The Financial and Consumer Services Commission of New Brunswick recently published a Consultation Paper titled Incidental Selling of Insurance Restricted Insurance Licensing Regime. A complete copy of the Consultation Paper is available here.
In the Consultation Paper the Commission has indicated that it proposes to regulate the incidental selling of insurance through a restricted insurance licensing regime similar to regimes previously adopted in Alberta, Saskatchewan and Manitoba.
The Commission has proposed to define an incidental seller of insurance to mean:
a person that, in the course of selling or providing goods or services to the persons customers or clients, solicits, negotiates, sells or arranges insurance, or offers to sell, negotiate or arrange insurance, that relates to those goods or services.
The types of businesses that would be eligible to obtain a restricted agent licence would be:
A deposit-taking institution a bank, credit union, caisse populaire, or loan or trust company;
A sales finance company a corporation, other than a financial institution, that provides consumer loans, or provides or arranges for credit;
A transportation company that provides transportation service for goods;
An automobile dealership, a watercraft dealership, a recreational vehicle dealership, a farm implement dealership or a construction equipment dealership;
A mortgage brokerage licensed under the Mortgage Brokers Act;
A customs brokerage;
A freight forwarding business;
A vehicle rental business (incl. construction equipment rentals);
A portable electronics vendor a business that sells or leases portable electronic devices or provides the devices in connection with a transaction between the business and a consumer;
A business engaged by one of these businesses to solicit, negotiate, sell or arrange insurance on its behalf.
The Commission is proposing to allow restricted insurance licence holders and their employees to solicit, negotiate, sell or arrange the following classes or types of insurance:
Cargo insurance;
Creditors critical illness insurance
Creditors disability insurance
Creditors life insurance
Creditors loss of employment insurance
Creditors vehicle inventory insurance
Export credit insurance
Guaranteed asset protection insurance
Mortgage insurance
Portable electronics insurance
Rented-vehicle accidental injury or death insurance
Rented-vehicle contents insurance
Rented-vehicle liability insurance
The Commission has indicted that it does not intend to include travel insurance, funeral insurance and equipment warranty insurance within the restricted insurance licensing regimes as some other provinces have done.
With respect to equipment warranty insurance, the Commission confirmed that it does not consider warranties or extended warranties to be insurance where the warranty is sold incidentally to the product and is sold by the distributor of the product or an affiliate of the distributor with a non-arms length relationship.
Among other requirements, each business that wishes to apply for a restricted insurance licence would be required to be sponsored by an insurer licensed in New Brunswick and to maintain errors and omissions insurance in minimum specified amounts.
The Commission has invited feedback on a number of questions posed in the Consultation Paper. The comment period for providing written submissions ends on January 31, 2020.
News
FSRA Approves Electronic Version of Insurance Cards
In Canada, each province and territory requires drivers with a registered motor vehicle to have automobile insurance. Insurers must provide proof of such insurance to policyholders, and policyholders must carry proof of automobile insurance with them in the motor vehicle at all times. In Ontario, the Compulsory Automobile Insurance Act (the “CAIA“) provides that insurers must issue an “insurance card” to a person with whom a contract of automobile insurance is made or whose contract of auto insurance is renewed.
In Ontario, the provincial government introduced its intention to approve the electronic version of insurance cards under the CAIA in its April 2019 budget, Protecting What Matters Most under the heading “Putting Drivers First Blueprint“, and effective as of September 5, 2019, Ontario became the fourth province to approve the use of electronic proof of insurance, after Nova Scotia, Newfoundland and Labrador and Alberta.
The Financial Services Regulatory Authority of Ontario (“FSRA“), in its September 5, 2019 Bulletin titled “Modernizing automobile insurance – approval of electronic insurance card” (the “FSRA Bulletin“), approved the use of electronic insurance cards in accordance with the provisions of the CAIA.
The FSRA Bulletin provides for a one-year transition period commencing on September 5, 2019 during which insurers must continue to issue the currently approved paper version of the insurance card. Once the transition period expires, consumers will have the option to choose to receive their insurance cards electronically, in paper format or both.
The use of electronic insurance cards in Ontario will be subject to certain conditions including, among other things, the following:
Approved Form
It must contain the same data fields, text and overall appearance as the currently approved paper version and must be pink in colour.
Consent is Required, Use is Optional
The use of electronic insurance cards is optional for both insurers and policyholders, and insurers must obtain the policyholder’s informed consent to the use of electronic insurance cards before issuance.
