who are honest and straightforward earn a good reputation. Clients who are aware of this reputation will place it above all else in their decision-making process.

To summarize, the following list details a few of the elements of an ethical insurance agent's code of sales conduct.

• The primary aim is client satisfaction and serving client needs; • Complete disclosure of all relevant facts; • Objective assistance is provided to the client to help him or her make the best

possible choice when purchasing insurance; • Responsible consideration of client liquidity needs; • Awareness of carrier financial strength which is always divulged to the client; • Offering of the most complete coverage at the time the policy is purchased; • Awareness and of any gaps in coverage and recommendations about how to fill

those gaps;

33

• Offering conditional coverage to bridge any gaps—either permanently or temporarily;

• Never exceed binding or underwriting authority; • Use of client disclosure agreements to help resolve client disputes; • Illustrations used in a responsible and complete manner; • Prompt execution of policy underwriting; • Taking responsibility for any expertise claimed; • Treating competitors with respect; • Personal presence when crucial documents are being signed; • Treating all clients uniformly and fairly through the application of a standardized

operating process; • Being prompt when communicating with clients and responding to their messages

and inquiries; • Respecting client privacy, safeguarding personal financial and health information,

and keeping such information confidential; • Keeping a current and concise date-stamped record of client communications; • Monitoring clients’ policies and being responsible after the sales; • When recommending replacement policies, clarifying the need for such policies

and complying with all insurance regulations and disclosure requirements; • Never misleading a client to make a sale; • Providing an accurate business address; • Never calling an insurance presentation by any other name or misleading a client

or potential client about the purpose of a sales meeting; • Treating senior citizens with respect and removing oneself from situations where

impairment of the client’s judgment may be possible; • Suggesting to clients that they having legal, financial, or family advisors present

during a sales meeting; • Respecting clients’ rights to end a consultation and leaving, if asked to do so; • Being aware of all the provisions contained in any company-agent, or agency-

producer, and carrying out all duties and requirements; • When referring clients to other service providers, keeping clients’ best interests at

heart and referring only to reputable providers; • Keeping abreast of current news and events in the insurance industry; and • Following the rules and regulations set out by regulators, insurance carriers, and a

code of ethics.

34

Chapter 2 Review Questions 1. Which of the following helps clarify the precise nature of the agent’s duties and

responsibilities? [a] the insurance policy [b] insurance code [c] the agent-company contract [d] an insurance policy endorsement 2. Which of the following is the foundation of any good relationship? [a] clear communication [b] having an insurance agent [c] having an insurance policy [d] talking 3. It is five times more expensive to recruit new clients than it is to do which of the

following? [a] buy an insurance policy [b] obtain an insurance license [c] hire a producer [d] retain existing clients

35

CChhaapptteerr 33 Insurance and the Internet Although the Internet is currently indispensable to most people in the United States, it wasn’t available commercially until the 1990s! It took only thirty years for technology to expand so that an individual, room-sized, self-contained computer valued at hundreds of thousands of dollars could evolve into a hand-held device, valued at less than $1,000, for the purpose of connecting with other computers all over the world. Ethical insurance agents must be familiar with federal and state regulation concerning the insurance industry’s use of the Internet. This involves not only the sales and marketing of insurance on the Internet, but also the use of e-mail and other forms of electronic transactions.

History Originally known as ARPANET, the Internet was born in 1962, the brainchild of several researchers at MIT, each specializing in a distinct technological field of study. J.C.R. Licklider left MIT to work at the Defense Advanced Research Products Agent (DARPA), Leonard Kleinrock went on to work at UCLA, and Lawrence Roberts--who was the first person to connect computers via a dial-up connection. In 1965, Roberts connected a computer in Massachusetts with a computer in California and is considered the father of the ARPANET. Of course, may other individuals were singly and collectively responsible for early Internet technology and its advancement, but these three names continually crop up in early research. The Internet was first used exclusively by researchers, developers, scientists, and the military to provide a communication network that didn’t rely on other communication systems in the event they failed during wartime or nuclear attack. Unknown to the average person, the common use of e-mail actually predates commercial use of the Internet. As technology advanced, more and more universities and research sites used the Internet to store and archive data. In 1969, four universities became linked by online computers: UCLA, Stanford Research Institute, UCSB, and the University of Utah. Within a matter of years, the number of colleges and universities, researchers, and other such organizations utilizing the Internet was too lengthy to list. Because the Internet and its related research were initially funded by the government, its use was limited to researchers, educational facilities, and the government. Commercial use of the Internet was expressly prohibited unless commercial enterprises were directly linked to the goals of research and education. Delphi became the first national commercial online firm to offer its subscribers access to the Internet. Its e-mail service connection became available in July 1992 and full Internet service became available in November 1992.

36

The ban on commercial use of the Internet was lifted in the early 1990s. Depending upon sources, some say it occurred in 1991 and others say it occurred in May 1995 when the National Science Foundation (NSF) ceased sponsoring the backbone of the Internet and AOL, Prodigy, and CompuServe went online. Because commercial use of the Internet proliferated, the loss of funding previously provided by NSF to educational institutions was hardly noticed. When Microsoft entered the playing field as a browser, server, and Internet Service Provider (ISP), the Internet became commercially based. The first personal computer, the IBM PC, was launched in August 1981 and Time magazine named “the computer” as its Man of the Year. Apple released the MacIntosh in January 1984 and, because of its user-friendliness, the number of computer users grew exponentially. In 1989, the number of hosts increased from 80,000 in January to over $160,000 in November. At the same time, other countries joined the Internet: Australia, Germany, Israel, Italy, Japan, Mexico, Netherlands, New Zealand, and the United Kingdom. In 1990, ARPANET formally shut down. The Internet has grown from its original 4 hosts to over 300,000 hosts.

Internet Conduct The Internet revolution has had a mixed impact on the insurance industry. While recent laws make it convenient to accept electronic signatures in lieu of actual signatures, it also throws into focus the code of conduct governing e-commerce. With the explosion in net usage of the Internet for recreational and business purposes, it becomes increasingly important for an agent to have a clear set of guidelines to help make the practice of obtaining insurance via the Internet smooth, secure, and swift. The age of e-conduct comes with its own set of issues. These issues can be handled well when all the parties concerned have a clear sense of the governing principles. In the long run, this shared understanding ensures that an ethical insurance agent will exercise a complete focus on customer satisfaction through the best possible service. The set of governing principles concerning e-conduct might be termed an e-code, and might form the basis for any transactions that take place through electronic means. Revisions in an e-code would result from changing customer profiles, technological advancements, and legal modifications. Various legal shifts have necessitated the implementation of some form of an e-code. For example, just as California requires agents to print their license numbers on business cards and proposals, the requirement may soon be widened to include the posting of license numbers on any websites or electronic advertisements. Another such legal shift is the acceptance of e-signatures instead of handwritten signatures. E-commerce includes any transaction involving the procurement or sales of goods, or services, via electronic means. These electronic means include:

• E-mail, File Transfer Protocol (FTP), telephones, and fax machines; • Use of public or private networks such as the Internet or Electronic Data

Exchange (EDI);

37

• Electronic transfer of funds via any established means; • Radio, television, and other such means of broadcast; • Interactive Voice Recording (IVR); and • Any wireless transmission that allows exchange of information through electronic

means.

Internet sales of insurance An alert and ethical agent keeps tabs on more than just trends in the insurance industry. Being aware of the exponentially increasing demand for conducting business online is a big factor in keeping clients satisfied. A client who buys goods and services online, pays bills via electronic transfer, and communicates with friends and family via e-mail and social networking sites, will obviously be comfortable using this medium for other purposes. The insurance industry has embraced the Internet in certain areas; they include:

• Aggregators – Insurance companies providing quotes and other information to users to help them compare services and complete preliminary insurance application forms. For example, SelectQuote and Quotesmith.

• Virtual insurance companies – Insurance companies that write and service an entire line of insurance online. They collect applications, perform underwriting, files claims, and service policies over time. For example, Esurance and eCoverage.

• Click and mortar insurers – Insurance companies specializing in unique brands of e-commerce.

An increasingly popular opinion is that the direct selling of insurance may become increasingly prevalent and this may obviate the need for insurance agents altogether. Many concerned parties worry about the loss of the personal connection between client and agent that may result from conducting the business of insurance online. Whatever the various views on the changing trends in insurance selling, it is best to move forward to incorporate those elements of e-commerce that facilitate the process, while retaining the traditional elements of personalized service. A question that needs to be asked is, “Is the customer likely to purchase insurance via the Internet?” While traditionalists may think it highly unlikely that most people would entrust information of a sensitive nature to a faceless entity, various survey results seem to indicate otherwise. GIGA Information Group predicted that by the mid 2000s, Internet spending would reach over $200 billion. In addition, consumers’ expectations of e-commerce shift annually, with most consumers expecting higher levels of sophistication. With the changing demographics of both clients and agents, it makes sense for agents to familiarize themselves with the most up-to-date technology and be prepared for any eventuality. Although a common fear is that the insurance agent may become redundant, that may be an unrealistic fear. Personally wading through the morass of information on the Internet may seem daunting, but a responsible and ethical agent points out the need for insurance and provides direction.

38

Need to acquire Internet skills Although an agent is still very much needed to help a client in the decision-making process when considering the purchase of insurance, there is no justification for agents to become complacent. Ever-evolving agents are those who make sure they do not become redundant. One way to avoid redundancy would be to learn about, and expand upon, the existing set of e-skills. Another sound reason to improve e-skills is the competitive nature of the insurance industry. Increasingly, insurance companies are claiming a spot on the Internet that can be accessed by a wider variety of people. Other carriers use the Internet to provide services to special groups such as those with a history of automobile accidents. Rapid start-to-finish services are being offered by many insurance companies--from the completion of insurance applications to the payment of the policy premium in a matter of minutes. Some specific reasons to become net-savvy include:

• Quick verification of pending applications and important policy information and status;

• Electronic transfers of premium payments; • Rapid retrieval of quotes and illustrations; • Direct contact with clients via e-mail; • Quick information retrieval from carriers; • Prompt reporting of insurance losses; • Provision of relevant policy information to clients, at any time during the day; • Use of electronic signatures to procure insurance; • Cheaper forms of advertisement via websites or e-newsletters; • Quick downloads of forms and other documents needed for underwriting and

customer service; • Access to the latest news and updates in the field, especially through discussion

boards with peers; • Agents can access a wealth of rating, tax, and reference information; • Consumer-protection can be maximized through posting of infringements on

bulletins; and • The Internet, with its various job-search engines, can help recruit employees

quickly and inexpensively.

Methods of insurance sales via the Internet The practice of buying goods online is common. Books, clothing, shoes, furniture, and many other goods are easily available in the virtual world. The sale of insurance, however, is still in an emerging stage and is likely to remain so until some major changes in infrastructure are put into place. Currently, there are few ways in which Internet transactions of insurance happen.

Single Source Sales Sites Single source sales sites include individual websites hosted by insurance companies or, in rate cases, insurance agents. Depending upon the organization, the website might provide general information or it might even provide a form to request a proposal. After

39

a consumer secures an initial insurance quote based on the information provided via the website, the consumer is directed to an agent, or a selection of agents, who will be able to handle the insurance purchase. It is usual for such pages to contain names, contact phone numbers, and e-mail addresses of the agents listed. In some cases, the website may directly provide insurance. Thus, a single source sale site enables a consumer to obtain information and, possibly, actual insurance directly from an insurance company. Many insurance agents too have their own web pages in order to create a direct link to clients. Survey results indicate that about 75 percent of insurance companies use websites for visibility and advertising purposes, while fewer than 10 percent use websites to obtain future business for their agents. Only one percent of the insurance companies surveyed used their websites for direct sales.

Insurance malls In contrast to single source sales sites, insurance malls are sites that provide information and services from a variety of same-industry sellers (Vertical Malls) or a variety of sellers from different industries (Horizontal Malls). The primary focus with respect to insurance malls is aiding the consumer in efforts to comparison-shop by reviewing services offered by, and among, different insurance companies. Evaluating consumer profiles, and then pairing the consumers with a number of policies that meet their underwriting qualifications, helps narrow the list of potential insurance companies. Many such websites also focus on educating the consumer about various options offered by the insurance companies represented. Some websites go even farther and allow clients to fill request for proposal forms and obtain quotations. They may then be guided to an insurance company’s websites to find agents who will best be able to meet their needs.

Independent quotation services Independent quotation services provide rate proposals, or quotes, to consumers. It is most usual to find these independent quotation services linked to websites of various insurance agents. A visitor to an agent's website may find a hyperlink to one such independent quoting agency. A quick premium estimate can be obtained by providing information about the type of insurance coverage desired. Specialized software is then used to calculate the premium estimate. The quotation agency website will then redirect the consumer to the agent's website. When the consumer is hyperlinked between a specific agent and the quote or proposal, the premium estimate will reflect only the policies and coverages available from that agent and the insurance company(ies) he or she represents.

Benefits and drawbacks of Internet sales of insurance

Benefits for the consumer Consumers can compare insurance products online and make purchasing decisions after reviewing various products, services, providers. They can obtain rate quotes after providing certain information to the online services. They can also choose a particular insurance company or agent with whom to do business. In some cases, consumers may be able to conduct entire transactions online.

40

Online access also means consumers have 24-hour connectivity with their agents, insurance companies, and regulators. This continuous access helps them conduct their insurance business at times that meet their convenience. Online access also provides consumers with easy access to consumer complaint forums. The Internet presence of an insurance company or agent allows consumers to check the status of their policies and to determine when premium payments are due. In many cases, payments may be made online, helping consumer avoid late fees and mailing delays. If the insurance industry uses the Internet to carry out more and varied transactions, the process may result in lower operational costs and, subsequently, reduced premiums.

Drawbacks for the consumer The major drawback to consumers is the lack of personal contact with a human being when business is transacted online. This lack may lead to consumers obtaining insurance that does not meet their actual needs. Rather than being a guided process involving evaluation and decision-making, it may become a less-than-educated choice, not unlike ordering an item from a menu. Another drawback is that clients may not be aware of all the rules and regulations inherent in the process of purchasing insurance. These rules and regulations concern knowledge about licensing requirements, completion of insurance application forms, credentials for surplus lines insurance sales, etc. Without such knowledge, a consumer may actually attempt to purchase insurance from a company or agent who is not licensed to sell insurance to that particular consumer. While the geographic flexibility is an advantage, in some cases it can prove to be unfavorable. When consumers cannot verify the authenticity of the insurance companies or agents they are conducting transactions with, it may lead to instances of fraud and the absence of legal insurance coverage. Although it may seem unlikely that consumers lack the basic skills and knowledge to use the Internet, it is a reality in some case. A large segment of the population may not have the resources (financial or otherwise) to obtain the basic requirements for Internet access. Even at the affordable prices being offered, many consumers may not be able to afford a set-up that allows them equal access to facilities that are being offered exclusively online. This is especially discriminatory when online rate quotes and premium payments are lower than those offered elsewhere are.

Benefits for regulators Regulators can streamline various processes to perform more efficiently when conducted online. Consumer complaints can be accessed and processed more smoothly and quickly online. Consumers can also be educated about various regulations and cautioned appropriately whenever needed via websites and other electronic means. Regulators can also provide huge amounts of compliance data to insurers in a shorter time frame when doing so via the Internet. Information about licensing, fees, industry

41

updates, and e-mail can be sent promptly. The primary focus of regulators is protecting consumers. The carrying out of this task is easier when a well-set up infrastructure exists, including sophisticated web technology. Regulators in at least thirty-five state have an online presence. The NAIC has a website, which is used as a reference sources for the various participants in an insurance transaction: clients, insurance companies, agents, insurance trade and professional organizations, etc. One specific way in which the NAIC’s online presence has helped facilitate the conduct of the insurance industry is the verification and issuing of licenses. The ability of the NAIC or affiliated state regulators to verify license status reduces the administrative task of doing so manually. The time that was previously spent handling manual administrative tasks can be more profitably expended in timely license approvals, and other monitoring activities.

Drawbacks for regulators Some regulators do not have the virtual infrastructure to handle monitoring activities and consumer complaints and inquiries. Their capacity to regulate unlicensed activity is also restricted, in some cases. Another situation that creates problems is when unscrupulous individuals create fake insurance companies or agencies and issue phony insurance policies. Once these unscrupulous individuals have collected a certain amount of “premium dollars,” they shut down and disappear—leaving their swindled “policyholders” in a vulnerable position. Given the vastness and geographic ambiguity of the cyber world, difficulties in detection and prosecution often arise.

Benefits for the insurance industry Insurance business conducted via the Internet may need a one-time investment in setting up the infrastructure. Once that is done, however, the system will likely pay for itself many times over in terms of the expenses curtailed. As the Internet is not manually intensive, and works in a relatively paperless fashion, operating costs are reduced considerably and can be translated into higher profits for the industry and lower costs for the customer. One example of the paperless transaction is sending advertising material, forms, underwriting information, rate quotes, company guidelines, etc. via the e-mail instead of as hard copies. As mentioned earlier, a consumer who routinely uses the Internet to search for the best deals on various goods and services will expect to be able to use the Internet for his or her insurance shopping too. Marketing via the Internet reaches the consumer quicker and less expensively than traditional marketing methods. Taking this concept step further, consumers can obtain policy status, premium payment reminders, policy information, rate quotes, and other such routine information without having to wait for a manual operator. Just as consumers have quick and easy access to crucial information, insurance companies and agents can access compliance information from regulators with minimal fuss. This process will help optimize services rendered and agents and insurance companies can access regulators for truly serious matters with ease. Communication

42

within the insurance department, and concerning consumer complaints, will be tackled satisfactorily. The NAIC database will help insurers obtain up-to-date licensing information. Other information available on this network includes producer information, common ways of handling insurance issues, NASD examination outcomes, and regulations. Another benefit of the NAIC database is usage of PIN to appoint or terminate agents depending on licensing and appointment compliance. Another major website that is of use to insurance companies and agents is the National Council on Compensation Insurance (NCCI). The NCCI website hosts information about worker’s compensation insurance, including education, safety, product data, and service information. Other possible services might include electronic premium payments, electronic verification of coverage, etc.

Drawbacks for the insurance industry Major drawbacks for the insurance industry concerning Internet use are the lack of geographic limitations and the lack of a clear set of rules and regulations. Information posted online by an insurance company or agent in one state is easily accessed in not just different states, but a whole different country, as well. As state laws and regulations are not usually broadcast beyond their jurisdictional limits, a real risk exists for them to be violated. This risk emphasizes the need for insurance companies to be well aware of all applicable licensing and product requirements—and to post them on their websites. Insurance companies also need to confirm that their policies are available in the states in which consumers live. In some circumstances, insurance companies may unknowingly offer policies in areas that are legally out of bounds. It is the insurance company’s responsibility to make sure that their websites clearly state the geographical limits of sale for every policy and not violate these strictures. In cases where confusion exists about the precise location of the sale (insurer location versus buyer location), the consensus seems to be that the location of the sale is the state in which the consumer resides. Another drawback is the issue of verifying crucial medical and financial information without a personal meeting between client and agent. This issue may create serious problems when attempting to qualify an individual for a policy and, later, if losses occur. A final drawback is the world of advertising on the Internet. Many agents may unknowingly violate regulatory codes while promoting services of various insurance companies on their websites. They may be doing so without valid approval from the companies and/or in violation of state laws. Also, in cases where insurance companies allow their agents to solicit businesses from multiple states, advertising may lead to extra expenses in terms of additional licensing fees.

