81R14629 NC-F
By: Geren, et al. H.B. No. 1706
Substitute the following for H.B. No. 1706:
By: Jones C.S.H.B. No. 1706
A BILL TO BE ENTITLED
AN ACT
relating to the licensing and regulation of identity recovery
service contract providers and the inclusion of identity recovery
service agreements in certain service contracts and vehicle
protection products; providing penalties.
BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF TEXAS:
SECTION 1. Section 348.001, Finance Code, is amended by
adding Subdivision (8-a) to read as follows:
(8-a) "Service contract" includes an identity
recovery service contract as defined by Section 1306.003,
Occupations Code.
SECTION 2. Section 1304.003(b), Occupations Code, is
amended to read as follows:
(b) A service contract may also provide for:
(1) incidental payment or indemnity under limited
circumstances, including towing, rental, and emergency road
service; [or]
(2) the repair or replacement of a product for damage
resulting from a power surge or for accidental damage incurred in
handling the product; or
(3) identity recovery, as defined by Section 1306.002,
if the service contract is financed under Chapter 348, Finance
Code.
SECTION 3. Title 8, Occupations Code, is amended by adding
Chapter 1306 to read as follows:
CHAPTER 1306. IDENTITY RECOVERY SERVICE CONTRACT PROVIDERS AND
ADMINISTRATORS
SUBCHAPTER A. GENERAL PROVISIONS
Sec. 1306.001. SHORT TITLE. This chapter may be cited as
the Identity Recovery Service Contract Regulatory Act.
Sec. 1306.002. DEFINITIONS. In this chapter:
(1) "Administrator" means a person, other than the
provider of the identity recovery service contract or an employee
of the provider, who is responsible for the third-party
administration of an identity recovery service contract.
(2) "Commission" means the Texas Commission of
Licensing and Regulation.
(3) "Consumer" means an individual who purchases an
identity recovery service contract.
(4) "Department" means the Texas Department of
Licensing and Regulation.
(5) "Executive director" means the executive director
of the department.
(6) "Identity recovery" means a process, through a
limited power of attorney and the assistance of an identity
recovery expert, that returns the identity of an identity theft
victim to pre-identity theft event status.
(7) "Identity recovery service contract holder" means
a person who purchases or otherwise holds an identity recovery
service contract.
(8) "Person" means an individual or an association,
company, corporation, partnership, or other group.
(9) "Provider" means a person who is contractually
obligated to an identity recovery service contract holder under the
terms of an identity recovery service contract.
(10) "Reimbursement insurance policy" means a policy
of insurance issued to a provider to:
(A) reimburse the provider under an identity
recovery service contract the provider issued or sold; or
(B) pay on behalf of the provider all covered
contractual obligations that are incurred by the provider under an
identity recovery service contract the provider issued or sold and
that the provider does not perform.
Sec. 1306.003. IDENTITY RECOVERY SERVICE CONTRACT. In this
chapter, "identity recovery service contract" means an agreement:
(1) to provide identity recovery;
(2) that is entered into for a separately stated
consideration and for a specified term; and
(3) that is financed through a retail installment
contract under Chapter 348, Finance Code.
Sec. 1306.004. CONTROLLING PERSON. (a) In this chapter,
"controlling person" means an individual who:
(1) possesses direct or indirect control of at least
25 percent of the voting securities of a corporation;
(2) possesses the authority to set policy and direct
the management of a business entity;
(3) is the president, the secretary, or a director of a
corporation; or
(4) is a general partner of a partnership.
(b) An individual who is a controlling person of a
corporation or other business entity that is the general partner of
a limited partnership is a controlling person of the limited
partnership.
Sec. 1306.005. EXEMPTIONS. This chapter does not apply to:
(1) an identity recovery service contract sold or
offered for sale to a person who is not a consumer; or
(2) an identity recovery service contract sold by a
motor vehicle dealer on a motor vehicle sold by that dealer, if the
dealer:
(A) is the provider;
(B) is licensed as a motor vehicle dealer under
Chapter 2301; and
(C) covers its obligations under the identity
recovery service contract with a reimbursement insurance policy.
