• May 3^rd 2013 GAO audit report identifying gaps in the SSA DMF and Verus Financial’s comments on same.
• May 8^th 2013 GAO testimony addressing the SSA death verification process, known DMF errors and protected record exclusions.
• Our overview of how the different SSA databases relate to one another (to add context to the above).
• Our own assessment as to the completeness and accuracy of the SSA DMF in relation to other known source of death records.
• Our opinion on the appropriate use of the DMF for GRA audits and ongoing insurer compliance, including recommendations on adjustments that can be made to provide some relief from the burdens placed on insurers while still meeting the well intentioned spirit of recent regulations.

Our comments are based on our assessment of hundreds of pages of topic-specific documents and our fuzzy death matching on tens of millions of policies across a wide range of insurers.

Situation Overview

The Government Accountability Office (GAO) issued an audit report on May 3^rd, 2013 titled: “Title XVI Deceased Recipients Who Do Not Have Death Information on the Numident”[1]. The key takeaway is that as many as 182,165 deceased recipients were not listed on the Social Security Administration’s 98 million record Death Master File (SSA DMF) and the report recommended that the SSA should take steps to increase the coverage.  The primary reason many of these deaths were not added to the DMF is because the recipients’ Personally Identifiable Information (PII) on the MBR, SSR, or death report did not match the recipients’ PII on the Numident.  The report attributed much of this to “minor differences in names and dates of birth on the SSR and Numident. Specifically, recipients had spelled their names differently or used married names on one of the records or the year of birth differed by more than 1 year while all other identifying information matched.” That sounds a lot like the SSA can benefit from the very same “Fuzzy” matching logic that is being used for the insurance industry.

On May 8^th, 2013 the GAO released Testimony before the Committee of Homeland Security and Governmental Affairs discussing Preliminary Observations on the Death Master File[2].  The SSA disclosed its verification procedures (or lack of), as well as examples of known errors and additional insight into differences between the full 98 million restricted DMF and the abridged 89 million extract available for license from the National Technical Information Service (NTIS), which excludes State protected records.

Today we are discussing what these reports can mean to the insurance industry.  We reference additional comments made by Verus Financial President Jeffrey Drubner in a May 10^th, 2013 follow-up article published in LifeHealthPRO titled “GAO critical of Death Master File” in which Drubner defended the accuracy and completeness of the DMF.[3]  We will also draw on our own extensive experience to provide what we believe is a balanced assessment of this issue.

Understanding the terms: Numident, MBR, SSR, SSA DMF, OASDI, NTIS, DACUS, OMG!!

As perspective, Numident is an acronym for “Numerical Identification System.”  It contains hundreds of millions of records representing all Social Security Numbers since they first were issued in 1936 along with the applicant’s name, place and date of birth, and other information.

A Master Beneficiary Record (MBR) contains information about someone who has applied to the SSA for Disability or Retirement benefits.  The MBR is used by the SSA to administer the Old Age, Survivors, and Disability Insurance (OASDI) program.  The Supplemental Security Records (SSR) is the main file used by the SSA to administer the Supplemental Security Income (SSI) program.[4]

To prevent erroneous payments to deceased recipients, the SSA’s Death Alert, Control and Update System (DACUS) is used to match reports of death received from Federal, State, and local agencies against the MBR and SSR.  The SSA records death information from DACUS onto the Numident and then takes an extract from the Numident to add to the DMF.[5]  A subset of that file, excluding state protected records, is made available to the public via NTIS.  You can review our prior blog for a discussion on recent legislation to restrict access to the DMF.[6]

In summary, the government maintains a large file of every person that has ever been issued an SSN.  They use other databases to track who has applied for or received benefits.  When someone dies, their information is added to yet another database.  If the SSA can accurately match the information from these transactional databases back to the original file of all SSNs, then the decedent information is updated and potentially available for inclusion onto the SSA Death Master File that insurers are familiar with.  Ironically, for the same exact reasons insurers cannot always match their own books and records to the DMF, neither can the SSA itself.

Steps being taken to improve the coverage on the SSA DMF – are they enough?

The SSA is taking some steps to improve data quality and matching including the ongoing efforts to migrate to the Electronic Death Registration System (EDRS), which as of March 2013 had 35 participating states.  In 2012 the SSA also launched two new claims processing initiatives (the Claims Enumeration Mini-Path and Autoclear project and the Internet Claim/CLIENT Release 5) to “ensure greater consistency between the name and Social Security number (SSN) information on the MBR, the SSR, and the Numident.” The SSA states that these initiatives will “significantly improve the integrity of, and consistency between, the death data on the MBR, SSR, and the Numident for current beneficiaries.”[7]

In other words, the SSA is aware of the problem and has been taking steps to address it.  While this can help close the gap on the omission of death records similar to those 182,165 (which would represent less than 2 tenths of 1% of the entire DMF) it does not fully address the larger issues which are:

1)      Insurers do not have access to the protected records.

2)      Per GAO testimony, the SSA does not verify all deaths and admits some are erroneous.

SSA DMF coverage and the impact of the November 2011 purge of protected records.