43

Insurance consumers According to Tim Sawyer, over 80% of consumers perform research about insurance online. Sawyer is the president of Astonish Results, a digital marketing firm based in Rhode Island. Sawyer and his firm have trained hundreds of insurance professionals in every aspect of the business with a focus on leadership, digital marketing, and best sales practices. Here are some statistics they provide to their clients:

• 1 out of every 10 people use the newspaper or Yellow Pages before they buy insurance

• 3 out of every 10 people use TV and radio before they buy any product or service • 8 out of 10 people use the Internet before they buy insurance

Using the Internet provides insurance consumers with a number of advantages when transacting business, including:

• Research into insurance products, features, benefits and pricing is easily accessible—from a vast number of insurance companies and other sources

• Contacting insurance companies, agencies, and producers can be facilitated either via web sites or e-mail

If a consumer makes several transactions with an insurance company or producer through a particular medium, he tends to forge a bond with the company/producer and the method of communication—if the process is convenient and nets him positive results. The insurance industry, being service-oriented, has a tremendous opportunity to improve its client-relationships with consumers who prefer to use the Internet as a method of facilitating communication and insurance transactions. Typically, an insurance consumer personally initiates contact with his agent or company in certain circumstances:

• When he must buy an insurance policy (as in his lender or mortgage company require the purchase of coverage)

• When he pays his premium • When he reports a loss or makes a claim • When he feels the need to make a change to the policy • When he has a specific question

Many consumers, especially younger consumers who are more adept at using computers and are more likely to use them, will utilize Internet access to their agent/company for these transactions. A producer can increase his client contacts using e-mail and other Internet uses. Many property and casualty insurers have designed access to their web sites for the express purpose of allowing clients to make payments and initiate change or service requests. Not only does the access to such online services bring about a heightened sense of teamwork, but it also creates a comfort level and builds trust in an insurance company and its online services. Another way of enhancing consumer relationships and building trust through the use of the Internet is to offering online complaint and claim services help lines. More and more consumers are availing themselves of online services—in all business industries. The

44

demand for increased access to relevant and updated information, along with customer attention and service, cannot be ignored if a business intents to grow. As with any form of technology involving the sales and servicing standards within a business industry, utilizing the Internet is viewed by some consumers as being advantageous and by others as nothing short of impossible. Advantages of utilizing the Internet in consumer transactions:

• Easy access to quotes and other information • Ability to apply for coverage, or determine eligibility, quickly and conveniently • Ability to locate potential insurance companies or agents by area of expertise or

location • Accessibility – either from a perspective of response time or time of day/night • Availability of account status, premiums information, and online bill pay options

Disadvantages of utilizing the Internet in consumer transactions:

• Eliminates face-to-face and personal interaction • Does not allow the opportunity for in-depth conversation and review of policy

terms, conditions, limits, exclusions, and recommendations by the producer • Offers greater opportunity for misunderstanding and miscommunication • Security breaches and privacy concerns

The popularity of the Internet is unquestionable; as is the convenience it often allows insurance companies and producers. Unfortunately, regular use of the Internet also gives rise to complications and, since no universal legislation exists, producers can often find themselves on questionable grounds if consumers file complaints or experience losses.

Electronic insurance payments Few people will argue that the ability to pay for something with a credit or debit card is a way of life in this country. More and more insurance companies allow consumers to pay their insurance premiums with either credit/debit cards or electronic checks. While the convenience of these payment methods is indisputable, neither is the potential for serious liability on the part of the insurance company or producer if the consumer’s privacy and security of information is not protected. The GLBA’s Financial Privacy Rule governs the collection and disclosure of customers' personal financial information by financial institutions. It also applies to entities receiving such information, whether or not they are financial institutions, such as insurance producers. The Federal Trade Commission (FTC) believes that “any information should be considered financial information if it is requested by a financial institution for the purpose of providing a financial product or service.” Since the GLBA clearly indicates that insurance companies are considered “financial institutions,” the information collected by insurance companies to process credit/debit card payments, and electronic check payments is subject to the Financial Privacy Rule. When a consumer enters information pertaining to his credit/debit card or bank account during an online

45

transaction, or when he provides it to a producer for processing the payment either online or in some other way, he has the expectation of, and legal right to, privacy. It is in the best interests of all parties involved in these payment transactions for insurance producers to be familiar with the Financial Privacy Rule and to adopt routine procedures when handling consumers’ personal nonpublic private information. Many insurance agencies do not retain consumer credit card numbers, bank account numbers, or social security numbers on file—unless required to do so by the insurance company—for the express purpose of protecting the consumer.

CAN-SPAM Act of 2003 One person’s version of insurance marketing is another person’s version of spam. Spamming is illegal and, if an insurance producer is unfamiliar with the CAN-SPAM Act, can find himself or herself being slapped with fines of up to $16,000 per each separate e-mail if he violates the law. The Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 (CAN-SPAM Act) applies not only to bulk e-mail, but also to all commercial messages. Yes, ALL commercial e-mails! How can an insurance producer know if the e-mail he’s sending is subject to the CAN-SPAM Act? By evaluating the primary purpose of the e-mail. The FTC classifies the primary purpose of an e-mail as having one of the following types of content:

1. Commercial Content – Advertises, markets, or promotes a commercial product or service, including web site content

2. Transactional or Relationship Content – Assists in the completion of an already agreed-upon transaction or communicates with a customer about an ongoing transaction or relationship

3. Other Content – Is neither commercial, transactional, or relationship-based If an e-mail contains only commercial content, it is subject to all requirements of the CAN-SPAM Act. If an e-mail contains only transactional or relationship content, is not permitted to contain false or misleading routing information. Otherwise, it is exempt from most of the requirements of the Act. Another concern to producers should be the forwarding of e-mail messages. If an insurance producer’s e-mail contains a request for the recipient to forward the message to a friend or some other party, the producer may be responsible for violations of the CAN-SPAM Act when the message is forwarded. The deciding factor usually centers on whether or not the producer is compensating the forwarder in some way, such as offering money, coupons, discounts, awards, additional entries in a raffle or sweepstakes, etc. If the producer is compensating the forwarder, he will likely be accountable for violations of the Act. Taken from the FTC web site, here is a list of the major requirements of the CAN-SPAM Act:

• Don’t use false or misleading header information. The “From,” “To,” “Reply-To,” and routing information – including the originating domain name and email

46

address –must be accurate and identify the person or business who initiated the message.

• Don’t use deceptive subject lines. The subject line must accurately reflect the content of the message.

• Identify the message as an advertisement. The law gives you a lot of leeway in how to do this, but you must disclose clearly and conspicuously that your message is an advertisement.

• Tell recipients where you’re located. Your message must include your valid physical postal address. This can be your current street address, a post office box you’ve registered with the U.S. Postal Service, or a private mailbox you’ve registered with a commercial mail-receiving agency established under Postal Service regulations.

• Tell recipients how to opt out of receiving future email from you. Your message must include a clear and conspicuous explanation of how the recipient can opt out of getting email from you in the future. Construct the notice in a way that’s easy for an ordinary person to recognize, read, and understand. Creative use of type size, color, and location can improve clarity. Give a return email address or another easy Internet-based way to allow people to communicate their choice to you. You may create a menu to allow a recipient to opt out of certain types of messages, but you must include the option to stop all commercial messages from you. Make sure your spam filter doesn’t block these opt-out requests.

• Honor opt-out requests promptly. Any opt-out mechanism you offer must be able to process opt-out requests for at least 30 days after you send your message. You must honor a recipient’s opt-out request within 10 business days. You can’t charge a fee, require the recipient to give you any personally identifying information beyond an email address, or make the recipient take any step other than sending a reply email or visiting a single page on an Internet website as a condition for honoring an opt-out request. Once people have told you they don’t want to receive more messages from you, you can’t sell or transfer their email addresses, even in the form of a mailing list. The only exception is that you may transfer the addresses to a company you’ve hired to help you comply with the CAN-SPAM Act.

• Monitor what others are doing on your behalf. The law makes clear that even if you hire another company to handle your email marketing, you can’t contract away your legal responsibility to comply with the law. Both the company whose product is promoted in the message and the company that actually sends the message may be held legally responsible.

Each separate e-mail sent in violation of the CAN-SPAM Act is subject to fines of up to $16,000 and more than one person may be fined for violations. For example, Jane is a producer sending e-mail marketing messages and she works for the ABC Corporation. If Jane sent 100 e-mails in violation of the Act, both Jane and the ABC Corporation can be fined up to $1,600,000 for the sending of the mass mailing. In addition to penalties for violating the Act, separate penalties exist for sending deceptive advertising and for criminal violations. Criminal violations include:

47

• Using another person’s computer without permission to send spam • Using false information to register for multiple e-mail accounts or domain names • Relaying or transmitting multiple spam messages through a computer to mislead

others about the origin of the messages • Harvesting e-mail addresses, or generating them, through the practice of sending

messages comprised of random letters and numbers with the intention of reaching valid ones

• Taking advantage of open relays and proxies without permission While the sending and receiving of e-mail can make an insurance producer’s life much easier, it can also create nightmares if the producer is not familiar with the law. The Do Not Call Registry and the CAN-SPAM Act have each, in their own way, affected a producer’s ability to reach and market to consumers. The components of these laws, however, were designed for the protection of the consumer and also enhance a producer’s professionalism when complying with them.

Electronic signatures Legislation concerning electronic signatures began with the Utah Digital Signature Act, which was enacted in 1995. As other states adopted legislation, California was the second, the focus diverged somewhat. Each state in the U.S. has enacted some type of legislation concerning electronic signatures and it is imperative that insurance producers understand the particulars of the laws in each of the states in which they are licensed. Two terms are commonly used with respect to online signatures: electronic and digital. Although the terms are often used interchangeably, they have different meanings. An electronic signature is a generic term that encompasses all methods of affixing a signature to an electronic record: a name typed at the end of an e-mail, a digitized image of a hand-made signature that is attached to, or inserted into, an electronic document, a secret code or PIN, an electronic fingerprint or retinal scan, or a digital signature. A digital signature is a specific type of signature: it utilizes public key cryptography to “sign” a message, form, or document. When a person affixes his or her signature to a document, regardless of the document’s format, he or she is signaling intent. The intent is either to identify or to confirm the accuracy of information contained in the document. A signature can also signal two other purposes: (1) to identify the person affixing his signature, and (2) evidence of the authenticity or integrity of a document. Three legal issues continue to crop up with respect to electronic signatures:

1. Are they legal? 2. Are they trustworthy? 3. What are the rules concerning them?

Clearly, insurance consumers and producers are concerned with the perspective of the state and federal governments with respect to the legality of electronic signatures. Why should a consumer purchase an insurance policy online with an electronic application

48

signature or a producer accept a client’s authorization to change or cancel a policy via an e-mailed signature if neither “document” or signature is considered legal in the jurisdiction in which it was made—and/or received? Some legal concerns include:

• Do electronic signatures satisfy legal requirements concerning writing and signatures?

• Do electronic signatures constitute being an “original” for evidentiary purpose? • Do electronic signatures inherently risk being denied admissibility because of

their electronic format? • Can a recordkeeper establish the authenticity of a document with an electronic

signature? Many state statutes and requirements compel legal transactions to be made “in writing” and “signed” by the involved parties in order for the transaction to be legally enforceable. If an electronic signature does not meet the jurisdiction’s specific requirements, then it is not legally binding nor is the transaction enforceable. In the case of an insurance application or change request, this could create a serious consequence. Writing requirements, traditionally, are not limited to ink on paper. The spirit of the writing requirement is to document a communication in tangible form. Courts have found that “writings” include those documented in ink, by wire scratched on paper, via telexes, in Western Union Mailgrams, and on tape recordings. According to the Statute of Frauds, magnetic recordings of data on computer disks have been held to meet the definition of “writings” under forgery statues and copyright law. Likewise, courts have found that the following types of signatures meet the requirements of “signed:” names on telexes and telegrams, typewritten names, faxed signatures, and names on letterheads. Again, the intent and the mark, symbol, or code on an electronic document should meet the requirement. What constitutes a signature? Since legislation varies from state to state, the answer can’t be pinned down to a single response. Legislation in this regard tends to take one of three different approaches:

1. All electronic signatures satisfy legal requirements, or 2. Electronic signatures satisfy legal requirements only when they meet certain

security measures, or 3. Only digital signatures meet legal requirements

According to the Uniform Commercial Code (UCC), 1303.41 Signature – UCC 3-401., the definition of a signature on paper includes: “ (B) A signature may be made manually or by means of a device or machine and by the use of any name, including a trade or assumed name, or by a word, mark, or symbol executed or adopted by a person with present intention to authenticate a writing.” Some states have adopted this definition with respect to electronic signatures but many have not. Those states that adopt this perspective, and their courts, will accept an “X” as a signature—so long as the symbol (aka signature) exists and the intent of the signer was to authenticate.

49

Most states requiring security components in electronic signatures take a technology-neutral stance. In general, the following components of a signature are required—and are based on original California legislation enacted in 1995:

• It is unique to the person using it, • It is capable of verification, • It is under the sole control of the person using it, and • It is linked to data in such a manner that if the data are changed, the digital

signature is invalidated It is estimated that approximately one-third of all state legislation takes this approach to the validity of electronic signatures.

Still other states have enacted legislation based on the technology used when signing. They consider electronic signatures valid only if they are digital signatures. Five states have adopted this stance: Minnesota, Missouri, New Hampshire, Utah, and Washington. Are electronic signatures trustworthy? The foremost concern when receiving an electronic signature is the component of trustworthiness: Are the message, document, and signature precisely what the sender sent? Has the message or document been intercepted and/or altered? Is it authentic? Is it complete and accurate? Can the recipient expect that the sender will be held accountable for his electronic message in the event a dispute arises? In circumstances where authenticity, integrity, and accountability are essential, it is generally recommended to require paper documents and signatures instead of, or in addition to, electronic documents and signatures.

Cyber fraud Insurance fraud is not a new concept. However, with its ease of use, the Internet now offers dishonest individuals and companies a new venue with which to perpetrate insurance fraud. Because of the anonymity afforded by the Internet, and the ability to set up and take down web sites in a matter of moments, perpetrators of insurance fraud abound. The most common fraudulent Internet schemes, according to the North Carolina Department of Insurance, involve unauthorized insurance. “Unauthorized Insurers” are entities that appear to be legitimate insurance companies or organizations that have been duly licensed, registered, and/or approved by state or federal regulators to transact insurance business in one or more states. They look, sound, and act like lawful insurance companies—but they’re not. They offer much lower rates and premiums than legitimate insurance companies and seldom engage in the underwriting of risks. Policies are issued quickly and claims, if they’re paid, are paid very slowly. Other fraudulent insurance schemes include:

• Imposter web sites illegally and fraudulently using a logo of a legitimate

50

insurance company. For example, an online insurance application guarantees the issuance of an auto insurance policy but the consumer never receives a policy and eventually learns that the insurance company being portrayed never received an application, the premium payment, and has no knowledge of the imposter web site.

• Theft by an “insurance agent.” An insurance agent advertises on the Internet, or even has a web site, and provides a phony policy or insurance ID card after accepting an online insurance application and/or premium payment. The “agent” simply keeps the money and, after receiving sufficient complaints, shuts down his Internet operation.

• A marketing or pyramid scheme that offers financial inducements, including insurance policies, for those who become members and pay a membership fee. The inducements are devised to recruit more members and increased cash flow. New members are convinced to sell new memberships and are promised the opportunity to borrow money against their insurance policies.

Internet security Many businesses, including insurance companies and large insurance agencies, have IT departments that handle security for their web sites and other Internet functions. But what about agents and brokers who operate smaller businesses and act as their own IT departments? How can a producer be sure he’s protecting himself and the consumers with whom he works when transacting insurance business online? The Federal Trade Commission publishes an online guide concerning Internet security, as do a number of other regulatory agencies. Information is available, at little or no cost, to individuals who are concerned with security. The FTC lists seven practices for computer safety:

1. Protect personal information 2. Know who you’re dealing with 3. Use software that automatically updates security measures 4. Keep the computer’s operating system and web browser up-to-date and learn

about their built-in security measures 5. Keep passwords safe, secure, and strong 6. Back up important files 7. Learn what to do in an “e-mergency”

Before communicating with consumers via e-mail, producers should be sure to obtain authorization from them to use their e-mail and be sure to protect their e-mail addresses. When communicating via e-mail, producers should avoid opening or replying to messages from individuals whose identity they don’t recognize immediately. If a hacker or other individual gains access to a producer’s computer, not only can the producer’s personal information be obtained, the entire contents of his address book can also be acquired.

51

It’s a good idea to avoid file sharing, especially if a person is not familiar with the proper settings to enable safe, secure transactions. Failure to choose appropriate settings may make the entire contents of a computer accessible to another party. Password protection is something endorsed and required by all insurance companies when accessing their web sites and applications. In fact, most insurance companies require producers to change their passwords on a regular basis, usually every 60 to 90 days. Their reasoning is that it is becoming increasingly easier for hackers to obtain passwords. Some hackers utilize programs that run through words in the dictionary because many people use common words as passwords. The longer the password, and the more diverse the types of characters it contains, the more difficult it will be for a hacker to obtain. Avoiding the use of personal information (nicknames, dates of birth, etc.) in passwords is another way to reduce the likelihood of a hacker figuring out your password. Many businesses offer wireless Internet services to customers and employees with laptops. The convenience and mobility of this type of service is attractive but it involves inherent risks. Here are some tips to maintain the security of a wireless network:

• The network should use encryption to scramble communications o WPA has stronger security measures than WEP

• The wireless router should have its identifier broadcasting mechanism turned off so that it does not announce its existence to the world

• Be sure to change the manufacturer’s default on the router’s identifier to prevent a hacker from accessing it

• Change the router’s default administrative password • Turn off the wireless network when it is not being used

These warnings sound very basic and, to some people, insulting. However, an insurance producer should keep in mind that any breach of security involving a consumer’s nonpublic personal information could result in regulatory action against the producer. Just because a producer is not currently working on a consumer’s insurance account when online doesn’t mean a security breach can’t occur and that business information stored on the computer is not accessible.

52

Chapter 3 Review Questions 1. The major drawback to consumers concerning the Internet sale of insurance is

which of the following? [a] the cost [b] the types of policies available [c] the lack of personal contact [d] the number of insurance companies available 2. A fine of $16,000 may be charged for which of the following CAN-SPAM

violations? [a] for each separate e-mail [b] for each insurance application submitted [c] for each insurance claim submitted [d] for each separate insurance policy issued 3. Which of the following statements is true with respect to electronic and digital

signatures? [a] they mean exactly the same thing [b] they have different meanings [c] they are synonyms [d] there is no such thing as a digital signature

53

CChhaapptteerr 44 Privacy Procedures The importance of protecting client privacy has been emphasized in this material. This chapter will focus on specific procedures an agent can use to protect client privacy. The main concern of agents is that sensitive information related to finances and health may be shared with parties who might take advantage of it. Such unethical behavior has led to laws that enforce complete disclosure where such private information is being shared—even with the client's permission. Encryption, firewalls, passwords, and anti-spamming laws are all used to battle these intrusions on client's privacy. Another area where privacy protection laws are being enforced, based on customer complaints, is in telemarketing. The reason for such a focus on privacy issues today is because the potential for abuses of privacy have increased exponentially over the last few decades. This dramatic change is directly proportionate to the technology boom. Instead of private information being physically filed away in a secure room, to be read and used only by those with access to this physical space, it has now become more common to store information in other methods. Private information is now stored electronically on computer networks that that were once believed to be secure. Another byproduct of the increasing concern for privacy is that fact that the number of people who can use this private, non-public information has grown. For example, with the consumers’ tendency to obtain health care from broadly spread health networks instead of a single practitioner, there are multiple levels at which private health data is exposed to various parties. While technological progress is making it easier to store larger amounts of client information, it also creates more problems in protection of privacy of this information.

Information sharing: To do or not to do? Today, we are bombarded with information that used to be considered highly personal information in the past. A casual scanning of television channels shows multiple reality shows where people spill their innermost secrets. People who would never reveal personal information in person, easily post the same personal information on their social networking sites. The question is: Why is it such a bad thing for information to be readily and easily available? Would it not work in a patient’s favor if a doctor could access all their medical history instantly, at the press of a button? The answer is that not everyone will treat this information with the objectivity it merits. An employer who has complete access to a prospective employee's medical or financial records may be unfairly influenced into not hiring or promoting the individual. Insurance companies access client's credit scores and other lifestyle information to use during the underwriting processes; if they had access to and used information to which they weren’t

54

entitled, it might adversely affect the rating of their policies. The unethical and improper use of personal information might also result in the declination of coverage. In some instances, sensitive personal information has been inadvertently exposed to third parties. For example, a used computer from a pharmacy contained demographic information and prescription data of customers. This computer was bought by a woman who reported the existence of the confidential information in a responsible manner. If she hadn’t been an ethical individual, she could have sold the information to someone without her scruples--someone who could have stolen the identities of the parties’ whose information remained on the computer or someone who—or she could have used it for nefarious purposes herself. In another instance, an FBI agent was relieved of active duty when his pharmacist revealed personal details about the FBI agents’ clinical depression diagnosis. The potentially drastic impact of improperly sharing such information has prompted strong laws to be passed. Insurance, banking, and health care are some organizations that are most rigorously covered by such legislation due to the high levels of sensitive information they obtain for business purposes.

Agent's role According to HIPAA, an insurance agent meets the definition of financial institution and, as such, is such subject to all the privacy regulations. This network of laws consists of the Health Insurance Portability and Accountability Act (HIPAA), the Gramm-Leach-Bliley Act (GLBA), the Do-Not-Call Registry, the Patriot Act, the Terrorism Risk Insurance Act, the Federal Medical Privacy Rule, and anti-spamming rules, etc. Sometimes, state regulations contrast directly with federal laws. For example, demographic information such as name, contact information, social security number, and payment history is considered medical information by HIPAA. This makes such information subject to the opt-in option. State regulations, in contrast, consider such information to be financial information and subject to the opt-out option to maintain confidentiality. When such rules are broken, stiff penalties, including fines and jail terms, may result. An infraction of the Do-Not-Call Registry rules can subject an agent to over $10,000 per unwanted call. Individuals who are on the receiving end of violations of the Do-Not-Call rules may also bring civil suits against offending parties. Caveat: Do not rely only on this information to deal with serious privacy concerns. Consult an expert or an attorney to get crucial advice.

