1 / 6

The Berwyn Group

The Berwyn Group. Compliance & Deceased Policyholder Audits May 2013. Compliance. State Insurance Department Requirements Settlement Agreement Compliance Privacy Law Compliance. Insurance Department Compliance AND Settlement Agreements Compliance. Prescribed Audit Methodology Fuzzy Logic

nanda
Download Presentation

The Berwyn Group

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The Berwyn Group Compliance & Deceased Policyholder Audits May 2013

  2. Compliance • State Insurance Department Requirements • Settlement Agreement Compliance • Privacy Law Compliance

  3. Insurance Department ComplianceANDSettlement Agreements Compliance • Prescribed Audit Methodology • Fuzzy Logic • Reasonable Effort • Audit Frequency • Monthly • Quarterly • Semi-annually • Every 3 Years (Alabama) • Audit Types • Audits Against Full Master Death File • Audits Against Updates to Master Death File

  4. Privacy Law Compliance • Death Audits require access to the Non-Public Personal Information (NPPI Data) • NPPI Data is governed by the use, non-disclosure and privacy obligations of: • Gramm-Leach-Bliley Act (GLB) (15 U.S.C. § 6801 et seq.) • Federal Fair Credit Reporting Act (FFCRA), (15 U.S.C. § 1681 et seq.) • Federal Trade Commission Tasked with Enforcement • Guideline - do not post any NPPI on any forward facing website unlessmission critical.

  5. What this means to you! • Exercise Prudence when selecting a Death Audit vendor • Vendor should : • Be SOC Type II Compliant • Have Controls Audited and Tested Annually • Maintain Thoroughly Documented Security Protocols and Procedures • Single Source your Vendor • Be Adequately Insured • Identity Theft is a Real Concern • High Cost in terms of Reputations • High Cost in terms of Remediation • Customer Notifications, Forensics, Public Relations, Credit Monitoring

  6. Final Thoughts • Death Data Adequacy • New Entrants into this field could have inferior data sets • Programming for Data Nuances • Auditing Solutions • Look for the Most Secure Business Model • Safest Data is the Data you Control

More Related