Ad­vi­sors warned

Investment Executive - - FRONT PAGE - BY ME­GAN HAR­MAN

in­sur­ance ad­vi­sors are fall­ing short of their re­quire­ments re­lated to pro­tect­ing client pri­vacy, and now reg­u­la­tors are warn­ing ad­vi­sors to get in line or face dis­ci­plinary ac­tion.

This past sum­mer, the In­sur­ance Coun­cil of Bri­tish Columbia (ICBC) is­sued a no­tice re­veal­ing that some in­sur­ance ad­vi­sors in that prov­ince had dis­closed or trans­ferred client in­for­ma­tion to third par­ties with­out

the re­quired client con­sent.

“We’ve dealt with a num­ber of is­sues,” says Ger­ald Matier, ex­ec­u­tive di­rec­tor of the ICBC. “Mak­ing sure your clients are aware of how their in­for­ma­tion is be­ing moved and used, and who has it, is pru­dent. Agents run the risk of get­ting them­selves in trou­ble if they’re not dis­clos­ing this to the client.”

The ICBC warns that when it iden­ti­fies a breach of con­fi­den­tial­ity, it will con­sider sus­pend­ing an ad­vi­sor’s li­cence and is­sue fines of up to $10,000 for ad­vi­sors and $20,000 for agen­cies.

“Li­censees can ex­pect to face dis­ci­pline for fail­ing to main­tain client con­fi­den­tial­ity,” Matier says.

Other reg­u­la­tors iden­tify com­pli­ance gaps in this area, as well. For ex­am­ple, the Fi­nan­cial Ser­vices Com­mis­sion of On­tario found dur­ing its 2015-16 on-site ex­am­i­na­tions of in­sur­ance ad­vi­sors that 17% of ad­vi­sors were not able to demon­strate com­pli­ance with their re­quire­ments un­der the Per­sonal In­for­ma­tion Pro­tec­tion and Elec­tronic Doc­u­ments Act, the fed­eral pri­vacy law for pri­vate-sec­tor or­ga­ni­za­tions.

Given the pri­vate na­ture of in­for­ma­tion the life in­sur­ance in­dus­try han­dles, the prospect of in­ad­e­quate pri­vacy con­trols is a key con­cern.

“This [prospect of pri­vacy vi­o­la­tions] con­cerns reg­u­la­tors in the in­sur­ance in­dus­try be­cause of the amount and the type of very sen­si­tive i nfor­ma­tion we deal with. It’s per­sonal; it’s fi­nan­cial; it’s health [and] med­i­cal; and life­style,” says Ear­leen Moul­ton, vice pres­i­dent of com­pli­ance with BridgeForce Fi­nan­cial Group Inc. in London, Ont. “It doesn’t get much more per­sonal and con­fi­den­tial than that.”

Pri­vacy has be­come a pri­mary con­cern in an era in which cybersecurity breaches have be­come com­mon, Moul­ton adds.

Some of the sce­nar­ios in which the ICBC has iden­ti­fied prob­lems with the han­dling of con­fi­den­tial client in­for­ma­tion in­clude ad­vi­sors buy­ing or sell­ing books of business, con­sult­ing or work­ing with other ad­vi­sors on client cases, and switch­ing man­ag­ing gen­eral agen­cies (MGAs).

For ex­am­ple, some clients have no­ti­fied the ICBC that they have been con­tacted by an ad­vi­sor or an MGA those clients have never heard of, of­fer­ing to be­come their new agent of record af­ter their pre­vi­ous ad­vi­sor left the MGA. Of­ten, though, those clients still work with their orig­i­nal ad­vi­sor, just through a dif­fer­ent MGA, Matier says.

Al­though MGAs usu­ally re­as­sign clients to a new ad­vi­sor when the orig­i­nal ad­vi­sor no longer rep­re­sents the MGA or has left the in­dus­try, Matier says, ad­vi­sors and firms need to con­sider the pri­vacy im­pli­ca­tions of that prac­tice.

“Con­sumers are say­ing, ‘How did they get my in­for­ma­tion?’,” he says. “If you’re my client, and you meet with me, it’s im­por­tant that you know if I work with an agency, and what my agency is, and if I choose to leave that agency and go to an­other agency, how your in­for­ma­tion is go­ing to be han­dled.”

The va­ri­ety of play­ers in the in­de­pen­dent life in­sur­ance dis­tri­bu­tion chan­nel cre­ates cer­tain chal­lenges in en­sur­ing com­pli­ance with pri­vacy rules. A client’s per­sonal in­for­ma­tion po­ten­tially can be ac­cessed by the in­sur­ance car­rier, the ad­vi­sor, one or more MGAs — and, i n some cases, third-party ser­vice providers such as soft­ware com­pa­nies. Thus, ad­vi­sors must en­sure clients pro­vide the ap­pro­pri­ate con­sent for all of those en­ti­ties to ac­cess the client’s in­for­ma­tion.

Life i nsurance ap­pli­ca­tions typ­i­cally i nclude a sec­tion i n which clients must pro­vide con­sent for the use of their in­for­ma­tion by the in­sur­ance car­rier. How­ever, that doc­u­ment alone is not suf­fi­cient for ad­vi­sors to com­ply with the pri­vacy rules.

Ad­vi­sors also must get clients’ con­sent for the ad­vi­sor’s own col­lec­tion and us­age of clients’ per­sonal in­for­ma­tion, as well as con­sent on be­half of the MGAs and other third-party en­ti­ties with which the ad­vi­sor might share that in­for­ma­tion.

This is where some ad­vi­sors are fall­ing short, Matier says: “Some­where along the line, the client has to con­sent to [his or her] in­for­ma­tion be­ing given to a third party.”

In the cases the ICBC has iden­ti­fied in which ad­vi­sors dis­closed client in­for­ma­tion with­out the nec­es­sary con­sent, “the in­ten­tions of the [ad­vi­sors] ap­peared to have been gen­uine and in­tended to serve the in­sur­ance needs of the clients,” the ICBC’s no­tice says. None­the­less, the reg­u­la­tor’s state­ment adds, the con­sent fail­ures are con­trary to the ICBC’s rules.

In ad­di­tion to fac­ing dis­ci­plinary ac­tion from in­sur­ance reg­u­la­tors, ad­vi­sors who are in­volved in a breach of client pri­vacy could face the pos­si­bil­ity of le­gal ac­tion, says Alex Cameron, part­ner and leader of the pri­vacy and in­for­ma­tion pro­tec­tion group at law firm Fasken Martineau DuMoulin LLP in Toronto.

Civil lit­i­ga­tion re­lated to pri­vacy breaches has be­come “very com­mon,” he says, and, in some cases, dam­ages are awarded even when clients haven’t suf­fered com­pens­able harm be­cause of the breach. “These is­sues are taken se­ri­ously,” Cameron says. “The breach of your pri­vacy it­self is some­thing that you could ob­tain dam­ages for.”

Be­fore dis­clos­ing any client in­for­ma­tion, he says, ad­vi­sors should al­ways en­sure the client has pro­vided the ap­pro­pri­ate con­sent.

Some MGAs and car­ri­ers are tak­ing steps to help ad­vi­sors meet these reg­u­la­tory re­spon­si­bil­i­ties. BridgeForce, for ex­am­ple, re­cently up­dated its pri­vacy con­sent tem­plate to re­flect all of the en­ti­ties with which client in­for­ma­tion could be shared, in­clud­ing third­party ser­vice providers.

Newspapers in English

Newspapers from Canada

© PressReader. All rights reserved.