Privacy concerns explained Keep in mind that the information presented in this course should not replace the advice of an attorney with respect to serious and specific privacy concerns.

55

The importance of privacy All states acknowledge an individual’s right to privacy as a fundamental right. For this reason, strict laws have been enacted to ensure that the right to privacy is upheld. The Declaration of Independence asserts the individual's right for life, liberty, and the pursuit of happiness. Most sections of the United States’ Constitution try to maintain the delicate balance between upholding this individual right with that of the larger, collective society. The part of the constitution that touches on privacy is the fourth amendment, which states that, "the right of the people to be secure in their persons, houses, papers and effects, against unreasonable searches and seizures, shall not be violated." The part referring to the papers and effects is construed to include personal information contained in forms for insurance purposes. The right of privacy is, of course, not air-tight. It depends on the definition of unreasonable search. Under certain circumstances, highly private information can be obtained. The two classes of highly private information include health and financial details. Among all medical issues and conditions, many individuals consider mental health information to be the most sensitive. A 1996 court ruling ruled that the Federal Rules of Evidence protected any communication between a therapist and client; many other states co-opted a variation of this therapist-client privileged communication.

A historically significant right Over the past years, the focus on the right to privacy has gained importance with the passing of many privacy protection laws. The United Nations Declaration of Human Rights, the International Covenant on Civil and Political Rights, and many other international charters assert the importance of privacy as a fundamental human right. This right to privacy is inextricably linked to the right to freedom of speech and association. In the insurance industry, gathering sensitive information is an important preliminary to the underwriting process. All around the world, the constitution of almost every country upholds this fundamental human right to privacy. Countries like South Africa and Hungary have created laws protecting an individual's right to divulge personal information. In India, Ireland and the United States, this right is recognized indirectly though other provisos. Countries have also adopted conditions set out by the European Convention on Human Rights or the International Covenant on Civil and Political Rights. The idea of privacy reaches far back into ancient literature, including philosophies contained in the Bible, Chinese texts, and classical Greek treatises. Many of these early concepts stemmed from a right to solitude. Later ideas widened to include the handling and sharing of personal data. Most broadly, privacy is viewed as a way to create a boundary between what is essentially an individual's concern and what society is permitted to know—and handle. Some areas of privacy include:

• Health records, bank and credit card accounts;

56

• The human body, to the extent which unauthorized handling through methods such as full-body searches or DNA tests are involved;

• Communication via e-mail, telephone, writings, etc.’ and • Territory, which safeguards an individual's home or place of employment from

unwarranted invasion.

Risk appraisal-what is it good for? One of the basic functions that an insurance company undertakes is risk appraisal. In order for this important function to be carried out, the insurer must collect highly private and sensitive information. Evaluation of the information makes it possible for an individual to be approved for insurance, which brings them the feeling of security they have been seeking. This evaluation of information involves assessing the amount of funds needed to insure an individual’s risks and exposures. Thus, this personal information makes it possible for individuals to make payments that are fair when considering not only the amounts and types of insurance purchased, but also his or her specific likelihood to suffer a loss. If individual risk appraisals did not occur, and everyone paid the same premium, low-risk individuals would pay more than they should and high-risk individuals would pay less than they should. Risk appraisal makes certain that the underwriting process generates appropriate premium amounts and it safeguards the overall value of the insurance and the financial strength of the insurance company. The specific benefits of risk appraisal include lowered expenses, fixed risk classification, high quality coverage that cannot be revoked, and early alerts for potentially serious health issues. During the process of risk appraisal, the underwriter obtains comprehensive health, financial, and other personal information. The mutual understanding is that the client will disclose all details in their entirety and in complete honesty and that the underwriter will respect this trust by protecting and safeguarding the client’s information. This expectation of privacy is met by an underwriter, through a series of well-crafted and practiced steps that are aided by a deep-rooted commitment to maintenance of privacy.

Sensitivity to customer worries With the possibility of private information becoming public knowledge without authorization, today's consumer is wary of sharing too much. The NAIC declares that consumers are worried about privacy issues, especially those related to medical and financial information, While the Internet may facilitate proliferation of less expensive services, it also opens the door to misuse and infringement of privacy. Information obtained and stored by health care providers has been misused by others in the past and this misuse has made the consumer mistrustful of the use of Internet-based services. Additionally, a strong movement opposes any moves to increase privacy measures.

57

The inevitable result of this growing mistrust is the rise in number of privacy advocates. The main area where the aftershock of this mistrust is felt is in the health sector. The potential effects of personal health information being exposed have far-reaching and severe consequences. Reports by the American Medical Association that most health information sites do not follow their own prescribed set of privacy criteria does little to bolster confidence in the existing system. There is still a lot of work to be done to create higher levels of trust if the Internet is to be accepted in this area.

Private medical information Most individuals have serious concerns about public disclosure of private information, especially health records. The increased computerization of the health care system, combined with lowered personal connection, leads to more worries. The worry occurs because this sensitive data, which is collected by large governmental or business institutions, if made public, may create huge disruptions in an individual's daily life. More effort is still expended in keeping financial, tax, and even video-rental records private. This is due, also, to political and economic concerns. Whatever the origins, it seems with the increasing proliferation of technology and electronic transactions for business and personal reasons, privacy laws in the health sector will continue to undergo positive modifications. Many share the concern that the focus on protecting privacy will swing to the opposite extreme and make access to health care information a nightmarish process. This would create its own set of problems. Too many rigid restrictions might prevent the provision of quality health care. It might erect barriers to medical research. There are several ways private medical records can be used to harm an individual. One would be to place barriers in the way of obtaining bank loans, mortgage, and other loans. Another would be impeding job advancement or preventing being hired for a job. Unlawful release of health information also generates unsolicited phone calls from pharmaceutical companies to the doctors or patients to convince them to change to drugs that the company manufactures. Due to these, and other serious consequences, the NAIC has decided that health information should be categorized under the opt-in choice. Unless an individual positively states that he or she authorizes the sharing of personal health information, it will be not be shared. Agents and underwriters should take note of this and make sure to comply with regulation. In conclusion, research points out that although medical websites understand their clients’ concerns about privacy, and may have appeared to accept policy on this matter, how they implement their privacy policies may be a different issue. When a user visits or utilizes a website and provides private details about health, he or she usually assumes personal information is completely confidential. Unfortunately, a chance might exist that a third party will have access to the information.

58

Private financial information Financial institutions, by definition under HIPAA, include banks, brokerage firms, and insurance companies. All of these organizations offer crucial services to society. They do so by being a repository for highly delicate information in addition to money. Consumers entertain a risk when providing a financial institution with personal, nonpublic information. Title V of the Gramm-Leach-Bliley Act (GLBA) lays down ground rules with respect to protecting financial information:

• The institution needs to let the client know the nature of information being collected and why it is gathered. This is the Privacy policy.

• The institution needs to explain the Opt-out option to clients so they know they may decide that none of their financial records may be shared.

• The institution needs to create and implement a sound system of guarding the private information collected. It also needs to explain this system to clients.

The above-mentioned regulations were accepted and were required to be applied no later than July 2001. Implementation did not involve a straightforward process because experts in the field had to make sure that in following these regulations, no state or federal laws were being broken. Issues of compatibility between differing levels of legal structure came up and took time to sort conflicting issues. Another issue involved keeping the consumer informed of legislative modifications. This was not a one-time responsibility; instead, it is an ongoing process of education and reminders. Insurance companies must continue developing strong privacy standards for the protection of their clients--not simply to comply with what the law states. In pursuit of this ideal and, in a bid to create an empathetic client-entity relationship, a financial entity can pose the following questions to itself:

• How much total financial data is collected per client? • How do we use this data? • Is this data being shared with other parties? • Who are the parties with whom we share this information? • What do the parties do with the information we share?

The process of building trust starts with creating and implementing a strong privacy policy. The client needs to be involved in this process and every effort should be made to explain the privacy regulations being set in place. If disclosure does not occur, the lack of communication might eat away at the foundation of trust between the organization and its clients. Trust in an essential element in the relationship where the integrity of insurance products being sold hinges on the evaluation of personal financial and health information. A reduction in client trust will result in a negative impact on the organization—and its agents and representatives. A strong privacy policy, and its consistent enforcement, also prevents identity theft and fraud. Fraud can be nipped in the bud if comprehensive financial information is easily available. Another benefit of enhanced trust leading to comprehensive information is verification of the credit worthiness of certain loans. This guides the institutions in the

59

obtaining of sound loans that can be resold as asset-backed securities, for example, in the secondary mortgage market, which ultimately leads to lowered mortgage prices. Considerably more focus has been aimed at privacy concerns now that the Internet is being used for financial business practices. This technological innovation has enabled the use of more sophisticated financial programs and services and still needs to focus on the values of trust, respect for privacy, and ethics in upholding the confidentiality of information. The benefits clients reap from technological advancements include quicker approval of credit for various purposes and an increase in the level of awareness of financial procedures. It is everyone’s best interests to establish a foolproof privacy system and inform clients about the workings of the system.

Specific privacy laws and regulations

Health Insurance Portability and Accountability Act (HIPAA)-Administrative Simplification

HIPAA has two major sections. Title I of this legislation shelters health insurance coverage for individuals and their families when they lose their jobs or change employment. It amended the Employee Retirement Income Security Act (ERISA), the Public Health Services Act, and Internal Revenue Code. Title II of this legislation was enacted to establish a set of national standards for the protection of certain health information. The Privacy Rule standards address the use and disclosure of “protected health information” by organizations subject to the Rule, as well as standards for individuals’ rights to understand and control how their health information is used. HIPAA’s Privacy Rule incorporates the stipulations of the administrative simplification of HIPAA. This rule pertains to what individuals wish to do with their health information, as well as what is allowable and imperative use of their records. It stems from the belief in the fundamental nature of the right to privacy. Items covered by the Privacy Rule include:

• Information about mental and bodily health, as well as providing and paying for health care.

• Information that could identify an individual. • Information that can be generated or obtained by a covered institution. • Information that is sent out or recorded in any format.

HIPAA’s Security Rule protects health information in electronic form and requires entities covered by HIPAA to ensure that electronic protected health information is secure. Entities covered by HIPAA include:

• Health Plans, including health insurance companies, Health Maintenance Organizations (HMOs), company health plans, and certain government programs that pay for health care, such as Medicare and Medicaid.

60

• Most Health Care Providers, including those who conduct certain business electronically--such as electronically billing health insurance premiums—including most doctors, clinics, hospitals, psychologists, chiropractors, nursing homes, pharmacies, and dentists.

• Health Care Clearinghouses, including entities that process nonstandard health information they receive from another entity into a standard (i.e., standard electronic format or data content), or vice versa.

Entities that do not have to follow Privacy and Security Rules include life insurers, employers, workers’ compensation insurers, some schools and school districts, many state agencies (i.e. child protective service agencies), many law enforcement agencies, and many municipal offices. The types of information that are protected include:

• Information contained in a consumer’s medical records that was entered by doctors, nurses, and other health care providers;

• Conversations between consumers and their doctors about their care or treatment with nurses and other health care providers;

• Information about the consumer contained in the health insurer’s computer system;

• Consumer billing information at the office of the health care provider; and • Most other health information about consumers that is held by those who must

follow these laws. Covered entities must protect personal health information by:

• Putting safeguards in place; • Reasonably limit use and disclosure of information to the minimum necessary

standards needed to accomplish the intended purpose of use and/or disclosure; • Maintaining contracts with others to ensure that the use and disclosure of

protected information is handled and safeguarded properly; • Maintaining procedures to limit those who may view and access consumers’

protected information as well as implementing training programs for employees about how to protect and safeguard the protect information of consumers.

Consumers have the following rights with respect to their protected information:

• They may ask to see and obtain copies of their health records; • They may have corrections added to the files containing health information; • They may receive a notice that tells them how their health information may be

used and shared; • They may decide if they want to give permission before their health information

may be used or shared for certain purposes, including marketing; • They may obtain a report about when and why their health information was

shared for certain purposes; and

61

• They may file a complaint with their provider, health insurer, or the U.S. Government if they believe their rights are being denied or their health information isn’t being protected.

The Privacy Rule sets rules and limits about who may review and receive a consumer’s protected health information. To ensure that a consumer’s health information is protected in a way that does not interfere with their health care, health information may be used and shared as follows:

• For their treatment and care coordination; • To pay doctors and hospitals for health care and to help run their businesses; • With their family, relatives, friends, and others identified as being involved in the

client’s health care or health care bills—unless the consumer objects; • To ensure that doctors give good care and that nursing homes are clean and safe; • To protect the public’s health, such as reporting when contagious diseases are in

the client’s geographic area; • To make required reports to the police, such as reporting gunshot wounds.

A consumer’s health information cannot be used or shared without his or her written permission unless this law allows it. For example, without a consumer’s authorization, a health care provider usually cannot:

• Give health information to the consumer’s employer; • Use or share the consumer’s information for marketing or advertising purposes; or • Share private notes about the consumer’s health care.

HITECH Act The Health Information Technology for Economic and Clinical Health Act (HITECH Act) is part of the American Recovery and Reinvestment Act of 2009 (ARRA). ARRA contains universal incentives pertaining to health care information technology, such as the creation of a national health care infrastructure, and also contains incentives designed specifically to hasten the adoption of electronic health record (EHR) systems among health care providers. The HITECH Act has expanded the required privacy and security protections available under HIPAA because a tremendous expansion in the exchange of electronic protected health information (ePHI) is expected. The HITECH Act provides for more enforcement and increases the potential legal liability of those individuals and entities failing to comply with the Act. Although a number of financial incentives are included in the Act, as well as other precise details, this discussion will focus on key provisions of the Act that are specifically related to HIPAA. Many requirements of the HITECH Act will become effective 12 months after the date of enactment (2/18/2009), however, other requirements involve different effective dates. Precise details of the Act’s provisions and effective dates can be found on the web site of the U.S. Department of Health and Human Services at: http://www.hhs.gov/ocr/privacy/hipaa/administrative/enforcementrule/hitechenforcementifr.html.

62

Enforcement It is common knowledge in the health care industry that HIPAA has not been meticulously enforced. Based on language contained in HITECH, it appears that regulatory intent concerning enforcement has changed and that consequences of non-compliance have increased significantly:

• Mandatory penalties will be imposed for “willful neglect” o “Willful neglect” will be judged on a case-by-case basis but it seems that

if a provider has “no story” or a story that indicates a disregard toward compliance, the provider will run a high risk of being penalized

• Civil penalties for willful neglect are increased o Can extend to $250,000 o Repeat/uncorrected violations can extend to $1,500,000

• In certain circumstances, both civil and criminal penalties extend to business associates

• As in HIPAA, individuals are unable to bring a cause of action against a provider o A state attorney general may bring a cause of action against a provider on

behalf of the residents of his state • The U.S. Department of Health and Human Services (HHS) is required to perform

periodic audits of covered entities and business associates

Notification of breach In the event of unauthorized uses and disclosures of “unsecured PHI,” HITECH requires notification requirements for data breaches. In most cases, the breach requirement pertains to stored health information that is not encrypted or otherwise made impossible to read —such as information contained on insurance applications. (Until HITECH was passed, only two of the 48 states that required data breach notifications included PHI as a specified data type—California and Arkansas.) The notification requirements are similar to those data breach laws currently in place per state law with respect to personally identifiable financial information. HHS must define “unsecured PHI” within 60 days of enactment and, if it fails to do so, then the HITECH definition will apply. HITECH defines “unsecured PHI” as meaning “unencrypted PHI.” Patients must be informed if unsecured breaches occur. HHS must be notified if a breach affects 500 or more patients and it will post the name of the breaching entity on its web site. In certain circumstances, local media will also be notified. It should be noted that notification procedures are triggered regardless of how the breach occurred: internally or externally. The severity of this provision is further evidence of the attention regulators intend to devote to security and the protection of privacy. California reported that in the first five months after state legislation required notification of data breaches, over 800 notifications were made. This underscores the need for security and the rate at which breaches are occurring. In an April 19, 2009 press release by HHS, “Entities subject to the HHS and FTC regulations that secure health information as specified by the guidance through encryption or destruction are relieved from having to notify in the event of a breach of such information. This guidance will be updated annually.” This requirement means that

63

in order for providers and business associates (i.e. insurance companies, agencies, and producers) to be relieved of data breach notification and to protect PHI, they must either encrypt PHI or destroy it. Essentially, encryption is the only secure way to store PHI. Keeping unencrypted PHI of consumers exposes a producer to virtually all of the HITECH requirements.

Electronic health record access If a health care provider has adopted an EHR system, consumers will have the right to obtain their protected health information (PHI) in electronic format (ePHI). Consumers will also have the right to appoint a third party to receive their ePHI. If a health care provider charges a fee for providing this information, it cannot exceed the cost of labor for doing so. While some of the EHR systems may not have immediate ability to transmit electronic records, it will be incumbent upon providers to be able to respond to consumers’ requests since it is expected that electronic records will be requested far more often than paper records. A provider unwilling or unable to comply with these requests for electronic information may find itself disqualified from participation in the financial incentives. Their use of the EHR system may not qualify as “meaningful use” if a provider fails to comply, or fails to comply promptly, with consumer requests for ePHI.

Business associates HIPAA contains some provisions that relate directly to business associates. (Insurance companies and producers meet the definition of business associate.) Before enactment of HITECH, privacy and security requirements were imposed upon business associates only if contractual agreements existed with covered entities. It has been suspected that many small providers did not have contracts in place or that if contracts were in place, they did not comply with all HIPAA rules. Lack of required contractual agreements has not generated a serious problem for the provider community in the past. With the enactment of HITECH, business associates are now officially required to comply with the Safety Rule. Which means that although an insurance producer does not have a contract with a health care provider, if he is involved in a transaction that involves EHR, he will be directly accountable under the HITECH Act. Because HITECH allows for the tremendous growth in the exchange of electronic PHI, all involved parties have increased concerns about privacy and security. It is anticipated that virtually all software providers of EHR systems will be considered business associates and, as such, they will be subject to direct compliance with HITECH—even in the absence of contractual agreements. In addition, business associates are obligated by the Act to report security breaches to covered entities in compliance with the notification requirements. As previously mentioned, they will now be subject to civil and/or criminal penalties under HIPAA if certain conditions exist. In addition to the business associate requirements discussed here, additional requirements exist based the definition of the relationship between the business associate and the provider. While large firms may have little difficulty adopting

64

the changes necessitated by HITECH because they already possess legal counsel and specialized staff to meet regulatory demands, small firms (or individual producers) may find themselves wading into waters that are difficult to navigate.

HITECH Summary HITECH also contains requirements pertaining to marketing communications, restrictions, and accounting—each of which modifies HIPAA in important ways. On February 18, 2010, the following requirements become effective:

• Application of rules to, and accountability for, business associates. • Clarification regarding which entities are required to be business associates. • Patient's right to restrict disclosures to health plans. • Deeming of limited data set as satisfying the minimum necessary standard. • Patient's right to electronic access to, and an electronic copy of, their health

record. • Clarification regarding marketing provisions. • Opt-out for fund raising communications; HIPAA's current provisions regarding

fund raising remain in full force an effect. • Clarification regarding the ability to impose criminal penalties against individuals. • Civil monetary penalties and settlements flowing to HHS/OCR (Office of Civil

Rights) for enforcement. • Requirement for HHS to begin conducting mandatory audits.

