OGC Opinion No. 05-12-21

The Office of General Counsel issued the following opinion on December 27, 2005, representing the position of the New York State Insurance Department.

Re: Electronic Fund Transfers

Questions Presented:

  1. Does the New York Insurance Law impose any restrictions on the use of electronic fund transfers by an insurer and/or its employees for the acceptance or distribution of funds?
  2. Is an insurer required to have security measures in place to prevent an employee who makes electronic fund transfers from engaging in fraudulent practices?

Conclusions:

  1. The New York Insurance Law does not impose any per se restrictions on the use of electronic fund transfers by an insurer and/or its employees for the acceptance or distribution of funds. However, under New York's Electronic Signatures and Records Act (ESRA), an insurer may not require such transactions to be made electronically and must obtain its insureds' and vendors' approval to transfer funds in this manner.
  2. Although the New York Insurance Law does not specifically require an insurer to have security measures in place to prevent fraudulent financial transactions by its employees, the Department would expect adequate safeguards to be in place as a good business practice.

Facts:

An insurer's employees routinely transfer funds to and from the company's policyholders, vendors and others by electronic means. It is assumed herein that the insurer has instructed or authorized its employees to do so and that the employees did not take it upon themselves to transfer funds in this manner of their own volition.

It was questioned as a general matter whether the Insurance Law imposes any restrictions on the use of electronic fund transfers, and specifically whether an insurer is required to have security measures in place to prevent fraudulent transactions by its employees.

Analysis:

While the New York Insurance Law does not impose any per se restrictions on the use of electronic fund transfers by insurers and/or their employees for the acceptance or distribution of funds, New York's Electronic Signatures and Records Act does.

New York State enacted the Electronic Signatures and Records Act (ESRA) as part of Chapter 4 of the Laws of 1999, which added the State Technology Law as new Chapter 57-A of the Consolidated Laws of New York. ESRA is currently codified as N.Y. State Tech. Law §§ 301 - 309 (McKinney 2005).1

N.Y. State Tech. Law § 309 (McKinney Supp. 2005) states:

Nothing in this article shall require any entity or person to use an electronic record or an electronic signature unless otherwise provided by law.

Thus, an insurer may not require fund transactions to be made electronically and must obtain its insureds' and vendors' approval to transfer funds in this manner.

Although the New York Insurance Law does not specifically require an insurer to have security measures in place to prevent fraudulent financial transactions by its employees, the Department would expect adequate safeguards to be in place as a good business practice. While the Department encourages the use of electronic transactions, it does require an insurer, agent or broker using such technology to transact business in a secure manner, such as being capable of verifying that a person providing an electronic signature is actually the party to be charged.

For further information you may contact Associate Attorney Sally Geisel at the New York City Office.


1 The federal Electronic Signatures in Global and National Commerce Act (E-Sign), 15 U.S.C.A. §§ 7001 – 7031 (West Supp. 2003) also provides that electronic records may not be denied legal effect, validity or enforceability solely because they were created electronically. ESRA is consistent with the federal E-Sign.