Brokers and Insurers can deliver information to one another far more efficiently using electronic means than by traditional methods. The business purposes behind these exchanges, however, and the roles of the correspondents, have never changed; the distinct roles and separate responsibilities of broker and underwriter still persist. It follows, then, that the rules and security conventions for electronic data exchange must reflect the business model they serve.
Brokerage principals control their own operations, and are ultimately accountable for their employees’ actions. Insurers grant binding authority on a brokerage-by-brokerage basis; indeed, Broker-Insurer contracts are abundantly clear that brokerages are responsible for errors or omissions, or infringement of binding authority, by their staff.
Traditionally, brokers have communicated with Insurers via various tools such as written memorandums, telephones, or more recently, email and EDI. Insurers have not determined a particular employee’s authority to correspond with underwriters or relay client instructions; that
duty has always rested squarely on the brokerage principals’ shoulders.
Delivering information to Insurers electronically through web services does not alter that responsibility; brokerages still govern the training and actions of their own staff and have accountability for individual actions performed on behalf of the brokerage. That supervision includes the security of internal brokerage networks and BMS’s, which make use of centrally-controlled individual user names and passwords. Once a user name is deleted or disabled, all access is also removed, including to all other dependent application(s) accessed through the broker’s own central system.