Accessibility, Retention and Transfer
The electronic insurance card must be accessible so as to be usable for subsequent reference and be capable of being retained by another person in compliance with the provisions of the Electronic Commerce Act (Ontario).
The electronic insurance card must also have the capability to be emailed or transferred by the policyholder to a third party, such as law enforcement or permitted users of the motor vehicle.
Privacy and Security
Electronic insurance cards must also comply with the consent requirements under the Personal Information Protection and Electronic Documents Act (“PIPEDA“) and have appropriate security safeguards in accordance with the provisions of PIPEDA. In the FSRA Bulletin, FSRA expressly states that an electronic insurance card “must not include features that monitor, track location, or collect, use or disclose personal information, without the policyholder’s knowledge and his or her informed consent”.
In particular, insurers are responsible for ensuring that the electronic version of the insurance card is: (i) in a downloadable form that can be stored in a secure manner on an electronic mobile device, (ii) not able to be edited or altered, and (iii) is able to be viewed using lock screen capability and the insurer must provide clear plain language instructions to policyholders of how to set the locked screen as a default feature.
Risk of Damage to Mobile Devices
Insurers must make it clear to policyholders that if they choose to receive an electronic insurance card, the policyholder assumes any risk or damage that may occur to the mobile device in the hands of a third party, such as law enforcement or Service Ontario.
Caution to Consumers
Whether a policyholder chooses the electronic version or the paper version of the insurance card, operators of motor vehicles are required under the CAIA to have an insurance card in the vehicle for inspection at all times. This requirement applies regardless of any technological problems that may affect a policyholder’s mobile device, such as a drained battery, lack of or diminished cellular service or limited or obstructed visibility of the insurance card due to a damaged screen or other malfunction. FSRA recommends that insurers remind policyholders of their obligations under the CAIA before issuing an electronic insurance card.
Watch for any further updates on FSRA’s website, which can be accessed here.
Insurance & Reinsurance in Canada – 2019
The 2019 publication of Getting the Deal Through, is now available, and includes our updated summary guide to the regulation of insurance and reinsurance in Canada. Click here for access to our contribution.
Reproduced with permission from Law Business Research Ltd. This article was first published in Getting the Deal Through: Insurance & Reinsurance 2019, (published in July 2019; contributing editors: William D Torchiana, Mark F Rosenberg and Marion Leydier – Sullivan & Cromwell LLP). For further information please visit www.gettingthedealthrough.com.
Financial Services Regulatory Authority of Ontario Has Officially Launched
The Ontario government has announced that effective as of June 8, 2019, the new Financial Services Regulatory Authority of Ontario has assumed jurisdiction over those sectors previously regulated by the Financial Services Commission of Ontario (FSCO) and the Deposit Insurance Corporation of Ontario (DICO).
In making this announcement, Finance Minister Vic Fedeli said “The Financial Services Regulatory Authority (FSRA) of Ontario is a modern and innovative regulator with rule-making authority that promotes strong financial services and pensions sectors while protecting the public interest. Its mandate is to be open open to new ideas, open to business, and open to consumer needs. FSRA has the flexibility to cut red tape, bring products to market quicker and be more responsive to the needs of businesses. A full copy of the announcement is available here.
FSRA is in the process of reviewing existing regulatory publications which currently reside on the FSCO and DICO websites. A statement has been added to the FSCO webpage which says that “FSRA is actively reviewing all FSCO regulatory direction, including but not limited to forms, guidelines and FAQ. Until FSRA issues new regulatory direction, all existing regulatory direction remains in force.
Watch for further updates coming on FSRAs website, which can be accessed here.
Quebec Publishes Regulation Establishing Expectations related to Internet Insurance Offerings
May 15, 2019
The Quebec government today published a new regulation under an Act respecting the distribution of financial products and services (the “Distribution Act”), titled Regulation respecting Alternative Distribution Methods (the “Distribution Reg”). The Distribution Reg addresses issues related to (i) the sale of insurance over the internet without the intermediary of a natural person, and (ii) the offering of insurance products through distributors. With certain exceptions, the provisions of the Distribution Reg will come into effect on June 13, 2019.
With the publication of this new regulation, Quebec has taken the lead in setting clear expectations and standards for insurance intermediaries wanting to offer insurance products over the internet without the necessary involvement of a natural person. A copy of the Distribution Reg is available here.
With respect to internet insurance offerings, the Distribution Reg sets out a number of requirements that must be satisfied by firms wishing to sell insurance through a digital space, including disclosure and record keeping requirements. It also requires firms to ensure that the website clearly makes visible to applicants at all times during the process, the means by which the applicant can interact with a representative. When an applicant wishes to speak with a representative and one is not immediately available, the firm must suspend the transaction.
