For more than a year, the New York State Department of Financial Services (NYSDFS) has been working on amendments to the state’s cybersecurity regulation. On Nov. 1, those changes were made final. Throughout the amendment process, Big I NY advocated strongly for many changes that will benefit independent insurance agencies and their customers, including an expanded limited exemption and total exemption for inactive licensees. We also urged the department to eliminate the requirement that agents and carriers "cross police" each other as third party service providers, and eliminate the annual certifiaction of compliance requirement, however these suggestions were not adopted.
What it Means For You:
Expanded Limited Exemption: A welcome change is the expanded criteria for who qualifies for a “limited exemption.” The limited exemption exempts small and mid sized entities from the most burdensome (but not all) requirements. An estimated 93% of Big I NY members (and probably a larger percentage of Big I CT members) will now qualify under the new criteria:
- Fewer than 20 employees (previously 10) or;
- Less than $7.5 million in gross annual revenue over the last 3 fiscal years (previously $5 million); or
- Less than $15 million in year end assets (previously $10 million)
Exemption for Inactive Licensees: Licensees who have no carrier appointments will now be completely exepmt from the regulation.
Changes to Certification of Compliance: The compliance filing that you must submit every year by April 15 will now require you to identify requirements under the regulation where your agency was not in material compliance the year before. You will also have to explain whether you have achieved compliance and, if not, what you plan to do about it.
The filing will also require two signatures - one from the agency's senior officer, the other from the officer or manager in charge of cybersecurity. Big I NY repeatedly opposed these changes. We plan to ask NYSDFS for clarification on how agencies should handle that requirement when both roles are filled by the same person.
Multi Factor Authentication and Cyber Training: Beginning November 1st, 2025, all licenced entities (limited-exempt or not) must use multi-factor authentication for access to their information systems. Beginning April 29th, 2024, all entities must provide their employees with cyberseucrity awareness and social engineering training.
Big I NY Has Your Back:
We plan to provide videos and other media to further explain the changes. Also, watch for your chance to register for a special Gear Up presentation on the amendments later this month.
Don't forget that you can access our cybersecurity-related information at anytime by visiting www.biginy.org/cyber and by checking the Cyber category in our Newsfeed.
Some of you may need individual help with the changes, and we're prepared to aid you with that as well. We are expanding our technical consulting service to include cybersecurity regulation compliance assistance. For an affordable hourly fee, you can get the individual attention you need to meet your obligations under the regulation.
Any change in laws or regulations that effect your business will be confusing and stressful, but we are hear to make it as easy for you as possible. Check back here often as we add new content to help you with compliance.
The hard market shows no signs of easing anytime soon. Some agencies are, for the first time, finding that they need access to the Connecticut Automobile Insurance Assigned Risk Plan (CT AIARP) to take care of their clients' needs.
If you find your agency in this position and you have never been certified by the CT AIARP before, here is what you need to do:
- Register for an account at
https://www.aipso.com/. AIPSO is the service provider for CT AIARP and other residual markets around the country.
- After you've created your account, log in to the site.
- After logging in, click the Plan Sites link at the top.
- Under Select A Plan on the next screen, click the down arrow and select Connecticut. This will bring you to the CT AIARP site. This is also where you will be able to access the electronic Plan manual. You will need to verify that you have this access when completing the Producer Certification Application.
- Scroll down the page to the Forms table.
- Find the listing for “Producer Certification Application (AIP3656 9-21)." Click on either the name or the Download link on the right to download a copy of the application.
- Print and submit the application to the CT AIARP. The application must be:
- Properly and fully completed
- Properly signed by all authorized persons
- Accompanied by complete copies of the licenses of all individuals within the agency seeking certification.
Incomplete or unsigned applications or those missing the relevant licenses will be returned.
- The CT AIARP will approve completed applications unless the producer has an adverse performance history. An Acknowledgement of Certification will be sent to each producer who has satisfied these requirements.
Once the producer has been certified, she will be permitted to purchase temporary ID cards, and any other supplies required, to submit applications to the Plan, and issue the Plan's temporary ID cards.
Additional information and forms are available at https://www.aipso.com/Plan-Sites/Connecticut.
Written by: Lisa Lounsbury, President of Big I Connecticut
At Big I Connecticut, there is no higher priority than supporting and advocating for our members. It is often difficult for others to see the breadth and impact of the advocacy work that we do with regulators, legislators, and carriers. Today, there is an easy-to-share tangible result of our advocacy efforts that Utica National Insurance Group just communicated.
We met with Utica National Insurance Group this week immediately after they announced the commission changes to certain segments of their Connecticut Private Passenger Auto business. While we do not agree with or support the commission reductions that any carriers make, the lead time of this change was troubling.
Utica National was receptive to our input on the timing of the change, and as a result of our advocacy for members, just announced that they are pushing these changes back to 1/1/24, giving agencies more time to prepare. We appreciate their thoughtful response and commitment to exclusively partnering with the independent agent channel.
Written by: Cindy Scharf, Agency Consultant & Corporate Project Manager
In today's rapidly evolving insurance industry, staying competitive and efficient is crucial for success. One way insurance agencies can achieve this is by hiring a consultant to assist with process and procedure implementation to help reduce exposure to Errors & Omissions claims. Here are four reasons you should consider working with a consultant.
1. Expertise and Industry Knowledge
Consultants specializing in insurance process and procedure implementation bring a wealth of expertise and industry knowledge to the table. They have a deep understanding of the best practices, regulations, and emerging trends within the insurance sector. By leveraging their experience, consultants can help insurance agencies identify areas for improvement and implement effective strategies to enhance operational efficiency.
