Time Spares No One
How 2017 is flying by us! I feel like I just finished my last column and the first quarter of the year is almost over. I hate to say it, but my last column in the Advocate warned you this was coming: On Feb. 17, Gov. Cuomo announced that New York is the first state in the country to enact cybersecurity requirements for financial services companies. And, it bears repeating, that despite what you may have heard, ALL insurance agents, brokers and companies licensed in New York state (even nonresident licenses) are subject to the requirements of this regulation. The regulation takes effect March 1, 2017, and covered entities have 180 days, or until Aug. 28, 2017, to become compliant (although some provisions of the rule include a phase-in period).
According to the experts with whom I work at PIA, “covered entity” means “any person operating under or required to operate under a license, registration, charter, certificate, permit, accreditation or similar authorization under the Banking Law, the Insurance Law or the Financial Services Law.”
There is a limited exemption to the new cybersecurity regulation that partially exempts insurers, agents, brokers and excess-line brokers with fewer than 10 employees or less than $5 million in gross annual revenue in the last three fiscal years from New York business operations of the covered entity and its affiliates; or have less than $10 million in year-end total assets. However, these entities still have to comply with certain aspects of the regulation, including: conducting a risk assessment, establishing a cybersecurity program and written cybersecurity policy, limiting access privileges, adopting a third-party provider security policy, and notifying the superintendent when cyber events happen.
Every single agency—even those that meet the above exemptions—must conduct a periodic risk assessment of its information systems; and then there are additional requirements based on the results of this risk assessment.
As I mentioned in my last column, PIA has been working to mitigate the burden of this regulation on agents since the NYDFS first publicly announced it was thinking about them last summer. Since then, the association has met several times with NYDFS to discuss concerns and submitted comments on the initial proposal in November, and again submitted comments on the secondary proposal. A lot of work went into these discussions by PIA staff and board members. PIA then developed resources and provided its members with information about the rules and how to comply with them.
The newest and most exciting development is that PIA has partnered with TAG Solutions to develop a program to help agencies that do business in New York State to comply with these complicated regulations (regardless of from what state they do business). The program is offered at a significant and exclusive discount to PIA members. In fact, the discount is so significant that it would pay for the member’s association dues (in most cases multiple times over!).
I am eager to share this information with all agencies, because the March 1 deadline has passed us and the program is a major benefit. Folks, if you think the Governor or DFS is fooling around, I wouldn’t be so sure: This is going to be a tremendous financial hardship for all agencies, but especially for smaller agencies, since we continue to feel the pain of commission cuts and taking on the work carriers used to do. This could be the straw that breaks the camel’s back. If your business uses a computer system, or any type of automation, you are vulnerable. If you stick your head in the sand on this, you could be the test case—I wouldn’t want to be that guy.
While I’m talking about time and milestones, I should share that PIANY’s Long Island RAP is literally just around the corner: April 26 at the Crest Hollow Country Club in Woodbury, N.Y. Long Island RAP is PIA’s oldest Regional Awareness Program and PIA has held this event at the Crest Hollow for a few years now. I have to say I’m very excited—the area, and the club itself, are very nice.
LIRAP has a tradition of great speakers and this year is no exception. Legendary New York Islander Clark Gillies will keynote the lunch. All hockey fans—especially Islander fans—know Gillies, who was called “Jethro” back in the ‘80s. He is, of course, Canadian by birth, but we Long Islanders have adopted him as one of our own, as he’s lived here for decades and become part of our community. The Islanders retired Gillies’ number 9 Jersey in 1996 and he was elected to the Hockey Hall of Fame in 2002.
Two awards will be presented at Long Island RAP this year, as well. Barry Goldstein, chairman and CEO of Kingstone Insurance Co., will receive the Executive of the Year award and Johanna Keep, CMS LLC, senior vice president personal lines, will accept the LIRAP Distinguished Insurance Service award.
The New York State cybersecurity regulations have come and Long Island RAP is fast approaching. Now is the time to get the most out of your business relationships: Make sure your agency is compliant and that you’ve registered to attend the show.