Copyright 1999 Federal Document Clearing House, Inc.
Federal Document Clearing House Congressional Testimony
July 21, 1999
SECTION: CAPITOL HILL HEARING TESTIMONY
LENGTH: 2872 words
HEADLINE:
TESTIMONY July 21, 1999 GEORGE M. REIDER, JR. HOUSE BANKING AND
FINANCIAL SERVICES FINANCIAL INSTITUTIONS AND CONSUMER CREDIT UNIONS FINANCIAL
PRIVACY
BODY:
Testimony of the National Association
of Insurance Commissioners before the Committee on Banking and Financial
Services Subcommittee on Financial Institutions and Consumer Credit United
States House of Representatives regarding Financial Privacy July 21, 1999 George
M. Reider, Jr. Insurance Commissioner Connecticut Introduction Good morning,
Madam Chairwoman and members of the Subcommittee. My name is George Reider, and
I serve as Insurance Commissioner in Connecticut. I also serve as President of
the National Association of Insurance Commissioners (NAIC). I am testifying
today on behalf of the NAIC, which is the national organization of the chief
insurance regulators of the 50 States, the District of Columbia and four U.S.
territories. I am pleased to be here to testify on financial privacy issues, a
matter of increasing importance as the integration of financial services
industries becomes a reality, and as technology makes the sharing of information
ever easier. At a time when it seems that anyone can retrieve your financial
information at the click of a button, it is important for consumers to know that
protections are in place so their personal financial information is not unfairly
used. At the same time, regulation should not unreasonably stifle the flow of
information necessary to the operations of the insurance companies, banks and
securities firms that provide our financial services. It is this balancing act
that is difficult. The challenge for Congress and the States is to determine how
much disclosure is acceptable so that companies can do business, regulators can
enforce the laws, and consumers personal financial information is protected.
Privacy Means Keeping Personal Information Confidential and Protecting the
Integrity of the Regulatory System Keeping Personal Information Confidential
Protecting privacy means keeping personal information confidential. It means
taking into consideration consumers needs and wishes before sharing or
disclosing their personal information. People legitimately expect that companies
holding personal information will not use it to take unfair advantage of them.
At the same time, consumers are realistic. They understand that disclosure of
some of their information is necessary for typical business needs like billing
and record keeping. And they know that sometimes disclosure of information can
result in real advantages for them, in the form of cost savings and convenience,
for example. Protecting the Integrity of the Regulatory System Protecting
privacy also entails protecting the integrity of the regulatory system. People
must have confidence that information is being used correctly to protect them.
They have a right to know that the government will not use their personal
information unfairly, that their personal information is secure, and that it
will not get into the wrong hands Financial integration heightens the need for
the protection of regulatory information. As insurers, securities firms and
banks converge, State and Federal regulators will increasingly need to share
information to do their jobs successfully. Protections need to be in place to
ensure that such cooperation does not compromise the integrity of the regulatory
system. There are Two Sides to Maintaining Privacy - Commercial and Governmental
Like banks and securities firms, insurers collect and have access to personal
financial information about their customers. Similarly, State insurance
regulators possess a significant amount of personal financial information about
the insurance consumers in their States. Both face the need to share information
in order to do business the right way, but both must also protect consumers. Why
is personal information shared? Companies believe that sharing information with
affiliates or third parties will enable them to provide the services that their
customers need in an efficient, cost effective manner. Regulators need to share
information to more effectively supervise the industries they regulate in order
to protect the public - collectively and individually - from fraud and abuse.
Here is what the NAIC and the States are doing to Assure that Insurance
Companies and Agents will Protect Personal Financial Information. The States
have long recognized the need to protect consumers from the unfair use of
personal information. In my home State of Connecticut, for example, we have
enacted a comprehensive insurance information privacy law based upon the NAIC s
Insurance Information and Privacy Protection Model Act. We also have laws
designed to protect personal information in connection with bank insurance sales
activities and health information records. We are constantly working with our
fellow States through the NAIC to monitor insurance privacy issues and assess
the need for further action. The Insurance Information and Privacy Protection
Model Act In its Insurance Information and Privacy Protection Model Act, the
NAIC has established standards for the collection, use, and disclosure of
information gathered in connection with insurance transactions. The model law
has been enacted in whole or part by 19 States. The act is broad in scope. It
applies to life, health, disability, and property and casualty insurers, as well
as to agents and third party insurance support organizations. It covers all
types of insurance information, including personal financial information. The
act seeks to maintain a balance between the need by insurance companies and
agents for information and the need of consumers for fairness in insurance
information practices. The principal provisions of the act: i.require insurers
to disclose their privacy policies to customers; ii.give consumers the right to
prohibit the disclosure of information, except under certain specified
circumstances; iii.outlaw pretext interviews, which is the soliciting or
obtaining of personal information by false pretenses, unless fraud is suspected;
and iv.give consumers access to their personal information and the right to
correct inaccuracies in such information. Connecticut s Insurance Sales Privacy
Law In addition to its comprehensive privacy law, Connecticut has specifically
addressed the sharing of financial and other insurance information by banks that
sell insurance and annuities. Like the privacy law, the insurance sales law
requires the prior written consent of the customer before the bank may share
personal information. It further requires a consumer s prior written consent
before a bank may provide personal information to a third party in connection
with the third party s solicitation or sale of insurance to such consumer.