As noted in the May 8^th GAO testimony, the full version of the DMF currently contains approximately 98 million death records but the version available to the public, and by extension to insurers, contains approximately 89 million records.  However, approximately 4.2 million of those missing records were removed as part of the November 2011 purge of protected records.[8]  For those of us that retained those records, the gap is smaller.  Never the less, that same purge also noted that approximately 1 million fewer decedents will be added to the NTIS’ DMF annually which means the gap will continue to widen.

Existing SSA practices in verifying reported deaths, or not

In the interest of brevity, it is worth reviewing the GAO testimony as referenced in its entirety.   The key takeaway is that the SSA does not verify death records submitted from what it deems to be reliable sources, but it does verify those from less reliable sources.  According to SSA officials, the agency only verifies death reports for individuals currently receiving benefits because “it is essential to its mission to stop payments to deceased beneficiaries”.  A chart is shown below:

The SSA’s analysis of existing DMF records also identified potentially erroneous information including:

•  130 records where the date of death was recorded to occur before the date of birth
• 1,295 records where the recorded age at death was between 111 and 129
• 1,791 records where the recorded death preceded 1936, the year SSNs were first issued

The SSA believes some of these questionable records were added prior to the mid-1970s when manual keying errors were more likely.  Today, the SSA uses a variety of edit checks to minimize these conditions.   Our own studies show somewhat different statistics than these, but are not material for today’s purpose and are therefore being omitted from this discussion.

The impact of DMF errors on audit-level “GRA” reviews

In the May 10^th article on LifeHealthPRO, Verus Financial President Jeffrey Drubner stated that “The DMF is an extremely accurate and valuable tool that may be utilized by insurance companies and financial institutions to identify deceased individuals, and the GAO’s testimony is simply part of on-going efforts by the government to make the DMF even more reliable.”

We agree with these comments.

In this same article, Drubner noted several widely referenced statistics claiming DMF accuracy rates exceeding 99.5%.  While the SSA admits that no all-inclusive study has been conducted, it is our opinion (partly based on insurer feedback) that the stated accuracy rates are generally reasonable.  We also believe that when relied upon as part of an audit-level Global Resolution Agreement (GRA), the errors that do exist are further mitigated by the following conditions:

• Most errors in which living people are added to the DMF today are removed fairly quickly.  We will be conducting a study to demonstrate this but the best explanation is simply that when a living person is added to the DMF in error, their credit card issuer will suspend their accounts almost immediately.  This in turn will lead to the individual applying to have the erroneous death notice removed from the DMF.  For a policy to be reportable under audit, the insured would generally need to have been deceased for about 3 years, which is ample time for most false death reports to be corrected.
• Unlike organizations that rely on the DMF to immediately terminate credit or benefits, insurance companies not only have the aforementioned “3-year” delay (within an audit), but also have an opportunity and obligation to investigate the death report before initiating the claims or reporting process.  Still, it is important to acknowledge that the research window is small and insurers would bear additional research expenses in dealing with the occasional false positive.
• Not all errors are created equal.  It is true that the addition of a living person to the death master could cause a completely false positive, but many errors relate to more minor conditions such as isolated typos in SSNs, names, or dates of birth or death.  When using GRA level standards that generally require 4-point verification to be considered a valid match, such errors are less likely to result in false positives then they are to preclude the identification of a legitimate decedent.

Thus, from an audit level Global Resolution Agreement (GRA) perspective, Verus’ Mr, Drubner is in our opinion correct.  The exception being some cases in the AIG and MetLife GRAs in particular where lesser quality matches are accepted due to missing data points in the insurers’ historical books and records.

The impact of DMF errors on RSA and NCOIL state specific regulatory reviews

Once again, the reality is that the SSA DMF is overwhelmingly reliable and for all practical purposes the only source with enough critical mass and transparency to be considered the de facto standard for insurers.  However, now that the SSA has taken greater steps to provide visibility into some of the problems that exist, it creates an opportunity to start a dialogue about some subtle changes that the states can consider which will maintain the spirit of the new regulations while providing some important relief to insurers that are struggling to do their best with an imperfect DMF.  Specifically:

• While the aforementioned cases of living persons being added to the SSA DMF in error are generally reversed quickly, that is still not instantly.  Accordingly, regardless of how often states require DMF reviews we would suggest that an additional “rest” period be added such that the most recent death records can optionally and temporarily be excluded from said review.  For example, if conducting a mandated review on May 15^th, 2013 consider allowing the use of death records through no less than March 15^th, 2013.  That additional window for recent deaths would not only allow more of the erroneous records to work their way back off of the DMF, but it also recognizes the insurance industry’s position that a reasonable grace period will show greater sensitivity to the grieving process.  Even with such modest delay, the decedents will still be identified in a subsequent mandated review period though many will have already come forward on their own terms to complete the claims process through normal channels.
• Secondly, while more common typographical mistakes on the SSA DMF do not pose a great concern within a GRA-level audit due to the weighting of the 4-point match criteria, errors specific to SSNs can place a larger burden on insurers who are attempting to comply with Regulatory Settlement Agreements (RSA) or any of the state-specific “NCOIL” regulations.  This is because these requirements shift the burden to insurers on nothing more than an SSN-only match.  This can also be partially solved with a “rest” period however another option is to allow insurers to incorporate some additional criteria across Date Of Birth (DOB) and name to further qualify an SSN-only match for research.  Clearly, all parties would have to work closely together to craft a modified approach that truly meets the needs of the states, insurers and above all, the owners without creating any unintentional conditions that may compromise the core objectives.