By August 18, 2010, the following requirements become effective: • Secretary's guidance on minimum necessary • Regulations regarding the sale of data prohibition (effective 6 months post

promulgation) • GAO report on methodology for providing individuals with a percentage of

HIPAA penalties • Regulations on imposition of civil monetary penalties in cases of willful neglect

(and with respect to when the Secretary can civilly pursue violations of HIPAA that qualify as criminal)

Future requirements will become effective on January 1, 2011, February 18, 2011, February 18, 2012, by 2013, by January 1, 2014, and by 2016. For convenience in determining which sections of HITECH most directly and urgently impact a producer, an outline of the Act follows:

• Division A: Title XIII—Health Information Technology o Subtitle A—Promotion of Health Information Technology

Part 1—Improving Health Care Quality, Safety, and Efficiency Part 2—Application and Use of Adopted Health Information

Technology Standards; Reports o Subtitle B—Testing of Health Information Technology o Subtitle C—Grants and Loans Funding o Subtitle D—Privacy

65

Part 1—Improved Privacy Provisions and Security Provisions Part 2—Relationship to Other Laws; Regulatory References; Effective

Date; Reports • Division B: Title IV—Medicare and Medicaid Health Information Technology;

Miscellaneous Medicare Provisions o Subtitle A—Medicare Incentives o Subtitle B—Medicaid Incentives o Subtitle C—Miscellaneous Medicare Provisions

The Gramm-Leach-Bliley Act (GLBA) The Gramm-Leach-Bliley Act, also known as the Financial Services Modernization Act of 1999, was enacted by Congress and repealed parts of previous legislation to open up the market among banking companies, securities/ brokerage companies, and insurance companies. GLBA history is based on the belief that banks, brokerage companies, and insurance companies should be separate. In 1933, 1956, and 1982, Congress passed legislation prohibiting the merger of these entities. The GLBA, however, repealed some of these laws and required consumer privacy protection when banks, brokerage companies, and insurance companies were permitted to merge. The Glass-Steagall Act of 1933 banned any single organization from acting as any combination of investment bank, commercial bank, and/or insurance company. GLBA, however, allowed commercial banks, investment banks, and insurance companies to merge for the purpose of offering expanded services. An example of a merger that resulted is that of Citicorp (a commercial bank) and Travelers Insurance Company to form Citigroup. GLBA also provides limited privacy protection against the sale of consumers’ private financial information and Pretexting--the practice of obtaining personal information through false pretenses. Banks, brokerage companies, and insurance companies are required to securely store personal financial information, they must inform their clients/customers of their policies about sharing personal financial information, and they must give clients/customers the option to opt-out of some sharing of personal financial information. The GLBA oversees the general use of client information by financial entities and upholds the privacy of financial data. The stipulations apply to insurance agents, brokers, and insurance companies as well as bankers, brokerages, and broker-dealers. The behaviors that are affected by the GLBA are traditional banking sector actions, investment guidance, insurance company activity, the sale of annuities, and mediation activities of brokers. Specifically, GLBA oversees any insurance company that is allowed to do business according to state insurance regulations. It operates at the federal level and other state regulations supplement its protection of privacy. The following individuals are also included under the auspices of the GLBA:

• Insurance agents, their staff members, and other representatives of a licensed insurance agent;

• Those whose associates provide requisite GLBA notices; and

66

• Anyone who keeps private information as such, even if revealing it only to employers or associates.

The GLBA gives authority to eight federal agencies, and the fifty states, to administer and enforce two regulations: The Financial Privacy Rule and the Safeguards Rule. These regulations apply to “financial institutions,” which include banks, securities, firms, insurance companies, and the following types of organizations that provide financial products and services to consumers:

• Lenders, brokers, or servicers of any type of consumer loan; • Preparers of individual tax returns; • Financial advice counselors or credit counselors; • Those transferring or safeguarding money; • Those providing residential real estate settlement services; and • Collectors of consumer debts.

The Financial Privacy Rule regulates the collection and disclosure of consumers’ personal financial information by financial institutions. It also applies to companies, whether or not they are financial institutions, who receive such financial information The Safeguards Rule regulates the design, implementation, and maintenance safeguards of financial institutions—and requires them for the protection of customer information. The Safeguards Rule applies to financial institutions that collect information from their own customers and to financial institutions that receive customer information from other financial institutions, such as credit reporting agencies. When financial information is provided to other entities, the agent or insurance company needs to give clients legal notices and disclosures and inform them about their ability to opt-out of information sharing. Similar notification is needed when an agent performs work for other financial organizations, such as an investment firm. The insurance companies concerned must follow the highest standards in privacy protection. Once the client makes a choice, he or she becomes the client of that specific organization. The nature of the privacy notice that needs to be provided is not standard. It should be developed by the agencies concerned based on their privacy policies and state regulations. The important point is that the client receives proper notification and is informed of his or her right to opt-out in any situation for which they do not want information to be shared. Agent exceptions are beneficial to those who have exclusive relationships with single insurance companies. They are better protected if the insurance company's GLBA policy includes and protects them. This also benefits agents who do not distribute client information with any external agency once an individual becomes a client. The ideal way to use exceptions is make sure insurance companies comply with GLBA requirements.

67

The Federal Medical Privacy Rule The Federal Medical Privacy Rule created a major shift in the way informed consent was interpreted. After the Nuremberg trials and the adoption of a worldwide code of ethics, informed consent was considered a paramount right of an individual. It involved providing comprehensive information about all relevant conditions to the participant and letting the participant make the relevant decisions. After the Federal Medical Privacy Rule was enacted by George Bush in 2001, a noticeable shift occurred that allowed the federal government to decide who had the authority to access medical and genetic information. This legislation contradicted earlier rulings that put the individual's right to decide above the rights of anyone else.

The Patriot Act and the Terrorism Risk Insurance Act The Patriot Act applies more to banks than to insurance companies. It was enforced after the terrorist attacks on September 11, 2001 and aimed at ensuring that banks completely verify and know the identities of all customers. It seeks to control money-laundering activities, specifically those related to terrorism. The Terrorism Risk Insurance Act was also a result of the attacks on September 11, 2001. It aims to protect consumers who suffer losses that involve acts of terrorism. It requires that for a loss to be covered by an act of terrorism, it be labeled as such by the Attorney General and Secretary of State.

National Do-Not-Call (DNC) Registry The Federal Communications Commission (FCC) established the Do-Not-Call Registry in 2003 and established rules to modify the Telephone Consumer Protection Act, which greatly influences insurance companies who rely on fax or telephone communications to promote and market business activities. The DNC Registry was created to offer consumers a choice concerning telemarketing calls. DNC regulations cover any plan, program, or campaign to sell goods or services through interstate phone calls. This includes calls by telemarketers who solicit consumers, often on behalf of third party sellers. It also includes sellers who are paid to provide, offer to provide, or arrange to provide goods or services to consumers. DNC regulations do not cover calls from political organizations, charities, telephone surveyors, or companies with which a consumer has an existing business relationship. Neither do DNC regulations apply to consumers who have given their permission in writing. Federal DNC rules state that any business (or business person) utilizing telemarketing needs to access the federal DNC lists and scrub (not call) the personal telephone numbers of consumers on the list every 31 days. The DNC rules are applied uniformly to all calls within and across states. It does not cover calls made purely for surveys or provision of information and neither does it cover those who combine any of the preceding two reasons with any kind of activity that can be construed as solicitations. Most states have their own DNC rules that apply in addition to federal regulation. It is important to note that the DNC Registry contains only personal phone numbers as DNC regulations do not apply to business-to-business calls or faxes.

68

Phone calls between an agent and client with an established relationship are exempt for up to eighteen months of the last business transaction. However, if the If the consumer asks the agent not to call again, the agent must comply with the request or risk a $16,000 fine. If an inquiry or application originates from a prospective client and is for gaining information, a new relationship is established for 90 days. A new relationship is not considered as being established if the calls made are for obtaining non-insurance related information. If the consumer makes a specific request not to be called again, the agent may not call—even if it has established a business relationship with the consumer. Another exemption is when individuals provide their consent to being called, and it is crucial that these consents are retained in writing. Agent actions that comply with DNC rules, include:

• Maintaining federal, state, and personal DNC Registry lists/scrub lists and following them completely. Add any new request to be added to the DNC list within a month.

• Maintaining a policy for complying DNC regulations and providing it to those who ask for it.

• Only calling during preset hours as stated in regulation. • Identifying the company adequately at the beginning of any telemarketing call. • Ensuring all staff members are aware of, and are following, DNC policy. • Having a non-private phone and/or fax number that shows up on Caller-ID. • Keeping the number open to receiving calls during business hours for those who

wish to request their inclusion in the DNC Registry. The federal DNC list can be accessed www.telemarketing.donotcall.gov. This list includes only the phone numbers listed by area codes and the first 5 area codes are available free. The ownership of the list cannot be shared by multiple businesses. If a business uses telemarketing, it needs to register with the national registry database website, even if the actual job is sourced out to an external agency. A vendor who manages this job for a number of corporations must list all businesses that are registered individually and are in good standing. Payment for one corporation does not include payment for the other businesses. If a scrubbed list is obtained from a company, a vendor must still pay appropriate fees or must personally make sure the list has, in fact, been scrubbed. In addition to the federal DNC Registry, most states have created their own DNC registries, or lists, as well. It is best for an agent to incorporate both lists into his or her own. It is important to remember that a different set of fees may apply to a list obtained from the state. While some states incorporate their DNC lists into the federal DNC Registry website, others do not. States may also have individual rules related to established business relationships that may differ from federal rulings. The above restrictions actually work in favor of agencies that violate a DNC stipulation and call someone on the list. A precedent of good behavior in this area could help when dealing with accusations of abuse of the DNC Registry and rules.

69

Penalties Any call violation faces the potential of a fine equal to $16,000 per call. Federal prosecution involves up to $500 per infringement, not including other unspecified damages and those imposed by the state. Private lawsuits may involve up to $500 per violation and other punitive damages may be ordered.

Spamming A special case that arose from the Internet revolution was the practice of spamming. The reason spamming became an issue is the astronomical levels of costs that government and corporate entities incurred to deal with spam. An estimated $10,000 is said to be lost in terms of working hours, software, and hardware due to spamming. California has enacted strict rules requiring that any violations of these rules can result in a $1,000 per message or $ 1 million per episode. These events could include no-reply addresses, misleading subject lines, and hidden transmission routes. Similar to rules pertaining to telemarketing phone calls, a company may send e-mail messages after receiving express permission or when there is an existing business relationship. Consumers must be told about their choice to opt-out. The problems in securing compensation in cases of violations are not as straightforward as the legal issue involving crossing state lines. Civil suits do not have the power to bring about any extradition proceedings. The optimal solution is to avoid associating with businesses that have a policy of spamming. In conclusion, the following are laws that support an individual’s right to privacy: The Privacy Act (1974), Employee Retirement Income Security Act (1974), Clinical Laboratory Improvement Amendments, The Freedom of Information Act, The Family Educational Rights and Privacy Act, Food, Drug and Cosmetic Act, Federal Substance Abuse Confidentiality Requirements, Federal Disability, Nondiscrimination Laws, Federally Funded Health programs (Medicaid, Medicare, etc), and the Fair Credit Reporting Act. Benefits of privacy compliance

Organizational When all the various stipulations regarding privacy came in effect, all the businesses concerned had to comply. Organizations that wished to continue functioning had to make sure all their departments followed the rules. An ideal method of achieving compliance was to clarify all the procedures and reorganize the existing system. This led to streamlining and future planning. Overall, the aspects of the system in place that were not contributing or complying with the modern standards were pruned out and newer, more systematic plans were set into place. This improved overall efficiency and benefited both the service provider and the user.

Improved security measures The ever-present threat of a virtual virus wasting millions of dollars worth of office equipment and man-hours has motivated companies to invest in very sophisticated systems of security. HIPAA made it clear that all businesses and organizations concerned had to makes sure a client's health data was stored using the safest of conditions. The

70

striking of various e-viruses, including the Love Bug and Code Red, also reinforced this idea. No company wishes to see huge losses to themselves or their clients. Security measures help companies monitor where and how security threats might emerge and then create a strong system to tackle the areas of vulnerability. The costs involved in the implementation and establishment of a security system are negated by the prevention of a much larger loss. It is the financial and health sectors that are leading the way in this area, but soon most other businesses will follow suit.

Drawbacks of privacy compliance One major drawback is the shift in power over personal medical records from the individual to the federal government via the Federal Medical Privacy Rule. Thus, it is not the person concerned who has final say over who, when, how, and why his or her health records may or may not be revealed. The government has immediate and consent-free access, and no doctor can refuse to share any patient information if it is federally requested. The following are some of the reasons why medical records may be accessed:

• Issuing of licenses; • Civic health inspection activities; • Health research; • Health care system examinations; • Court of law or other administrative activities; • Compliance with the law; • Monitoring by the Food and Drug Administration (FDA); and • International cooperation between U.S. officials and international governments.

To add to this issue, once information is obtained by federal officials there is no need for any further consent to share or disseminate information. It can be passed along to other parties, compiled into databases, and used without fear of any legal action, especially if it was collected before February 26th, 2003. Additionally, patients cannot restrict the viewing of their medical records. The health care provider can use it in the treatment of other clients and need not inform the original client about the details of disclosure when it does occur. Sperm banking, blood banking, and tissue banking is not considered health information and is thus subject to even less stringent privacy measures. A major recommendation of the Federal Medical Privacy Rule is creation of a nationally standardized database of medical data that can be accessed easily and quickly across geographical locations. This database would have to follow strict privacy stipulations--which has led to various healthcare providers and insurers trying to comply within a short period of time. Although there have been strong reactions to this ruling, the healthcare industry is aiming to comply with it and there are sections that are rooting for even stronger legislation to be set into place. The reason for a request for stronger legislation is in order for any relationship to bear fruit, a sense of trust is crucial, especially in the relationship between a healthcare provider and a patient. If the patient feels that his or her private information is not being treated with the respect and privacy it deserves, it may lead to a breakdown in the relationship and, consequently, in the larger system.

71

Choices in sharing confidential information There are essentially two ways that a decision about sharing confidential information can be made: Opt-in or Opt-out. Both choices were discussed in Chapter 1. To review previous discussion, the opt-in option requires clients’ consent to their information being shared, before it is shared. The opt-out option requires clients to choose to disallow the revelation of data in order for it to remain private. Some organizations that involve the sharing of confidential information include financial institutions such as credit bureaus, travel agents, loan companies, and collection companies. The government recognizes the opt-out choice at the moment, although many consumer protection organizations are lobbying for the more stringent opt-in option.

Controversies in the promotion of the opt-in option Opt-in can, in some situations, actually undermine privacy of clients by opening the way for fraud and identity theft. As the insurance company will not have all the information regarding the client’s behavior trends, it may not be able to detect deviations from the client’s pattern in time to stop unauthorized activity. Once fraud occurs, the personal information is required anyway. Opt-in operating costs are higher and are passed on to the client, thereby increasing the prices of available services. It also is wasteful in terms of diffuse marketing strategies that are spread over a wider section of the population, as opposed to being tailored to a specific demographic. This increase in cost may be especially applicable to those who shop via catalogues. As many who use this technique also fall in a lower socio-economic stratum, it is likely they will be the most negatively impacted by this option. On-line shopping, in contrast, may actually benefit from the opt-in option, as most people who eschew it are those who have deep concerns about identity theft and other such privacy issues. By assuring them that the company will not share private information unless directed otherwise, it may boost sales, which will offset any increase in operational costs. As operating costs of companies increase due to the opt-in option, smaller businesses with narrower profit margins may be edged out. In addition, consumers may prefer to exercise the opt-in option with larger, more familiar companies and this will severely restrict the customer pool for smaller businesses. With the proliferation of e-commerce, however, such operating costs may be significantly reduced and even the playing field for businesses of all sizes.

Power over financial information Does the ownership of financial information lie with the individual or the corporation that holds the information? The Gramm-Leach-Bliley Act (GLBA) highlighted this issue. The GLBA made it possible for various interconnected financial organizations to exchange financial data. The purpose was to facilitate the provision of services such as financial standing information, and pricing of total relationships to the client. Thus, the overall intent for this increased coordination was sound. The issue here is that members of one particular financial organization may find that their information is revealed to a

72

number of affiliates, without their consent or knowledge. This sharing could include health information also. There is partial safeguarding of consumer’s rights in these situations. If the information is being offered to a non-affiliated third party, the client must be provided the Opt-out option in case he or she does not wish data to be shared. This does not extend to affiliates of the company. Many consumers may feel that social security numbers, credit standing, debt profiles, net worth, salary scales, savings, child support or alimony payments, and other payment history are extremely private details. They must not be utilized for anything other than the sole purpose for which they were shared. The argument here might be that the Opt-out option is always available. However, while being a theoretical possibility it may not be a practical possibility. For a client already over burdened with various responsibilities, the perusal of complicated forms filled with jargon may not be convenient. Thus, even if the abstract possibility of protection exists, the practical implementation may be lagging. Another issue that exists is the misuse of such private information by unscrupulous parties. The best of financial institutions cannot oversee what is done with shared information. The organization loses the right to control the use of the information once it is shared. Identity theft could be one serious consequence in today's technological world. Another outcome might be perpetration of fraud by telemarketing companies that use personal information of vulnerable segments of the population, such as the elderly or the less educated. In these scenarios, it seems like the Opt-in option would be the choice of most responsible and ethical financial organizations. A final issue might be a case of misrepresentation and unethical advertising. It is mandatory by law to send clients notices when information needs to be divulged. Some companies may imply that they are providing required notices and disclosures because they wish to do it as a responsible entity. This may create a false idea of the company practices and policies. Another area that needs to be clarified in a notice is the complete name and requirements of the two central laws. The Gramm-Leach-Bliley Act accepts the opt-out option only for non-affiliated third parties, while the Fair Credit Reporting Act (FCRA) enforces it for both third parties and company affiliates.

Maintaining client privacy online The reason for privacy concerns regarding information transmitted or stored online is that this information traverses multiple computer networks in the process. Multiple people have access to these networks, including different system administrators (sysops). These systems can also track and store virtual transmissions. Sysops and service providers can also oversee other Internet activities, including information commonly accessed, websites regularly surfed, and data often downloaded. These tracking and monitoring abilities sometimes create a fear about maintaining privacy of information.

73

One important fact to bear in mind is that not a single online service or activity assures the user of a 100 percent right to privacy. Some activities are considered more private than others are. Information posted on public websites, discussion boards, newsletters, and other online forums is considered public and liable to be used by anyone who can view it in these forums. Thus, if an individual posts his or her name, address, phone number, and e-mail address on such public listings, then that information can be taken and used without permission from the person who posted the information. Similarly, membership to a newsletter implies that messages will reach all members on the list, and some services may list all their subscribers along with additional information. There is some danger of this information being sold to telemarketers and other direct marketing agents. Privacy may be expected in certain forums where member sign-in is required. Certain chat rooms and bulletin boards that are members-only may mislead a user into believing that their communications here are private. However, portions of this supposedly private communications could be extracted, copied, and transmitted elsewhere by other members of the same forum. It is considered to be semi-private. The ruling of the Electronic Communications Privacy Act (ECPA) states that no one can read or transmit the contents of any electronic communication without permission. This is applicable to e-mail as well as other forms of electronic communication. The three exceptions are:

• Although randomly monitoring email is not permitted, any e-mail suspected of containing harmful content that could damage the system is open to inspection.

• E-mail can be inspected only after obtaining permission from sender or receiver. It could also depend on the consent form signed when joining the service.

• E-mails sent using employee owned equipment and software is the property of the employee.

Usually, once such cases are detected lawfully, e-mail content is only revealed to the addressee. However, this is not the case if there is a possibility that a crime has been committed, a court-ordered disclosure applies, or anyone who is a link in the message chain consents. In cases of access by law officials, if the data is stored for over six months, the rules established by the ECPA are less stringent. A sysop (administrator of a multi-user computer system) is usually responsible for this and its job is to ensure the network functions without any compromises. Among frequent Internet users it is common knowledge that there is a record of all the websites and web pages that the user visits, not just on the computer used to do so, but also on administrator sysops or other remote sysops connected indirectly. Thus, the expectation of privacy is not granted. A rarely known fact is that when a user visits certain sites, the site leaves certain pockets of information behind on the surfer's hard drive. These bits of information, called cookies, are like tracers, and allow for quick recognition of the user on subsequent visits

74

to the same site. These cookies help the advertisements and other add-on information that appears on the page to be more tailored to the specific user. Many companies collect transaction-generated information, which provides the company with patterns of computer usage for various individuals. This helps companies target groups that are most likely to express patterns that will translate into higher profits for the company. This transaction-generated information can result into annoying situations like junk mail, or potentially damaging ones, where the user visits objectionable or controversial websites when the browser automatically uploads them. Very often, information about a person's Internet history is sent to other computers through the software used. Browsers can provide information to operators about service providers, sites visited, users; e-mail IDs, and other such breaches in privacy. Another way confidential information can be leaked is by intentional or unintentional accessing of hard drive by online services while installing updates. Employers also routinely review the Internet surfing history of their employees. Law officials need a court order to access e-documents that are owned by the individual user.

Privacy safeguards for online transmissions Here are some pointers to help safeguard privacy online:

• Create a strong password that is not easily guessed. • Change the password frequently and do commit it to writing—anywhere. • Do not leave the computer terminal unattended or logged on when using a

computer in a public place. • Log on in private as much as possible. • Understand the privacy policy of the company from the sysop. • Read all introductory e-mails from service providers to understand their privacy

rules. • Scrutinize privacy policies of websites visited. • Verify the dependability of any new service being considered. • Do not send information of a private or sensitive nature using public or semi-

private forums. • Be wary of services that require personal data like social security numbers, credit

card numbers, bank account numbers, etc. • Use anonymous remailers to avoid leaving virtual footprints. • Be aware of the monitoring capabilities of a sysop, and avoid posting to or

visiting controversial sites, especially at place of employment. • Use tools such as encryption and memory protection software to battle invasion of

privacy.

