Gamification – What Is It and How Can It Help Agencies?

My last post concerned the use of raffles by insurance agencies and agents to promote the making of referrals.  I thought it was an innovative idea, and one that makes use of the insights into human behavior that are the basis for what is known as gamification.  Gamification is the application of the principles and techniques used by game makers to develop popular games to encourage desired behavior in non-game activities.  Research has shown that creating a competition among a group of people for a reward for desired behavior increases the engagement of those people in the desired behavior beyond just offering the reward.  This is due to our natural desire to compete and the joy that comes with winning a competition.

Staging sales contests among salespersons with the winner receiving a reward of some type (e.g., bonus, trip) is a long standing practice among sales oriented businesses.  However, there is nothing to prevent the application of such a strategy to an agency’s other employees or its customers or potential customers to encourage them to engage in a desired behavior.  Holding a raffle is a very simple application of gamification research, which has confirmed that most people would prefer to gamble on getting a bigger prize than take a sure thing if the prize is something they value.

In the case of the raffle described in my last post, the agency could have opted to give a gift card or other reward with a relatively small value for every referral made, but the research indicates more people would participate (i.e., make a referral) if the potential reward for doing so was desirable enough.  In this case, that reward had a value of several hundred dollars.  The nature of the reward can also be used to encourage the members of a specific target market to participate.  In the agency raffle I wrote about, the prize was a much sought after tech gadget.

Even attorneys are not immune from gamification principles.  Just last week, I signed up to make a blood donation to the Red Cross in response to an offer to be entered into a drawing for a $1,000 shopping spree.  I normally make a blood donation every three or four months, but decided to break that pattern and give sooner due to this offer.  These type of promotions have become commonplace in today’s world for the simple reason that they work to engage more people in whatever behavior is desired than other types of promotions.

Earlier this year, American Modern Insurance Group applied gamification principles to a program designed to educate its agents about its specialty residential insurance products.  Instead of holding seminars or webinars, the company created weekly contests that required its agents to answer questions about how its products would apply to unusual situations.  The agents were awarded points for correct answers and the speed with which those answers were given.  Those agents with the most points at the end of the contest period will be entered into a drawing to be named the “Most Confident Agent in the World”, and each successfully completed weekly contest earns an agent an entry into a drawing for a cash prize. (Click here for an article on this program.)

The possibilities for applying gamification principals and techniques to the promotion of an agency, the education and training of its employees, and the improvement of its business processes are limited only by one’s imagination.  If you are interested in learning more about how those principles and techniques can be used for those purposes, click here for a whitepaper that addresses just that topic.

 

Raffles – Can They Be Used to Encourage Referrals? (Updated)

A recent caller to the Free Legal Service program that I run for the members of the Independent Insurance Agents of Georgia asked the above question.  His agency was thinking about running a promotion that gave a raffle ticket for each referral made to the agency during a specified period of time.  The winner would receive a prize having a value of well over $100.00.  With my previous posts on this subject, I thought I had thoroughly covered all aspects of it.  However, I failed to take into consideration the creative ability of independent insurance agents when it comes to thinking of ways to generate more business for their agencies.

The short answer to the above question is YES, if certain requirements are followed.  Those requirements are found in the Georgia Insurance Code and the Georgia Criminal Code.  First, as my regular readers are no doubt well aware, the Georgia Insurance Code prohibits the sharing of commissions with any person or entity that is not properly licensed by the Georgia Insurance Commissioner’s Office.  This means that any fee or other consideration given in exchange for a referral cannot be conditioned on the referral resulting in the sale of an insurance policy or related product.  Under a change to the Insurance Code that took effect on July 1, 2016, agents and agencies are also prohibited from giving “prizes, goods, wares, store gift cards, gift certificates, sporting event tickets, or merchandise” having a value of more than $100 to any customer or potential customer in any one calendar year.

Thus, under the Insurance Code, a raffle can be used to encourage people to make referrals to an insurance agency, as long as the referral does not have to result in the sale of an insurance policy or related product and if the raffle is limited to customers or potential customers of the agency, the value of the prize cannot exceed $100.00.

