Rule 80-13-1-.06 - Insurance Coverage for Trust Companies(1) Every stand-alone trust company chartered by the Department shall obtain the following: (a) Fidelity insurance coverage, such as a fidelity bond, to provide protection and indemnity against theft, defalcation, or other similar actions by officers and employees of the trust company as well as agents and independent contractors of the trust company, related to fiduciary accounts, customer funds, and assets of the trust company.(b) Data breach insurance coverage to provide protection and indemnity against the release of nonpublic confidential information in the legal care, custody or control of the trust company to an untrusted or unauthorized environment or other similar action by the trust company as well as agents and independent contractors of the trust company.(c) Fiduciary liability insurance coverage or its equivalent to provide protection and indemnity against errors or omissions or breach of fiduciary duties by officers and employees of the trust company as well as agents and independent contractors of the trust company, related to fiduciary accounts and customer funds. Further, every trust company shall require agents and independent contractors of the trust company that have access to fiduciary accounts or customer funds to obtain fiduciary liability insurance coverage or its equivalent to provide protection and indemnity against errors or omissions or breach of fiduciary duties.(2) The required insurance coverage or its equivalent shall contain a provision that coverage will not be canceled, or not renewed, or allowed to lapse for any reason until at least sixty (60) days prior written notice has been given by the insurer to the Department or contain substantially similar protections approved in writing by the Department. A certificate of insurance or similar documentation showing such insurance coverage or its equivalent to be in force shall be provided to the Department prior to the trust company engaging in any fiduciary activities. The insurance coverage or its equivalent shall be obtained from an insurance company licensed to do business in Georgia that continuously maintains an A.M. Best Company rating of at least A: VII or an equivalent rating from an insurance rating agency approved in advance by the department in writing. Such insurance coverage or its equivalent shall continuously remain in full force and effect subject to Department approved revisions to the amount of coverage.(3) The amount of the initial insurance coverage or its equivalent obtained by the trust company, as well as any subsequent reductions to the amount, shall be approved by the Department in writing prior to the trust company obtaining the insurance coverage or taking action to reduce the amount of coverage. It shall be in the Commissioner's sole discretion to determine the amount of required insurance coverage or its equivalent.(4) In order for the Department to make the determination in Paragraph 3 of this Rule related to the appropriate amount of insurance coverage or its equivalent, a trust company, upon request by the Department, shall provide the Department with a written justification setting forth the trust company's rationale for the appropriate and necessary amount of insurance coverage. Such justification for the different required insurance coverage shall set forth in detail the following: (a) For fidelity coverage, the safeguards or protections which will be employed to ensure the continuing sound operation of the trust company, which shall include, but not be limited to, an evaluation of potential exposures under various stress scenarios that include intentional and unintentional failures in the trust company's control environment and the sufficiency of the proposed fidelity coverage to mitigate such exposures. In addition, the trust company's justification for the proposed proper amount of fidelity coverage or its equivalent shall evaluate the potential costs to the trust company as a result of a breach.(b) For data breach coverage, the safeguards or protections which will be employed to mitigate the risks of an intentional or unintentional release of the data in the trust company's possession or in the possession of agents and independent contractors of the trust company, which shall include, but not be limited to, an evaluation of potential exposures under various stress scenarios that include intentional and unintentional releases of data in the trust company's control environment and the sufficiency of the proposed data breach insurance coverage to mitigate such exposures. In addition, the trust company's justification for the proposed proper amount of data breach insurance coverage shall evaluate the potential costs to the trust company as a result of a breach, which shall include, but not be limited to, forensic costs, legal fees, first party and third-party liabilities, notification requirements, remediation costs, restoration costs, and business impact.(c) For fiduciary liability insurance coverage, the safeguards or protections which will be employed to mitigate the risks of intentional or unintentional errors or omissions or breach of fiduciary duties related to fiduciary accounts and customer funds by officers and employees of the trust company, which shall include, but not be limited to, an evaluation of potential exposures under various stress scenarios that include intentional and unintentional breaches of fiduciary duties and the sufficiency of the proposed fiduciary liability insurance coverage or its equivalent to mitigate such exposures. In addition, the trust company's justification for the proposed proper amount of fiduciary liability insurance coverage or its equivalent shall evaluate the potential costs to the trust company as a result of a breach.Ga. Comp. R. & Regs. R. 80-13-1-.06
O.C.G.A. § 7-1-61.
Original Rule entitled "Insurance Coverage for Trust Companies" adopted. F. June 29, 2017; eff. July 19, 2017.Amended: F. June 27, 2018; eff. July 17, 2018.