Appropriate use of supplemental sources of deceased data

In our opinion, the reality is that despite its gaps and occasional errors the SSA DMF remains the premier and only viable source of death data that should be relied upon for the purposes intended for the insurance industry.  Having conducted many reviews, we at Cross Country Computer (CCC) recommend the following best practice approach:

Begin by licensing the SSA Death Master File and contract for weekly updates of adds, changes and deletes.  As these records are held to a higher standard and defined specifically in the assorted GRA/RSA and state regulations they should be treated separately to allow segregation of matches to ancillary sources.  Retain the 4.2MM records and associated data elements that the SSA removed as part of the protected records purge in November 2011.  In addition to the SSA DMF, Cross Country also has developed a proprietary database of military decedents that is not included on the DMF, as well as a variety of supplemental deceased sources some of which include both name and address.  These supplemental files may be compiled from a combination of state and local, credit bureau, postal and marketing sources.  They often have less transparency in data collection methods, questionable or non-existent verification processes, and lower reliability than the SSA DMF.  As such, they should primarily be used as confidence boosters or reducers.  In other words, if there is a marginal match to the SSA DMF that also matches to a supplemental file, then in most cases there is a greater likelihood that the insured is deceased – There are some exceptions, but we can’t share all of our secrets!  In the absence of an SSA DMF match, some clients use pure supplemental-only deceased matches as a means of narrowing a universe for additional research.  These supplemental sources would become more important in the unlikely event that legislation is ever passed limiting an insurer’s ability to have timely access to the SSA DMF.  Aside from this though, our strong recommendation is to avoid intermixing supplemental sources with the DMF results as doing so risks compromising the integrity and reliability of the overall process.

Concluding Thoughts

Despite the whirlwind of recent controversy surrounding the completeness, accuracy and accessibility of the Social Security Administration’s Death Master File (SSA DMF), we strongly believe that it remains the best and most reliable source of death records available to insurers today and in the foreseeable future.  The SSA’s ongoing effort to further improve its accuracy reinforces our opinion.

We believe that the SSA DMF is the appropriate source for GRA level audit reviews, and would be concerned with allowing the formal use of other sources as doing so will only create a greater number of false positive matches, cause insurers additional burden in their review, and due to the arguably short window available for research, could lead to property being reported in error.

We are an advocate for ensuring the DMFs continued availability to entities who can demonstrate a reasonable use need, including insurers. Because we have not found other available sources of death data to approach the scale and reliability of the SSA DMF, we believe that the optional use of such alternate sources is helpful but should be segregated to ensure the integrity of the SSA DMF results.

We feel that there is an opportunity to make modest adjustments to the Regulatory Settlement Agreements (RSA) and state-specific “NCOIL” regulations in order to maintain the spirit of their intent, while also helping insurer’s reduce the number of erroneous matches that have to be reviewed before the SSA has had an opportunity to correct at least some of them.

We believe that the increased discussion and transparency regarding all of these matters will help lead to greater clarity and consensus among all parties going forward, and will ensure the best outcome for those with a rightful claim to the assets in question.

For more information or a printable version, contact Thomas Berger at (631) 220-6947 or via email to TBerger@crosscountrycomputer.com

Requirements for using the Social Security Administration’s Death Master File (SSA DMF) to review insurer books and records in order to identify deceased insureds and better manage the claims and reporting process have been a hot topic recently.  Now, there may be new challenges based on a report issued earlier this month detailing the US Department of the Treasury’s fiscal 2014 revenue proposals, along with Senate Bill 676 which both seek to place additional restrictions on access to the DMF.

The Treasury Department classifies DMF users into three categories 1) Those with time sensitive needs required for Fraud Prevention, such as pension administrators who use DMF data to terminate payments; 2) Those with non-time-sensitive needs, such as genealogy research; and 3) Those who use the DMF for illegitimate purposes, including identity thieves who steal the names and SSNs of recent decedents for tax fraud.

Specifically, their proposal would restrict immediate access to the DMF only to those users who legitimately need the information for fraud prevention purposes and to delay the release of the DMF for three years to all other users.  One could argue that this would include allowing insurers to utilize the SSA DMF to terminate annuity payments that are being fraudulently cashed on behalf of those who have since passed away.  At that same time, one could make the case that using the SSA DMF to identify insured decedents for the purpose of determining if a benefit is due would NOT fall into the definition of ‘fraud prevention’ and would therefore be subject to the proposed waiting period.