What does the Georgia Criminal Code have to do with the above question?  Under that Code, a raffle is considered to be a form of gambling, like the Georgia Lottery, and is prohibited with certain exceptions.  The one exception that is relevant to the type of raffle proposed by the caller to the Free Legal Service Program requires that the raffle be conducted as an “advertising and promotional undertaking in good faith solely for the purpose of advertising the goods, ware, and merchandise” of the business in question.  In addition, the raffle cannot require its participants (i) to “pay any tangible consideration” to enter it, (ii) to purchase “anything of value” from the business, or (iii) to “be present or be asked to participate in” any type of sales or other presentation, and (iv) the prize awarded must be something other than cash and cannot be awarded based on the playing of a game on a computer or mechanical or electronic device at a place of business in Georgia (this last requirement was omitted from the original post).

The type of raffle proposed by the caller to the Free Legal Service Program satisfies the requirements of the Georgia Criminal Code because the only thing a person had to do to be eligible to participate in the raffle was supply the name and contact information of a potential customer for the agency’s products and services, which were made known to the participant, and the prize was not cash.  Since there was no requirement that the referral made result in a sale by the agency and it was not limited to customers or potential customers of the agency, the requirements of the Georgia Insurance Code were also met.

 

Recording Customer Telephone Calls – A Good Idea But Is It Legal?

In a recent post on his blog, Steve Anderson recommended that insurance agents take advantage of the new telecommunications technology that makes it relatively easy to record all incoming and outgoing telephone calls.   He suggested that making such recordings could become the primary means by which an agency documents its contact with its customers and potentially, its insurance companies.  This would save time by eliminating the need to type information about such calls into the agency management system.  There are software products that will integrate recorded telephone calls with those systems and associate the recordings with the appropriate customer and policy.  If you still want to have the security of an electronic “paper trail”, there are many transcription services available that can create such a trail much faster than your office staff.

Please see his blog post for Mr. Anderson’s thoughts about other advantages to the recording by an agency of its telephone calls with its customers and the steps an agency should take before implementing such a procedure.  However, one very  important aspect of telephone call recording was initially overlooked by Mr. Anderson; its legality.  Under federal law, it is illegal to make such recordings without the consent of at least one party to the conversation.  But each state is free to impose greater consent requirements, and it is the requirements of the state in which each party to the call is located that will govern the legality of its recording with respect to that party.  In checking the laws of Georgia and the states that surround it, I found that all but one of them require the consent of only one party to the recording of a telephone call.  Florida was the only state that imposed a greater consent requirement.  Under its law, all the parties to a telephone call must consent to its recording.

If all your agency’s customers are located in Georgia, Alabama, Tennessee, South Carolina, or North Carolina, there is no need to obtain the consent of those customers to the recording of their telephone calls.   However, if the agency decides to record all such calls, to avoid any potential issues with its customers or other parties over the recording of their telephone conversations without their knowledge, it would be a good idea to include an announcement before any incoming call that it will be recorded. Such an announcement can be programmed into many of the new telephone systems to play when the call is first answered and before any of the agency staff actually speak to the caller. It should protect the agency from violating the law of Florida and any other states that require the consent of all parties to the recording of telephone calls by allowing the agency to argue that the caller’s proceeding with the telephone call after hearing the announcement amounted to its consent to the recording of the call. That is apparently the conclusion drawn by many large companies, as such an announcement is routinely played when calls are made to their customer service centers.

If you want to be able to safely record outgoing calls, the agency staff will need to be trained to begin each such call with an announcement that it will be recorded and ask the other party if that is acceptable.  Such a procedure is advisable as the violation of the law on the recording of telephone calls is a crime, and in Georgia and most of the surrounding states, it is a felony.  Some of those states also give the other parties to such calls a right to sue for damages, if the law is violated.

What Rights Do Customers Have to Information in Agency Files?

The above question was recently asked of me by a caller to the Free Legal Service program that I run for the members of the Independent Insurance Agents of Georgia.  In particular, the caller wanted to know if they could refuse to provide loss runs to a former customer whose policy had been cancelled for non-payment of premium.  This customer owed the agency money, and the caller wanted to condition delivery of the loss runs on payment of the money owed.

