Skip to main content
Menu Icon Menu Icon

InfoBytes Blog

Financial Services Law Insights and Observations


Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.

  • Insurers consider biometric exclusions as privacy cases increase

    Privacy, Cyber Risk & Data Security

    According to sources, some insurers are considering adding biometric exclusions to their insurance policies as privacy lawsuits increase. An article on the recent evolution of biometric privacy lawsuits noted an apparent increase in class actions claiming violations of the Illinois Biometric Information Privacy Act (BIPA), as “more courts began ruling that individuals need not show actual injury to allege BIPA violations.” The article explained that insurance carriers now “argue that general liability policies, with their lower premiums and face values, don’t insure data privacy lawsuits and can’t support potentially huge BIPA class action awards and settlements.” This issue is poised to become increasingly important to carriers and policyholders as additional states seek to regulate biometric privacy. The article noted that in the first quarter of 2022, seven states (California, Kentucky, Maine, Maryland, Massachusetts, Missouri, and New York) introduced biometric laws generally based on Illinois’ BIPA. Texas and Washington also have biometric laws, but without a private right of action.

    Privacy/Cyber Risk & Data Security Insurance BIPA State Issues Courts Biometric Data

    Share page with AddThis
  • Insurers obligated to indemnify retailer’s payment card claims following data breach

    Privacy, Cyber Risk & Data Security

    On March 22, the U.S. District Court for the District of Minnesota ordered two insurance companies to cover a major retailer’s 2013 data breach settlement liability under commercial general liability policies. As previously covered by InfoBytes, in 2018 the retailer reached a $17 million class action settlement to resolve consumer claims related to a 2013 data breach, which resulted in the compromise of at least 40 million credit cards and theft of personal information of up to 110 million people. The banks that issued the payment cards compromised in the data breach sought compensation from the retailer for costs associated with the cancellation and replacement of the payment cards. The retailer settled the issuing banks’ claims and later sued the insurers in 2019 for refusing to cover the costs, arguing that under the general liability policies, the insurers are obligated to indemnify the retailer with respect to the settlements reached with the issuing banks. The retailer moved for partial summary judgment, seeking a declaration that the general liability policies (which “provide coverage for losses resulting from property damage, including ‘loss of use of tangible property that is not physically injured’”) covered the costs incurred by the retailer when settling the claims for replacing the payment cards. According to the retailer, the insurers’ “refusal to provide coverage for these claims lacked any basis in either the Policies’ language or Minnesota law.” The court reviewed whether the cancellation of the payment cards following the data breach counted as a “loss of use” under the general liability policies. Although the court had previously dismissed the retailer’s coverage claims, the court now determined that the “expense that [the retailer] incurred to settle claims brought by the [i]ssuing [b]anks for the costs of replacing the compromised payment cards was a cost incurred due to the loss of use of the payment cards” because being cancelled “rendered the payment cards inoperable.”

    Privacy/Cyber Risk & Data Security Courts Data Breach Indemnification Insurance

    Share page with AddThis
  • FIO joins global green initiative

    Federal Issues

    On February 17, the U.S. Treasury Department’s Federal Insurance Office (FIO) announced that it joined the Network of Central Banks and Supervisors for Greening the Financial System (NGFS). As previously covered by InfoBytes, Treasury announced in August 2021 a request for information seeking public comments on the FIO’s future work related to the insurance sector and climate-related financial risks. This was in response to an executive order issued by President Biden instructing financial regulators to mitigate climate-related risk related to the financial system (covered by InfoBytes here). According to the recent announcement, the FIO “intends to publish a climate report by the year’s end focusing on insurance supervision and regulation, with an assessment of climate-related issues or gaps in the supervision and regulation of insurers, including their potential impacts on U.S. financial stability.” The same day, the Federal Advisory Committee on Insurance (FACI), which provides advice and recommendations to assist the FIO in carrying out its statutory authorities, launched the Climate Related Financial Risk Subcommittee to support the FACI provision of information relevant to the FIO’s work on climate-related risks in the insurance sector.