Sec. 1306.006. EXEMPTIONS FROM CERTAIN OTHER LAWS.
Marketing, selling, offering for sale, issuing, making, proposing
to make, and administering an identity recovery service contract
are exempt from the Insurance Code and other laws of this state
regulating the business of insurance.
Sec. 1306.007. PURCHASE REQUIREMENT PROHIBITED. A person
regulated by Chapter 2301 may not require the purchase of an
identity recovery service contract as a condition of a loan or the
sale of a vehicle.
Sec. 1306.008. GENERAL INVESTIGATIVE POWER OF EXECUTIVE
DIRECTOR. (a) The executive director may investigate a provider,
administrator, or other person as necessary to enforce this chapter
and protect identity recovery service contract holders in this
state.
(b) On request of the executive director, a provider shall
make the records required by Section 1306.105 available to the
executive director as necessary to enable the executive director to
reasonably determine compliance with this chapter.
[Sections 1306.009-1306.050 reserved for expansion]
SUBCHAPTER B. REGISTRATION REQUIREMENTS
Sec. 1306.051. REGISTRATION REQUIRED; EXEMPTION FROM OTHER
LICENSING REQUIREMENTS. (a) A person may not operate as a provider
or administrator of identity recovery service contracts sold in
this state unless the person is registered with the department.
(b) Except for the registration requirement of this
subchapter, a provider, identity recovery service contract seller,
administrator, or other person who markets, sells, or offers to
sell identity recovery service contracts is exempt from any
licensing requirement of this state that relates to an activity
regulated under this chapter.
(c) If a person registered under Chapter 1304 registers
under Chapter 1306, the financial security used to comply with
Section 1304.151 fulfills the requirements of Section 1306.101.
Sec. 1306.052. APPLICATION FOR REGISTRATION OR RENEWAL;
GENERAL REQUIREMENTS. (a) An applicant for registration or
registration renewal must submit an application to the executive
director.
(b) The application must:
(1) be in the form prescribed by the executive
director; and
(2) include evidence satisfactory to the executive
director of compliance with the applicable financial security
requirements prescribed by Section 1306.101, if the application is
for a provider registration or renewal.
(c) The department may refuse to issue or renew a
registration if the applicant or a controlling person of the
applicant has violated this chapter or a rule adopted or order
issued by the commission or executive director.
(d) A person who makes a false statement in an application
or in any document provided with an application is subject to
disciplinary action under Subchapter D, including denial of the
application or suspension or revocation of a registration.
Sec. 1306.053. ADDITIONAL REGISTRATION AND RENEWAL
REQUIREMENTS FOR PROVIDERS. (a) In addition to the requirements of
Section 1306.052, an applicant for issuance or renewal of a
provider registration must file with the application:
(1) the reimbursement insurance policy required by
Section 1306.102, if the provider is using a reimbursement
insurance policy; and
(2) a biographical affidavit, in a form prescribed by
the executive director, for each controlling person of the
provider.
(b) The executive director may not issue or renew a
registration to a provider unless the provider provides evidence to
the executive director that:
(1) each controlling person of the provider is
trustworthy and can competently manage the affairs of the provider
in compliance with this chapter; and
(2) the provider can meet the provider's obligations
under identity recovery service contracts and this chapter.
Sec. 1306.054. FEES. (a) As prescribed by this section, a
provider must pay annual registration and renewal fees and
quarterly fees based on the number of identity recovery service
contracts sold or issued and in force in this state. As prescribed
by this section, an administrator must pay annual registration and
renewal fees.
(b) To register or renew a registration, a provider or
administrator must pay the appropriate fee. The commission shall
set by rule the amounts of the registration and renewal fees
required to cover the costs of administering this chapter.