Firms that intend to offer products and services over the internet without the intermediary of a natural person are required to disclose without delay upon such offering, to the Autorite des marches financiers (the “AMF”):
(1) the name given to the digital space, where this name differs from the name of the firm;
(2) the names of the products and the classes to which they are related or the nature of the financial services offered on the digital space;
(3) the hyperlink or any other means to access the digital space; and
(4) the insurers whose products are offered on the firm’s digital space, if applicable.
Firms must notify the AMF of any change to such information within 30 days of such change.
The firm must also disclose annually to the AMF, the number of financial plans prepared, claims settled and insurance policies issued, the amount of premiums written through the digital space and the number of cases where clients have cancelled their insurance contracts in accordance with section 64 of the Insurers Act (Quebec).
Bill C-86 Amends Certain Provisions of the Insurance Companies Act
Bill C-86, entitled “A second Act to implement certain provisions of the budget tabled in Parliament on February 27, 2018 and other measures” (“Bill C-86”), was introduced in the House of Commons on October 29, 2018, and passed second reading with referral to committee on November 6, 2018. Bill C-86 was referred to the Standing Committee on Finance which proposed certain amendments, and the Standing Senate Committees will submit their final reports by December 4, 2018.
Once Bill C-86 comes into force, it will amend certain sections of the Insurance Companies Act (the “ICA”), as well as amend other financial institutions legislation such as the Bank Act and the Trust and Loan Companies Act. Read the text of the latest publication of Bill C-86 here.
If passed, the proposed amendments will, among other things: (i) create new thresholds below which the acquisition of control of, or the acquisition or increase of a substantial investment in, certain entities, including provincially incorporated trust, loan or insurance corporations, provincially incorporated cooperative credit societies, securities dealers, financial intermediaries, and specialized financing entities, will not require the approval of the superintendent of financial institutions (the “Superintendent”), (ii) permit minority investments in the new business growth fund, (iii) permit customers to consent electronically to the receipt of electronic documents, and (iv) clarify that disclosure of privileged information to the Superintendent will not constitute a waiver of privilege.
Control thresholds
Under the current version of the ICA, subject to certain exceptions, companies (as such term is defined in the ICA) must obtain the approval of the Superintendent in order to acquire control of, or acquire or increase a substantial investment in, the permitted entities described above.
Bill C-86 proposes to add to the existing exceptions by creating new thresholds for determining control, and the acquisition or increase of a substantial investment without taking control, of the entities described above, under which the Superintendent’s approval would no longer be required. The new thresholds for control would provide an exception for acquisitions where the target entity’s consolidated assets would constitute less than one percent of the acquiring company’s total consolidated assets in the case of an acquiring company with equity of 12 billion dollars or more, and two percent of the acquiring company’s total consolidated assets in the case of any other acquiring company.
The new thresholds for acquisition or increase of a substantial investment would provide an exception for acquisitions where the value of the shares, or ownership interests in, the target entity to be acquired, directly or indirectly, or acquired within the prior 12 months, by the acquiring company or a subsidiary of the company would constitute less than half a percent of the acquiring company’s total consolidated assets in the case of a company with equity of 12 billion dollars or more, and one percent of the acquiring company’s total consolidated assets in the case of any other company.
Business growth fund
Bill C-86 would permit a company, or a fraternal benefit society, and its subsidiaries to invest a maximum of 200 million dollars in the new Canadian Business Growth Fund (GP) Inc., a CBCA company (defined as the “business growth fund” in Bill C-86). The Advisory Council on Economic Growth recommended the creation of a private sector led growth fund in its report titled “Unlocking Innovation to Drive Scale and Growth”. Read the report here. According to the report, the business growth fund will be led and financed by financial institutions and is expected to address the gap in growth financing for small to medium-sized firms through the purchase of minority stakes or unsecured debt for approved growth and expansion projects. The proposed amendments set limits on the amount of ownership companies can acquire in the business growth fund.
Consent may be given electronically
Under the existing language of section 1037 of the ICA, receipt of an electronic notice or document is not valid unless the addressee has consented to receive documents and notices in electronic format. Bill C-86 proposes to add to section 1037 by providing that a customer may give consent electronically to the receipt of documents or notices in electronic form. If passed, we expect that this amendment would make it easier for insurance companies to comply with the consent requirements relating to the transmission of electronic documents.