    Federal Issues Department of Treasury Climate-Related Financial Risks Risk Management Insurance

    Share page with AddThis
  • Fed solicits comments on insurance supervision guidance

    On January 28, the Federal Reserve Board announced it is soliciting comments on proposed guidance, which would implement a framework for the supervision of certain insurance organizations overseen by the Board. According to the Fed, the proposed framework for depository institution holding companies significantly engaged in insurance activities would apply guidance and allocate supervisory resources based on the risk of a firm and would “formalize a supervisory rating system for these companies and describe how examiners work with state insurance regulators.” Comments are due 60 days after publication in the Federal Register.

    Bank Regulatory Federal Reserve Federal Register Agency Rule-Making & Guidance Supervision Insurance

    Share page with AddThis
  • NYDFS issues final guidance for insurers on climate change financial risks

    State Issues

    On November 15, NYDFS issued final guidance to New York regulated-domestic insurers on managing climate change-related financial risks. The final guidance reflects the agency’s consideration of stakeholder comments from proposed guidance issued in March, and was informed by NYDFS’s collaboration with the insurance industry and international regulators. Building on a 2020 insurance circular letter addressing climate change and financial risks, the final guidance outlines expectations that insurers begin “integrating the consideration of the financial risks from climate change into their governance frameworks, business strategies, risk management processes and scenario analysis, and developing their approach to climate-related financial disclosure.” Specifically, an insurer should (i) incorporate into its governance structure, at either “the group or insurer entity level,” climate-risk considerations; (ii) consider current and forward-looking climate-related implications on its operations through “time horizons” appropriately tailored to the insurer’s activities and decisions; (iii) incorporate in its current financial risk management framework analyses of the effect of climate risks on existing risk factors; (iv) employ scenario analysis to inform business strategy decisions, risk assessments, and identification; and (v) disclose its climate risks and engage with NYDFS’s Task Force on Climate-related Financial Disclosures when developing climate disclosure approaches. NYDFS will monitor insurers’ progress in implementing these expectations with respect to organizational structures, which insurers must have in place by August 15, 2022. The NYDFS noted it will provide further guidance on timing for implementing “the more complex expectations outlined in the guidance.”

    State Issues State Regulators NYDFS Insurance Climate-Related Financial Risks Risk Management Bank Regulatory

    Share page with AddThis
  • 10th Circuit affirms TCPA statutory damages as uninsurable


    On November 2, the U.S. Court of Appeals for the 10th Circuit affirmed a district court’s decision that under Colorado law, an insurance company (plaintiff) had no duty to indemnify and defend its insured against TCPA claims seeking statutory damages and injunctive relief. According to the appellate opinion, the states of California, Illinois, North Carolina, and Ohio sued a satellite television company for telemarketing violations of the TCPA (TCPA lawsuit). The TCPA lawsuit sought statutory damages of up to $1,500 per alleged violation and injunctive relief. The satellite company submitted a claim to its insurer for defense and indemnity of the TCPA claims pursuant to existing policies. The plaintiff filed a complaint seeking a declaratory judgment that it need not defend or indemnify the satellite company in the TCPA lawsuit. The district court, relying on ACE American Insurance Co. v. DISH Network (covered by InfoBytes here), determined that, under ACE, the claim for statutory damages in the telemarketing complaint sought a penalty and therefore was “uninsurable as a matter of Colorado public policy,” and that the policies did not cover the complaint’s claim for injunctive relief because, as in ACE, they did not cover the costs of preventing future violations. Additionally, the district court determined that “the allegations did not potentially fall within the Policies’ definitions of ‘Bodily Injury’ or ‘Property Damage.’” The 10th Circuit affirmed the district court’s rulings, concluding that no coverage existed.

    Courts Appellate TCPA TSR Insurance FTC State Issues

    Share page with AddThis
  • NYDFS: Regulated insurers should expedite Ida-related claims

    State Issues

    On September 2, NYDFS advised regulated insurers to expedite Tropical Depression Ida-related insurance claims. Emphasizing the severity of damage experienced by homeowners and businesses, NYDFS urged insurers to work towards a fair and speedy resolution of claims. In addition to outlining expectations related to the claims process, NYDFS noted that it will also “expedite the issuance of temporary adjustor permits as necessary to qualified out-of-state independent insurance adjusters pursuant to New York Insurance Law” to increase the number of available adjusters to process claims. 