(c) Not later than the 30th day after the date each calendar
quarter ends, a provider must report to the department the number of
identity recovery service contracts sold or issued to consumers in
this state during the calendar quarter and submit to the department
a fee equal to $1 for each of those contracts.
(d) The information concerning the number of identity
recovery service contracts sold or issued by a provider that is
submitted under Subsection (c):
(1) is a trade secret to which Section 552.110,
Government Code, applies; and
(2) may be used only by the executive director and the
department for the purposes of this section.
(e) The commission shall adopt rules to implement this
section.
Sec. 1306.055. RENEWAL. The commission shall adopt rules
regarding the renewal of a registration issued under this chapter.
[Sections 1306.056-1306.100 reserved for expansion]
SUBCHAPTER C. PRACTICE BY IDENTITY RECOVERY SERVICE CONTRACT
PROVIDERS AND ADMINISTRATORS
Sec. 1306.101. FINANCIAL SECURITY REQUIREMENTS. (a) To
ensure the faithful performance of a provider's obligations to its
identity recovery service contract holders, each provider must:
(1) insure the provider's identity recovery service
contracts under a reimbursement insurance policy issued by an
insurer authorized to transact insurance in this state or by a
surplus lines insurer eligible to place coverage in this state
under Chapter 981, Insurance Code;
(2) maintain a funded reserve account covering the
provider's obligations under its identity recovery service
contracts that are issued and outstanding in this state and place in
trust with the executive director a financial security deposit
consisting of:
(A) a surety bond issued by an authorized surety;
(B) securities of the type eligible for deposit
by an authorized insurer in this state;
(C) a statutory deposit of cash or cash
equivalents;
(D) a letter of credit issued by a qualified
financial institution; or
(E) another form of security prescribed by rules
adopted by the commission; or
(3) maintain, or have a parent company that maintains,
a net worth or stockholders' equity of at least $100 million.
(b) If the provider ensures its obligations under
Subsection (a)(2), the amount maintained in the reserve account may
not be less than an amount equal to 40 percent of the gross
consideration the provider received from consumers from the sale of
all identity recovery service contracts issued and outstanding in
this state, minus any claims paid. The executive director may
review and examine the reserve account. The amount of the security
deposit may not be less than the greater of:
(1) $25,000; or
(2) an amount equal to five percent of the gross
consideration the provider received from consumers from the sale of
all identity recovery service contracts issued and outstanding in
this state, minus any claims paid.
(c) If the provider ensures its obligations under
Subsection (a)(3), the provider must give to the executive director
on request:
(1) a copy of the provider's or the provider's parent
company's most recent Form 10-K or Form 20-F filed with the
Securities and Exchange Commission within the preceding calendar
year; or
(2) if the provider or the provider's parent company
does not file with the Securities and Exchange Commission, a copy of
the provider's or the provider's parent company's audited financial
statements showing a net worth of the provider or its parent company
of at least $100 million.
(d) If the provider's parent company's Form 10-K, Form 20-F,
or audited financial statements are filed to show that the provider
meets the financial security requirement, the parent company shall
agree to guarantee the obligations of the provider relating to
identity recovery service contracts sold by the provider in this
state.
(e) The executive director may not require a provider to
meet any additional financial security requirement.
Sec. 1306.102. REIMBURSEMENT INSURANCE POLICY. (a) A
reimbursement insurance policy that a provider uses to comply with
Sections 1306.053 and 1306.101(a)(1) must state that:
(1) the insurer that issued the policy shall:
(A) reimburse or pay on behalf of the provider
any covered amount the provider is legally obligated to pay; or
(B) provide the service that the provider is
legally obligated to perform according to the provider's
contractual obligations under the insured identity recovery
service contract;
(2) if the covered service is not provided to an
identity recovery service contract holder before the 61st day after
the date of proof of loss, the insurer shall pay the covered amount
directly to the identity recovery service contract holder or
provide the required service; and
(3) if a refund is not paid to the identity recovery
service contract holder or credited to the identity recovery
service contract holder's account as required by Section 1306.108,
the insurer, after receiving written notice, shall pay the refund
amount directly to the identity recovery service contract holder.