No waiver of privilege
Although the ICA currently prohibits supervisory information from being used as evidence in any civil proceedings, Bill C-86 would provide greater certainty that disclosure by a company of any information that is subject to privilege would not constitute a waiver of privilege. The proposed amendment would also prohibit the Superintendent from disclosing any privileged information to any person whose functions include the investigation or prosecution of offences under any act of Parliament or of the legislature of a province. Corresponding changes have been made to section 37 of the Office of the Superintendent of Financial Institutions Act.
We will keep you informed on the progress of Bill C-86 and its effect on the ICA.
OSFI Revised Corporate Governance Guideline for Financial Institutions – updated September 18, 2018
On September 18, 2018 the Office of the Superintendent of Financial Institutions (OSFI) published the final updated version of its Corporate Governance Guideline (“2018 CG Guideline“). The 2018 CG Guideline is more principles-based and sets out OSFIs expectations for boards of directors (the “Board”) of federally regulated financial institutions, focusing particularly on Board effectiveness.
The 2018 CG Guideline’s main updates include:
- providing Boards with more discretion to meet the principles of the guideline, considering their organizations’ size, complexity and risk profile;
- clarifying the delineation between Board and senior management responsibilities; and
- consolidating Board duties previously set out in numerous OSFI guidelines and advisories.
OSFI has said it will conduct information seminars for directors and corporate secretaries of federally regulated financial institutions in fall 2018.
Please note that the 2018 CG Guideline does not apply to the Canadian branch operations of foreign financial institutions. However, OSFI plans to review and amend guidelines E-4A Role of the Chief Agent & Record Keeping Requirements and E-4B Role of the Principal Officer & Record Keeping Requirements in the near future.
New Privacy Breach Reporting Requirements In Force
On November 1st, the new Breach of Security Safeguards Regulations (the “Breach Regulations“) under the Personal Information and Protection and Electronic Documents Act (“PIPEDA“) came into force. See the link to the Breach Regulations here.
Under the Breach Regulations, both small and large organizations now have an obligation to:
- Report breaches of security safeguards involving personal information to the Office of the Privacy Commissioner (the “OPC“) where there is a real risk of significant harm.
- Notify affected individuals and notify appropriate government organizations.
- Keep a record of every breach of security safeguards.
The OPC has published guidance related to the Breach Regulations, titled “What you need to know about mandatory reporting of breaches of security safeguards”. See the link here.
Reporting A Breach of Security Safeguards
PIPEDA defines a “breach of security safeguards” as “the loss of, unauthorized access to or unauthorized disclosure of personal information resulting from a breach of an organizations security safeguards that are referred to in clause 4.7 of Schedule 1 [of PIPEDA] or from a failure to establish those safeguards”. The definition contemplates that even the loss of a USB key or a laptop would constitute a “breach of security safeguards”.
The reporting obligations do not require that an organization report all breaches to the OPC. The reporting obligations apply where the breach involves personal information that is under organization’s control, and when it is reasonable to believe that the breach creates a “real risk of significant harm”.
Determining whether there is a “real risk of significant harm” requires, among other things, an analysis of the sensitivity of the personal information involved and the probability that the personal information will be misused. According to the OPC, “significant harm” includes bodily harm, humiliation, damage to reputation or relationships, loss of employment, business or professional opportunities, financial loss, identity theft, negative effects on the credit record and damage to or loss of property. Neither PIPEDA nor the new Breach Regulations define “sensitivity”. However, Principal 4.3.4 of PIPEDA provides the names and addresses of subscribers to some special-interest magazines as an example of personal information that would likely be considered sensitive.
Under the Breach Regulations, an organization is also responsible for reporting a breach of security safeguards where there is a real risk of significant harm by a third-party service provider. The OPC expects that, in such an event, both the service provider and the organization will submit reports to the OPC.
Organizations may report certain information to the extent that it is available at the time of reporting and an organization may update the report at a later date.
Notifying Affected Individuals and Organizations
The Breach Regulations require that organizations notify affected individuals as soon as feasible in the event of a breach where there is a real risk of significant harm, and that organizations notify affected individuals directly. Depending on the sensitivity of the personal information and the real risk of significant harm, the organization may need to, in some cases, notify affected individuals prior to submitting its report to the OPC.
The Breach Regulations provide that the notification to affected individuals must include information sufficient to allow the affected individuals to understand the significance of the breach and to take any available steps to reduce the risk of harm that may result from the breach.
The Breach Regulations further provide that there are limited circumstances where direct notification may not be required, and an organization may provide indirect notification. Indirect notification may be given in circumstances where direct notification may cause further harm to the individuals, direct notification would cause undue hardship for the organization, or the organization does not have contact information for the affected individual.