Regardless, in our opinion, it would be fair to assume that given the recent state statutes, along with the audit activity, market conduct exams, and Regulatory Settlement Agreements that the insurance industry will be deemed to have a legitimate-use reason to be permitted timely access to the SSA DMF.  In line with this, on April 9^th, 2013, Senator Bill Nelson (D-FL) introduced Senate Bill 676 titled ‘Identity Theft and Tax Fraud Prevention Act of 2013’.  This bill discusses the potential delay of access to DMF death records for up to three years unless the non-governmental person or entity has successfully completed a Certification Program.  Senator Nelson’s bill includes language paving the way for broader certification of insurers by saying that “such access will facilitate timely and proper administration by such person of an insurance policy or benefit program”.  The bill also calls for the introduction of new fees to offset the costs to administer the certification program.  While the extent of these fees have not yet been determined, it seems inevitable that it will result in yet another layer of expense that insurers must bear as part of the mandated compliance process.

As part of research need to quantity the impact of what this could mean if the industry was subject to a 3-year waiting period, Cross Country Computer examined all DMF transactions that were posted by the SSA DMF from January 1^st through April 12^th of 2013.  98% of those records showed a date of death within one year of the date of inclusion on the weekly update file.   Further, ~85% of death transactions become available within just 30 days of the stated date of death.  Only a fraction of a percent apply to individuals that either have no reported date of death, or a date of death greater than one year ago.  The detailed statistics are presented below:

These figures clearly demonstrate that limiting an insurer’s timely access to the SSA DMF would have a material and negative impact on their ability to either identify fraudulent annuitant recipients, or to begin the research and claims process for insured individuals that have recently passed away.

We expect to include other details regarding the quality and timeliness of updates to the SSA DMF in a future blog.

For those who are interested, please see below for specific excerpts from the Treasury proposal and Senate Bill 676.  For more details or to receive a copy of either of these documents, please contact Tom Berger (TBerger@CrossCountryComputer.com).

LEARN MORE ABOUT HOW CROSS COUNTRY COMPUTER CAN HELP

 APPENDIX

Department of the Treasury Proposal

 “RESTRICT ACCESS TO THE DEATH MASTER FILE (DMF)…

Current Law

The DMF is a list of deceased individuals maintained by the Social Security Administration (SSA) that is updated weekly. SSA created the DMF in response to a 1980 consent judgment that requires SSA to provide certain personally identifiable information about deceased individuals under the Freedom of Information Act. The DMF contains the full name, Social Security number (SSN), date of birth, date of death, and the county, state, and zip code of the last address on record for decedents. This information is publicly available and, pursuant to the consent judgment, released weekly by SSA, and many websites publish the information included on the DMF free or for a nominal fee. Some DMF users need immediate access to the DMF for fraud prevention purposes, such as pension administrators who use DMF data to terminate payments. Others use the information for purposes that are not time-sensitive, such as genealogy research. A third group, however, uses the DMF for illegitimate purposes, including identity thieves who use the DMF to steal the names and SSNs of recent decedents, which information identity thieves then use to file fraudulent tax returns.

Reasons for Change

Refund-fraud related identity theft has grown exponentially in recent years. Fraudulent tax returns using a decedent’s identifying information are difficult to detect before improper refunds are paid, because the Internal Revenue Service may not discover that identity theft has occurred until a surviving family member files an income tax return claiming the decedent as a dependent or files the decedent’s final income tax return.

Restricting immediate access to those users with a legitimate fraud prevention purpose while delaying the release for other users protects the privacy interests of decedents, reduces opportunities for identity theft, and restricts information sources used to file fraudulent tax returns while still making the information on the DMF available to users who have a legitimate need for the information.

Proposal

The proposal would restrict immediate access to the DMF to those users who legitimately need the information for fraud prevention purposes and to delay the release of the DMF for three years to all other users.

The proposal would be effective upon enactment.”

Senate Bill 676

“(2) CERTIFICATION.—A person shall not be certified nor remain certified under the program established under paragraph (1) unless—

(A) the Secretary of Commerce determines that access to the information described in subsection (b) is appropriate because—

(i) such person has a legitimate interest in preventing fraud or unauthorized financial transactions,

(ii) such access will facilitate compliance by such person with an applicable law, regulation, court order, or fiduciary duty,

(iii) such access will facilitate timely and proper administration by such person of an insurance policy or benefit program, or

(iv) such person is subject to disclosure requirements under section 502 of the Gramm-Leach-Bliley Act (15 U.S.C.6802), section 620 of the Fair Credit Reporting Act (15 U.S.C. 1681r), or any other Federal statute that the Secretary determines, following notice and comment rulemaking, provides sufficient protection against improper disclosure of information described in subsection (b), and

(B) the Secretary of Commerce verifies that such person has facilities and procedures in place to safeguard such information, and experience in maintaining the confidentiality, security, and appropriate use of such information.

(3) FEES. – The Secretary of Commerce shall establish under section 9701 of title 31, United States Code, for the charge of fees sufficient to cover all costs associated with evaluating applications for certification and auditing, inspecting, and monitoring certified persons under the program.”

LEARN MORE ABOUT HOW CROSS COUNTRY COMPUTER CAN HELP

On April 1st, the court granted Kentucky’s cross-motion for summary judgment.  The Kentucky Order is available for download.  Enforcement has been stayed for 10 days through close of business on April 11^th, 2013 pending any post-judgment motions or requests for interlocutory relief. This is a particularly important case because some insurance companies and states have been waiting for this decision in order to decide how to proceed with either conducting searches, or in the case of the states, requiring or enforcing the failure to do so.

