Third Party Risk Greatest Challenge in NAIC Insurance Data Security Law Compliance

CHICAGO (January 4, 2018) – A flash poll conducted by Baker Tilly Virchow Krause, LLP (Baker Tilly) indicates over half of insurance organizations believe overseeing third party service providers will be the greatest challenge presented by the National Association of Insurance Commissioner’s (NAIC) Insurance Data Security Law.

“Insurance organizations are struggling to meet the new law’s requirements. The challenge is not only the identification of key vendors, but also the ongoing management of the relationship to ensure the vendors have the controls and assurances in place to meet their company’s standards,” Christopher Tait, MBA, CISA, CFSA, CCSK, CCSFP, principal with Baker Tilly’s financial services risk and internal audit practice, said. “Insurers must not only do their due diligence when selecting the vendor, but they must determine and manage expectations of the provider for the duration of the relationship.”

“When managing third parties, a good starting point is to simply follow the money to identify the vendors that your company is paying,” Russ Sommers, CPA, CISA, senior manager with Baker Tilly’s financial services risk practice, said. “Once you get that list, you can further prioritize your efforts by identifying the vendors that handle nonpublic information or are critical to your organization’s key operations.”

Baker Tilly recently held an educational webinar, “Understanding the NAIC Insurance Data Security Law,” to assist insurance organizations in understanding the new cybersecurity regulation and what insurers must do in order to prepare for compliance.

The webinar presenters discussed:

  • The provisions in the Insurance Data Security Law
  • The similarities between the New York State Department of Financial Services’ (NYS DFS) cybersecurity regulation
  • The main areas that companies will need to evaluate while preparing for compliance

Presentation slides and a recording of the webinar are available at bakertilly.com/insights/understanding-the-naic-insurance-data-security-law-cybersecurity-rules-and.

About Baker Tilly Virchow Krause, LLP (bakertilly.com)

Baker Tilly Virchow Krause, LLP (Baker Tilly) is a nationally recognized, full-service accounting and advisory firm whose specialized professionals connect with clients and their businesses through refreshing candor and clear industry insight. With approximately 2,700 employees across the United States, Baker Tilly is ranked as one of the 15 largest accounting and advisory firms in the country. Headquartered in Chicago, Baker Tilly is an independent member of Baker Tilly International, a worldwide network of independent accounting and business advisory firms in 147 territories, with 33,600 professionals. The combined worldwide revenue of independent member firms is $3.4 billion.