The short answer to the question depends on two things.  First, whether the information sought by the customer is related to a commercial or personal lines policy and second, if related to a personal lines policy, what type of information is being sought.  As you might suspect from the short answer, there is no law or regulation applicable to Georgia agents or agencies that requires them to provide a commercial lines customer with information or documents maintained by them about that customer or the policies issued to that customer.  Such information and documents belong to the agent or agency, and they can control the circumstances under which their commercial lines customers can have access to their files.  Of course, such a customer can always go to the insurance company that issued the policy in question and ask for information about it from the company.

If the customer is asking to have access to information and documents related to a personal lines policy, under Georgia law, they have a right to be given access to certain kinds of information about them that is kept in an agent or agency’s files.  This right is found in the same law that governs the giving of notices to customers about the information gathering and privacy policies of agents and agencies (click here for a post about that law).  Under it, a personal lines customer has the right to request access to “recorded personal information” about the customer in an agent or agency’s files.

The request must be made in writing and “reasonably describe” the information the customer wants to review.  If that information is “reasonably locatable and retrievable”, the agent or agency must do several things within 30 days after receiving the customer’s request.  One of those things is permit the customer to “see and copy, in person” the information requested or have a copy of that information mailed to the customer, whichever the customer wants.

The information that a personal lines customer has the right to “see and copy, in person” or obtain by mail is “any individually identifiable information gathered in connection with an insurance transaction from which judgments can be made about an individual’s character, habits, avocations, finances, occupation, general reputation, credit, health, or any other personal characteristics.”  This right even extends to persons who only submitted an application for insurance and never obtained a policy from the agent or agency.  There is an exception for “privileged information”, which is any information the relates to a claim for insurance benefits or a civil or criminal proceeding involving the customer that was “collected in connection with or in reasonable anticipation” of such a claim or proceeding.

If the caller to the Free Legal Service Program had been asking about the claims history of a personal lines customer, the answer to the above question would have been completely different from the one I gave that caller.

 

Has Your Website Been Hacked?

Mine has.  Some of my readers may have noticed that I have not posed anything for the past couple of weeks.  That is because I discovered about 10 days ago that this website had been hacked.  Anyone who clicked on a search result for it was being redirected to an online gambling website.  It is somewhat ironic that my last post before this discovery was about cyber security and the important role an agency’s employees play in protecting it from a data breach.

Unfortunately, I have no one to blame but myself for what happened to this website, but fortunately, there was no data breach as a result, just some embarrassment.  My mistakes were those of the kind I have been warning about in my cyber security posts.  I did not keep the software running my website, WordPress, or its plug-ins up to date and I did not monitor it for possible problems, by occasionally checking to make sure it could be found correctly using the various web search engines.

I also did not know that there is another way to access my website besides the way I do when I want to make a post or change something on it.  It is something called FTP access, which is what is used by programmers to change the code that runs the website.  I thought I was doing great by having a difficult to crack password (letters, numbers, & special characters) for my entry to the website, but failed to realize there was another way to access it.  That access point is apparently the way someone found to add code to my website that would result in people looking for it using search engines to end up at an online gambling website instead.

Please don’t get lazy like I did.  The consequences of doing so could be far greater than they were for me.  Keep the software running your agency’s website, as well as any of its special functions, up to date, and regularly check whether it can be found using the various web search engines.  Also, find out who has FTP access to your website and limit it to just one account for the people who are responsible for maintaining it.  Doing so will avoid some embarrassment, and potentially much more severe consequences.

 

Role of Employees in Cyber Security

The last presentation at the recent YAC Sales & Leadership Conference was on cyber security and it included a demonstration of just how vulnerable an insurance agency or any other business can be to a cyber attack.  One of the agents at the conference agreed to allow his agency to be the subject of a cyber attack by the presenters.

This attack did not involve a sophisticated attempt to penetrate the agency’s servers via their connection to the internet, as is seen most often in the movies and on TV.  Instead, the presenters sent e-mails from what appeared to be the agent’s e-mail address to 15 or so employees of the agency.  The e-mail contained only publicly available information about the agent and the agency.  It also contained a link that asked the recipient to provide certain information, which if provided would have allowed a true hacker to access to all the information on the agency’s computer system.  That link could have just as easily installed malware on the agency’s computer system with the same result.