Health Information Privacy in Connecticut In Connecticut, we
have also recently strengthened our laws protecting medical-record information.
Disclosure of medical- record information is prohibited for marketing purposes
without the prior written consent of the individual. Health Information
Privacy Model Act In September 1998, the NAIC adopted the
Health Information Privacy Model Act, which addresses health
issues more specifically than the more general Insurance Information and Privacy
Protection Model Act. The health privacy model act gives health insurance
consumers the right to access and amend their protected health information, and
requires consumer consent prior to the disclosure of such information. Here is
what the NAIC and the States are doing to Assure that Regulators Protect
Confidential Information The States possess a great deal of personal information
about their citizens. Many States have enacted generally applicable laws - such
as privacy or freedom of information laws - that address this issue. The State
of New York, for example, has enacted the Personal Privacy Protection Law. The
New York law limits the ability of State agencies to disclose personal
information. It also gives individuals the right to see personal information
held by State agencies, and correct inaccuracies in such information. The States
and the NAIC are addressing this issue on two other fronts: i.We are revising
confidentiality provisions in NAIC model laws; and ii.We are addressing
confidentiality issues in regulatory information exchanges with other
regulators. The NAIC s Regulatory Confidentiality Initiative The NAIC is in the
midst of a Regulatory Confidentiality Initiative that was instituted at the
beginning of this year. The purpose of the Initiative is to amend all applicable
NAIC model laws to strengthen the ability of State insurance regulators to keep
sensitive regulatory information confidential. This will help preserve the
privacy of individuals and entities, in addition to providing a strong platform
for States to use in entering into confidentiality agreements with State,
Federal and international regulators. The Confidentiality Initiative is
scheduled to be completed by the end of this year, at which time the revised
model laws will be ready for consideration and adoption by the States.
Information Sharing Among Regulators State insurance regulators are also working
closely with our fellow regulators, including some of the Federal agencies
represented by the distinguished members of this panel. Our goal is to ensure
that financial services consumers continue to receive the same level of
protection in the new world of financial integration that they have relied upon
for years. State insurance regulators and Federal banking regulators have held
joint training and education sessions, and are developing formal written
agreements for cooperating and exchanging information on regulatory matters. The
NAIC recently approved a model consumer complaint information sharing agreement
jointly developed with the Office of the Comptroller of the Currency (OCC). The
purpose of this model agreement is to ensure that consumer complaints about bank
sales of insurance are routed to the appropriate regulator. Ten States have
already implemented agreements based on the model, and several other States are
scheduled to sign such agreements in the coming weeks. The NAIC is also working
with the Office of Thrift Supervision (OTS) and the Conference of State Bank
Supervisors (CSBS) to develop regulatory cooperation agreements. These
agreements cover information sharing and cooperation on a broader range of
consumer complaint, examination and enforcement matters. We expect them to be
completed soon. Like the consumer complaint agreement with the OCC, they will
serve as models for individual States to use as a basis for establishing ongoing
working relationships with OTS and State bank regulators. The OCC agreement and
the agreements under development with the OTS and State bank regulators have
strong confidentiality provisions making it clear that confidential information
is to be protected to the fullest extent possible. This language not only
protects consumers, but also protects companies, agents and other entities
engaged in the business of insurance who may be the subject of shared regulatory
information. Congress Should Consider Improvements to Facilitate the Protection
of Confidential Regulatory Information Congress should consider adopting the
following proposals, which would strengthen the ability of State insurance
regulators to protect the privacy of personal and financial information in their
possession. 1.Protect the confidentiality of regulatory communications among
NAIC, State regulators, and Federal agencies. Federal law should clearly state
that confidential information can be exchanged between State insurance
regulators and Federal agencies. Such protections may also extend to
communications with international regulators. 2.Provide State insurance
regulators and NAIC with access to the national criminal history database (NCIC)
for regulatory purposes and for checking criminal histories as required by the
Federal Insurance Fraud Prevention Act. Protecting the integrity of private
information in the insurance system means guarding against fraud and abuse.
