18 Best Practices for Insurance Agency Compliance – Part 2

If you’re an insurance agency owner, risk manager, or compliance manager, you’ll appreciate the importance of staying on top of your regulatory practices and adhering to ever-changing guidelines. Consistent and thorough insurance agency compliance management mitigates risks and protects your agency and your reputation.  In this post, Part 2 of our series on best practices for insurance agency compliance (find the first 5 practices here), we share 7 more detailed tips for establishing and maintaining a first-class compliance management program. Whether you have just a few producers or a few thousand, these tips are all timely and relevant – so let’s dive in!

6.    Establish and Maintain Proper Banking Protocols

Bank accounts for operating and third-party funds must be segregated. Under no circumstances should you allow the co-mingling of company operating funds and third-party funds including, but not limited to, carrier premiums.  Protocols should be implemented to ensure that monies received are deposited into separate operating and trust accounts. This seems intuitive and yet I’ve seen more than a few agencies lacking the proper protocols and procedures to ensure compliance.

7.    Develop a Cybersecurity Policy

Cybersecurity is an area that is developing and evolving nationwide. Many states are promulgating rules, regulations, and requirements regarding cybersecurity. New York was the first state to implement cybersecurity regulations as it pertains to insurance intermediary licensees and has the most stringent regulations.

The New York Department of Financial Services requires entities to submit an annual cybersecurity certificate of compliance. As of the date of this writing, if your agency’s cybersecurity program is compliant with New York’s regulations, 23 NYCRR 500, it will be compliant in all states, nationwide.

To the extent you’re not, you need to make yourself aware of the rules, regulations, and requirements of all states in which you transact business, and make sure you are compliant. We have been counseling a lot of clients on cybersecurity compliance over the past several years and if you have not yet addressed cybersecurity for your agency, I invite you to contact us using the form below.

8.    Create a Formal Process for Handling Consumer Complaints

While not necessarily a compliance issue per se, every effort should be made to reduce/avoid consumer complaints to a state Department of Insurance. If you don’t have a consumer complaint procedure/protocol now, I strongly encourage you to establish and maintain one – before you receive a complaint. Your goal should be to resolve direct consumer complaints as quickly as possible.  Your procedure/protocol should include:

1.            Timelines for a response;

2.            Team members responsible for addressing complaints from intake through resolution; and

3.            Possible resolution parameters that produce consistent outcomes.

9.    Establish Protocols to Respond Promptly to Regulator Inquiries

I advise clients to establish and maintain a procedure/protocol to address regulator inquiries as soon as possible. Your process should contemplate:

1.      Team members responsible for addressing request(s) including consultation and representation of outside regulatory legal counsel

2.      Responding to the regulator’s request(s) within timelines set forth in the regulator’s inquiry correspondence

A good faith effort to respond to the regulator’s inquiry is always advisable and will lead to the most favorable outcome.

10.  Establish Protocols to Address Regulator Desk Audit

In the event you receive a State Department of Insurance audit request, I recommend that insurance regulatory counsel be consulted as soon as possible. Your agency’s best interests are served by consulting regulatory counsel to assist you in the preparation of a timely and appropriate verbal or written response.

11.  Establish and Adhere to a Document Retention Protocol

Document retention regulations vary from state to state. The most stringent state document retention regulations as they relate to insurance agencies and brokers, as opposed to insurance carriers, require keeping records for a minimum of five (5) years. Accordingly, the most prudent path for an insurance agency licensee, and the path I recommend to all clients, is to keep all insurance records for a minimum of 5 years following insurance coverage expiration.

12.  Ensure Compensation and Fee Payment Practices are Compliant

Compensation and fees are common areas of misunderstanding and confusion regarding what is legally permissible. As such, they are areas where non-compliance can and does often occur. There are two main areas you need to be mindful of, compensation and referral fees. Following are some, high-level guidelines:


Only licensed entities and individuals may share or receive commissions. Licensees may charge additional fees over commissions in very limited circumstances. Generally, additional fees charged in excess of commission, need to be:

•     Memorialized in writing; and

•     Reasonably related to the service being provided and not typically expected as part of the insurance transaction, (e.g., hand delivery of a policy document, risk management consulting, etc.).

Referral Fees

Generally, the compensation of licensed producers who refer business to your insurance agency is permissible. The compensation of unlicensed third parties who refer business to your insurance agency is also permissible but is restricted. Referrals from non-licensed third parties may typically only be compensated on a flat-fee basis – that is, it may not be calculated based upon coverage being placed or as a percentage of commission received.

I must add that compensation is a complex area of compliance, and state laws can differ significantly.  You should consult with an insurance regulatory attorney regarding your specific set of circumstances.


There are a lot of moving parts when it comes to compliance, but following these best practices outlined herein will help. Insurance agencies that take the time to develop strong compliance programs will significantly reduce their exposure to legal and administrative sanctions.

Did you miss the first part of this series? Make sure to go back and check it out. And as always, if you have any questions about compliance or need help getting started, submit the form below or give us a call today. We’d be happy to help you get on the path to compliance.

~Gary T. Harker, Esq., LL.M.