Even though the e-mail was sent late at night and contained many typos, two of its recipients clicked on the link and one provided the information necessary to allow a hacker to gain access to the agency’s computer system.  This result is consistent with the fact that the majority of successful cyber attacks on businesses involve employees doing something they should not have done.  It also emphasizes the fact that cyber security is not just limited to having firewalls and detection software installed on an agency’s servers and desktops.  While important to do, it is even more important for an agency to train its employees on what not to do when receiving and responding to e-mails during the course of the work day.

Such training should involve what warning signs to look for in the e-mails they receive that may indicate the e-mails are really from hackers trying to gain access to the agency’s computer system.  Two of those signs were present in the e-mails sent to the above agent’s employees, late at night and many typos.  Mismatched URL’s and misleading domain names are two other such signs (click here for a list of ten such signs.)

The damage that can be done by a hacker who has gained access to an agency’s computer system is limited only by the imagination of the hacker.  Click here for an example of how the information in that system can be used to create fake e-mails to the agency’s customers that ask for money to be sent to a fake bank account.  Click here for an interesting video from Hewlett-Packard that explains how printing a coupon sent to an employee by a hacker can result in the hacker gaining access to a business’ computer system.

It’s not enough to protect an agency’s computer system with firewalls and detection software.  Its employees must also be trained to spot phishing e-mails, which training must be ongoing to keep up with the latest versions of such e-mails.

 

Payment of Referral Fees – Additional Considerations

In October of last year, I wrote a post that summarized my opinion on the question of when and how an insurance agent may pay a fee to an unlicensed person for the referral of a potential customer to the agent by that person.  That post was written from the perspective of whether and when the Georgia Insurance Code would permit the payment of such fees.  It did not take into consideration, any other laws or regulations that may be applicable to the person to whom the referral fee was to be paid.

A recent call to the Free Legal Service program that I run for the members of the Independent Insurance Agents of Georgia made me think about such other laws and regulations.  The caller mentioned that an agent he knew had been told that it was illegal to pay a referral fee to a real estate agent or mortgage broker under the Real Estate Settlement Procedures Act (“RESPA”).   That Act prohibits both the payment and the acceptance of “any fee, kickback, or Thing of Value” in connection with “business incident to or a part of a real estate settlement service involving a federally related mortgage loan.”  The criminal penalty for the violation of this prohibition is a fine of up to $10,000 and up to one year in prison, and the civil penalty is payment of three times the amount charged the borrower for the settlement service in question, plus attorney fees and other costs of litigation.  Both the payer and the recipient of a prohibited referral fee are subject to these penalties.

The RESPA prohibition on fees, kickbacks, and things of value applies only to residential mortgage loans for real property designed principally for “the occupancy of from one to four families.”  It also applies only to services that are “incident to or a part of” the settlement of such loans.  The statute refers specifically to title insurance and services performed by real estate agents or brokers as being covered by this prohibition.  Nothing is said in the statute or regulations about the provision of property and casualty or any other kind of insurance to the borrower of a covered loan.

However, if the existence of such other insurance coverage is required by the lender of a covered loan in order for the loan to be “settled”, a good argument can be made that the provision of such insurance is “incident to or a part of” the settlement of the loan.  If a charge for the cost of such insurance is included on the settlement statement for the loan, this good argument becomes a convincing argument.  For an agent who is considering paying a referral fee to real estate agents, mortgage brokers, or lenders for the names of home buyers who may need property and casualty or other insurance coverages to obtain a loan, it would be a good investment to pay an attorney for a legal opinion on whether the payment of such a fee is prohibited under RESPA.

For a referral fee arrangement with any other person, it would be a good idea to ask that person if their activities are subject to any laws or regulations that may prohibit the payment of such fees.  As the above makes clear, just because it may be legal under the Georgia Insurance Code to pay a referral fee does not mean it’s permissible under all other laws and regulations.