(b) For a reimbursement insurance policy to comply with
Section 1306.101(a)(1), the insurer issuing the policy must:
(1) maintain surplus as to policyholders and paid-in
capital of at least $15 million and annually file with the executive
director copies of the insurer's audited financial statements,
National Association of Insurance Commissioners annual statement,
and actuarial certification if the certification is required and
filed in the insurer's state of domicile; or
(2) maintain surplus as to policyholders and paid-in
capital of at least $10 million but not more than $15 million,
demonstrate to the satisfaction of the executive director that the
insurer maintains a ratio of net written premiums, wherever
written, to surplus as to policyholders and paid-in capital of not
more than three to one, and annually file with the executive
director copies of the insurer's audited financial statements,
National Association of Insurance Commissioners annual statement,
and actuarial certification if the certification is required and
filed in the insurer's state of domicile.
(c) The insurer may not cancel the reimbursement insurance
policy until the insurer delivers to the provider and the executive
director a written notice of cancellation that complies with the
notice requirements prescribed by Subchapters B and C, Chapter 551,
Insurance Code, for cancellation of an insurance policy under those
subchapters. Cancellation of the policy does not affect the
insurer's liability for an identity recovery service contract
issued by the provider and insured under the policy before the
effective date of the cancellation.
(d) If the insurer or provider cancels the reimbursement
insurance policy, the provider named on the policy may not issue a
new identity recovery service contract after the effective date of
the cancellation unless:
(1) the provider files with the executive director a
copy of a new policy that meets the requirements of this section and
that provides coverage after that date; or
(2) the provider complies with other financial
security requirements provided by Section 1306.101(a).
(e) A provider is considered the agent of an insurer that
issues a reimbursement insurance policy for purposes of obligating
the insurer to the identity recovery service contract holder in
accordance with the identity recovery service contract and this
chapter. The insurer issuing the reimbursement insurance policy is
considered to have received the premium for the policy on the date
the identity recovery service contract holder pays the purchase
price of the identity recovery service contract.
(f) This chapter does not prevent or limit the right of the
insurer to seek indemnification or subrogation against a provider
for any amount the insurer pays or is obligated to pay to an
identity recovery service contract holder on behalf of the
provider.
(g) In this section, "net written premiums" means the sum of
direct written premiums and assumed reinsurance premiums, minus
ceded reinsurance premiums.
Sec. 1306.103. APPOINTMENT AND RESPONSIBILITIES OF
ADMINISTRATOR. (a) A provider may appoint an administrator
registered under this chapter to be responsible for:
(1) all or any part of the administration or sale of
identity recovery service contracts; and
(2) compliance with this chapter, except for Section
1306.101.
(b) The appointment of an administrator under this section
does not affect a provider's responsibility to comply with this
chapter.
Sec. 1306.104. PROVIDER REQUIREMENTS. A provider may not
sell, offer for sale, or issue an identity recovery service
contract in this state unless the provider gives the identity
recovery service contract holder:
(1) a receipt for, or other written evidence of, the
purchase of the contract; and
(2) a copy of the contract within a reasonable period
after the date of purchase.
Sec. 1306.105. PROVIDER RECORDS. (a) A provider shall
maintain accurate accounts, books, and other records regarding
transactions regulated under this chapter. The provider's records
must include:
(1) a copy of each unique form of identity recovery
service contract sold;
(2) the name and address of each identity recovery
service contract holder who provided the holder's name and address;
(3) a list of each location at which the provider's
identity recovery service contracts are marketed, sold, or offered
for sale; and
(4) written claims files that contain at least the
date and a description of each claim related to the identity
recovery service contracts.
(b) The records required by this section may be maintained
in an electronic medium or through other recordkeeping technology.
If a record is not in a hard copy, the provider must be able to
reformat the record into a legible hard copy at the request of the
executive director.