Interesting call outs:

1. The “Statute Does Not Violate the Rule Against Retroactive Application”
2. The “Statute Does Not Impair Any Vested Contractual Right” 
3. “Even if the statute impairs a contractual right, it is justified by a significant and legitimate public purpose”

Sending a strong message, the court also stated: “Many Kentucky citizens pay for insurance to help them plan for end of life costs.  For insurance companies to attempt to keep the money, through willful ignorance of the death of the insured, amounts to unjust enrichment, at the expense of some of the least privileged citizens in this state.” 

The court also found that the statute “does not require insurance companies to complete the claims process” and that the statute is “narrowly tailored to give notice to potential beneficiaries, but leaves intact the contractual burden of proving the death.”  The court went on to state that “The requirement to consult the Death Master File and give notice to beneficiaries does not shift any burden under these policies because no burden of notice was ever assigned to these contracts.”

Of particular note is the Plaintiff’s statement that they “would spend probably about 20 hours per match to meet the requirements of the statute.”  This is a common sentiment.  That is why it is necessary to incorporate targeted death matching algorithms in an automated program that exceed the GRA/RSA settlement requirements.  Cross Country Computer built our APEARS^® product to exceed requirements and differentiate between strong and weak or false-positive determinations.

For those insurers that have adopted a mindset that escheating is easier than locating beneficiaries, this suit should be viewed as a wake-up call.  It could also have implications regarding the standards that insurers need to apply when matching their records to the Social Security Administration Death Master File (SSA DMF).  Ten states, thus far, have proposed or passed legislation requiring insurers to perform death matching and many others are expected to follow suit. 

While states may lack clarity as to what level of matching is sufficient, the increased threat of class action lawsuits on behalf of beneficiaries puts pressure on insurers to apply a suitably high standard in order to demonstrate that a best practice approach has been implemented to mitigate risk.  In other words, it is becoming more apparent that taking the approach of trying to meet a minimum standard that will satisfy the states may NOT be enough because beneficiaries can reasonably claim that they were not required to provide (or certify) a SSN and that typographical or insurer record keeping issues should not absolve an insurance company of their alleged responsibility to manage the research, notification and claims process. 

The extent to which an insurer may dispute historical obligations on these matters is open to debate.  However, with the recent legislative activity, it is clear that insurance companies will be held to a higher set of standards going forward.  This includes improved data collection practices on the front-end and going beyond basic Social Security Number (SSN) matching on the back end to include fuzzy logic that accounts for typographical errors, nicknames, missing elements, erroneous dates and more. 

In the end, a greater number of decedents will be identified allowing claims to be paid more quickly and accurately.  Because today’s beneficiaries can be tomorrow’s customers, these process improvements can ultimately work to the advantage of all parties.

• They demonstrate an intent to comply by using well-defined and documented business rules.
• They apply a consistently high standard for all states (as compared to varied rules for each) which is both easier to manage as well as erring on the side of caution.
• They proactively identify and resolve policies reducing exposure in a “Business As Usual (BAU)” environment using the more sophisticated processes typically required during an audit.

Cross Country Computer continues to monitor the landscape and alert the industry of the latest activity. 
Check back for more…

“The cross-checks shall be performed using the social security number, the name, and date of birth of the insured or account holder… Every insurer shall implement reasonable procedures to account for common variations in data that would otherwise preclude an exact match with a death index, even when the insurer has incomplete records.”

Please contact me at TBerger@CrossCountryComputer.com to discuss how CCC is already helping the insurance industry meet these requirements today.

New York Governor Signs SB 6943 & AB 9845 Into Law; Mandates DMF Searches & Beneficiary Location Measures

Please be advised that on December 17, 2012, New York Governor Cuomo signed identical bills SB 6943 and AB 9845 into law. These bills address unclaimed life insurance and amend New York’s Insurance Law by requiring the following:

