March 10, 2020

Insurance Circular Letter No. 5 (2020)


Chief Executive Officers or the Equivalents of DFS Regulated Insurance Entities


Guidance to Department of Financial Services (“DFS”) Regulated Insurance Entities and Request for Assurance Relating to Operational and Financial Risk Arising from the Outbreak of the Novel Coronavirus (COVID-19)

The DFS is aware that many regulated entities have plans in place to respond to the outbreak of a novel Coronavirus known as “COVID-19.” DFS is issuing this guidance and requesting assurance that all regulated entities have preparedness plans to address the operational risk, and are identifying, monitoring, and managing the financial risk, posed by COVID-19.

COVID-19 has already had adverse economic effects domestically and globally, which are likely to continue. It is critical that each regulated entity establish plans to address how it will manage the effects of the outbreak and assess disruptions and other risks to its services and operations.

To that end, DFS requires that each regulated entity submit a response to DFS describing its plans of preparedness to manage the risk of disruption to its operations and the financial risk arising from COVID-19. Responses are to be provided to DFS as soon as possible and in no event later than thirty (30) days from the date of this letter. Please submit your responses to [email protected].

An entity’s preparedness plan should be sufficiently flexible to effectively address a range of possible effects that could result from COVID-19, and reflect the entity’s size, complexity and activities. The entity’s plan, at a minimum, should include the following:

  1. Preventative measures tailored to the entity’s specific profile and operations to mitigate the risk of operational disruption, which should include identifying the impact on consumers and vendors;
  2. A documented strategy addressing the impact of the outbreak in stages, so that the entity’s efforts can be appropriately scaled, consistent with the effects of a particular stage of the outbreak;
  3. Assessment of all facilities, systems, policies and procedures necessary to continue critical operations and services if members of the staff are unavailable for longer periods or are working off-site, including the effectiveness and security of remote access;
  4. Employee protection strategies, critical to sustaining an adequate workforce during the outbreak, including employee awareness and steps that employees can take to reduce the likelihood of contracting COVID-19;[1]
  5. Assessment of the preparedness of critical third-party service providers and suppliers;
  6. Development of a communication plan to effectively communicate with consumers and vendors, and to deliver important news and instructions to employees, along with establishing forums for questions to be asked and addressed;
  7. Testing of the plan to ensure that the policies, processes, and procedures are effective; and
  8. Governance and oversight of the plan, including identifying the critical members of a response team, to ensure ongoing review and updates to the plan, including the tracking of relevant information from government sources and the entity’s own monitoring program.

In addition, from a financial perspective, regulated entities may be impacted by COVID-19 in a variety of ways. For example, they may be exposed, as a result of the virus’s impact on consumers, counterparties, and vendors, to declining revenues, stock market declines and interest rate changes, increased claims, increased credit risks and defaults, supply chain and service disruptions, and decreases in the value of assets and investments. It is critical that your risk management programs include a plan to assess and monitor the financial risk that may arise from COVID-19. Such a plan, at a minimum, should include the following assessments:

  1. Assessment of the overall impact of COVID-19 on reserve requirements, consumers’ ability to make timely premium payments, and resources required to timely process claims;
  2. Assessment of the credit risk of counterparties and business sectors impacted by COVID-19;
  3. Assessment of the credit exposure to counterparties and business sectors impacted by COVID-19 arising from investing and other financial transactions;
  4. Assessment of the scope and the size of admitted assets or other investments adversely impacted by COVID-19 that currently are in, or potentially may move to, non-performing/delinquent status, including consideration of stress testing and/or sensitivity analysis of such assets or investments;
  5. Assessment of the valuation of assets and investments that may be, or have been, impacted by COVID-19; and
  6. Assessment of the overall impact of COVID-19 on earnings, profits, capital, and liquidity.

The board of directors or the equivalent of your regulated entity is responsible for ensuring that appropriate plans are in place, and that sufficient resources are allocated to implement such plans. The senior management is responsible for ensuring that effective policies, processes, and procedures are in place to execute the plan, and for communicating the plan throughout the entity to ensure consistency in approach so that employees understand their roles and responsibilities.

If you have any questions, please contact your regular point of contact at DFS or email [email protected].




My Chi To
Executive Deputy Superintendent - Insurance

[1] See New York State Department of Health website: and CDC Interim Guidance for Business and Employers to Plan and Respond to Coronavirus Disease 2019: