70 likes | 216 Views
The Berwyn Group. Compliance & Deceased Policyholder Audits May 2013. Compliance. State Insurance Department Requirements Settlement Agreement Compliance Privacy Law Compliance. Insurance Department Compliance AND Settlement Agreements Compliance. Prescribed Audit Methodology Fuzzy Logic
E N D
The Berwyn Group Compliance & Deceased Policyholder Audits May 2013
Compliance • State Insurance Department Requirements • Settlement Agreement Compliance • Privacy Law Compliance
Insurance Department ComplianceANDSettlement Agreements Compliance • Prescribed Audit Methodology • Fuzzy Logic • Reasonable Effort • Audit Frequency • Monthly • Quarterly • Semi-annually • Every 3 Years (Alabama) • Audit Types • Audits Against Full Master Death File • Audits Against Updates to Master Death File
Privacy Law Compliance • Death Audits require access to the Non-Public Personal Information (NPPI Data) • NPPI Data is governed by the use, non-disclosure and privacy obligations of: • Gramm-Leach-Bliley Act (GLB) (15 U.S.C. § 6801 et seq.) • Federal Fair Credit Reporting Act (FFCRA), (15 U.S.C. § 1681 et seq.) • Federal Trade Commission Tasked with Enforcement • Guideline - do not post any NPPI on any forward facing website unlessmission critical.
What this means to you! • Exercise Prudence when selecting a Death Audit vendor • Vendor should : • Be SOC Type II Compliant • Have Controls Audited and Tested Annually • Maintain Thoroughly Documented Security Protocols and Procedures • Single Source your Vendor • Be Adequately Insured • Identity Theft is a Real Concern • High Cost in terms of Reputations • High Cost in terms of Remediation • Customer Notifications, Forensics, Public Relations, Credit Monitoring
Final Thoughts • Death Data Adequacy • New Entrants into this field could have inferior data sets • Programming for Data Nuances • Auditing Solutions • Look for the Most Secure Business Model • Safest Data is the Data you Control