1. Every insurer shall use the Social Security Administration Death Master File (DMF) to cross-check every policy and account subject to this section on, at minimum, a quarterly basis. An insurer may perform the cross-check using the updates made to the DMF since the date of the last cross-check performed by the insurer, provided that the insurer performs the cross-check using the entire DMF at least once a year. The cross-checks shall be performed using the social security number, the name, and date of birth of the insured or account holder.
2. Every insurer shall implement reasonable procedures to account for common variations in data that would otherwise preclude an exact match with a death index, even when the insurer has incomplete records.
3. Upon receiving notification of the death of an insured or in the event of a match made by a DMF cross-check, an insurer shall search to determine whether the insurer has any other policies or accounts for the insured or account holder.
4. Insurers must also notify any of their affiliates that may maintain records relating to policies, and require them to perform a similar search.
5. Every insurer shall establish procedures to reasonably confirm the death of an insured or account holder and begin to locate beneficiaries within ninety days after the identification of a potential match. If the insurer cannot locate beneficiaries within ninety days after the identification of a potential match, the insurer shall continue to search for beneficiaries until the benefits escheat to the state.
6. Once the beneficiaries under the policy or account have been located, the insurer must provide to them the information necessary to make a claim pursuant to the terms of the life insurance policy or account. An insurer may require satisfactory proof of loss, such as a death certificate, as a condition for conclusively determining the death of the policyholder or account holder.
7. The superintendent shall develop and implement a lost policy finder to assist requestors in locating unclaimed life insurance benefits. The lost policy finder shall be available online and via other means, including but not limited to the department’s toll free telephone number. The superintendent shall assist a requestor in using the lost policy finder, including informing the requestor of what information an insurer may need to facilitate responding to the request.  The new law includes specific rules and timeframes surrounding requests and responses to the lost policy finder.
8. Every insurer shall establish procedures to electronically receive the lost policy finder application request form and make reports to the superintendent.
9. An insurer must then report any information on unclaimed benefits due, the number of policies and accounts that the insurer has identified for the prior calendar year under which any outstanding monies have not been paid or distributed by December 31 of such year.
10. At no later than policy delivery or the establishment of an account and upon any change of insured, owner, or beneficiary, every insurer shall request information sufficient to ensure that all benefits or other monies are distributed to the appropriate persons  upon the death of the insured or account holder, including, at a minimum, the name, address, social security number, date of birth, and telephone  number  of every owner, insured and beneficiary of such policy or account, as applicable.
11. Where an insurer issues a policy or provides for an account based on data received directly from an insured’s employer, the insurer may obtain the beneficiary information described in paragraph one of this subsection after receiving the data from the insured’s employer.
12. This law will shall take effect 180 Days after December 17, 2012.

The passage of this bill comes on the heels of emergency regulations addressing unclaimed life insurance adopted by Governor Cuomo earlier this year. The regulations which similarly called for quarterly cross checks of the Death Master File were only temporary, with a current expiration date of 2/6/13.  In contrast, the law passed by SB 6943 and AB 9845, is the law of New York as of the effective date of the bills.

New York’s new law follows a long line of states passing Unclaimed Life Insurance Benefits laws.  New York, however, is the first to mandate that the State create and maintain an online Lost Policy Finder and that the life insurance companies support the State in its efforts.

The link above will take you to an interesting article that may impact insurer’s evaluation of the reliability of ‘deceased databases’ beyond the Social Security Administration Death Master File (SSA DMF).   At times, we have been surprised to hear an insurer claim that they are ‘in compliance’ or ‘not concerned’ about death matching mandates because they are already performing deceased processing on some subset of their policy base using a source other than the SSA DMF.  Cross Country Computer has worked with many clients to explore how these ancillary deceased sources may be leveraged to help insurers comply with the NCOIL Model Unclaimed Property Act and state specific regulations such as NY’s Reg-200.  Based on extensive testing across many policy bases we have determined that these secondary data sources cannot be reasonably relied on as a primary source for death matching due to their higher error factor, gaps in coverage, and lack of transparency with regard to their sourcing and compilation methods.  As such, we have long been an advocate of using these databases as a supplemental source intended to help increase or decrease the relative confidence of marginal matches to the SSA DMF itself.  In doing so, it is critical that insurers (or providers such as CCC) segregate these lesser files from the core SSA DMF, as intermingling of data collected from multiple sources will decrease the overall reliability of your death matching results and make it more challenging to manage the research and outreach process.  We expect that this directive from the FTC will shed more light into how these sources are compiled, which in turn will help reveal some of their shortcomings.  Positively, the increased transparency could lead to improved practices and better reliability over time, however these benefits may be offset should these privacy mandates lead to certain data sources be eliminated.  We will continue to monitor this situation and keep you posted.

This rule requires no less frequent than quarterly matching to the SSA DMF using fuzzy logic, specifically stating that “Every insurer shall implement reasonable procedures to account for common variations in data that would otherwise preclude an exact match with the death index, including (i) nicknames, initials used in lieu of a first or middle name, use of a middle name, compound first and middle names, and interchanged first and middle names; (ii) compound last names, and blank spaces or apostrophes in last name; (iii) incomplete date of birth data, and transposition of the “month” and “date” portions of the date of birth; (iv) incomplete social security number; and (v) common data entry errors in name, date of birth and social security data.  The requirements set an extremely high bar for insurers and the grace period for compliance has come and gone.

The following challenges associated with these regulations can be used to guide your decision making process on the best way to move forward for your company:

Weekly DMF Updates & Full File Reviews Require Strong Data Management Resources

Section 226.4.b.1 calls for insurers to use the latest version of the Social SSA DMF to match every policy.  Since the NTIS releases weekly updates, this provision will not be practical for many insurers who wish to process internally as it requires significant resources to download transactions and update ~100 million records followed by a comprehensive books and records review – all within a short window.   Because older policy data seldom changes and considering the lengthy beneficiary outreach process and traditional dormancy timelines, some view this requirement as excessive and argue that less frequent updates and reviews should be sufficient.  As it stands, this regulation means that many insurers choose to rely on 3^rd party data management experts who are accustomed to handling this volume of data efficiently. 