(c) Except as provided by Subsection (d), a provider shall
retain the records required by this section until at least the first
anniversary of the expiration date of the specified period of
coverage under the identity recovery service contract.
(d) A provider that discontinues business in this state
shall retain its records until the provider furnishes the executive
director with proof satisfactory to the executive director that the
provider has discharged all obligations to identity recovery
service contract holders in this state.
(e) An administrator appointed to maintain the provider's
records is responsible for compliance with this section to the same
extent as the provider.
Sec. 1306.106. FORM OF IDENTITY RECOVERY SERVICE CONTRACT
AND REQUIRED DISCLOSURES. (a) An identity recovery service
contract marketed, sold, offered for sale, issued, made, proposed
to be made, or administered in this state must:
(1) be written, printed, or typed in clear,
understandable language that is easy to read;
(2) state the name and address of the provider;
(3) state the purchase price of the contract and the
terms under which the contract is sold;
(4) state the terms and restrictions governing
cancellation of the contract by the provider or the identity
recovery service contract holder before the expiration date of the
contract;
(5) identify:
(A) any administrator;
(B) the contract seller; and
(C) the identity recovery service contract
holder, if the identity recovery service contract holder provides
the holder's name;
(6) state the amount of any deductible;
(7) specify the services to be provided under the
contract and any limitation, exception, or exclusion;
(8) specify any restriction governing the
transferability of the contract; and
(9) state the duties of the identity recovery service
contract holder, including any duty to protect against any further
damage and any requirement to follow the instructions in the
identity recovery service contract.
(b) The identity of a person described by Subsection (a)(5)
is not required to be preprinted on the identity recovery service
contract and may be added to the contract at the time of sale.
(c) The purchase price is not required to be preprinted on
the identity recovery service contract and may be negotiated with
the identity recovery service contract holder at the time of sale.
(d) An identity recovery service contract insured under a
reimbursement insurance policy under Section 1306.102 must:
(1) state the name and address of the insurer;
(2) state that the identity recovery service contract
holder may apply for reimbursement directly to the insurer if:
(A) a covered service is not provided to the
identity recovery service contract holder by the provider before
the 61st day after the date of proof of loss; or
(B) a refund or credit is not paid before the 46th
day after the date on which the contract is returned to the provider
under Section 1306.107; and
(3) contain a statement substantially similar to the
following: "Obligations of the provider under this identity
recovery service contract are insured under an identity recovery
service contract reimbursement insurance policy."
(e) An identity recovery service contract that is not
insured under a reimbursement insurance policy must contain a
statement substantially similar to the following: "Obligations of
the provider under this identity recovery service contract are
backed by the full faith and credit of the provider."
Sec. 1306.107. RETURNING AN IDENTITY RECOVERY SERVICE
CONTRACT. An identity recovery service contract must require the
provider to allow the identity recovery service contract holder to
return the contract to the provider not later than:
(1) the 20th day after the date the contract is mailed
to the identity recovery service contract holder; or
(2) the 10th day after the date of delivery, if the
contract is delivered to the identity recovery service contract
holder at the time of sale.
Sec. 1306.108. VOIDING AN IDENTITY RECOVERY SERVICE
CONTRACT. (a) If an identity recovery service contract holder
returns an identity recovery service contract in accordance with
Section 1306.107 and a claim has not been made under the contract
before the contract is returned, the contract is void.
(b) An identity recovery service contract holder may void
the identity recovery service contract at a later time as provided
by the contract.
(c) If an identity recovery service contract is voided under
Subsection (a), the provider shall refund to the identity recovery
service contract holder or credit to the account of the identity
recovery service contract holder the full purchase price of the
contract. If the provider does not pay the refund or credit the
identity recovery service contract holder's account before the 46th
day after the date the contract is returned to the provider, the
provider is liable to the identity recovery service contract holder
for a penalty each month an amount remains outstanding. The monthly
penalty may not exceed 10 percent of the amount outstanding.
(d) The right to void an identity recovery service contract
is not transferable.