2. Objective Assessment
An external consultant offers an unbiased perspective on an insurance agency's processes and procedures. They can objectively assess the current state of operations, identify bottlenecks, and recommend tailored solutions. This impartial viewpoint is invaluable in uncovering inefficiencies that may have gone unnoticed internally. Consultants can provide fresh insights and innovative ideas to optimize workflows and enhance overall performance which helps to reduce E&O claims.
3. Customized Solutions
Every insurance agency has unique challenges. A consultant understands this and tailors their approach to meet the specific needs of the agency. They work closely with the agency's management team to develop customized solutions that align with the agency's goals and objectives. Whether it's streamlining processing, improving customer service, or enhancing procedures, a consultant can design and implement processes that are efficient, effective, and aligned with industry standards. They can help create a culture of E&O awareness within the agency.
4. Cost Savings and ROI
While hiring a consultant may require an initial investment, the long-term benefits can far outweigh the costs. By optimizing processes and procedures, insurance agencies can reduce operational inefficiencies, minimize errors, and enhance productivity. This leads to cost savings in the long run. Additionally, a consultant can help identify opportunities for revenue growth and improved customer satisfaction, resulting in a positive return on investment.
In an increasingly competitive insurance industry, insurance agencies must continuously strive for operational excellence. Hiring a consultant for process and procedure implementation can provide the expertise, objectivity, and customized solutions needed to achieve this. By leveraging the knowledge and experience of a consultant, insurance agencies can streamline their operations, enhance efficiency, and position themselves for long-term success in a rapidly changing landscape.
Big I Connecticut is ready to help.
Teamwork makes the dream work! We made an investment this week.
Written by: Lisa Lounsbury, President of Big I Connecticut
We made a big investment this week. An investment that will pay dividends to help the success of our members in New York and Connecticut and strengthened our team. Big I New York and Connecticut staff came together in person this week at the DeWitt, New York (world!) headquarters. We learned, laughed, produced content (lot's of content!!), had fun and strengthened our team. And we ate. A lot!!
It was a really tiring, invigorating and fast paced week that required an investment of time, energy and money. We got behind on some of our routine work and our “to do" lists grew. People were nervous about this week- even apprehensive. I was too. So, why did we make this investment? At some point, you have to stop dreaming and talking about things and just do them. We made the decision to take some time this week to work on the organization and not just in it. The development of our team directly impacts how we can serve our members better. If we want to improve, we have to invest in systems training, professional development and making sure our team understands our customers - our members.
While remote and virtual work is generally effective, there is NOTHING that beats face to face interaction (in my opinion). I want my team to enjoy their work, enjoy each other, and feel fulfilled. I saw relationships grow, teams pull together, and people share and contribute with confidence. We were all so invested in maximizing our time together, that a few “pop-up" learning sessions also occurred as we identified additional areas/systems that the team wanted more training in.
Fall Fest 2023 was fabulous. I know that carving time out for staff development can be hard to do, but it is so worthwhile. The Big I New York and Connecticut team is the best and our commitment to our member's success is incredible.
Your IT staff is tired of pulling their hair out trying to convince you to use complex passwords!! Why MFA needs to be implemented!
Written by: Kathy Glahn, VP of Operations & Information Systems at Big I Connecticut
Passwords these days need to keep getting longer and more complex. The new standard is to have a password length of at least 13 characters comprised of letters, numbers and special characters. Passwords should never contain personal information, such as your address, phone number, date of birth, wedding/divorce anniversaries (yes, some of us do celebrate divorces!), family names or pet names. They should also never contain information you included on one of those Facebook surveys.... you know the ones.... What is your favorite food, travel destination, etc.
Did you know that passwords are now very easy to crack?
Hive systems has published a chart that indicates that ChatGPT hardware can brute force a 12-character password with numbers, letters, and symbols in 8 months. An 8-character complex password takes less than 1 second to crack. How scary is that?
So how can you create a secure login without needing to implement a 25-character password? Also, don't forget that passwords need to be un!que (see what I did there?), complex, and you should never use the same password on multiple websites. The answer is MFA!
It is important for everyone to implement Multi-Factor Authentication (MFA) for personal and business purposes. MFA requires more than one way to authenticate who you are when logging into software or a website. It is extremely important to implement MFA on any website or software that contains personal information.
MFA needs to be implemented on your agency management system, email, company website, banking sites (personal and business), benefits websites, etc. You can help your employees safeguard your business data and their own personal data by introducing MFA in your agency.
MFA is not hard to implement. Each software is a little different on how to implement, but usually comes down to checking a box indicating that you want to implement MFA. The next step is usually downloading authenticator software on your phone or entering an email address of phone number.
Today is my daughter's 5th birthday. Grace is a happy child who loves her big sister more than anyone and keeps her parents on their toes with her mischievous ways. Grace also has chronic kidney disease. I am sharing this because NextGen's Band-Aid Drive is personal.
Since 2022, Grace has undergone multiple procedures and surgeries, requiring IVs and bloodwork. No one likes needles, especially kids. We were lucky the hospital had fun, colorful band-aids for Grace to give her that extra boost of bravery to deal with yet another needle. My husband and I certainly used the promise of a fun band-aid to help her through the tears.
NextGen is collecting children's band-aids (latex-free please!) with bright colors, popular characters or cheerful patterns now through November 10th. All bandages will be donated to area clinics and hospitals to make a child's time there a bit brighter.
We ask that you bring a few boxes with you to CONNECT on November 9th. OurNextGen agents will be there collect them. You can also order band-aids on NextGen's Amazon Wish List and have them shipped directly to me.
Thank you for your generosity with the NextGen Band-Aid Drive!
It's October, which means Halloween, which means people who enjoy being terrified are flocking to haunted houses and similar attractions. Have you ever thought of trying to write the insurance on one of these places? What coverages do they need? What are their loss exposures? In this chilling video, I discuss these topics in a way that is not at all melodramatic.