Vague Fuzzy Matching Logic Leaves Room for Costly Misinterpretation  

Section 226.4.f.1 outlines generic fuzzy matching guidelines which leave room for misinterpretation.  It seems clear that the Regulatory Settlement Agreements (RSA) were modeled on the more detailed Global Resolution Agreements (GRA), as they use similar language and examples.  The NCOIL Model Unclaimed Property Act and state-specific legislation were modeled from the broader RSAs, but lack similar details on matching logic and tolerances.  The good intention behind the lack of specifics may be to provide insurers with greater latitude on approach; however, this has its risks.  While the goal of these regulations is to determine which individuals are deceased, the lack of clear direction can lead to inadvertently failing to identify many legitimate decedents.  Conversely, the “SSN-only” matching rules can result in a significant proportion of false positives, over 10% in many cases.  The net result can be a big investment in post process research to verify each determination in order to eliminate costly false positive matches.  High error rates raise concern that insurers may not be applying rules correctly.  This ambiguity can leave an insurance company unable to define their true level of exposure.  One recommendation is to apply the standards that have been modeled on formal settlement agreements already approved by the states.  Meeting these standards can reduce the cost of compliance as one consistent approach can satisfy a wide range of state-specific requirements.

Proven Tactics Cannot be Employed if Not Applied to Both Annuities as well as Life Policies

Section 226.4.c states that if an insurer uses an alternate deceased source to terminate benefits, it must do the same for the life insurance policies as well.  Insurers can often establish a positive ROI even when adding the expense of external data sources and additional research to detect fraud.  However, if these same insurers now need to screen using costly research options on large volumes of life insurance policies, any positive ROI will quickly diminish.  As a result, many may opt to reduce the intensity of their fraud detection efforts on their annuity and long term care business lines to reduce the hard costs that they would incur on the life side.  The result will be that no one wins but the criminals.  Similarly, section 226.4.d applies to frequency of processing whereby if an insurer conducts death matching more frequently to terminate benefits, then they also have to do it more frequently on life insurance policies.  This can be an even larger concern for some insurers.

Linking Decedents across Business Lines Requires Niche Expertise

Insurance providers are obligated to link confirmed death matches to all other policies and insurers in its holding company.  This presents a major challenge for many insurance companies who are seeking to perform these services in-house.  Householding techniques are best performed by data management experts who are accustom to dealing with disparate data sources across business lines with varying field formats and other anomalies which add complexity to what seems like a basic task.  This is especially important in those scenarios where a reliable social security number is missing and other elements must be relied upon for creating a matching mechanism.

Section 226.4.2 allowed insurers a 150 day grace period to comply with this new emergency rule… and the time is up.  New York has made its intentions clear and those insurers that have not yet implemented a formal solution are currently at risk.  If you lack the internal resources to accomplish these objectives, it is time to research 3^rd party alternatives that you can trust.

1. Subject Matter Expertise: SSA DMF regulations are both in flux and ambiguous.  Within less than one year, there have been dozens of audits, a confusing letter from Minnesota, legislation from New York, Kentucky, Alabama and Maryland, a model act from NCOIL and boatloads of opinions and interpretations from experts on both sides of the fence.  Are you committed to hiring or retaining dedicated resources to help navigate these issues in-house or does it make more sense to augment your knowledgebase by leveraging subject matter expertise from an outsourced provider?  How many in-house guru’s do you need and with what skills?  With the right external partner, expertise and guidance are usually a natural extension of core services. 
2. Technological Resources: Technology is less of a barrier than it was in prior years.  Today, it is relatively inexpensive to acquire the computer resources to maintain the SSA DMF despite the fact that it is approaching 100 million records.  Having said this, the larger burden will become the resources required to rapidly update the DMF each week as well as program and apply the extremely complex and CPU-intensive fuzzy matching algorithms.  Additionally, because of the likely poor condition of your books and records data that often exists in multiple disparate systems, a significant effort is required to parse and reformat each file for optimal matching.  In weighing all of these factors, it is important to acknowledge your existing corporate culture as it relates to prioritization of IT resources.  The tech team must be nimble, with a commitment to on-going fast turnarounds.  In addition, they must be able to apply customizations in a high quality and often real time manner in order to handle unforeseen data issues and evolving regulations.  If you have a reliable, efficient technology department with available bandwidth, it may make sense to pursue an in-house solution.  If not, a reliable outsourced partner will make life a lot easier.
3. Ongoing Compliance:  As regulations continue to evolve, it is important to stay current with the latest mandates and adjust processing to ensure on-going compliance.  The legal or compliance department can stay abreast of new requirements through organizations such as the ACLI or a variety of other avenues.   The importance of staying current is greater for those who are performing matches internally because the buck stops with you.  With the right outsourced partner, an insurer can rest easier knowing that they have another set of eyes on new and pending requirements as well as a plan to make any necessary R&D investments to ensure their systems will continue to remain in compliance.  Finding the right outsourced partner is key to having that confidence.
4. Budget:  Cost is always a major factor in any business decision.  For this type of processing, the SSA DMF file must be licensed directly and that expense does not include the costs associated with developing and testing the algorithms, performing file updates, doing the periodic matching, ensuring compliance and generating all of the associated input/output files and reports.  Unless you have idle resources it is not unreasonable to forecast a 6-figure budget to manage the entire process internally, sometimes considerably more.  For a mid-size insurer it is possible to outsource this entire process at a cost savings.  For a smaller insurer with simple requirements, it is even possible to satisfy the DMF matching obligations for less than just the cost of licensing the SSA DMF by itself, without even factoring in all of the other soft costs.  While the expense may be greater for a larger insurer, it is important to maintain perspective by looking at it as a percentage of a broader budget.  Importantly, it is also possible to meet a variety of price points – both internally and externally – by making subtle adjustments to the project scope while still exceeding the requirements defined in the various regulations.  Your prospective partner can guide you through these options.
5. Accountability:  It is no secret that the audit activity is on the rise.  Individual states have also begun to outline their requirements and compliance deadlines.  There is a significant advantage to selecting a business partner that has substantial experience performing SSA DMF matching at a level that not just meets, but exceeds all of the standards established in the various Global Resolution Agreements (GRA) and Regulatory Settlement Agreements (RSA), as well those defined in the state-specific regulations.  Using a system that has provided results that have been accepted by the States and that will provide you with strong documented evidence of your compliance has definite benefits and provides 3^rd party verification. 