Specific methods to be used to protect privacy

Encryption When using encryption, the original message is garbled so that it is not intelligible unless one possesses the required key to decode it. There are a number of reliable encryption

75

programs. This information is not accessible to sysops, network administrators, or law enforcement officials. Encryption creates some concerns about harmful or criminal data being encrypted and sent. There is an active effort by the Congress to create some legal and indirect access to all encrypted data. Another legal stipulation makes it illegal to use certain encryption programs regularly used within the country outside the United States.

Remailer Any e-mail sent is accompanied by information about the sender, including the name and e-mail address. In order to preserve privacy, there are programs available that remove this identifying information and make the e-mail an anonymous one. These programs are used to eliminate private information to enable forwarding of information without infringing on rights. There are a number of servers that provide this service to the customer.

Specialized software Specific software helps to protect a private home computer from being scanned by unauthorized entities by creating secure directories that are password protected. They also make a note of access trails and make a note of all the activity that has been prevalent in the various drives on the computer.

Smartcards There is a concentrated effort to create a large scale database of patient information that spans various organizations and includes a life-long record of each patient's medical history. This would facilitate rapid retrieval of medical records without geographical limitations. It would also help create helpful profiles of each individual that would facilitate prompt and efficient medical attention. The concern is a more spread out network of entities that have equal access to the information that was previously localized. One way to maintain privacy is by using smart cards that are specifically coded and authorized uniquely for each user. Thus, information about an individual can be accessed only when that person's smart card is presented for use.

Facilitating insider access Some individuals are opposed to computerization of records to preserve privacy. This may be a case of throwing the baby out with the bath water. Instead, it makes sense to ensure that those who need access to private information access it in a secure way and prevent inadvertent leaks. Use of password protection, audit trails, ongoing education, and disciplinary policies all combine to make availability of this information to the insider both convenient and safe. The bottom line concerning this issue is that there are always pros and cons to using a certain system. There will always be concerns about information leakage, abuse by insiders, and conspiracy theories. The need is not to regress to primitive forms of recordkeeping and communication. When justified, it makes sense to create awareness and work toward change. Overall, it makes sense to gradually adopt new technology and

76

optimize the safeguards that are needed in order for the new system to be accepted with minimal controversy and fuss. Prevention is, of course, the best method to use when avoiding infringing on the consumer’s right to privacy. It is important to be aware of areas that could create issues with respect to the privacy of financial and health information. The fear of many consumers is that with the increasing diffusion of medical services, and the need to deal with faceless entities, might undermine the sanctity of the Hippocratic Oath. Various civil rights and liberties may be violated. Thus, even though services may become quick and streamlined, they may also be open to more subtle violations. These violations surface primarily because a large amount of private data is collected in virtual databases and a number of people can access these. One such example is the patient purchase records that pharmacies maintain for legal reasons. While this is a good practice, it does mean that if an individual purchases antidepressants or HIV drugs, the information is available and can potentially be found by anyone with the technical expertise to locate it. Those on the other side of the argument believe that when a patient's health history, including medication, allergies, current illnesses, cognitive impairments, contact information etc. is available wherever and whenever needed, it could potentially save that individual's life. For example, an accident victim from a different state who needs emergency treatment can receive quick and appropriate treatment if his or her records are easily retrievable. The use of databases can be made more secure by the use of three questions:

1. What are the potential ways in which consolidated medical information on the database can be exploited?

2. Is it possible for future employees to access and misuse this information? 3. Can an insurer misunderstand medical history information that is not relevant to

the patient's current health status? Another caution that individuals who visit the health insurance websites should bear in mind is that when a user surfs certain web pages, the website leaves behind tracer cookies in the user's hardware. The cookies help the company monitor information about a client's surfing history on their website. The owner can use this information to promote and advertise certain products, which would be evident from the products surveyed online. I t is the company’s duty not to misuse this information and maintain the fiduciary expectations of prospective and current clients.

Agent involvement in maintaining privacy

Maintaining client confidentiality The main issue an agent needs to resolve is maintaining a balance between providing quick and user-friendly service and keeping private information secure and safe. This means that an agent upholds a client's right to confidentiality in all dealings. The client should have the final word about whether certain information may or may not be shared. It is the agent’s duty to respect the client's wishes. It is best if the agent explains to the client the various options available when sharing information. Although financial

77

information is considered private, it is sensitive health data that often receives more attention. Health data has historically been guarded very carefully and there are very well-defined sets of regulations in place to protect this type of information. The GLBA also has a set of requirements that protect client interests and information. Personal details that clients share with an agent are known as nonpublic personal information as is information obtained from consumer reporting agencies and other vendors. An important distinction to be made here is the different operational definitions of consumer and customer as understood by the GLBA. A consumer is one who has dealings with the agent in any capacity, while a customer is one who has an extended professional association with the agent. Customers are legally supposed to receive both opt-out and privacy notices from agents, while consumers will receive notifications only when the agent means to share their personal details with non-affiliated third parties.

Legal compliance Legal compliance includes adhering to the provisions of all laws about client's privacy rights and opt-out options. The agent should avoid unnecessary duplication of such notices for the benefit of the client and to reduce expenses. These laws apply to any licensed individual or group. If an agent transacts business exclusively with a single insurer and discloses information only to this single entity, then the insurer is responsible for following the privacy laws and notice requirements. The agent and the insurer can mutually arrange decide who will actually send required the notices. If information is being divulged to any outside third parties, then the agent is duty bound to provide separate opt-out information and other notices to the client. This rule also applies to an agent who provides investment or other pecuniary advice to a client for a fee. As soon as an individual becomes a customer, it is the duty of the insurance company and/or agent to provide the individual with a privacy policy notice. Even if the agent is the one responsible for this, the format will come from the insurer. The insurance company will provide future notices, which appear annually or otherwise. In cases where an agent provides information to various companies to receive the best possible quote, it is the duty of the insurance companies to send the required notices. As mentioned in the GLBA, once the client makes an actual purchase from one specific insurer, they are considered a customer. If the information shared by the agent is reaching anyone but the insurance companies, the agent is accountable for sending the required notices. The format of these notices is not fixed and each agency or company may have their own. While making sure legal stipulations are being met, the agent may come across certain inconsistencies that require resolution. An example is the conflict between what some states rule and what HIPAA rules. According to HIPAA, certain information--such as client identification data and medical payment history, are considered health details and covered by the opt-in option. Certain states consider this data financial information, which is governed by the opt-out option. Another discrepancy might arise when an agent

78

needs to exchange data with third parties--such as pharmacies or claims processing companies that are vendors. This sharing of information requires client authorization. These and other conflicts come up often and an agent should aware of these issues.

Maintaining a privacy policy Along with the above issues, an agent should create and maintain a clear privacy policy to help meet the requirements as set out by the GLBA. The following items need to be borne in mind when creating this policy:

• Include an alternative conflict resolving solution to help reduce costs related to problems in the future.

• Create a consolidated form bringing together various privacy policies to help notice and deal with conflicts, if any.

• Conduct quality checks to make sure that notice provisions and other policy requirements are conducted properly.

• Make sure that the organizations errors and omissions insurance is maintained at the right level.

Private information for marketing purposes It is the client's right to decide whether information held by an agent or insurance company may be shared. The privacy regulations ensure that this right is upheld. It is crucial that the client is aware of any opt-in or opt-out options upfront, and not after the fact. These privacy laws do not exist to create a barrier to the conducting of business or legitimate research. They exist to protect client privacy and facilitate services provided.7

Client deception When an agent purports to have knowledge that he or she does not possess, the agent is guilty of misrepresentation. Making misrepresentations to obtain financial information for unjustified reasons is a complete violation of the privacy policy. One such misrepresentation happened in California, where agents met with senior citizens to provide them information about a living trust. They were, however, not estate planning experts and were only interested in obtaining personal financial details to market annuities. The agents were later found to be guilty of deception and in violation of the Insurance Information Privacy Act.

Disclosure and Privacy regulations Please note the following glossary of terms:

• Affiliate: A corporation that manages, is managed by, or is commonly managed with another corporation. For example, according to the GLBA, banks can be affiliates of insurers.

• Consumers: Any individuals who seek a certain product or service from an insurer. A person might become a consumer when he or she is shopping for a policy and submits certain details to obtain a quote.

• Customers: Individuals who have an extended and long-standing relationship with the agency or the insurer. These individuals include those who have purchased policies, investments, and/or received financial or investment advice.

79

• Covered entity: Those individuals or groups who have been authorized by the Department of Insurance.

• Insurers: Any financial or insurance companies that must follow privacy rules. • Licensees: Individuals who are expected to follow the privacy rules and are

governed by the Department of Insurance. • Nonaffiliated third party: Those individuals and organizations not affiliated with

the agent, agency, or the insurer. • Nonpublic personal information: Information and details about an individual's

identity such as name, address, contact information, social security number, insurance policy information, etc. Nonpublic personal information does not include any data that does not reveal who the individual is.

• Opt-out: Unless a client specifically expresses the desire not to divulge personal information, the information can be shared with third parties who are not affiliated.

• Opt-in: Information may not be share with unauthorized entities unless the client explicitly consents to this information being divulged.

• Privacy policy statement: The form that is provided to clients, either in person or via the Internet, that outlines the agent's position on sharing clients’ nonpublic information with nonaffiliated entities. This form might include which institutions have access to information, what the specific nature of information may be, explanation of the opt-out option, confidentiality and security practices, etc.

Privacy rules for concerned parties

Consumers: There can be no disclosure of nonpublic data to any third party non-affiliates unless the consumer consents to it.

• Other exceptions to the above rule include prior notice by licensee, clarification of the opt-out option, time enough to opt-out, and consumer's decision to not opt-out.

• Consumers have the right to expect both a privacy policy and the opt-out choice notice provided by the licensee.

• All financial institutions must provide consumers who become customers with an annual privacy notice, which is clear and comprehensible.

Customers: Annual notice of privacy activities must be provided to customer by the licensee, so long as the mutual association continues:

• Non-disclosure of nonpublic data to any third party non-affiliates by licensee; • Other exceptions to the above rule include prior notice by licensee, clarification of

the opt-out option, time enough to opt-out, and consumer's decision to not opt-out; and

• Consumers have the right to expect both a privacy policy and the opt-out choice notice provided to them by the licensee.

80

Overall exemptions: An agent need not comply with disclosure and opt-out information provision in the following situations:

• The insurance company with which the agent is affiliated handles all such responsibilities;

• Only the principal or an affiliate receives non-public information from the agent; and • If there are any doubts about whether the affiliate is following the privacy rules, it is best

for the agent to use his or her own disclosure.

Requisite recipients Unless an agent is exempt, he or she must provide clients with the privacy notice. This notice needs to be provided at the start of the professional relationship. Notices need to be given anytime there may be a chance of client information being shared with non-affiliates.

Requisite disclosure information There is no fixed format for a privacy notice. The law does clarify what areas of information need to be listed. It also emphasizes the need for clarity, visibility, comprehensibility, and prominence. Following is a list of items to be included in a privacy disclosure.

• Types of medical and financial non-public details being collected; • List of affiliates and non-affiliates with whom information may be shared; • Types of previously disclosed financial information, along with whom it was

shared; • Types of previously disclosed information due to contractual, servicing, or joint

marketing reasons; • Explanation of the opt-out choice and ways to do the same; • Explanation of how non-public information will be kept secure; and • Any disclosures made to affiliates or non-affiliates while making a transaction

will follow the prescribed laws.

Requisite dissemination These are the required notifications to be made:

• Privacy notice at the time of forming the relationship and annually thereafter; • The notice should originate from the agency, the insurer or a jointly from both; • First notice should be given when the policy selected reaches the client, or when

the agreement for provision of services is concluded; • Annual notices can follow the same pattern of delivery (except for former clients

who do need not be sent one); and • Members of group insurance need not receive individual notices so long as plan

sponsor receives one. This does not hold true if non-public information will be shared with non-affiliates.

81

Client queries about privacy Client inquiries cover many topics. The following list is meant for purposes of illustration and is not all-inclusive:

Q: Do agents have to have privacy policies? A: Yes, because they need to comply with the GLBA. There are some

exceptions. Q: Does an agent who represents only one insurance company need to fulfill

the privacy policies? A: No, as long as the insurance company follows the stipulations laid down by

the privacy policy. Q: What are the responsibilities of an agent who works with multiple

insurers? A: The same privacy rules apply here. The insurers the agent is associated

with needs to comply and the agent must not reveal non-public information to non-affiliates.

Q: Is it permissible to share client information with multiple insurers to

obtain the best possible policy for the client? A: Yes, as long as any insurance company that shares client's non-public

information provides the adequate disclosure and opt-out option. Q: What about personal medical information—can that be shared by the

agent? A: No, this is not allowed, unless the client gives permission. This

authorization should include client identity, nature of information, nature of receiving parties, client's signature, the time frame the permission is valid for, and process to retract this permission.

Q: Does every client need to know about the privacy rule? A: Yes, whether the agent or the insurer provides the notice depends on the

mutual understanding between the various parties. Q: Who is held responsible if a client does not receive the privacy notice? A: An agent can be held responsible if the insurance company's notice does not

exempt the agent from providing his or her own notification. Failure to provide required notice could result in an action against the party responsible for the failure to provide notice.

Q: If an agent never intends to share any client information with anyone but

the insurer, is there need for a privacy notice? A: It is best to have a standard privacy policy in place to maintain high

standards of functioning. It could include basic information about categories of data assembled, confidentiality practices, etc.

82

Q: Do people who call on the phone for product related information, need to be informed of the privacy policy?

A: No, not if the information collected is not nonpublic. If any non-public information is gathered, then the caller needs to be provided with the privacy and opt-out option if the data will be disclosed to non-affiliates. As soon as an insurance product is purchased and the individual becomes a customer, the customer needs to be provided with the privacy and opt-out option notices. Providing notice may be delayed if the business is completed over the phone, after obtaining customer consent.

Q: Are agents considered the affiliates of any insurance company for which

they are agents? A: No Q: Can an insurance company be given information by an agent about a client

for marketing purposes? A: No, except for when the client's consent has been obtained via opt-out and

disclosure provision. Q: Can an insurance company give client data to its agent for marketing

purposes? A: Yes, it can. Q: How long does the opt-out option last? A: It is valid until the client cancels it in writing. Q: Are independent adjustors considered agents? A: Yes Q: Is an agent exempt if the transaction is made via a broker or a cluster

arrangement? A: Yes Q: What is a good place to display a privacy notice? A: That depends on the situation and state regulations. The usual places

include renewal notices, newsletters, opt-out notifications, websites, or by mailing.

Q: When a client policy is due for renewal, can an agent provide personal

information to insurers while shopping for better coverage or pricing? A: Yes, if the customer wanted the shopping. If the client did not ask for the

quotes, he or she needs to be provided with the disclosure and opt-out notice.

83

Q: Can agents ask for the client's social security number when they opt-out? A: Yes, they can request it, but they cannot insist. Q: When the insured is not the policyholder, who should receive the notices? A: The policyholder needs to receive the notices. The insured as a consumer

needs to be informed in situations where nonpublic information could be shared with affiliates.

Q: Does the privacy rule apply to beneficiaries? A: Beneficiaries are considered consumers and, as such, need to be sent the

disclosure and opt-out option if nonpublic information is being shared with non-affiliates.

Q: What about third party claimants? A: Third-party claimants are treated as consumers. Beneficiaries and

claimants who opt for an on-going settlement would be considered consumers and need to be provided with notices and opt-out options.

Q: Do HMOs need to send privacy notices and opt-out options? A: Yes, they need to do so for individual coverage. I n cases of group

coverage, only the group policyholder needs to receive the notices. Q: Are notices and opt-out options applicable to single premium policies and paid-

up policies? A: No, as long as there was no contact in the last twelve months with the

policy holder, and the policy is considered dormant.

Q: Does an agent who sells annuities need to follow the privacy rule? A: Yes, and the same exemptions apply here. (Insurance company

compliance with regulations and no sharing with non-affiliates) Q: Do insurers have to follow privacy notice and opt-out option requirements

if they do not have any specific information that is medical or financial? A: It is extremely unlikely that insurers would not possess financial or

medical information. Insurers have to comply with GLBA provisions for any information that is medical or financial in nature.

Q: How does the privacy rule apply to group coverage provided under

ERISA? A: In the same way that it applies to any other group coverage by the insurer

Q: What happens if the group plan needs to share information, but there

aren’t enough contact details for the individuals to follow the privacy notice opt-out option rules?

A: However unlikely this eventuality may be, it is the group policyholder’s responsibility to obtain the contact information and keep the member informed.

84

Q: Do workers' compensation policyholders need to be included in the privacy rule?

A: Yes, as such a plan member is definitely a policyholder and a customer. Q: Are the privacy notice rules relevant to an institution or professional? A: This can be determined by the answers to the following questions:

1. Would the institution or professional be considered a licensee? 2. Is an insurance service or product being supplied by them? 3. Is the insurance service or product being supplied to a consumer? If the responses to all of the above are yes, then the rules are relevant. All commercial policy lines of insurance come under this regulation (in case of individual non-commercial claimants). The following are excluded: professional liability coverage, personal umbrella policies, key man life insurance, business auto policies, and viatical settlements.

Q: If a broker who is trying to secure health coverage for a group of

employees approaches an independent agent, would this agent be considered a service provider?

A: No

Q: Who is responsible for privacy notices when there is an agent, sub-producer, and insurer involved?

A: The agent is exempt if the policy is secured from the sub-producer to the agent and then to the insurer.

Q: If a licensee is not the principal licensee, can he or she depend on the

principal licensee sending out required notices? A: This is usually judged on a case-by-case basis. Q: If a licensee is working as a principal licensee, is he or she exempt from

sending notices, etc.? A: Yes, as long as he or she does not share information independent of the

principal licensee. Q: Can health information be shared by a licensee with an affiliate on a

common claim? A: Yes Q: Can an insurer refuse claim information to a hospital requesting it because

the GLBA prohibits it? A: That would depend upon why the hospital is requesting these details. It is

best to get client authorization in these situations.

85

Q: If an insurer opts to comply with HHS stipulations, even though they are not bound to, who has jurisdiction--HHS or the state?

A: In cases where the insurer is subject to the HHS, both HHS and the state have concurrent jurisdiction. Where the HHS is being followed as an option, it is the state.

Q: Can account numbers of affinity plans be revealed under this regulation? A: Yes Q: Can information be shared in order to carry out policyholder service

functions? What about for risk management or loss control? A: In the case of loss control and risk management, these services usually fall

under the exceptions. The term policyholder service function, however, is broad and the exact function being conducted must be ascertained to determine if it fits in the category of exclusions.

Q: What about when an agent receives nonpublic information? A: The agent can use it in relation to the institution that sent it, among

affiliates, or in case of exemptions. Q: How about nonpublic information received from banks or securities firms? A: Usually this means that the data can be utilized with the original firm that

sent the information originally.

Q: Can lower premiums be used as a compensation for the ability to share nonpublic information?

A: No. Some insurance companies use special offers that are not available to those who choose not share their information.

Example of actual privacy disclosures This is used to provide a possible template and to help understand the components of a disclosure. Do not use this form without consulting a legal expert.

Sample Disclosure

Purpose of This Notice

As provided by law, we are generally prohibited from sharing nonpublic personal information about you with a third party unless we provide you with this notice of our privacy policies and practices describing the type of information that we collect about you and the categories of persons or entities to whom that information may be disclosed. Accordingly, we are providing you with this document, which notifies you of the privacy policies and practices of (agency).

Furthermore, we wish to inform you that we do not share your personal information with any non-affiliated third parties for any purpose that is not specifically authorized by law unless we obtain your affirmative permission.

86

Privacy Policies and Practices

Information we collect:

We collect non-public personal information about you from the following sources:

· Information we receive from you on applications for insurance or from other insurance forms you complete.

· Information we receive from the companies we represent which provide insurance policies to you.

· Information from consumer reporting agencies.

· Information about your transactions with us, the companies we represent.

· Information from other sources, such as employers or government agencies.

· Information from visits to our Website.

The type of information we collect is related to the insurance you requested from us and may include your name, address, social security number, driver's license number, ownership of property, marital status, health information, and other information required to get insurance coverage for you.

Unless it is specifically stated otherwise in an amended Privacy Policy Notice, no additional information will be collected about you. We may collect nonpublic personal information from individuals other than those proposed for coverage.

Information From Credit Reports or Investigative Consumer Reports:

If you authorize us to do so, we may obtain information about you from credit reports or other investigative consumer reports prepared by third parties at our request. If you authorize us to request such information and we request such information, you should be aware that:

· You have the right to request to be interviewed in connection with the preparation of an investigative consumer report.

· Upon request, you are entitled to receive a copy of the consumer reports.

· The information obtained from the reports prepared by a third party may be retained by the third party and disclosed to other persons.

Information we may disclose to third parties:

In the course of our general business practices, we may disclose the information that we collect (as described above) about you or others without your permission to the following types of institutions for the reasons described:

· To a third party if the disclosure will enable that party to perform a business, professional or insurance function for us.

