N.Y. issues updated disaster response and recovery plan requirements for insurers
Insurers were notified of the updated requirements via two circular letters, outlining the additions to the law.
Today, New York Financial Services Superintendent Maria T. Vullo announced that the Department of Financial Services (DFS) has issued updated disaster response and recovery plan requirements for all insurance companies licensed to conduct business in New York State.
These requirements were first issued last year, and today, insurers were notified of their updated requirements via two circular letters, one for property and casualty insurers, and a second for life and health insurers.
Related: 5 things businesses can do now to prepare for hurricanes
In addition to filing a disaster response and recovery plan, insurers must have a business continuity plan and regularly perform a business impact analysis to predict the consequences of disruption of a business function. DFS explains that the circular letters outline what an insurer’s business continuity plan should include, such as:
- Defining the scope, objectives, and assumptions of the business continuity plan;
- Defining the roles and responsibilities of employees;
- Identifying the lines of authority, succession of management, and delegation of authority;
- Addressing interaction with external business entities, including contractors and vendors;
- Including results of a business impact analysis;
- Identifying recovery time objectives for business processes and information technology;
- Identifying the recovery point objective for data restoration; and
- Setting forth detailed procedures, resource requirements, and logistics for execution of all recovery strategies.
In the event of a disaster, information regarding the amount and extent of losses, damages, personal injuries and deaths is critical for the DFS to report to the Governor. Based on this information, the Governor decides whether and when to request a federal disaster declaration and how to prioritize the deployment of state assets.
“When disaster strikes, as it did when Hurricanes Maria and Irma devastated Puerto Rico and the Virgin Islands last year, it is important for all insurers to be able to respond quickly and to be able to continue operations to ensure they can serve the increased needs of consumers resulting from the emergency, whether it’s a storm, a data breach or a terrorist attack,” said Superintendent Vullo.
“Disaster response and business continuity plans should reflect the nature, scale and complexity of each insurer’s business and these plans need to be updated at least annually.”
Electronic templates for responses to the pre-disaster survey and disaster response plan and business continuity plan questionnaires, as well as instructions for their completion and submission, are available on the DFS website.
Related: What businesses can learn from Harvey and Irma before the next hurricane