State licensing, fraud, and enforcement staff have long sought access to the
criminal history databases maintained by the FBI (usually referred to as NCIC
access). The Department of Justice supplies criminal history information to the
American Bankers Association so banks can run checks on employees, and also
supplies the information to the securities and commodities trading industries.
However, the Justice Department has not been willing to extend such authority to
State insurance regulators, despite years of discussions. Only a few States are
currently able to access NCIC. In the remainder, enforcement personnel have no
practical way to check the possible criminal background of an individual, even
when they suspect a serious violation of law. Statistics from the few States
which are able to run criminal history checks show that between 10 and 15
percent of agent applicants conceal criminal convictions on their applications.
Under the Federal Insurance Fraud Prevention Act (18 USC 1033), a person with a
felony conviction involving dishonesty or breach of trust is barred from the
business of insurance unless they have a specific exemption from a State
insurance regulator. Insurance companies also have a duty not to employ
convicted felons, but there is no reasonable means for them to check the
criminal records of job applicants and employees. Giving authority to the NAIC
to obtain criminal records checks would provide a single mechanism for
regulators and insurance companies to comply with their legal obligations, and
would not overburden the FBI with multiple points of contact. The industry
generally, as well as the Insurance Regulatory Information Network (IRIN) Board,
support this goal. 3.Grant Federal immunity from liability for NAIC and IRIN
database activities. Protecting the integrity of the regulatory system means
States, and entities acting on their behalf, must be able to maintain the
privacy of confidential information without the threat of frivolous lawsuits.
Major financial and enforcement regulatory databases for insurance are all
maintained by the NAIC. Key licensing data is supplied by the States to the
producer database, which is part of IRIN. Although NAIC and IRIN act on behalf
of State governmental entities, they have no direct tort immunity from suit.
This exposes IRIN and NAIC to potential legal actions. A number of States grant
immunity to the NAIC, but this does not cover all potential suits; a plaintiff
could simply file in a different State. Federal immunity would permit NAIC and
IRIN funds to be spent for their intended purposes, not on lawsuits. Immunity
would extend to the NAIC as an entity, as well as its members, officers, and
employees. 4. Grant exemptions from the Fair Credit Reporting Act for IRIN, the
NAIC, and State insurance departments regarding regulatory licensing activities
and related databases. State regulators ability to protect privacy can be
hampered by expansive interpretations of Federal regulations. Recent amendments
to the Fair Credit Act extended its provisions to databases not typically a part
of the credit rating process. These amendments apply to databases used for both
credit rating and employment purposes. Expansive interpretations by the Fair
Trade Commission have extended the Act even to situations involving
administrative licensing. The Act, if it were determined to apply to IRIN, would
impose extensive notice and appeal requirements, just as if IRIN were a credit
bureau. The solution to these problems is simple - State insurance regulatory
activities should be specifically exempted from the Act. 5.Authorize the use of
social security numbers for licensing purposes, for the NAIC producer database,
and for use by the Insurance Regulatory Information Network (IRIN). Accurate
identification of individuals is a key part of maintaining privacy. The use of
social security numbers (SSN s) is restricted under the Federal Privacy Act of
1974. Most States have found ways to supply social security numbers for the
producer data base, but a few States still have significant problems. Use of SSN
s is the minimum element needed for properly identifying agents. A specific
clarification in federal law would resolve any problems relating to use of SSN s
for insurance regulatory purposes. 6.Facilitate the use of regulatory databases,
including digital signatures, acceptance of credit cards, and electronic funds
transfers. Advances in technology provide opportunities to improve privacy
protections. Implementation of efficient electronic processing faces many
hurdles, including various State requirements on how payments can be made, and
what form of signatures will be accepted. Many of these requirements are in
State laws or regulations outside the control of the insurance departments. In
some States, for example, no payments via credit cards can be made. Some require
payment with each transaction, even if there are multiple transactions per day
with one entity. Other States will bill periodically. Technology exists to use
both electronic funds transfers and digital signatures, which would make many
transactions more feasible and cost-effective.
LOAD-DATE: July 24, 1999