    State Issues State Regulators NYDFS Disaster Relief Insurance Bank Regulatory

    Share page with AddThis
  • Treasury seeks info on climate-related financial risks in the insurance sector

    Agency Rule-Making & Guidance

    On August 31, the U.S. Treasury Department announced a request for information (RFI) seeking public comments on the Federal Insurance Office’s (FIO) future work related to the insurance sector and climate-related financial risks. The RFI is in response to an executive order issued by President Biden in May, which instructed financial regulators to take steps to mitigate, among other things, climate-related risk related to the financial system (covered by InfoBytes here). Among other things, the FIO will focus on the following initial climate-related priorities: (i) “assessing climate-related issues or gaps in the supervision and regulation of insurers, including their potential impacts on U.S. financial stability”; (ii) “assessing the potential for major disruptions of private insurance coverage in U.S. markets that are particularly vulnerable to climate change impacts, as well as facilitating mitigation and resilience for disasters”; and (iii) “increasing FIO’s engagement on climate-related issues and leveraging the insurance sector’s ability to help achieve climate-related goals.” Responses will help FIO monitor and assess the implications of climate-related financial risks for the insurance sector, and help FIO better understand how to collect “high-quality, reliable, and consistent data” required to accomplish FIO’s objectives.

    Agency Rule-Making & Guidance Department of Treasury Climate-Related Financial Risks Risk Management Insurance

    Share page with AddThis
  • 11th Circuit: Insurance firm not required to pay broker’s $60 million TCPA judgment


    On June 1, the U.S. Court of Appeals for the Eleventh Circuit held that an insurance firm is not required to pay a $60.4 million TCPA judgment arising out of a Florida-based insurance broker’s marketing campaign accused of sending unsolicited text messages and phone calls to consumers. The broker sought coverage against a class action which alleged, among other things, that “by sending the text messages at issue. . . , Defendant caused Plaintiffs and the other members of the Classes actual harm and cognizable legal injury [including] . . . invasions of privacy that result from the sending and receipt of such text messages.” In response, the insurance firm asserted that the policy did not cover invasion of privacy claims such as those brought in the class action against the broker. Subsequently, the broker settled the suit and assigned all of its rights against its insurer to the plaintiffs, who attempted to enforce the judgment against the insurance firm. The 11th Circuit found that the broker’s insurance policy excluded coverage of certain actions that would prompt a lawsuit, including claims of invasion of privacy. The appellate court also concluded that the TCPA class action arose out of an “invasion of privacy” because the class complaint specifically alleged that the broker “intentionally invaded the class members’ privacy and sought recovery for those invasions.”

    However, one of the judges dissented from the ruling, opining that the policy the insurance firm wrote to the broker is “ambiguous as to whether it refers to the common-law tort called ‘invasion of privacy,’” noting that “in other words, if it could reasonably be so interpreted—then we must interpret it to refer only to that tort.” The judge also noted that it is “unclear to me why any party to an insurance policy would ever allow coverage to be dictated by the conclusory terms and labels that a plaintiff might later choose to include in her complaint.”

    Courts Eleventh Circuit TCPA Appellate Insurance Class Action

    Share page with AddThis
  • NYDFS, insurance company reach $1.8 million cyber breach settlement

    State Issues

    On May 13, NYDFS announced a settlement with an insurance company to resolve allegations that the broker violated the state’s cybersecurity regulation (23 NYCRR Part 500) by failing to implement multi-factor authentication or reasonably equivalent or more secure access controls. Under Part 500.12(b), covered entities are required to implement such protocols (see FAQs here). NYDFS’s investigation also revealed that the insurance company falsely certified its compliance with the cybersecurity regulation for 2018. Under the terms of the consent order, the company will pay a $1.8 million civil monetary penalty and will undertake improvements to strengthen its existing cybersecurity program to ensure compliance with 23 NYCRR Part 500. NYDFS acknowledged the broker’s “commendable” cooperation throughout the examination and investigation and stated that the broker had demonstrated its commitment to remediation.

    State Issues NYDFS Enforcement 23 NYCRR Part 500 Privacy/Cyber Risk & Data Security Insurance Bank Regulatory

    Share page with AddThis


Upcoming Events