Privacy Notices May Still Be Required Under Georgia Law

In early December, I wrote a post about a change made to the Gramm-Leach-Bliley Act (the “GLBA”) by Congress at the end of 2015, which created an exemption under that Act from its requirement that notices of an insurance agency’s data sharing and privacy policies be given to its customers on an annual basis.  In preparing for a recent presentation to a group of insurance agents on this subject, I realized that, while my earlier post was correct, it did not take into account the fact that Georgia has a statute that took effect in 1982 that also governs the giving of such notices by insurance agents and companies.  Its provisions were not affected by the change made to the GLBA, and they impose notice requirements that are different from those found in the GLBA.

The Georgia data sharing and privacy policy statute is found in Chapter 39 of Title 33 of the Georgia code.  As with the GLBA, the Georgia statute requires the giving of a data sharing and privacy policy notice to customers and potential customers at the beginning of the relationship, but it does not impose an annual requirement for the giving of such notices thereafter.  Instead, such notices must be given “no later than the policy renewal date” and “no later than the time a request for a policy reinstatement or change in insurance benefits is received” by the agent, with some exceptions.  In both situations, no notice need be given if personal information about the policyholder in connection with the renewal, reinstatement, or change in benefits is obtained only from the policyholder or from public records.  In the case of a policy renewal, no notice need be given if a notice meeting the requirements of the statute was given to the policyholder within the prior 24 months, even if information about the policyholder is obtained from other sources.

Thus, it appears that for customers who have policy renewals, a notice meeting the requirements of the Georgia statute must be given to such customers at least every 24 months, unless information about the policyholder in connection with every renewal during that 24 month period is obtained only from the policyholder or public records.  Fortunately, as with the GLBA, the notice requirement only applies to products and services that are “primarily for personal, family, or household needs”, i.e.,  personal lines property and casualty and individual life, health, or disability insurance applicants and customers.  In determining whether, a particular renewal customer does or does not have to be given a privacy notice, it is important to remember that any previous notice given such customer must satisfy the requirements of Georgia law, which are not the same as the notice requirements under the GLBA.  Georgia law requires that more information be included in such a notice, including a description of the recipient’s right to submit a written request to the agent for access to their personal information collected by the agent and their right to request that corrections be made to such information and the way these rights may be exercised.

When I asked my audience how many of their agencies had been giving privacy notices to their customers, only a couple of hands went up.  Apparently, many of them assumed that this requirement was being satisfied by the insurance company.  That is possible under Georgia law if the insurance company is “authorized to act on” behalf of the agency, but it is possible under the GLBA only for entities that are affiliated with each other, i.e., under common ownership or control.

It would be a good idea for all Georgia insurance agents to check their agency agreements to see if those agreements authorize the insurance company to provide the privacy notices required by Georgia law on their behalf.  If not, such a provision should be added or the agency should be prepared to comply with that law, because the Insurance Commissioner has the authority to impose up to a $500 fine for each “knowing violation” of the law (i.e, for each privacy notice that was not sent or did not contain the required information) with a maximum penalty of $10,000.00.

 

 

 

Cyber Security and Agency Agreements

About this time last year I wrote a couple of posts on the perils and opportunities presented to insurance agencies by the increased hacking of computer systems that was taking place.  Since then, things have only gotten worse, with perhaps the most high-profile hacking being that of the Democratic National Committee, the repercussions of which are still unfolding.

If the prospect of paying significant sums of money or facing regulatory actions for the failure to properly protect an agency’s customers’ private data are not enough incentive, the contents of an agency’s agreements with its insurance carriers provide even more incentive to take action.  Two insurance consultants have prepared a white paper that explains in detail the obligations imposed on most agencies in the area of data protection by their agreements with their insurance carriers.

If an agency’s owners haven’t reviewed those agreements in a while, now is the time to do so.  The consultant’s review of over 100 different agency/carrier agreements revealed that almost all of them contained language that require the agency to comply with all applicable laws and regulations regarding the protection of the private data of their customers.  Such laws and regulations include the Gramm-Leach-Bliley Act (“GLBA”), which imposes privacy notice requirements on all insurance agencies, and the Health Insurance Technology for Economic and Clinical Health Act (“HITECH”), which imposes specific data protection requirements on any insurance agency that sells life, health, or disability insurance.  These are two of the more than 30 federal laws and regulations that address data privacy.  In addition, 47 states have enacted laws and regulations that impose data privacy and notice obligations on companies that have suffered a data breach.  An agency must be aware of these laws in each state in which its customers are located and be able to comply with their requirements with respect to those customers.