87

· To an insurance institution, agent, or credit reporting agency in order to detect or prevent criminal activity, fraud or misrepresentation in connection with an insurance transaction.

· To an insurance institution, agent, or credit reporting agency for either this agency or the entity to which we disclose the information to perform a function in connection with an insurance transaction involving you.

· To a medical care institution or medical professional in order to verify coverage or benefits, inform you of a medical problem of which you may not be aware, or conduct an audit that would enable us to verify treatment.

· To an insurance regulatory authority, law enforcement, or other governmental authority in order to protect our interests in preventing or prosecuting fraud, or if we believe that you have conducted illegal activities.

· To a group policyholder for the purpose of reporting claims experience or conducting an audit of our operations or services.

· To an actuarial or research organization for the purpose of conducting actuarial or research studies.

· In addition to those circumstances listed above, and unless you direct us not to by completing the attached Opt Out Form, we may disclose certain information about you to third parties whose only use of the information will be for the purpose of marketing a product or service. Under no circumstances will we disclose for marketing purposes: any medical information, information relating to a claim for a benefit or a civil or criminal proceeding involving you, personal information relating to your character, personal habits, and mode of living or general reputation

Right to access and amend your personal information:

You have the right to request access to the personal information that we record about you.

Your right includes the right to know the source of the information and the identity of the persons, institutions, or types of institutions to whom we have disclosed such information within two (2) years prior to your request. Your right includes the right to view such information and copy it in person, or request that a copy of it be sent to you by mail (for which we may charge you a reasonable fee to cover our costs). Your right also includes the right to request corrections, amendments, or deletions of any information in our possession.

The procedures that you must follow to request access to or an amendment of your information is as follows:

To obtain access to your information: You should submit a request in writing to the (insurance agency). The request should include your name, address, social security number, telephone number, and the recorded information to which you would like access. The request should state whether you would like access in person or a copy of the information sent to you by mail. Upon receipt of your request, we will contact you within thirty business days to arrange providing you with access in person or the copies that you have requested.

To correct, amend, or delete any of your information: You should submit a request in writing to (the insurance agency). The request should include your name, address, social security number, telephone number, the specific information in dispute, and the identity of the document or record that contains the disputed information. Upon receipt of your request, we will contact you within

88

thirty business days to notify you either that we have made the correction, amendment or deletion, or that we refuse to do so and the reasons for the refusal, which you will have an opportunity to challenge

Our practices regarding information confidentiality and security:

We restrict access to nonpublic personal information about you to those employees who need to know that information in order to provide products or services to you. We maintain physical, electronic, and organizational safeguards to protect information about you.

89

Chapter 4 Review Questions 1. Why was it decided that a consumer’s personal financial and health information

should not be shared without authorization? [a] such information is not always treated with the objectivity it merits [b] to avoid lawsuits [c] because of the cost [d] such information can be shared without authorization 2. HIPAA’s Privacy Rule pertains to which of the following? [a] What insurance companies want to do with consumers’ health information [b] What insurance agents want to do with consumers’ health information [c] What individuals wish to do with their health information [d] What health care providers want to do with consumers’ health information 3. None of the following entities has to follow HIPAA’s Privacy and Security Rules

EXCEPT: [a] state agencies [b] law enforcement agencies [c] school districts [d] health insurance companies 4. The HITECH Act expanded the required privacy and security protections

available under which of the following? [a] NAIC [b] HIPAA [c] CLU [d] CPCU 5. Which of the following provides limited privacy protection against the sale of

consumers’ private financial information and against Pretexting? [a] NAIC [b] FCC [c] GLBA [d] AARP

90

CChhaapptteerr 55 Loss Control & Risk Management Insurance covers a large proportion of the monetary loss that a claimant suffers and provides a measure of comfort to those who benefit from it. Unfortunately, not all insurance policies make up for the entire spectrum of loss that an injured party may suffer. Some of the uncovered injuries include emotional trauma, infrastructure rebuilding, loss in employment, rehabilitation costs, cessation in work, and employee hours and lost productivity. One way to ensure that the elements of a loss are limited is to prevent them. Although there is no guaranteed way of preventing losses, there are procedures that help curtail the damage. This chapter deals with plans to implement Loss Control programs. The aim of any loss control strategy is to circumvent or prevent those factors that might lead to a major loss. In the event a loss can’t be prevented, a loss control plan aims to alleviate the outcome.

Risk Management The rationale behind risk management is to protect the consumer and his assets through a program that involves identifying and analyzing his exposures to loss, controlling those exposures, financing the losses with either personal funding or external funding, and implementing procedures to monitor the entire process. The best way for an agent to help a consumer develop an efficient, affordable insurance program is to assist him with the basics of risk management. Commercial lines insurers offer their clients loss control and risk management services but personal lines insurers tend to leave the process of risk management to producers. A producer can build strong, long-term relationships with his clients and carriers, while also enhancing his professional success, if he understands the basics of risk management and shares them with consumers. The risk management process involves five basic steps:

1. Identifying the risk 2. Analyzing the risk 3. Controlling the risk 4. Financing the risk 5. Administering the risk

Clearly, identifying the risk is the most important step because the unknown cannot be analyzed, controlled, financed, or administered. What IS a risk? The definition of risk is the likelihood or uncertainty of a loss occurring. There are two types of risk:

1. Pure risk is a situation that presents the opportunity for loss and not gain. Pure risks can be insured. Driving an automobile is an example of a pure risk.

91

2. Speculative risk is a situation that presents the opportunity for loss OR gain; speculative risks cannot be insured. Placing a bet on the outcome of a card game is an example of a speculative risk.

Exposures are situations that might lead to a loss. Property ownership is an exposure: when an individual or business owns property, he/it runs the risk of losing the property in a fire, losing it to a thief, or having it suffer other types of damage. The activities of an individual or business present the exposure of liability: a person or business may become legally liable for causing injury or damage when driving a car, speaking in public, signing a contract, or building a house. The third type of exposure is for loss of income or loss of use; if a building burns, its owner may lose income if business can no longer be conducted from it and may incur additional expenses when having to relocate to a new location while repairs are being made. Human exposure rounds out the types of situations that might lead to a loss. An individual may become disabled, die, or be sued. When a producer meets with a consumer to identify his risks, the four exposures should be explored. The producer should ask the consumer a number of questions, including What is the worst thing that could ever happen to you? As in: What is the worst catastrophe that could occur with respect to the property the consumer owns? (He wouldn’t have a home to live in but would still have to pay the mortgage.) And as a result of his activities? (He hunts a lot and may accidentally shoot another hunter.) And as a result of loss of income/loss of use? (If he loses his job, he can’t pay his bills and he’ll go bankrupt.) And because of his very existence? (He contracts a serious illness and leaves his family behind with no means of financial and emotional support.) In addition to asking questions, a producer can provide the consumer with a risk management survey or checklist, which is often provided by insurance companies. He can also perform a physical inspection of the consumer’s home, business, or other property. If the consumer has a web site (either personal or business), or is a party to contracts (leases, by-laws, hold harmless agreements, car rental agreements, insurance policies, etc.), the producer should review those items, as well, to identify risks and exposures. Once the consumer’s risks have been identified, they should be analyzed. The potential for loss should be measured against the actual exposure to loss. For example, if a consumer owns a home that is worth $200,000, owes $180,000 to a mortgagee, and has liquid assets of $1,000--his potential for loss is great. What is the potential for loss? Fire, flood, earthquake, windstorm, hail, vandalism… When comparing all the things that might happen to the home to cause the consumer to suffer a loss, and measuring the value of that loss ($200,000), the risk is significant. On the other hand, if the consumer owns a leather briefcase that is worth $100 and has liquid assets of $1,000—his potential for loss is not great. What could happen to the briefcase? He might leave it behind in a business meeting, but it’s not a likely target for theft or other loss. In addition, it’s only worth $100; he has the ability to replace it without significant financial impact.

92

The next thing to analyze is the likelihood of a loss occurring, how often it might occur, and how severe it might be. If a home were perched on the bank of a river, the likelihood of a flood occurring—repeatedly, is high. Moreover, the severity of the loss would be significant if the home were flooded. But, if the home were located ten miles from town on an unpaved road, the likelihood of a theft occurring is low. If someone did manage to get out to the house to steal the consumer’s belongings, the consumer’s three pet Rottweilers would be likely to send the thief back to town. During the analyzing phase, a few things should be kept in mind:

• The exposures that will occur most frequently, or that will be most severe, should be addressed before other exposures

• Severity is the result of frequency • It’s not wise for the consumer to risk a lot for a little • It’s not wise for the consumer to risk what he can’t afford to lose

A consumer has a number of options when faced with risk. His options are the methods he uses to control the risk.

• Avoidance – The consumer can refrain from participating in particular activities, or choose not to own particular property, that might result in a loss. For example, if the consumer is concerned with auto accidents, he can refrain from driving or not purchase an automobile. Avoidance is not always realistic.

• Reduction – The consumer can take steps to reduce any loss that may occur. For example, he can wear a seat belt when he drives a car or he can install a smoke detector in his home.

• Retention – The consumer can accept that a loss may result from participating in a particular activity, or purchasing property, but decide to assume responsibility for that loss himself. A policy deductible is a form of retention because an individual assumes responsibility for a portion of the loss along with the insurance company.

• Transfer – The consumer can take steps to transfer the financial consequences of loss to another party. For example, legal contracts transfer risk; hold harmless agreements and insurance policies are two common ways to transfer risk via contract.

Transferring risk is the purpose of insurance: paying a relatively small premium to reduce or eliminate a financial loss, or the consequences of a financial loss. When a consumer pays a premium to an insurance company, the purchase of insurance is his or her form of financing the risk. If a consumer has a savings account with $5,000 in it, that savings account may be a form of financing risk—especially if the client chooses high deductibles on his auto and homeowner policies. Another way to finance risk is to do so via a contract, such as a hold harmless agreement. Finally, administering risk involves two processes: implementing procedures to keep track of what’s going on and then monitoring what happens. If a consumer maintains a list of all his assets, along with their values, he’ll be able to measure his exposure to loss more easily. When he realizes his daughter is nearing the age to be driving, he may want

93

to re-evaluate his assets and potential for loss based on the increased likelihood of a car accident occurring in his household once she begins driving. The examples used here involve individuals and families, but the same principles are used when managing commercial risks. With businesses, however, more attention to detail is required in the risk management process because more people are involved (i.e. the insured, its employees, stockholders, customers), more activities are taking place, and the potential for loss is often much more significant. The producer who introduces the concept of risk management to his clients not only helps them better protect themselves and their assets, he also helps them reduce their insurance costs. Trust and confidence is built, along with knowledge and security. Risk management is a crucial component of loss control. It involves reducing the impact of the possible losses on the company. Viewed from a decision-making perspective, risk management might include the following steps:

• Ascertaining where the possible sources of loss to the organization could emerge; • Exploring various ways in which these losses could be dealt with; • Picking the most optimal way to handle the loss; • Carrying out the selected option; and • Ongoing evaluation of the outcome.

Conventionally, risk management deals with accidental or unexpected harm. Insurance and business professionals consider only pure risks as part of risk management—since they are the only types of risk that can be insured. A pure risk situation involves only two possible outcomes: loss or no loss. Speculative risk situations, by contract, involve three options: loss, no loss, or gain. Speculative risks are not insurable. The pure risks an organization might face include damage to owned property, third-party injuries for which the organization is considered legally liable, injuries to employed workers, etc. Damages can result from a number of categories of risk that mortality risks, economic risks, financial risks, professional risks, property risks, and liability risks. The aim of risk management is the smooth and profitable functioning of the organization. How the organization functions influences how it handles insurance risks. Losses affect the functioning and survival of an organization and mitigating losses of all types of loss, reduces the likelihood of financial disaster to the organization.

Detecting loss exposures What is a loss exposure? It is the potential for loss (usually financial) that a company or individual faces if a particular event occurs. The three aspects of any loss exposure include:

• What can be lost? What is the value of the property or assets that are risked? Categories of value include financial losses stemming from loss of income, property, personnel, or other liabilities.

• What might cause a loss? • What is the potential scope of damage?

94

One class of loss is property loss. Damage to a building due to fire, collision damage to vehicles parked on the business’ premises, and damage to any other property owned by the business. Another major category of loss might include business interruption. For example, this could include the expenses involved in finding a temporary location after a fire, loss of income because customers discontinue patronage after the fire and during the rebuilding process. The specific loss exposure detection techniques might include:

• Loss histories: This includes reviewing records of past sources of loss. • Financial records: An entity's financial statements, especially those concerning

profits, losses, flow of funds, and balance sheets, can be a great source of information.

• Administrative documents: These include contracts, memos, meeting logs, correspondence, etc.

• Flow charts: These show how the organization functions as a unit, and shows the flows of values to and from various parts of the unit. A loss would be an interruption in the flow and a schematic on the lines of a flow diagram would help ascertain paths that could be affected.

• Reviews: These are recommended because there are some situations that cannot be detected by theoretical predictions, and need a more hands-on approach.

• Expert opinion: Taking the advice and feedback of individuals with specialized knowledge of various forms of loss exposure could help detect them early enough. It works best if an organization combines specialists with those who have an overall working know-how of the organization

Understanding Risk Risk control should not be confused with risk financing. The former concentrates on the actual damage done. The latter is involved with all the financial compensations that happen afterward. As an illustration, if someone dies on the job after suffering an injury due to malfunctioning equipment, risk control aims to lessen the likelihood of equipment malfunction ever recurring. The focus is not on the pecuniary value of this loss. A variety of measures are utilized to handle risk. The important thing to understand here is that each measure is tailored to the specific loss it aims to handle or manage. Installing smoke detectors in buildings that use highly flammable products would work to notify occupants that a fire has occurred, but would not prevent an actual fire. Similarly, while water is an excellent flame retardant in most cases, it accelerates combustion and spread in cases of grease fire. These examples underscore the need to understand the underlying nature of the risk before determining the various loss control measures to be used. When understanding a risk, it is also best to take the perspective of the various entities concerned. In an automobile accident involving two vehicles, one of which rear-ends the other, the party that sustained damage to the rear of his vehicle because the other driver ran a red light would be more concerned with the property damage to his vehicle. On the other hand, the driver of the vehicle that ran the red light would be more concerned with

95

the legal liability that will be imposed upon him for causing the property damage to the other vehicle and, potentially, bodily harm to the driver of the other vehicle.

Exploring alternative processes While handling a risk one can examine various options. These include:

• Exposure avoidance: completely eschewing any situation that could be remotely risky.

• Loss prevention: try to decrease the chance of a specific loss occurring. • Loss reduction: try to alleviate the scope or impact of a specific loss. • Segregation: making sure that company activities are not arranged so that one

loss can have a ripple effect and impact all other related departments. • Duplication: keeping reliable back-ups or copies of the main activities or assets.

These would be used when the originals are affected. • Contractual transfer: shifting the responsibility of handling financial and legal

consequences of the loss to another entity.

Choosing the best technique This step requires two actions:

1. Predict how the various alternatives explored above can impact organizational achievement of goals.

2. Examine the cost-effectiveness of each option for each of the alternatives

Putting the chosen option into effect Once the best possible option is chosen, it is the risk management professional's task to makes sure this option is actually implemented. Implementation involves making sure that the organization has the technical and managerial skills to put the plan into action. It involves many decisions about what techniques to use, as well as coordination of various other managers.

Ongoing evaluation and monitoring Once the plan is set in place and implemented, it is not enough to assume that all else will follow as planned. It is important to conduct ongoing evaluation and decide if the original aims are being met. It also involves factoring in any shifts in loss exposure, as well as updates to loss control strategies, if needed. In a nutshell, there are three steps involved at this stage of the loss control process:

1. Setting of standards that denote expected levels of performance. 2. Comparison of the actual achievements against these standards. 3. Modifying unhelpful criteria and improving below-par performance.

What is safety management? Any company that is guided by the desire for employee safety is committed to creating trustworthy relationships with stakeholders. It also and takes pride in bringing about positive change in the arena of safety and will reap the benefits of doing so. It makes all levels of a company part of an integrated whole with a common investment in the safety of all concerned. A good safety management program results in substantially lower

96

instances of injury. This translates to a safer environment, and lowered operational costs. The bottom line results in better quality services with enhanced profitability. A company with a sound safety management program will also have a competitive advantage over peer companies. It speaks to the company's focus on good service when safety is not seen as an expense but as an investment. A safety system is imperative because any unsafe situation, and any resulting accident, points toward the fact that something is amiss and needs to be fixed. Identifying and fixing these conditions is paramount to creating safety. Management is responsible for loss identification and should follow the standard steps in any decision-making process outlined in the risk management process. Ascertaining accountability goes a long way toward helping prevent risks from developing into hazards. There are a number of theories that help understand and work with safety management. All of them help detect causes and possible controls that are in place to deal with safety issues. A few are listed below:

• Haddon's Energy Release Theory views accidents occurring when the energy is focused on structural elements of an organization. These elements could be inanimate or animate, but the common factor is that they cannot withstand the pressure of this energy and buckle under it.

• Heinrich's Domino Theory this views the accident as the culmination of a series of missteps analogous to the continuous toppling reaction in a domino chain.

• Hygiene Control examines accidents that occur from unsafe working conditions based actual studies of on-the-job sickness or wounds. Recommends the use of protective gear, reduced use of dangerous materials, identification of accidents spots, and other practical/administrative modifications to enhance safety standards.

• System Safety Approach involves the whole organization as a series of interconnected layers in a system. Events at one level can potentially affect all other layers of the system. The approach emphasizes checking which levels are susceptible to accidents and preventing the impact on the other levels.

• Crisis Management Approach is similar to the systems approach with the organization viewed as consisting of five levels. The levels include overall structure, employees, production, finance departments, and the consumer/supplier. The aim is to prevent any issues arising in any one area and damage control if the accident occurs.

Why bother with safety management? Ensuring stakeholder safety is both an investment to secure the future of the company. It will involve an initial outlay in terms of various resources such as time, money, and expertise. But, once set in place, this investment pays for itself many times over. The returns are not just measurable in pecuniary terms. It creates a sense of ownership and employees at all levels feel invested in the functioning of the organization. Some tangible ways this has emerged is in terms of work days lost. Companies with sound safety management processes in place show a much lower rate of workdays lost

97

due to injuries (as much as 93% below average, over a 15 year period in some cases). This can translate into billions of dollars in savings. These benefits happen when the safety program is considered a partnership. The partners in this venture include the employers, employees, customers, suppliers, and the government. It starts with employers investing in the safety of their employees. This good will translates into better service and wholesome relationships with both suppliers and customers. The government acting as a participant in the process, versus as an enforcer, bolsters this sense of collective investment in the security of all the parties involved.

What can an agent do? An agent's responsibility is on behalf of his or her client. An agent needs to be a part of any safety management or risk control activities. Most insurance companies offer a variety of loss control services and an agent can be the facilitator for introducing clients to the insurance companies' loss control services and providers. An agent can participate in a client's efforts towards enhanced safety and can play a role in guiding clients toward the best possible ways to avoid risks and deal with any unexpected crises. As a provider of loss control resources, an agent can do the following for clients:

• Use ethically responsible practices and feel responsible for client safety; • Practice the best safety procedures that lead to a better financial foundation; • Work with clients to develop strong safety practices; and • Work on individually tailored solutions for clients to optimize returns and boost

quality.

Focus on client needs To come up with the best possible risk and safety practices for the client, it is crucial that an agent creates an ongoing dialogue with the client. The agent needs to show clients that channels of communication are open and an agent is ready to listen and provide advice. These conversations might include information about past claims, financial factors, and other loss exposure controls. The final goal is to stop losses from occurring by helping clients implement sound loss control strategies. Loss control plans are not necessarily costly, but they should be well designed and consistently implemented. If losses do occur, their impact can be ameliorated by an effective claims management strategy. Such a strategy is focused not just on financial solutions, but on making the whole process smooth and stress-free. This can be ensured by avoiding formulaic insurance solutions that are generalized to all clients in a category.

Focus on service In order to illustrate an agent’s commitment to client safety, it is best if all loss control and risk management services of the insurance company and the agency are at the disposal of the client. The focus should be geared toward providing clients with

98

consultative assistance for loss control. This undertaking requires a well-developed communication system between all parties concerned. The result is the reduction in losses resulting from damage to property, work-place injuries, or other unexpected circumstances. Provision of a secure workplace environment enhances productivity. Helping clients integrate safe practices in the overall functioning of the company leads to various positive outcomes:

• Help clients help themselves, i.e. help them work on proactively controlling or reducing insurance costs.

• Lessen a client’s possibility of facing losses that cannot be insured. • Lessen the likelihood of an insured loss, which could be devastating nonetheless. • Promote employees and clients with a safe, dependable work setting.

