Policy Issuance 4-99

Subject: Guidelines for Electronic Flood Insurance Transaction Processing

Background: The Financial Assistance/Subsidy Arrangement outlines the responsibilities for WYO companies conducting NFIP business. Mitigation Division encourages WYO companies to use the capabilities provided by current information technologies to streamline the process of writing and servicing flood insurance business so long as the integrity of such processes is maintained. The WYO Clearinghouse distributed NFIP Audit Informational Bulletin 98-1 to address this issue on September 15, 1998. WYO companies have asked for further clarification of Mitigation Division's position and for guidelines for the use of electronic data interchange and electronic or digital signatures when processing NFIP policies.

Policy Statement: WYO companies may use electronic (paperless) transactions for the issuance and servicing of NFIP flood insurance policies. WYO companies are responsible for determining the business practices and transaction authentication methods they will use in meeting the obligations of the Arrangement. The following conditions must be met:

Records Retention: Electronic records are maintained and available as required by the Arrangement, Article XIV - Access to Books and Records.

System Requirements: WYO companies must establish a business process for establishing the authorization for their users and to confirm the validity of a claimed identity of a user and location in their information or communication systems. This includes authentication of not only signatures, but also dates of receipt of premiums. (Authentication).

WYO companies must also provide adequate security controls to prevent an individual or entity from denying having performed a particular action related to data, e.g., mechanisms for non-rejection of authority or origin, related to data for proof of obligation, intent, commitment, or proof of ownership. (Non-repudiation).

WYO companies must ensure that the contents of electronic transmissions are secure and that adequate access control measures, including privacy and confidentiality safeguards are used. (Integrity).

Underwriting: WYO companies must perform an underwriting review of application, endorsement, and cancellation transactions as it would for those submitted on paper.

Use of electronic interchange of data does not relieve WYO insurers of their responsibility to maintain file documentation to support issuance of policies or rates in compliance with:

An Application, Elevation Certificate, photographs, and possibly blueprints, all on paper will continue to be required for underwriting and rating of Submit for Rate Risks.

A review of Elevation Certificate information must take place to ensure that the correct elevations are used for rating. A WYO company may review either:

  1. an original, scanned, facsimile, or other image of the actual Elevation Certificate or
  2. all of the data from the Elevation Certificate electronically transmitted. To use this option, all of the data from the Elevation Certificate must be captured and transmitted for underwriting review and be made available for audit purposes. That is to say, the capture and transfer of just key rating data such as the lowest floor elevation and base flood elevation is not sufficient. A11 information provided on the Certificate must be collected, reviewed and available on file. This includes the Certifier's name, address and license number and the section of the form that the certification applies to, as well as any comments that the certifier made.

Other Requirements: WYO companies should also comply with the electronic commerce and digital signature requirements of the States in which they are operating.

Jo Ann Howard
Administrator
Mitigation Division

Last Modified: Wednesday, 24-May-2006 11:56:28 EDT