These factors are meant to assist you in starting an internal dialogue knowing that there are certainly other factors that will impact your final decision.  Knowing who will be performing the processing is a critical step that has to be determined early on so that resources are in place when you need them.

1. Assign an Internal Champion and Get Informed: Each company needs a dedicated project manager who “owns” compliance with death matching regulations.  Someone on your compliance team will most likely be the ideal candidate for the job.  Empower this advocate to reach across different groups and business lines within your company so that they can leverage the appropriate resources as needed.  They will need access to a team with representation from each Line of Business (LOB) including operations, claims, technology, legal and eventually procurement.  Once the team is in place, it is time to start the research process.  Obtain copies of all recent legislation including those from New York, Alabama, Maryland and Kentucky.  You should also monitor blogs, conduct internet searches and closely follow announcements from NCOIL and other industry groups.  Carefully review all of the publically available Global Resolution Agreements (GRA) and Regulatory Settlement Agreements (RSA) as requirements in the NY Reg-200 were directly drawn from these documents.  This information will provide a terrific road-map as to the logic needed for compliance.
2. Develop a Project Plan:  Each project plan should include the identification of key stakeholders,  information gathering on each LOB, the evaluation as to whether to outsource processing, as well as instituting a plan for ongoing compliance as rules continue to change.  Include your deadline for when you must have a solution in place while allowing a buffer for the inevitable delays that may occur throughout the process.
3.  Interview Key Stakeholders and Consult Legal Counsel!  Since there is a great deal of ambiguity in the different requirements, it is important to get legal counsel involved with this effort from the start.  Begin with a thorough interpretation of each regulation.  Speak to decision makers overseeing each LOB and find out what they have done in the past and what they are doing today.  How do they handle the claims process?  Do they proactively conduct research to see if existing annuitants or insureds are deceased?  Are any of your groups already licensing the SSA DMF?  If so, how is it being used? Take nothing for granted.  Don’t assume that because someone is using a given vendor or a particular tool that it means they are in compliance.  Most likely they are not.  Review the findings from these internal meetings with counsel to determine where regulations are being met and where they are not.
4.  Know Thy Data.  The age of insurance policies and the disparate source systems they have been maintained in over the years often leaves books and records data in poor condition.  This is further complicated by decades of acquisitions and software migrations.  Most solutions designed to match your data to the Social Security Administration Death Master File (SSA DMF) assume a clean, complete and well formatted input file.  The reality is that this is not usually the case and therefore these traditional approaches are destined to fail.  Know Thy Data!  How many records do you have?  What percentage of each field is missing data?  How many policies are missing Social Security Numbers (SSNs) or have calculated Dates of Birth?  Are there mixed format issues with name and date fields, etc.?  An in-house assessment is required to answer these questions and prepare for the processing phase.
5. Get Outside Input:  Even if the ultimate goal is to perform the processing in-house, it is prudent to develop a formal RFP as a precursor which will help organize your approach and ensure that you are thinking about all of the crucial decision points.  This will help ensure that your ultimate provider – internal or external – fully understands and is committed to meeting all requirements.  If you are not sure which regulation you need to comply with, specify one of the recent RSAs as a baseline for required fuzzy matching and then request that respondents clearly delineate how they will address this logic.  Ask if the solution has been fully tested and ask for verification.  Will the processor have the flexibility to evolve as new legislation is introduced?  What is their prior experience and do they understand the insurance vertical?  What, if any, volume or frequency of processing constraints exists? Legal should review and sign-off on any RFP prior to issuance.  Evaluate and rank the proposals received and include interviews and demos, where applicable, with finalists.  Many insurance providers are also requesting an initial test pilot to assist with the decision making process.  This is an excellent way to experience a vendor and evaluate their processing but adds to your timeline, ultimately delaying your delivery date for the first live production run. 

The best thing you can do is to start today.  The States are becoming more aggressive and each step taken will get you closer to where you need to be.