In addition to requiring compliance with all applicable laws and regulations, agency/carrier agreements require that the agency indemnify the carrier against any liability it may incur due to the failure of the agency to satisfy the requirements of those laws.  Thus, an agency will not only have to pay its costs in dealing with a data breach, it will have to pay any costs incurred by the affected carrier or carriers due to such a breach.  Since this obligation is a contractual one, an agency’s E&O and general liability insurance will not cover these costs.  Hence, the need for cyber insurance coverage, if an agency wants to survive a data breach.

For those agencies that want to know where they stand with their data protection policies and practices, NetGen Consulting has a survey that can be taken to show if and where extra work is required.  For those agencies who may not have done much yet in this area, the Center for Internet Security has developed a Critical Security Controls document and associated working aids to get you started on the development of good data protection policies and practices.

Given the ever increasing threat posed by hackers, the costs involved in a data breach, and the indemnity obligations imposed on agencies by their insurance carrier agreements, I don’t think it’s an overstatement to say that good data protection policies and practices, along with a good cyber insurance policy, are essential to the survival of an agency in today’s world.

Must An Agency Pay Its Employees If Its Offices are Closed?-Corrected

I have discovered that my post earlier this week on the above topic contained some incorrect information about the payment of exempt employees when an agency’s offices are closed.  Please see the corrected post below.  I regret the misinformation and hope that it did not cause anyone any problems.

Although most of the metro Atlanta area escaped the snow predicted for last weekend and thankfully, the icy conditions we did experience were not as bad as they could have been, I thought it a good time to make my annual post on the above question.  Some areas of North Georgia did get some significant snow and the school systems of many counties are still closed due to icy road conditions.  That creates some difficult child care decisions for employees of agencies in those areas; stay home with the kids or find someone to watch them so mom or dad can go to work.

As noted in my past posts on this topic, the answer to the above question depends for the most part on whether an employee is classified as an exempt or nonexempt employee for purposes of the Fair Labor Standards Act.  An exempt employee is one who does not have to be paid extra if they work more than 40 hours in any one work week.   A nonexempt employee is one that must be paid at a higher rate for any time worked in excess of 40 hours in any one work week.  I have addressed how to decide whether a particular employee is a nonexempt or exempt employee in posts last year about the proposed new overtime rule that has now been stayed.  Even though the new rule was stayed, it is still essential for classification as an exempt employee that the employee be paid on a salary basis in an amount that equals at least $455.00 per week.  Payment on a salary basis means the amount of an employee’s pay cannot be reduced based on the quality or quantity of the work performed by the employee during any one work week. The other requirements that must be met to be an exempt employee are explained in my earlier posts.  Nonexempt employees must be paid at least the minimum wage, but only for the time they actually perform services on behalf of the employer.

Thus, if an agency’s offices are closed for any reason and a nonexempt employee does not perform any services for the agency from home, such an employee need not be paid for the time period the offices are closed.  The same rule applies if the agency’s offices are open and a nonexempt employee does not come in or do any work from home.  This is true regardless of whether the nonexempt employee is being paid a salary or on an hourly basis by the agency. As noted above, if a nonexempt employee performs any work from home on a day when the agency’s offices are closed, they must be paid for the time they actually worked.

Whether an exempt employee’s salary may be reduced depends on whether the agency’s office were open or if closed, how long they remain closed.  An exempt employee’s salary may only be reduced if the agency’s offices are open, but the exempt employee does not come in due to any reason other than sickness or do any work from home.  Therefore, if an exempt employee decides to stay home to take care of children who are not in school or due to severe weather decides they just can’t get to work, their next paycheck may be reduced by an amount equal to the number of full days they did not perform any services for the agency, if the agency’s office was open for business during that time period.  If the agency’s offices were not open for business for less than a full workweek and an exempt employee performs any work during that workweek whether in the office or from home, they are entitled to be paid their full salary for that week.  But the agency can require such an employee to use any accrued vacation or other leave time for the time when its offices were closed.  The key is that an exempt employee must be paid their full salary for any week during which they performed any work, no matter how little.