The Function of Third Party Administrators

Insurance companies often contract out certain functions of the traditional insurance company to organizations such as third party administrators (TPAs).

TPAs function in various capacities in the marketplace and frequently contract with:

  • Property & Casualty insurance companies
  • Life, Annuity & Disability insurers
  • Health insurance companies
  • Employee benefit plans
  • Retirement plans

Generally, the relationship is evidenced by a contract, with the insurer (or other entity) retaining the risk of loss (liability) as to the effected insurance policies. In some states, TPAs must be licensed as such, whereas other states do not require TPAs to be licensed (of course, to the extent the TPA functions in a specific capacity itself requiring licensing, e.g., claim adjuster, the TPA would be required to obtain those free-standing licenses).

Watch insurance expert Bill Hager speak on Third Party Administrator issues.

Third Party Administrators and Cybersecurity

In regard to TPAs and cybersecurity, Third party administrators are not immune to data breach or network or system failures. Human error is the leading cause of cybercrime, according to BakerHostetler’s 2016 Data Security Incident Response Report. As cybercrime threats increase, managers are requiring their administrators to have comprehensive cybersecurity plans in place.

More managers are requiring incidence response plans, formal written programs and audits of cybersecurity procedures from their vendors, according to W. Reece Hirsch, partner and co-head of the privacy and cybersecurity practice at Morgan, Lewis & Bockius LLP. This is because, in the financial services sector, sensitive information like social security numbers and account information can be exploited.

Additionally, Third party administrators have increased their use of cyber insurance to mitigate cybersecurity threats, according to a recent article from Pensions & Investments. In 2016, premiums for the entire cyber insurance market totaled just over $3 billion, according to Fitch Ratings. By 2020, premiums are expected to be around $20 billion.

While managers are concerned about TPA cybersecurity, they are unlikely to cease utilizing TPAs. It would take a lot of time and money to bring the work performed by TPAs back in-house. More importantly, using TPAs isn’t just about saving money. TPAs function as an outside source for compliance and verification.

In order for TPAs to remain current and competitive, they are advised to keep abreast of cybersecurity issues and maintain the correct cyber insurance coverage and procedural plans to safeguard their operations.

Bill Hager’s Experience as an Expert on Third Party Administrators

TPA Expertise as an Insurance Regulator. I have had extensive and substantive experience relating directly to TPAs including determining the TPA and insurer’s (or self-insured) obligations under their contracts. As a regulator, I approved the formation and authorization to conduct business and oversaw TPAs on a daily basis as they carried out their various contracted duties.

As a regulator for eight years in three positions: (i) Assistant Attorney General assigned to the Department of Insurance (Iowa); (ii) First Deputy Commissioner of Insurance; and (iii) Commissioner of Insurance), along with my staff, I approved (or disapproved) of the TPA contracts as entered into between TPAs and regulated entities. This regulatory action also included the approval of and regulatory oversight of their work under the TPA contract as well. In addition, I regularly served as an Administrative Law Judge in matters relating directly to TPAs.

  1. TPA Expertise: NAIC.While Commissioner, I also served as a member of the National Association of Insurance Commissioners (“NAIC”), (including membership on its Executive Committee), the nationwide organization of all state insurance commissioners. That organization has responsibilities for establishing model insurance administrative regulations and model statutes for consideration by all of the states. While with the NAIC, I served among others as:
  • Chair of the Life Insurance Committee.The charge of this Committee was oversight of all issues relating to life and health insurance products as well as life and health insurers, with many of those health insurers providing products through or together with TPAs;
  • Chair of the Universal Life Insurance Task Force.The charge of this Committee was oversight of universal life and similar products; and
  • Chair of the Life Insurance Product Development Task Force.While Chairman of this Task Force, I led the development of model disclosure statements for universal and indeterminate premium life products designed to assist consumers in their comparison of different types of life insurance products.

Click on the link to read more about Mr. Hager’s third party administrator expertise.


Material for this article was taken from a collection of industry sources relating to the subject.

In all of the general statements here, see the state law of the controlling jurisdiction. Every case is different and circumstances vary widely depending on the governing state law, policy provisions, and related considerations.

This blog is provided for educational purposes only. It is not intended to provide legal advice or an opinion in regard to any topic discussed. The blog should not be used as a substitute for legal advice from a licensed attorney in your state.