The office of the General Counsel issued the following informal opinion on August 2, 2001 representing the position of the New York State Insurance Department.

RE: Agency Owner’s Ability to Rescind an Application for Coverage Accepted by Agent

Questions Presented:

1) May the owner of an insurance agency refuse to accept an application for coverage after such application and payment were accepted by an agent associated with the agency?

2) Must the application form contain a privacy notice under Regulation 169 [Privacy of Consumer Financial and Health Information, N.Y. Comp. Codes R. & Regs. tit. 11, §420 (2000)]?


1) If the independent agent truly has the authority to bind the insurer he represents, then the owner of the agency at which the agent works may not rescind the coverage.

2) No. The application form does not need to contain a privacy notice pursuant to Regulation 169. However, the agent must comply with the applicable requirements of the Regulation.


"An individual accepts an insurance quotation from an Independent Agent, signs an application and gives the Agent a check. The Agent, which has binding authority for the Company the application will be submitted to, signs the application and forwards it to his agency’s main office for processing and forwarding to the Company. The main office receives the application, with check attached. The agency Principal (owner) views the application, decides he prefers to not write this piece with his agency because of an outdated application form or other reason. The Principal then returns the check to the applicant with a letter stating that the agency does not wish to do business with the applicant. The Principal discards the application and nothing is ever forwarded to the Company."

This scenario was presented by an employee of a neighboring agency. Specifically, the owner of the agency has stated that if an agent of the firm writes business on an application form that does not contain the privacy notification mandated by the Gramm-Leach-Bliley Act and implemented in New York by Regulation 169, [N.Y. Comp. R. & Regs. tit. 11, §420 (2000)], he will refuse to forward the executed application and payment to the insurance company.


The inquiry mentions the requirements under Regulation 169. However, as a threshold matter, It is noted that the fact pattern states that the agents in question have the authority to bind the insurers whom they represent. If such is indeed the case, the owner of the agency cannot cancel a policy written by an independent insurance agent in the employ of his agency once the check and the application have been received. Even assuming that the insurers and/or agents in question herein were required to include the privacy notice with the applications, the failure to do so would not void the insurance contracts in question. Rather, the failure would constitute a violation of the Regulation and would be punishable in accordance with the Section 420.23 thereof.

Title V of the Gramm-Leach-Bliley Act 15 U.S.C. §6801, et. seq. (1999) requires financial institutions (including insurers) to protect the privacy of consumers and customers and requires the states to establish financial privacy protections. In accordance with the law, the Superintendent promulgated Regulation 169, N.Y. Comp. Codes R. & Regs, tit. 11, §420 (2000). That regulation sets forth the rules and requirements for privacy notifications and the limits on the disclosure of information.

Under the regulation, a distinction is made between a "customer" and a "consumer". A customer is afforded a somewhat greater degree of privacy protection. A customer is defined as a consumer who has a "customer relationship" with a licensee. A "customer relationship" is in turn defined as a continuing relationship between a consumer and a licensee under which a licensee has provided insurance services or products to a consumer that are used primarily for personal, family, or household purposes. N.Y. Comp. Codes R. & Regs. tit. 11, §420.3(h). In the instant inquiry, given that the insurers would be bound at the time of the acceptance of the applications, the applicants for insurance would be characterized as customers for purposes of the Regulation.

Under Section 420.1(a)(1) of the Regulation, a licensee is required to provide notice to individuals about its privacy practices. Section 420.4(e) of the Regulation, however, allows for the provision of the notice subsequent to the establishment of a customer relationship with the consumer under certain circumstances. This section provides as follows:

(e) Exceptions to allow subsequent delivery of notice.

(1) A licensee may provide the initial notice required by paragraph (a)(1) of this section within a reasonable time after the licensee establishes a customer relationship if:

(i) establishing the customer relationship is not at the customer’s election; or

(ii) providing notice not later than when the licensee establishes the customer relationship would substantially delay the customer’s transaction and the customer agrees to receive the notice at a later time.

(2) Examples of exceptions.

(i) Not at customer’s election. Establishing a customer relationship is not at the customer’s election if a licensee acquires or is assigned a customer’s policy from another institution or residual market mechanism and the customer does not have a choice about the licensee’s acquisition or assignment.

(ii) Substantial delay of customer’s transaction. Providing notice not later than when a licensee establishes a customer relationship would substantially delay the customer’s transaction when the licensee and the individual agree over the telephone to enter into a customer relationship involving prompt delivery of the insurance product or service.

(iii) No substantial delay of customer’s transaction. Providing notice not later than when a licensee establishes a customer relationship would not substantially delay the customer’s transaction when the relationship is initiated in person at the licensee’s office or through other means by which the customer may view the notice, such as on a web site.

N.Y. Comp. Codes R. & Regs. tit. 11 §420.4(e) (2000).

In addition, the agent may not have to provide the notice pursuant to Section 420.3(p) of the Regulation, which provides, in pertinent part, as follows:

(2) (i) A licensee is not subject to the notice and opt out requirements for nonpublic personal financial information set forth in sections 420.4 through 420.9 of this Part if the licensee is an employee, agent sublicensee or other representative of another licensee (the principal) and:

the principal otherwise complies with, and provides the notices required by the provision of this Part; and

the licensee does not disclose any nonpublic personal information of a consumer or customer to any person other than the principal from or through which such consumer or customer seeks to obtain or has obtained a product or service, or its affiliates in a manner permitted by this Part.

N.Y Comp. Codes R.& Regs. tit. 11, §420.3(p)(2) (2000).

Thus, the agency owner’s insistence that he will not forward insurance applications and premium checks if the application does not contain a privacy notice is not supported by the language of Regulation 169.

For information you may contact Supervising Attorney, Michael Campanelli at the New York City Office.