New York State Seal
STATE OF NEW YORK
INSURANCE DEPARTMENT
25 BEAVER STREET
NEW YORK, NEW YORK 10004

The Office of General Counsel issued the following informal opinion on March 6, 2000, representing the position of the New York State Insurance Department.

Insurance Transactions Over The Internet.

Questions Presented:

1. What is the New York State Insurance Department's regulatory approach towards Internet insurance activities?

2. What is within the purview of the Department's regulation of Internet insurance activities (e.g. are insurance intermediaries and reinsurance transactions regulated)?

3. What is the Department's policy in addressing cross-border concerns?

4. What security measures are required of insurers/reinsurance intermediaries that conduct insurance business over the Internet?

5. What measures have been taken for the protection of the privacy of information about clients?

6. Have additional measures been taken to prevent money laundering activities through Internet insurance activities?

Conclusions:

1. The Department's regulatory approach towards the use of electronic commerce in the conduct of insurance business, which includes business conducted on the Internet, is described in Circular Letter No. 33 (1999) which can be found on our Web site at http:\\www.ins.state.ny.us. The Department's regulatory approach is to encourage insurers to integrate elements of electronic commerce into the marketing and sale of insurance, noting that the great majority of provisions of the Insurance Law do not pose any impediment to electronic commerce. The General Counsel's Office will respond to any questions presented to it regarding interpretation of the Insurance Law in connection with the implementation of electronic commerce.

2. The Department's position is that insurance business conducted on the Internet, or using any other method of electronic commerce, is no different from other insurance transactions. Transactions conducted on the Internet are, therefore, subject to the Department's jurisdiction to the same extent as the same insurance business conducted using other means of communication. Therefore, reinsurance transactions would be regulated by this Department in the same way whether conducted on the Internet or not.

3. Geographical borders among nations do not restrict the extent of the Department's jurisdiction over transactions conducted on the Internet or otherwise, involving a New York insurance policy or contract.

4. The Department does not require insurers conducting an insurance business on the Internet to implement any particular security measures. However, in Circular Letter No. 33 (1999) the Department encourages insurers to develop responsible strategies to address the issues inherent in the conduct of insurance business electronically. One such issue is security in connection with such matters as monetary transactions and the availability of personal data over the Internet. It is noted therein that security and privacy are emerging issues, which will be clarified over time as the result of regulations, court decisions and administrative actions.

5. As to measures for the protection of privacy of information about insurance clients, beyond what was addressed in the response to question 4 above, the Gramm-Leach-Bliley Act (S.900) was enacted into federal law soon after the Circular Letter was issued. Under §§ 501(b) and 505(b)(2) of the Act, State insurance regulators must establish appropriate standards for insurance providers subject to their functional regulation relating to privacy of customer records and information. Such standards are to include administrative, technical, and physical safeguards. The privacy standards will apply to all means by which insurance business is transacted, both non-electronic and electronic.

As a first step towards promulgating standards in New York, the Department has issued Circular Letter No. 7 (2000), soliciting from insurer licensees information of their existing policies or safeguards, if any, that are currently in place as regards privacy. Responses were due by February 29, 2000.

6. No, the Department does not require that insurers take additional measures specifically against money laundering activities through the Internet.

For further information you may contact Associate Attorney Barbara A. Kluger at the New York City Office.