In addition to the requirement to notify affected individuals, organizations are required to notify any other government organizations or institutions that the organization believes may be able to reduce the risk of harm to individuals.
Record Keeping
Although the reporting requirements under the Breach Regulations apply to breaches where there is a real risk of significant harm, the record keeping requirements apply to every breach, regardless of the risk of harm. Records of breaches must contain enough information to allow the OPC to confirm compliance with the Breach Regulations and PIPEDA, including an explanation of why, in cases where a breach was not reported, the breach was determined not to pose a real risk of significant harm. Breach records must be kept for two years, or longer as may be required in accordance with applicable law or related internal record-keeping requirements.
FSCO Releases Guideline – Treating Financial Services Consumers Fairly
On September 28, 2018, the Financial Services Commission of Ontario (FSCO) released its Treating Financial Services Consumers Fairly Guideline.
The Guideline applies to those licensed or registered by FSCO in the insurance, credit union/caisse populaire, loan and trust and mortgage brokering sectors. The purpose of the Guideline is “to ensure there is common understanding between FSCO and its Licensees as to what it means to treat consumers fairly.”
The Guideline contains a list of eight principal expectations, which FSCO says are intended not to be a prescriptive or exhaustive list, but rather to be used as guidance as part of a principles-based approach. The expectations listed by FSCO are:
1. FSCO expects that a core component of a Licensee’s business governance and culture is fair treatment of consumers.
2. FSCO expects Licensees to act with due skill, care and diligence at all times, but especially when dealing with consumers or designing financial services or products for consumers.
3. FSCO expects Licensees to promote financial services and products in a manner that is clear, fair and not misleading or false.
4. FSCO expects Licensees to recommend products that are suitable, taking into account the consumer’s disclosed personal circumstances and financial condition.
5. FSCO expects Licensees to disclose and manage any potential or actual conflicts of interest.
6. FSCO expects Licensees to provide continuing service and keep consumers appropriately informed, through to the point at which all obligations to the financial services consumer have been satisfied, including claims handling or the diligent provision of benefits.
7. FSCO expects Licensees to have policies and procedures in place to handle complaints in a timely and fair manner.
8. FSCO expects Licensees to protect the private information of financial services consumer and inform them of any privacy breach.
The full text of the Guideline can be viewed here.
FSCO has also published a related document to address anticipated questions, which is available here.
Cautionary Tale For Brokers Who Own Their Book of Business When Moving to a New Agency
Insurance Brokers who own their own book of business and are contemplating moving to a new agency should be aware of a recent order dated April 27, 2018 from the Insurance Council of B.C. (“Council”) in which Council ordered the broker to pay a $2,500 fine as a result of transferring a client list without the express consent of both old and new agencies and of the clients. The client list contained personal information and included client names, policy numbers, and policy effective dates. See the Council’s order here.
In B.C., Council Rule 7(1) provides that licensees “must hold in strict confidence all information acquired in the course of the professional relationship concerning the personal and business affairs of a client” and prohibits licensees from using or disclosing such information without express authorization by the client. In this case, prior to becoming a representative of the agency, the broker had made a verbal agreement with the agency’s nominee that the clients would remain his. After joining the new agency, the broker had also called each client when their policies were up for renewal to advise them of his move to the new agency. However, the broker had not obtained the express consent of his clients to transfer their personal information to the new agency, nor did he obtain the consent of the old and new brokerages to the transfer of the clients’ information, and therefore the broker was in contravention of Council Rule 7(1).
Under Council Notice ICN 17-004 Reminder of Licensee Responsibilities Related to Disclosure or Transfer of Client Information (“Notice 17-004“), if a general insurance agent leaves one agency to represent another, such agent must not have any client information in their possession, and may not transfer client information from the former agency to the new agency without the consent of both agencies and express authority from the client to transfer their personal information.
Although Council Rule 7(1) and Notice 17-004 are only applicable in B.C., brokers in all provinces and territories must comply with the federal Personal Information Protection and Electronic Documents Act (or their province’s substantially similar legislation) which requires individuals to have knowledge of, and consent to, the use and disclosure of their personal information, with certain exceptions for business transactions.
Brokers who work within a corporate agency who intend to own their own books of business are therefore advised to obtain an express consent from each client which permits not only the corporate agency, but also the broker personally, to collect, use and disclose the client’s personal information and permits such information to be transferred to another corporate agency in the event that the broker decides to switch agencies.