Will Insurers Be Required to Don a Deerstalker? The Case of Third-Party Vendors in Insurance
January 24, 2025
Regulators are growing concerned about the delegation of various insurance company functions, prompting a closer examination of third-party vendors. Several groups within the National Association of Insurance Commissioners are leading the case:
- Annuity Suitability (A) Working Group
The group is drafting a safe harbor guidance document to address requirements when recommendations and sales of annuities are made in compliance with comparable standards. The chair’s draft stated that insurers availing themselves of the safe harbor must monitor the business conduct of the supervising third party. This would include investigating the third party at the outset of the contractual relationship and conducting ongoing audits using due diligence questionnaires and other monitoring techniques.
During its November 17 meeting, the working group discussed comments on the chair’s draft. Commentators and regulators debated how deeply insurers must delve into the policies and procedures of third-party distributors. Regulators were skeptical that relying on third-party certifications would constitute sufficient supervision.
Chair Doug Ommen stated that the working group would convene a small drafting group to revise the draft guidance.
- Third-Party Data and Models (H) Task Force
The task force is investigating insurers’ reliance on third-party vendors to develop AI systems, underlying models, and sources of consumer data. It is considering various regulatory models applicable to insurers’ reliance on third parties.
At its November 18 meeting, the New York State Department of Financial Services explained that under its Circular Letter No. 7, insurers must develop written standards, policies, and procedures concerning their use of external data and AI systems from third parties. This includes performing due diligence on third parties, ongoing monitoring, and terminating the relationship when necessary. The circular letter also advises insurers to seek audit rights whenever possible and require third-party cooperation with regulatory inquiries. Insurers are also responsible for detecting unfair or unlawful discrimination in third-party AI systems, models, or data.
Task force members will be surveyed about risks in different markets to uncover potential issues. The task force will then probe into how to develop a robust plan for a regulatory framework governing third-party models, including whether to impose obligations on insurers to investigate potential issues or use other regulatory tools.
- Privacy Protections (H) Working Group
This group also is addressing third-party vendor requirements, focusing on contractual obligations between insurers and vendors. It received comments suggesting that revisions to the NAIC’s Privacy of Consumer Financial and Health Information model regulation (#672) should require insurers to perform due diligence on third-party vendors, including assessing vendors’ capabilities to comply with contractual requirements under the model regulation and conducting ongoing audits of these vendors.
- Big Data and Artificial Intelligence (H) Working Group
This group reported it is looking into the extent to which private passenger automobile insurers test third-party-provided AI systems. It seems the inquest into third-party vendors will continue in 2025.
It seems the inquest into third-party vendors will continue in 2025.
©2025 Carlton Fields, P.A. Carlton Fields practices law in California through Carlton Fields, LLP. Carlton Fields publications should not be construed as legal advice on any specific facts or circumstances. The contents are intended for general information and educational purposes only, and should not be relied on as if it were advice about a particular fact situation. The distribution of this publication is not intended to create, and receipt of it does not constitute, an attorney-client relationship with Carlton Fields. This publication may not be quoted or referred to in any other publication or proceeding without the prior written consent of the firm, to be given or withheld at our discretion. To request reprint permission for any of our publications, please use our Contact Us form via the link below. The views set forth herein are the personal views of the author and do not necessarily reflect those of the firm. This site may contain hypertext links to information created and maintained by other entities. Carlton Fields does not control or guarantee the accuracy or completeness of this outside information, nor is the inclusion of a link to be intended as an endorsement of those outside sites.
The information on this website is presented as a service for our clients and Internet users and is not intended to be legal advice, nor should you consider it as such. Although we welcome your inquiries, please keep in mind that merely contacting us will not establish an attorney-client relationship between us. Consequently, you should not convey any confidential information to us until a formal attorney-client relationship has been established. Please remember that electronic correspondence on the internet is not secure and that you should not include sensitive or confidential information in messages. With that in mind, we look forward to hearing from you.