Some ways that a loss control department can assess risk factors are by conducting physical inspections and surveys. A physical inspection examines the physical conditions in an organization that could escalate a potential event into an actual accident. These conditions might include identifying poorly stored dangerous materials or recommending a formal vehicle safety program after viewing an organization’s fleet of vehicles. Depending upon the nature of the client’s organization, and the business industry, other findings specific to the business may be more far-reaching and specific.

Suggestions for loss control

Help in conducting overall safety reviews Conducting a safety review involves carrying out an investigation into possible causes of accidents involved in all types of loss. This includes making the client aware of possible places where losses can occur and what the total costs would be without insurance. Recommendations to monitor these situations internally can be made, as well as a critique of prevailing loss control measures. Some suggestions that can be made include:

• Identifying fire hazards and other security concerns; • Following OSHA and other federal guidelines; • Safeguarding machinery and equipment; • Outlining a hazard communication plan; • Overview of possible occupational health risks; • Evaluating reasons for, and solutions to, actual losses; • Providing ongoing education in safety training, including pamphlets, seminars,

workshops, or other training procedures; and

Protecting against property losses • Detecting possible fire hazards; • Utilize proper storage facilities to ameliorate loss by fire; • Ascertain adequacy of existing sprinkler systems and other fire detection/fire

fighting infrastructure; • Understand existing building codes and rules; • Maintenance of existing fire-protection systems and safety equipment; and

99

• Establish a pre-emergency plan.

Protecting against vehicle losses Many organizations possess a fleet of vehicles and loss prevention in this area involves making sure that the vehicles used by the client are well protected. The value of a fleet in the service of a company is often undervalued and underestimated. Some pointers in this area include:

• Utilize fleet safety procedures into overall loss control programs; • Utilize proper hiring and training processes for drivers; • Conduct audits to detect areas in fleet operations that could create losses; • Keep track of maintenance, accident reporting, and driver records; • Create a good workflow involving routes, deliveries, and pick-ups; and • Be familiar with, and follow, DOT laws and regulations.

Protect against product liability losses A number of businesses have been sued because of actual or alleged defects in their products. Courts tend to rule in favor of consumers who have been injured because of product defects and, in some cases, an injured party does not have to prove negligence on the part of the manufacturer. Ways a client can help to reduce the likelihood of product liability claims include:

• Detect product hazards in the initial design stage of the product; • Conduct continuing quality control inspections; • Supervise all states of the manufacturing process; • Create all labels, advertising materials, and product instructions according to legal

guidelines and with the guidance or legal counsel; • Maintain meticulous records and documentation; and • Evaluate product packaging and transportation methods.

Protecting against bodily injury losses In addition to generating insurance claim, injuries to consumers, business associates, and other third parties generate bad publicity and the potential for loss of reputation. Methods for avoiding bodily injury losses include:

• Regularly conduct premises surveys to identify and eliminate any conditions that might be harmful to visitors to the premises; these surveys might identify safety hazards, housekeeping issues, etc.

• Provide adequate security in the form of lighting, handrails on all stairways and steps, smoke and CO2 detectors, fire extinguishers, burglar and fire alarms, etc.

Adequacy of insurance coverage and limits of liability Although most individuals and businesses obtain insurance coverage, it is important for an agent to identify all the client’s exposures to loss and to offer appropriate coverages and limits to protect the client. Unlike the coverages offered in personal lines, which tend to be uniform and appropriate for most clients, insurance coverages offered in commercial lines are more diverse and contain more intricacies.

100

For example, loggers often require Broad Form Property Damage coverage because of the nature of their operations, which may include the burning of woody debris. If the slash-burning gets out of hand, the logging organization may find itself legally liable for forest fires and other catastrophic losses. Another example involving specific coverage for a business is that of a manufacturer that obtains a component part of its product from a single vendor. Without specific business interruption coverage addressing losses suffered by the vendor, the manufacturing client might find itself going out of business if the vendor’s building is destroyed by fire and it can no longer produce the component part upon which the manufacturing client depends. Regardless of the type of client, it is in everyone’s best interests for the agent to offer the client all available coverages—and all available limits—including optional coverages. The use of experience and analysis checklists proves invaluable in a number of ways. As a sales tool, it helps the agent avoid the potential for overlooking the discussion of important coverages. As an underwriting and customer service tool, it speaks of the professionalism of the agent and the scope of coverage available for purchase by the insurance company. It also serves as a loss control tool for both the agent and the client: from an E & O perspective for the agent and as a way to list for the client all insurable ways of transferring his or her risk for financial loss.

Coverage conflicts The insurance industry is highly competitive. Insurance companies are offer a diverse array of coverages and policy limits and many consumers may find it difficult to choose between products and insurers. The scene is ripe for conflicts between agents, clients, and insurers. The current judicial climate supports large settlements, usually in favor of clients, when disputes arise between consumers and insurance professionals. Agents can be sued for a number of reasons, including not recommending appropriate coverage to address their clients’ coverage needs, neglecting to secure specific coverage, breach of fiduciary duty, and many other such situations. A more common conflict occurs between the insurance company and the policyholder with respect to what constitutes proper coverage. With clients obtaining layers of coverage that involve multiple insurers or multiple lines of coverage, it can become increasingly complex for a consumer to understand the scope of his insurance program. To complicate issues, the courts may decide to consolidate individual cases into a class action lawsuit when the number of policyholders filing suit against an insurer is large enough, and the underlying claims share common allegations.

Role of attorneys Sometimes, even after claims have been settled, there may be ongoing conflict about the settlement. When this happens, the clients and their attorneys need to bring up a drafting history. This is a tedious process, involving the review of various documents and communications between the insured and the insurer, along with reviewing the basic understanding of various terms and conditions. Courts need these basic concepts outlined before making their rulings

101

Other documents attorneys may produce include the claims and underwriting manuals that contain insurance company procedures and guidelines. These are usually written by experts to help insurance professionals and they offer assistance to the court when ascertaining the viewpoint of the insurance company. The documents pertaining to the insurance company’s reinsurance treaties are another source of information used in litigation. The understanding of an insurance company's reinsurance status may help the court understand the insurance company’s handling of claims and settlements. Not all courts of law accept these documents because comprehensive access to reinsurer documents is not universal. An attorney can also focus on the insurance company’s marketing strategies to learn how the insurance company represents itself to consumers. Another source of information is the pattern that the insurance company follows when handling similar claims or in similar types of legal action.

Agent evidence In the event of litigation or other dispute, an ethical agent should collect all records and files retained (both in writing and in the computer) to document all communications exchange with a client, or on the client’s behalf. If an agent routinely uses a notepad to make notes about client meetings and conversation, the notebook would be considered admissible agent evidence. Similarly, using an exposure and analysis checklist with every client ensures that the agent has evidence he or she offered all available coverages and limits in the event a client alleges the agent failed to do his or her duty. A point to bear in mind is that all parties concerned can access the documentation and records of each other. This means that an agent’s records must stand up to the strictest scrutiny. Agents should avoid inconsistencies when documenting, failing to document conversations and meetings, and inserting unprofessional comments in any records maintained, as these actions tend to discredit them.

Agent's role in reducing conflict In the best case scenario of a dispute with a client, all parties cooperate and the dispute or legal action is settled before reaching court. The goal of avoiding an appearance in court, however, does not mean an agent should rush into cooperation blindly. An agent should immediately report to his or her Errors & Omissions (E & O) carrier any incident that might result in a claim. The E & O carrier will advise the agent about the proper procedure to follow in all aspects of the situation. Agents attempting to negotiate a settlement with a client or other plaintiff/claimant may actually void their E & O coverage; most E & O policies contain an exclusion pertaining to such instances if they adversely affect the E & O carrier’s defense of the agent.

Litigation Despite everyone's best efforts, some client disputes will wind up in court. Opinions about all manner of subjects will vary, especially when a client submits a claim to an insurance company and coverage is declined. Coverage triggers are events that initiate

102

insurance coverage. For example, death is the event that triggers coverage provided by a life insurance policy. If an insured person commits suicide during the contestable period of the policy, the Contestable Clause will preclude coverage for such a death. How is the deceased person’s spouse going to react? In a disability income policy, the contract will define disability and the insured’s disability will trigger coverage. What happens, however, when the client and the insurance company have differing opinions about the definition of permanent and partial disability? An auto accident will trigger coverage on an auto insurance policy but what happens when the insured learns he did not purchase collision coverage and the policy will not pay for damage to his vehicle? Most property and casualty policies’ insuring agreements state the insurance company will pay on behalf of the insured all sums for which the insured becomes legally obligated to pay as damages because of a covered event or occurrence that takes place within the policy territory. Insurance policies include a definitions section that clearly defines words such as “insured” and “occurrence.” Conflicts often arise because the policyholder’s interpretation of the coverage trigger differs from that of the insurance company. For example, individuals exposed to hazardous chemicals may not know they suffered injury until years later. The definition of “occurrence,” along with other policy provisions, will have a significant impact upon the decision of whether the chemical exposure is a covered occurrence. Conflicts have led to four different views about what can be legally considered a coverage trigger:

1. Exposure theory: When was the insured or claimant exposed to the hazard? 2. Injury in fact theory: When was the tangible impact of the exposure manifested? 3. Manifestation theory: On what date and time did the injury occur or first become

known? 4. Continuous trigger theory: When did, or when could, the injury have first become

known?

The final theory is the one that is the focus of much study nowadays, especially in cases involving exposure to toxic waste. Courts very often take the continuous trigger approach and rule that claims coverage extends to period of time during which the impact of the exposure could be manifested on life or property.

Policy definitions Sample policy definitions that often arise in coverage conflicts are listed below: Bodily Injury Bodily harm, sickness, injury, or disease including required care, loss of services, and resulting death.

Property Damage Physical injury to tangible property, including the resulting loss of use of the property.

103

Occurrence An event, either an accident or continuous or repeated exposure to the same general conditions that causes injury or damage to a third party.

Policy Conditions The section of an insurance policy that stipulates the rights, duties, and responsibilities of both the Named Insured and the insurance company, such as loss reporting, loss settlement, property valuation, other insurance, rights of subrogation, cancellation, non-renewal, etc.

Exclusions The clause in an insurance policy that lists property, causes of loss, hazards, or circumstances not covered by the policy.

Named Insured The individual(s), business, or organization specifically designated in an insurance policy as the insured. The Named Insured, in most cases, is afforded broader coverage than other insureds on the policy, whether named or not named.

Assignment A transfer of legal rights under, or interest in, an insurance policy to another party. In most cases, assignment can only be effected after the request is made by the owner in writing and with the written consent of the insurer.

Duty to Defend A clause in an insurance policy that states the insurance company’s obligation to provide an insured with defense to claims made under the liability section of the policy. Typically, the insured only needs to show that there is the potential for coverage in order to trigger the insurance company’s duty to defend. The insurance company’s duty to defend is broader than its duty to indemnify because it may owe a duty to defend the insured against a claim that ultimately results in no claim payment.

Contractual breaches In some cases, the insurance company may refuse to defend or provide coverage if the insured violates the terms of the policy. If the insured did not withhold any pertinent information at application, and the insurance company is unable to prove that the insured deliberately breached the contract, the courts tend to favor the insured. If cases where fraud or misrepresentation can be proven, or other overt breaches of contract occur, the courts will side with the insurance company.

Location of suit Most insurance policies state the geographic territory of coverage. Policies providing liability coverage usually indicate that, if suit is brought, it must be brought, or filed, within the coverage territory. For example, a general liability policy requires that

104

liability suits be filed in the coverage territory—the United States, its territories, possessions, and Puerto Rico.

Misplaced policies In cases where the policyholder has lost the policy, there are two criteria that need to be satisfied to prove that coverage is provided should the insurance company not have record of the policy.

1. The policyholder must demonstrate that a due and diligent search was conducted to locate the policy. A lost policy release must be signed.

2. They policyholder can prove the policy exists by naming the principal participants, content, and period of the policy. Recordkeeping becomes important here as any supplemental documents, letters, correspondence, e-mails, faxes, certificates, claims files, receipts, management reports, etc. can all help prove the insured's position.

Insurance for businesses It is not uncommon for businesses to decline purchasing specific types of coverage in order to save premium. For example, a business client may choose not to purchase Products and Completed Operations liability insurance, believing the likelihood of a loss is remote. Although the business may save $400 in premium for the term of the annual liability policy, if any claims are brought against the insured business for product defects or injury or damage resulting from a completed operation, the policy will not provide coverage. In case involving Directs & Officers Liability, a form or professional liability, the insurance policy covers claims that arise due to covered “wrongful acts.” However, certain acts and events are excluded from coverage and, if one of the insured business’ directors or officers commits an act that is excluded, coverage will not apply. All policies contain exclusions and it is especially important for agents writing business insurance to identify and review each of the business client’s exposures to loss and to offer coverage for them.

Concealment If an applicant for insurance, or a claimant, fails to reveal issues pertinent to the policy or claim, he or she may be considered guilty of concealment. The definition of concealment is: The willful holding back or secretion of material facts pertinent to the issuance of an insurance policy or a claim, even if the insured or applicant was not asked about the subject. Concealment can result in cancellation of the policy or denial of a claim. In cases involving concealment, the insurance company has no responsibility to pay claims. An example of concealment would be an applicant failing to reveal a life-threatening medical condition that predates the insurance policy, despite undergoing a paramedical exam.

105

Misrepresentation When the insured provides false or misleading information that is pertinent to the risk and it is an important factor in the insurance company's decision to issue coverage, such misrepresentation might be grounds for voiding of a policy. In cases of misrepresentation, the onus of proof lies with the insurance company. The insurance company must prove that the client deliberately provided false information, and that the false information resulted in the issuance of an insurance policy that would not have been issued had the misrepresentation not been made.

106

Chapter 5 Review Questions 1. Which of the following is NOT one of the five basic steps of the risk management

process? [a] paying for the risk [b] analyzing the risk [c] controlling the risk [d] administering the risk 2. Which of the following is NOT one of the four options a consumer has to control

risk when faced with it? [a] avoid the risk [b] reduce the risk [c] transfer the risk [d] destroy the risk 3. Bodily harm, sickness, injury, or disease including required care, loss of services,

and resulting death is the definition of which of the following? [a] property damage [b] wrongful act [c] bodily injury [d] occurrence

107

CChhaapptteerr 66 Agent Duties and Responsibilities Being sued by a client or insurer can be financially, professionally, and emotionally devastating to an agent. A sound strategy is to utilize best practices not only as a method of providing the ultimate in professional service to clients, but also to prevent E & O claims from originating. There is no sure-fire method to prevent claims, litigation, or even making mistakes. However, practicing certain behavior reduces an agent’s likelihood of facing conflicts and the resulting claims and lawsuits. The following list outlines best practices all agents should follow:

• Know what their duties and responsibilities are—from professional, ethical, and legal perspectives.

• Refer to agent/company agreements to clarify any doubts concerning the duties and responsibilities owed to specific insurers.

• Comply with all licensing requirements. Before becoming, or claiming to be, an expert be sure to ascertain the scope of the additional responsibilities and duty of care owed to other parties.

• Learn from the mistakes of others. Be aware of the commonly-made errors and omissions of other agents and do not repeat them.

• Keep abreast of current “hot buttons” in the insurance industry Use industry and trade publications, and other resources, in addition to required continuing education.

• Understand and adhere to strong ethical principles. • Be consistent in the execution of best practices. Create and follow a standard

agency operating procedure and use it to be consistent with each client. • Be aware of unfair trade practices and avoid them at all costs. Be aware of all

consumer protection regulations and be sure to follow all practices requiring disclosure and the protection/safeguarding of client information and confidentiality.

• Complete insurance completely and honestly, being sure to provide all disclosures and to discuss all optional coverages and limits. Keep copies of all paperwork and document all client communications.

• Use the most appropriate technology. • Maintain professional liability insurance (E & O) and be aware of what it does and

does not cover.

Duty to the client An agent is responsible for helping clients select financially sound insurance companies, finding the most suitable policies—based on their individual needs, and securing the appropriate coverages. Agents should also regularly review all active policies and each client’s entire insurance account. This continual monitoring not only creates a strong

108

relationship with the client, it establishes the professional reputation of the agent and the insurers with which coverage is placed and renewed.

Duty to the insurance company Agents have two types of duties to their insurance companies: fiduciary duties and statutory duties. Fiduciary duties involve maintaining the trust of each insurer by adhering to the strict definition of being a fiduciary: placing the insurance companies’ best interests above those of all parties—including the agent’s. Statutory duties vary by state, but most state insurance codes require agents to provide the duty of care and skill, duty to be practical, duty to give information, duty to keep accounts, duty to act as authorized, and the duty of good conduct. If an agent violates any of the fiduciary or statutory duties imposed upon him or her, the agent’s contract may be terminated by an insurer or the agent’s license may be suspended or revoked by the state department of insurance.

Integrity Although integrity is largely an ethical requirement, it is also legally enforceable based on the following:

• Qualifications: Agents found to be lacking in certain qualifications, such as proper licensing, may be terminated and/or suffer license suspension or revocation.

• Deficiency in business skills or poor reputation: Agents found guilty of violating the fiduciary relationship owed to an insurer or client may be terminated and/or suffer license suspension or revocation.

• Illegal transactions: Agents who violate the law or insurance code may be terminated and/or suffer license suspension or revocation.

• Dishonest behavior: Agents committing fraud, theft, or acting dishonestly may be terminated and/or suffer license suspension or revocation.

• Public interest violation: Agents violating public policy, such as acting in any fashion that violates the public trust, may be terminated and/or suffer license suspension or revocation.

Maintaining proper licenses and records State insurance codes require all individuals acting as insurance agents or producers to have appropriate insurance licenses. Each state has its own specifics but, in general, a license is required to provide policy quotes and proposals, discuss insurance terms and conditions, and bind insurance coverages. To avoid any appearance of conflict with state law, some insurance agencies require all staff members to be licensed, irrespective of their actual duties and job descriptions. In cases of the death of an agent or agency owner, most states allow a temporary license to be granted to a spouse or other appropriate party for the purpose of handling the deceased agent’s insurance affairs and clients. Temporary licenses are usually granted for relatively short periods of time, such as six or twelve months, and can only be renewed for a specific number of times.

109

Agents must be appointed by the insurance companies they represent. This appointment permits the agent to conduct business as a representative of the insurer. When an agent terminates an association with an insurance company, or his or her license becomes inactive, new appointments must be filed with insurance companies before the agent can resume acting as an agent or producer. An agent needs to be licensed in every state in which he or she conducts business. However, when agents do business in multiple states, they are sometimes considered drawing business out of the states in which they do not reside. Some states, such as Texas, prohibit solicitation from out-of-state producers unless the producers have physical office in the state. When writing insurance as a non-resident agent, most states require policies to be countersigned by a resident agent of the insurer. Most states have specific requirements for the display of insurance producer licenses. Some states require insurance producers to carry their individual licenses on their person, while other states require the producer licenses to be displayed publicly in the business location or agency. Agents are required by all states to maintain clear and consistent records. These records need to be retained for a certain number of years; most states require records to be kept for five years. The types of information required to be maintained include:

• Insurer's name; • Insured's name; • Policy number; • Effective date; • Cancellation date; • Premium amounts; • Plan of payment; • Premium payment dates; and • Bank statements, canceled checks, and deposit records.

One specific type of record required to be kept for each client is an agent file. Agent files are the separate files maintained for every client of the agent or agency. Agent files should include copies of insurance applications, correspondence, notes, memos, etc.

Unfair trade practices The best ethical practices adopted by insurance agents involve being fully aware of all state insurance laws and being familiar with those activities that are considered unfair trade practices. While some trade practices are universally considered unfair and are considered illegal, each state has its own laws and specifics of those laws may vary from state to state. Agents should be familiar with the specifics of unfair trade practices in each of the states in which they are licensed. A list of the practices considered by most states to be unfair trade practices follows:

110

• Misrepresentation and false advertising of policies: Includes misrepresenting the benefits, advantages, conditions, terms, dividends, name, or type of any insurance policy.

• False or deceptive advertising of policies: Includes any statement, assertion, or representation that is untrue, deceptive, or misleading with respect to the business of insurance or any individual’s conduct of the business of insurance.

• Twisting: Includes making a written or oral statement that misrepresents or makes incomplete comparisons about the terms, conditions, or benefits in a policy for the purpose of inducing a policyholder to lapse, surrender, retain, exchange, convert, or terminate any insurance policy.

• Unfair discrimination and rebates: Includes paying, allowing, giving, or offering to pay, allow, or give—either directly or indirectly—a rebate, discount, abatement, credit, or other premium reduction not named in an insurance policy. Offering a special favor, valuable consideration, or other inducement qualifies as discrimination and/or a rebate.

• Sharing commissions with unlicensed persons. • Defaming insurers. • Boycotting, coercion, or intimidation. • Unfair claims settlement practices: These are outlined specifically by each state.