Sec. 1306.109. CANCELING AN IDENTITY RECOVERY SERVICE
CONTRACT. (a) A provider may cancel an identity recovery service
contract by mailing a written notice of cancellation to the
identity recovery service contract holder at the identity recovery
service contract holder's last known address according to the
records of the provider. The provider must mail the notice before
the fifth day preceding the effective date of the cancellation. The
notice must state the effective date of the cancellation and the
reason for the cancellation.
(b) The provider is not required to provide prior notice of
cancellation if the identity recovery service contract is canceled
because of:
(1) nonpayment of the consideration for the contract;
(2) a material misrepresentation by the identity
recovery service contract holder to the provider; or
(3) a substantial breach of a duty by the identity
recovery service contract holder.
Sec. 1306.110. LIMITATIONS ON PROVIDER NAME. (a) A
provider may not use a name that:
(1) includes "insurance," "casualty," "surety," or
"mutual" or any other word descriptive of the insurance, casualty,
or surety business; or
(2) is deceptively similar to the name or description
of an insurance or surety corporation or to the name of any other
provider.
(b) A provider may include in its name "guaranty" or a
similar word.
(c) This section does not apply to a provider that, before
September 1, 2009, included a word prohibited under this section in
its name. A provider described by this subsection must include in
each identity recovery service contract a statement substantially
similar to the following: "This agreement is not an insurance
contract."
Sec. 1306.111. MISLEADING STATEMENTS PROHIBITED. A
provider or the provider's representative may not, in the
provider's identity recovery service contracts or literature:
(1) make, permit, or cause to be made any false or
misleading statement; or
(2) deliberately omit a material statement if the
omission would be considered misleading.
[Sections 1306.112-1306.150 reserved for expansion]
SUBCHAPTER D. DISCIPLINARY ACTION
Sec. 1306.151. DISCIPLINARY ACTION. On a finding that a
ground for disciplinary action exists under this chapter, the
commission may impose an administrative sanction, including an
administrative penalty as provided by Subchapter F, Chapter 51.
Sec. 1306.152. INJUNCTIVE RELIEF; CIVIL PENALTY. (a) The
executive director may institute an action under Section 51.352 for
injunctive relief to restrain a violation or a threatened violation
of this chapter or an order issued or rule adopted under this
chapter.
(b) In addition to the injunctive relief provided by
Subsection (a), the executive director may institute an action for
a civil penalty as provided by Section 51.352. The amount of a
civil penalty assessed under this section may not exceed:
(1) $2,500 for each violation; or
(2) $50,000 in the aggregate for all violations of a
similar nature.
Sec. 1306.153. MULTIPLE VIOLATIONS. For purposes of this
subchapter, violations are of a similar nature if the violations
consist of the same or a similar course of conduct, action, or
practice, regardless of the number of times the conduct, act, or
practice occurred.
Sec. 1306.154. ADMINISTRATIVE PROCEDURE. Sections 51.305,
51.310, and 51.354 apply to disciplinary action taken under this
chapter.
SECTION 4. Section 2306.003, Occupations Code, is amended
by adding Subsection (c) to read as follows:
(c) A vehicle protection product may also include identity
recovery, as defined by Section 1306.002, if the vehicle protection
product is financed under Chapter 348, Finance Code.
SECTION 5. (a) The change in law made by this Act applies to
an identity recovery service contract entered into on or after
January 1, 2010. An identity recovery service contract entered
into before January 1, 2010, is covered by the law in effect on the
date the contract was entered into, and the former law is continued
in effect for that purpose.
(b) Not later than November 1, 2009, the Texas Commission of
Licensing and Regulation shall adopt rules to implement Chapter
1306, Occupations Code, as added by this Act.
SECTION 6. (a) Except as provided by Subsection (b) of this
section, this Act takes effect September 1, 2009.
(b) Section 1306.051 and Subchapter D, Chapter 1306,
Occupations Code, as added by this Act, take effect January 1, 2010.