New York's New Business Continuity Regulations for Insurers
Experts rank business interruption as a top threat facing companies in 2022. Maybe it's no surprise that New York has new rules for business continuity plans. These rules affect the insurance industry.
Does your business continuity plan meet the new standards? Do you have a business continuity plan?
Learn more about the new rules and how to ensure your company is compliant.
New Regulations for NY Insurance Companies' Business Continuity Plans
The New York Department of Financial Services (DFS) issued Circular Letters 6 and 7 (2021) in July 2021. They outline new regulations about how insurance companies work during a disaster through rules covering disaster planning, preparation, and response.
The letters apply to authorized insurers in New York and serve customers in the state. Letter 6 is directed toward property or casualty insurers. Letter 7 applies to life and health insurers.
The new regulations replace those in DFS Circular Letters 5 and 6 from 2019.
The COVID-19 pandemic was one of the main reasons for implementing new standards. As DFS states, though, New York has a history of responding to disasters. Major storms, floods, terrorist attacks, and cybersecurity breaches have all affected the state.
What Do the New Guidelines Require?
Insurers authorized in New York must create and maintain two types of plans:
- Business continuity
- Disaster recovery
These plans must meet DFS standards.
Insurers must conduct a business impact analysis. This analysis looks at how a disaster could disrupt business functions.
Insurers must do a business impact and risk-based analysis at least once a year. They must also complete a risk-based analysis that evaluates the company's ability to help customers in New York affected by a disaster.
All New York-authorized insurers must submit the following items to DFS:
- Disaster response plan
- Completed disaster response plan questionnaire
- Completed business continuity plan questionnaire
The deadline for submission was October 8, 2021. Some property/casualty insurance companies must also submit a pre-disaster data survey.
What to Consider in a Business Impact Analysis
The results of a business impact analysis affect your business continuity plan. The impact analysis should identify the impacts of a disaster-related disruption. It takes into account operational and financial effects.
A business impact analysis needs to consider several factors, including:
- When a disruption would have the most impact, like a specific season or the end of a quarter
- Period before which the disruption would have an impact
- The operational and financial effects of physical damage to assets
- The effect of a loss of information technology
- The impact of the absence of critical employees
- Necessary resources for the company to continue operations at different levels of disruption
- The likelihood that customers' dissatisfaction would lead them to choose another insurer
DFS requires a business impact analysis at least yearly. Doing it more frequently may be necessary. You can make updates if your business circumstances change during the year.
What to Consider in a Risk-Based Analysis
A risk-based analysis provides information for your disaster response plan. This analysis reports on your ability to help customers in New York affected by a disaster. Risk analysis includes several steps:
- Identify potential risks
- Analyze risks to determine their possible effects on your operations
- Estimate how likely each risk is to happen
Identifying and analyzing potential risks helps you develop ways to manage them.
Developing a Business Continuity Plan
A business continuity plan documents your procedures for an unplanned disruption. A plan covers maintaining operations or quickly restarting them. It includes planning for business processes, assets, human resources, and business partners.
A business continuity plan is more comprehensive than a disaster recovery plan. Developing a business continuity plan takes several steps, including:
- Identifying the scope, objectives, and assumptions behind the plan
- Identifying key business activities, like financial, underwriting and claims, and data processing
- Assigning a restoration priority to each business activity
- Defining responsibilities of employees, lines of authority, and management succession
- Determining acceptable downtime for business processes and IT functions
- Creating a plan to maintain operations
The business continuity plan should include other information, such as procedures for activating the plan and communicating with stakeholders. DFS requires the plan to have a training curriculum as well.
Developing a Disaster Response Plan
DFS requires a disaster response plan. Typically, your disaster response plan is part of your business continuity plan. It outlines how to minimize the impacts of the disruption. It shows how to return to normal operations as soon as possible.
A disaster response plan covers roles, policies, procedures, and resource allocation. Disaster response plans for DFS should include information such as:
- The jurisdiction where the insurer has its domicile
- Addresses where the insurer handles insurance functions for policies in New York
- Types of insurance products the insurer administers
- Who handles activating, deactivating, and monitoring the plan
- Who will relay information between the insurer and DFS (disaster liaisons)
- Procedures for training employees
- Alternative methods for handling claims
- Communication channels the insurer will use
You'll need to explain your method for testing the disaster response plan and how often you test it.
Stay Compliant With Business Continuity Software
New York insurers now need business continuity and disaster response plans. You need to store the plans in a secure way accessible to employees.
Your board of directors or other governing body must approve the plans each year. DFS will also check the plans to be sure they're adequate.
Business continuity software can help you build the best possible plans. You answer questions and follow simple steps.
The platform gives you a central location to store business continuity plans. You have convenient access and audit readiness.
Full-service platforms offer online training and communication features for critical events. You can prepare, respond, and recover from disruptions more easily. A business continuity platform and expert support can make a difference.
Start Optimizing Your Business Continuity Planning
Developing a business continuity plan isn't just about following New York's regulations. It's about ensuring the long-term success and stability of your company.
Preparis is a leading business continuity and disaster recovery end-to-end solution. We have decades of experience helping companies manage and recover from disruptions.
Our suite of solutions includes a business continuity training center and planning platform with document storage, emergency messaging, and more.
Contact us today to schedule a free demo and see how we can help you protect your business.