Ethical practices It is the moral and legal duty of all insurance agents to follow the highest ethical standards when dealing with clients. A history of upholding high standards is very helpful in cases where an agent's behavior is questioned in an E & O claim or in court. One way to make sure that the highest ethical standards are promoted is to embrace character-based behavior as opposed to an achievement-based behavior. This helps an agent place a client's need above all else, even his or her own. Although ethics are not wholly learned in a classroom or textbook, it is important for insurance agents to attend and completing continuing education on the topic to maintain a knowledge of industry standards in this regard. One important motivating factor to complete insurance ethics education might be that behaving ethically is rewarded by monetary and professional gain.

Importance of disclosure When an agent does not reveal all relevant information to clients and insurers, the client may not make the best insurance decisions, the agent will be held responsible for any conflicts that arise. It is best for agents to ensure that all the information needed by client is provided to them. This can be achieved by asking three questions:

1. Does the client have all the information required to make a good decision? 2. Does the client understand all the information provided? 3. Does the client have additional questions?

Many agents use disclosure letters and experience and analysis checklists to confirm that the client has received and understood all the information presented and available. The following example is a letter used by one agent and is included for illustrative purposes:

111

Dear Client:

As you know, we are an insurance agency and not an insurance company. Our service to you includes the pricing and presentation of various insurance programs that may fit your needs, and the transmittal of your application to the insurance company. There are, however, limitations to our service, including the following:

1) Premium quotation and coverage are controlled by the insurance company and may be subject to change. We do not warrant or guarantee that a premium or coverage quoted by an insurance company will be identical to the ultimate premiums or coverage of the policy as issued by the company. There is no coverage promised or implied beyond the policy as written and endorsed. Your acceptance of the policy replaces all other agreements, either oral or written.

2) While we are pleased to provide to you and explain the industry ratings of a particular company or alternate insurers, we do not make any independent investigation of a specific company's solvency or financial stability. We do not warrant or guarantee that any insurance company will remain solvent, and we will not be liable to any insurance applicant or insured for the failure or inability of an insurance company to pay claims.

3) Insurance companies rely on the truthfulness and accuracy of information provided in the application. It is your sole responsibility to complete the application accurately, and if the insurance company should deny a claim based on its contention that the application has not been truthfully or accurately completed, we take no responsibility for such inaccuracy.

We ask that our client applicants signify their understanding of the foregoing points and their agreement to defend, indemnify, and hold us harmless against any loss or liability that may arise from the applicant's failure to truthfully and accurately complete the application, by signing and dating this letter in the place provided below and returning the copy to us. Kindly do so at your earliest convenience.

Accepted by _______________________________

A letter listing coverages, endorsements, and other benefits and features that a client refused may accompany the above disclosure. The correspondence may also include mini-disclosures. Disclosure forms help clarify the extent of an agent's duties and responsibilities. They also help clarify that a client was informed about certain details and that the agent did not withhold information from the client.

Agent-Insurer disclosures Just as an agent has a responsibility to a client, an insurer has a responsibility to an agent. The insurer needs to state all of the duties that an agent is supposed to carry out clearly within the agency agreement. These duties include actions regarding advertising, authority, records and materials, indemnification, audits, etc. Hold harmless clauses increase an agent's accountability and should be carefully reviewed.

Errors and omission insurance

Given the high level of care and duty insurance agents owe to their clients and insurers, it is highly recommended that agents purchase errors and omissions insurance. Not only does E & O coverage protect the agent, it also safeguards the interests of the agent’s clients and insurers.

112

Although there is no standard E & O policy form, most insurance agent’s E & O policies contain common language, terms, conditions, limits, and exclusions. These professional liability policies are written on claims-made forms as opposed to occurrence forms. Claims-made liability forms provide coverage only when covered wrongful acts occur after the retroactive date stated in the policy and claims reported during the policy term. Some important exclusions contained in E & O policies include:

• Bodily injury and property damage claims; • Contractual liability; • ERISA and COBRA claims; • Conversion, misappropriation, or improper commingling of client funds or funds

held on behalf of clients; • Intentional acts (i.e. dishonesty, fraud, criminal conduct, malice, assault &

battery, etc.); • Personal profit; • Prior claims (acts occurring before the retroactive date); • Infringement of copyright, trademark, trade name, trade dress, patent, service

mark; misappropriation of ideas or trade secrets; piracy; plagiarism, etc.; • Insured’s duties as a third-party administrator; • Employment-related practices; • Discrimination, harassment, etc.; • The following services performed by the insured, whether or not licensed:

o Accounting o Architecture o Actuarial o Tax preparation or advice o Legal o Real estate;

• Actual, alleged, or unauthorized use or release of confidential information or private information of any client;

• Arising out of the bankruptcy, conservatorship, receivership, insolvency, or financial inability to pay of any organization—including an insurance company

• Exception to the exclusion may be found if, at the time the wrongful act occurred, the insurance company was an admitted insurer rated above a particular A.M. Best rating (i.e. B+ for P & C companies and A- for Life & Health companies);

• Based upon or involving, in any way, viatical settlements, promissory notes, or securities;

• Any claim covered by any other policy; • Any claim about which the insured knew but did not report to the company at

application or renewal. It is essential for agents to understand the precise definitions of “claim” and “wrongful act” contained in their E & O policies, and to understand precisely when and how the insurance company requires losses and claims to be reported. Although many of these definitions and provisions are similar, each contains its own specific details. Failure to

113

understand what his or her policy defines as a “claim” or “wrongful act,” and when and how to report losses and claims, may result in the denial of coverage.

Office procedures manual The establishment, and consistent use, of an office procedures manual may prove invaluable to an agent in the event of an E & O claim or lawsuit. On the other hand, failure to consistently use and enforce a procedures manual may have precisely the opposite effect. Standard office procedures manuals a number of topics, some of which are discussed in the following paragraphs. A documentation policy outlines the procedure all staff members must follow when interaction with clients, including the use and maintenance of agency call and visitor logs. It is important to use the same methods when documenting interactions taking place by telephone, e-mail, fax, regular mail, etc. In addition to the record-retention requirements of the state and insurance companies, agency office procedures manuals usually outline requirements of retaining copies of insurance applications, endorsement and change requests, expiration dates, renewals, correspondence, etc. The insurance industry is based on relationship and communication. Most office procedures manuals require agents to practice the best of communication skills: with clients, co-workers, peers, insurance companies, vendors, and regulatory bodies. All conversations with, or pertaining to, clients need to be documented. This means agents need to document their clients’ understandings and acceptances of policy details and explanations, in addition to other pertinent facts discussed. Whenever possible, the client’s signature and the date and time should be affixed to the documentation. Documents used for this purpose include standardized forms, letters, signed release forms, and entries in agency management computer systems.

Fax machine protocol The sending of messages via faxes is subject to strict regulations regarding privacy and confidentiality, as well as the Do Not Call Registry. It is important for agents to have a mutual agreement between themselves and their clients regarding this method of communication. All fax transmissions should contain a confidentiality notice indicating that the contents of the transmission are privileged. Fax signatures, in most states, are legally acceptable but it is in the best interest of the agent to require actual signatures on crucial documents. It is also important for agents to remember that the sending and receipt of faxes do not bind insurance coverages. Just as agents do not bind coverage upon the receipt of faxes from clients, neither do insurance companies bind coverage upon receipt of faxes from agents. Licensed producers bind insurance coverage, fax machines do not.

114

Telephone conversation protocol The recording of incoming and outgoing telephone conversations is one of the most critical forms of documentation an agent can maintain. Because so many insurance transactions are discussed and/or processed over the telephone, it is crucial for agents to retain not only a log of all incoming and outgoing calls but to preserve the details of each call. Unlicensed staff should be especially careful when providing information via telephone and to document the precise details discussed. As mentioned for fax transmissions, it is important to communicate with clients that insurance coverage cannot be bound per a message left in a voicemail system.

E-mail protocol E-mail communication has replaced many other standard forms of communication. It is accompanied by its own unique sets of liabilities. Sometimes, confidential information may be delivered to the wrong e-mail address or transmitted without a copy being saved. E-mail messages are oftentimes treated differently from written communication and are not backed up or retained. E-mail records, in most states, are accepted as legal documents and in court. Given the fact that many people are less formal in their use of e-mail than in other forms of communication, they may contain more sensitive information. As discussed earlier in this course, agents should safeguard e-mails whenever possible by using encryption techniques and password protection.

Other subjects In addition to the topics discussed in preceding paragraphs, agency office procedures manuals often contain sections addressing the following:

• The requirements and requests made by a client; • The requirement that all staff members adhere to agency policy and that

enforcement will be applied consistently; • Noting date and times that coverage is bound; • Comparing issued policies with applications to be sure coverage was issued as

applied for; • Documentation policy for requesting endorsements and policy changes; • Cancellation procedures, including non-renewals; • Renewal procedures (i.e. sending renewal notices 60-90 days before expiration);

and • Claims reporting procedures.

115

Chapter 6 Review Questions 1. Which of the following are the types of duties insurance agents owe to their

insurance companies? [a] legal and illegal [b] ethical and unethical [c] fiduciary and statutory [d] insurance and non-insurance 2. Given the high level of care and duty insurance agents owe to their clients and

insurers, it is highly recommended that agents purchase which of the following? [a] auto insurance [b] homeowner insurance [c] boat insurance [d] errors and omissions insurance

116

CChhaapptteerr 77 Consumer protection In earlier chapters, we read about practices that help agents avoid conflict and how to protect themselves when conflicts do arise. This chapter focuses on ways the consumer is protected through a number of insurance codes as and other regulation. Although the insurance code and other regulations do not always overlap, the agent and insurance company are required to follow all laws—insurance and otherwise--that safeguard the consumer. Given the scope and diversity of these laws and regulations, it is not surprising that some violations of consumer protections practices occur.

Advertising in Insurance Legal requirements regarding advertising practices vary from state to state. Any infringements of these laws may lead to penalties, including a license suspension or revocation. Three areas of advertising are generally addressed by legislation:

1. The actual message of the advertisement; 2. The method of advertisement; and 3. The appearance of the advertisement.

For purposes of insurance, most communications seem to fall under the broad term of advertising.

Advertising defined Advertising is any method used to create interest in the general population regarding an insurance company, the insurance products offered, and/or the agents and brokers handling the insurance transactions. Any materials and documents used are considered advertising and may include pamphlets, brochures, illustrations, recruitment literature, media advertising, yellow page ads, telemarketing, telephone conversations, etc. Internal communications that exclude the public, and communications with policyholders that do not address policy changes or the purchase of new insurance are not considered advertising.

Complying with advertising regulations Non-compliance with state regulations and insurance code concerning advertising can be a serious offense that may entail state approval for all future advertising practices, as well as hefty penalties and fines. Such state approval of advertising can lead to loss in resources including work hours and time delays, while minimum fines are often $1,000 per infraction. If an advertising violation involves a number of brochures or documents, and each document is considered a separate violation, the financial costs of non-compliance can be astronomical.

117

To avoid such situations, it is best for agents to follow certain practices: • Clearly identify the advertiser by company name and home office address

(including city and state). If a specific product is being promoted, then the name and type of contract must also be included on the advertisement.

• Any advertising should be honest and contain accurate information. There should be no potential for an accusation by a consumer that the advertisement was misleading. Some specific guidelines about word usage include:

o Avoid absolute terms such as never, always, and all; o Certain phrases pertaining to financial strength and security should be

linked to ratings of independent rating organizations, such as A.M. Best Company;

o Phrases such as legal reserve should be avoided; o Words like free, no cost, or no extra cost should only be used if they are

absolutely true, after identifying the provider, and if it is mentioned that the cost is part of the premium charged; and

o Words that are not included in a particular type of policy must not be included, such as investment and asset protection.

• Proposals by insurance regulators, state departments, and other bodies such as the NAIC, require full and honest declaration of the assumptions underlying a quote or illustration. It is important to give equal exposure to both the guaranteed and the non-guaranteed aspects of a policy.

• Comparisons made between different types of insurance or policies must be comprehensive, complete, and unbiased. The information and numbers used to support claims information and data must include the source of the information cited, be accurate, and be recent. When making use of data from rating services like Standard & Poor’s or Moody's, the data should be accompanied by required disclosures. When comparing products with those offered by competitors, there should be no misrepresentation of facts.

o An example of a disclosure might be, "A.M. Best has assigned (Company) an "A" (Excellent) rating, reflecting their current opinion of the financial strength and operating performance of (Company) relative to norms of the insurance industry. A.M. Best utilizes 15 rating classifications from A++ to F.”

o A disclosure for an agency that would fall in line with those of a major financial institution or a bank might be something like, "Contracts are products of the insurance industry and are not guaranteed by any bank or company, nor are they insured by the FDIC."

o For agencies providing financial, estate planning, and assets protection services, the following type of disclosure may be more appropriate, "Neither (Company) nor any of its agents give legal, tax, or investment advice. Consult a qualified advisor."

• Do not utilize the testimonials or endorsements of other parties and entities without their express, written permission. When using testimonials from entities with any vested interests in the insurance company or agency, be sure to mention the affiliation in a prominent location.

118

Misleading, inappropriate, and/or illegal advertising may be considered an unfair trade practice. There are a number of other unlawful acts that involve deception or underhanded competition. Individuals and organizations alleged to commit such acts are usually required to attend a hearing to determine if violations of state law and/or insurance code actually took place. Those accused of wrongdoing are required to present their case. If the accusations are found to be valid, most agents and insurance companies receive a warning. If the warning is ignored, other action will be taken and include penalties such as fines, revocation of licenses, damage fees, and court involvement. Aspects to bear in mind when improper advertising leads to an unfair trade practices violation include:

• Clear and accurate identification of the agent(s) involved should be contained on the advertising material in question.

• Defamation occurs when the agent is implicated in making, publishing, disseminating, directly or indirectly, any oral or written statement, pamphlet, circular, article or literature which is false or maliciously critical of or derogatory to the financial condition of any insurer or which is designed to injure any person engaged in the business of insurance.

• Reporting untrue financial status to an insurer, supervisor, or other individuals through any means is a violation. This also involves making false entries with the intent to mislead insurers, examiners or any other public officials. An agent cannot use company stock options or shares as an incentive to obtain policies. Those insurance contracts that do participate are exempt.

• The identifying symbol or name used in publications or communications by an entity must be unique, and not similar to one used by another entity.

Consumer protection laws Consumer protection laws are enforced by the government for the protection of consumers. In some cases, insurance code may not impose requirements upon an insurance company or an insurance agent but a consumer protection law will. The Uniform Consumer Sales Practices Act is enforced by the federal government and aims to shelter a consumer from any deceptive marketing practices and establish a standard policy. Any agent found guilty of such misleading practices is held responsible for not revealing information that may have bestowed them with an unjust advantage. In order for claimants to obtain compensation under this, and other consumer protection acts, they are responsible for proving the allegation(s). The following is a list of behaviors that are subject to action under various consumer protection laws:

• Purporting services to be other than what they are. • Being unclear about the origin, sponsorship, approval, or certification of the

offered services. • Not disclosing the association, affiliation, or connection with any other entity. • Not providing accurate details about the exact geographic location of the services

provided.

119

• Misrepresenting any benefits or sponsorships that are not actually included. • Undercutting competition by using untrue or underhand means. • Misrepresentation about products • Advertising without intending to meet the expected public demand. • Misrepresenting the obligations, rights, or remedies that may be part of the

agreement. • False representation of authority when negotiating with consumers. • Advertising for services with a guarantee that is not clearly defined or where the

guarantor is not clearly identified. • Not disclosing data about services so that the consumer is enticed into conducting

a transaction they otherwise would not have conducted had they been aware of the undisclosed information.

• Purporting to recruit sales staff while intending to first make a sale to the applicant.

• Making incorrect assertions about the rate or the cost of the services. • Aiming to sell products that differ from those advertised by using a bait and

switch method. • Utilizing unrevealed terms and conditions that are later needed to be met to

complete a transaction or make a sale. • Rejecting requests for services advertised even when the requests are properly

made. • Promoting unusable or defective services in an advertisement. • Not making requested and promised deliveries within the stated timeframes. • Refusing a refund deserved by the consumer. • Using a telemarketing or door-to-door sales approach without identifying oneself

as a salesperson within the first half minute of the conversation. • Indulging in a pyramid promotional activity.

In situations where consumer violations are alleged, the state or consumer protection agency may bring about action against the offending party by imposing a temporary restraining order or temporary/permanent injunction. Civil action may result; minimum monetary penalties and fines are typically $2,000 per violation with the total violation not to exceed $10,000. It should be noted that violations involving the United States Post Office, and services offered by the U.S. Post Office, involve penalties that are more stringent and fines. If a violation involving the U.S. Post Office involves money or other funds, it could be considered fraud. One example of such fraud is unverifiable mail-order schemes where the organizer collects orders and funds via the U.S. Postal Service and later decamps with the money collected without providing the goods or services purchased. Consumer protection laws, and insurance code, also apply to insurance companies. It is crucial for agents to be aware of regulations affecting insurers to avoid being brought into any actions brought by consumers against their insurers. Some laws to be aware of include:

120

• Insurance companies may not do business, or advertise, in states from which they do not have a certificate of authority.

• Insurance companies must avoid unfair claims settlement practices, which include but are not limited to:

o Misleading claimants about coverage details; o Failing to promptly respond to a notice of claim; o Failing to adequately investigate claims; o Failing to follow through with settlements after liability has been

confirmed; o Coercing policy holders to take legal action to obtain required coverage

and ultimately paying less than what would have been valid under the policy;

o Failing to maintain appropriate records; and o Refusing coverage on the grounds of individual's handicap, unless it has a

material bearing on the policy being requested. • Requests for HIV testing must be uniformly applied and must be based on

medical history or ongoing medical status. HIV testing should not be requested based on superficial or discriminatory factors such as geographic location, marital status, gender, etc. HIV test results are confidential and may not be revealed except when requested by law or allowed by client waiver.

• Insurance rates may not unfairly discriminate. • Insurance companies must protect and safeguard clients’ nonpublic personal

information, personal health information, and other information protected under HIPAA, GLBA, and other legislation.

121

Chapter 7 Review Questions 1. Misleading, inappropriate, and/or illegal advertising may be considered which of

the following? [a] acceptable [b] ethical [c] legal [d] an unfair trade practice 2. Consumer protection laws are enforced by the government for the protection of

whom? [a] insurance agents [b] consumers [c] insurance companies [d] state regulators 3. Violations involving the U.S. Postal Service and their services involve which of

the following? [a] more lenient fines and penalties [b] more stringent fines and penalties [c] no fines and penalties [d] the U.S. Postal Service doesn’t offer services

122

AAnnsswweerr KKeeyy ttoo RReevviieeww QQuueessttiioonnss Chapter One

1. a. The consumer’s reputation is not affected by ethical insurance sales.

2. c. The client and the agent are aided by defining and following a clear code of ethical conduct.

3. d. The leaders of the society or business industry are responsible for creating a balanced and ethical environment within the society or business industry.

4. b. A stakeholder has an investment in what occurs, and in the outcome.

5. d. Continuing education ensures that agents will clearly communicate with the client, thereby reducing the possibility of misunderstanding and conflict.

6. a. NAIC is the National Association of Insurance Commissioners. Chapter 2

1. c. The agent-company contract helps clarify the precise nature of the agent’s duties and responsibilities.

2. a. Clear communication is the foundation of any good relationship.

\ 3. d. It is five times more expensive to recruit new clients than it is to retain

existing clients.

123

Chapter 3

1. c. The lack of personal contact is the major drawback to consumers concerning the Internet sale of insurance.

2. a. A fine of $16,000 per separate e-mail may be charged for violations of the CAN-SPAM Act.

3. b. Electronic and digital signatures have different meanings. Chapter 4

1. a. Because consumers’ personal financial and health information is not always treated with the objectivity it merits, it was decided that such information should not be shared without authorization.

2. c. HIPAA’s Privacy Rule pertains to what individuals wish to do with their health information.

3. d. Health insurance companies must follow HIPAA’s Privacy and Security rules.

4. b. The HITECH Act expanded the required privacy and security protections available under HIPAA.

5. c. The GLBA provides limited privacy protection against the sale of consumers’ private financial information and against Pretexting.

Chapter 5

1. a. Paying for the risk is not one of the five basic steps of the risk management process.

124

2. d. Destroying risk is not one of the four risk management options a consumer has when faced with risk.

3. c. The definition of bodily injury is bodily harm, sickness, injury, or disease including required care, loss of services, and resulting death.

Chapter 6

1. c. Agents owe their insurance companies fiduciary and statutory duties.

2. d. Given the high level of care and duty insurance agents owe their clients and insurers, it is highly recommended that agents purchase errors and omissions (E & O) insurance.

Chapter 7

1. d. Misleading, inappropriate, and/or illegal advertising may be considered an unfair trade practice.

2. b. Consumer protection laws are enforced by the government for the protection of consumers.

3. b. Violations involving the U.S. Postal Service and their services involve fines that are more stringent and penalties.