In this series on Insurance Vendor Management, we talked about the specialization of the insurance company and the agent, The 9 Critical Steps for Insurance Vendor Management, the fact that All Policies are Not Created Equal, and Insurance Company Ratings. In this article, we cover Disaster Recovery Plans and Information Security. Let's dive in!
A disaster recovery plan is a strategy for backing up all information necessary for operations and regaining access to essential systems when a disaster eliminates it. A lender, whether a credit union or a bank, should obtain verification that the insurance vendor and the agent have adequate and documented disaster recovery plans. This is an important piece to inquire about when lenders are conducting insurance vendor research. After all, a disaster or pandemic is when you may need your insurance provider the most.
Every insurance provider for banks, credit unions, finance companies, or loan servicers should have a business continuity plan where they analyze the impact on their business and their customers in the case of a disaster. They should have recovery strategies in place, and the plans should be shared with all employees and tested regularly.
A vendor needs to prove to you that sensitive data is fully protected. Between a privacy policy and internal security controls, the office handling your information should be able to reassure you that your information will be kept safe. Many organizations voluntarily submit to a SOC audit to assess internal controls governing their services and data. These controls are called the Trust Services Principles and include security, availability, processing integrity, confidentiality, and privacy as outlined by the American Institute of Certified Public Accountants (AICPA).
Vendor insurance management is far more than ratings and financial statements. The provider must show that they have the personnel to support and dedication to that product line, a policy set up to benefit your organization, and service and claims handling that pays in a timely manner when you have losses. They must prove they are committed to this product and that they will be there in the future. They should have an abundance of current references to confirm their ease of administration, reliability of service, and outstanding claims handling. Every credit union or bank must conduct its own due diligence.
At Unitas Financial Services, we know that Insurance Vendor Selection and Management are essential factors in choosing a collateral protection insurance provider. That's why we strive to meet all of the standards outlined in this series on Insurance Vendor Management. Please don't hesitate to get in touch should you have any questions on what to ask vendors you are considering. We're here to help!