National System of State-Based Insurance Regulation

The backbone of insurance regulation in the United States is the National Association of Insurance Commissioners (NAIC).

The NAIC is the U.S. standard-setting and regulatory support organization created and governed by the chief insurance regulators from:

• All 50 states
• The District of Columbia
• Five U.S. territories

Through the NAIC:

• State insurance regulators develop model laws and regulations
• Best practices and regulatory standards are established
• Peer review and coordination among states occur
• Regulatory oversight is strengthened across state lines

NAIC members, working together with the NAIC’s centralized resources, form the national system of state-based insurance regulation in the United States. While the NAIC does not directly regulate insurers or producers, its models heavily influence state insurance laws, including those adopted in Colorado.

Common Exam Traps

• “The NAIC regulates insurers directly.”
  • False. The NAIC does not regulate insurers or producers. States do.
• “The NAIC issues insurance licenses.”
  • False. Licensing is handled by individual states.
• “The NAIC is a federal agency.”
  • False. It is a state-based organization governed by state insurance regulators.

Gramm-Leach-Bliley Act (GLBA)

The Gramm-Leach-Bliley Act (GLBA) reshaped the financial services industry by repealing the Glass-Steagall Act of 1933.

GLBA:

• Allows consolidation of banks, investment firms, and insurance companies
• Permits financial institutions to engage in multiple lines of business, including insurance
• Establishes a framework that divides regulatory authority between federal and state regulators

From an insurance perspective, GLBA is especially important because it also introduced federal privacy and information security requirements for financial institutions, including insurers and producers.

McCarran-Ferguson Act

The McCarran-Ferguson Act of 1945 formally declared that insurance regulation is the responsibility of the states, not the federal government.

Key impacts of the McCarran-Ferguson Act:

• Confirms state authority to regulate insurance
• Grants insurers a limited exemption from federal antitrust laws, as long as the activity is regulated by state law
• Preserves the state-based regulatory system still in use today

This law explains why insurance producers must comply with individual state insurance codes, including Colorado’s, rather than a single federal insurance regulator.

Fair Credit Reporting Act (FCRA)

The Fair Credit Reporting Act (FCRA) is a federal law governing how consumer reporting agencies collect, use, and share personal information.

In insurance, FCRA applies when insurers use:

• Credit reports
• Medical Information Bureau (MIB) reports
• Investigative consumer reports

If an insurer takes adverse action based on a consumer report—such as denying coverage, issuing less favorable terms, or charging a higher premium—the applicant must:

• Be notified within 3 business days
• Be informed of their right to request a copy of the report
• Be given 60 calendar days to dispute inaccurate or incomplete information

FCRA protections apply nationwide and are frequently tested on licensing exams.

Privacy Act of 1974 (Clarification)

The Privacy Act of 1974 applies only to federal government agencies, not private insurance companies.

Insurance applications typically include an authorization allowing insurers to obtain consumer reports. This process is regulated by the Fair Credit Reporting Act, not the Privacy Act.

Important exam clarification:

• A signed insurance application generally authorizes access to consumer reports for up to 30 months
• If a report is not obtained within that period, new authorization is required
• This rule comes from the FCRA, not the Privacy Act

Telemarketing Rules

Federal telemarketing laws apply to insurance producers who make unsolicited sales calls.

Key requirements include:

• No calls before 8:00 a.m. or after 9:00 p.m. local time
• The sales nature of the call must be disclosed
• The product or service being offered must be identified
• The caller must identify themselves and the broker or dealer they represent
• If a prize is offered, it cannot be contingent upon a purchase

The Do Not Call Registry exists to limit unsolicited telemarketing calls and must be respected by insurance producers.

CAN-SPAM Act (Email Marketing)

When sending unsolicited commercial emails, insurance producers must comply with the CAN-SPAM Act.

Requirements include:

• Clearly identifying the message as an advertisement (or using “ADV” in the subject line)
• Including a valid physical mailing address
• Providing a clear and functioning opt-out mechanism
• Honoring opt-out requests promptly

These rules apply nationwide and are designed to protect consumers from deceptive or abusive marketing practices.

These federal laws and national regulatory standards apply in every state, including Colorado. Understanding them first provides a foundation for learning how Colorado’s insurance statutes and regulations build on these nationwide requirements.

Next, we’ll narrow our focus to Colorado insurance law, where these federal principles are enforced, expanded, and adapted to protect Colorado consumers specifically.