How to Master State vs Federal Insurance Regulation in Your Agency

Insurance is primarily state-regulated. The McCarran-Ferguson Act (15 U.S.C. § 1011) grants states the authority to regulate the business of insurance - rates, forms, solvency, licensing, and market conduct - and preempts federal law to the extent it conflicts with state regulation. But federal statutes carve out specific areas that override or run parallel to state authority. Getting this wrong means compliance gaps on both layers.

Key Takeaways

• The McCarran-Ferguson Act (15 U.S.C. § 1011) establishes state primacy for insurance regulation.
• State departments of insurance regulate rates, forms, market conduct, solvency, licensing, and consumer protection.
• ERISA preempts state regulation of self-insured employer health plans - the most significant federal carve-out in the industry.
• The ACA, FCRA, GLBA, TCPA, and FTC Safeguards Rule each impose federal obligations on specific insurance-adjacent activities.
• New York Insurance Department Regulation 10 governs credit insurance but applies only in New York - not nationally.
• Both mutual and stock insurance companies are regulated by the same state DOI.

The Core Rule: Insurance Is State-Regulated

The foundational principle is in 15 U.S.C. § 1011: "the business of insurance, and every person engaged therein, shall be subject to the laws of the several States which relate to the regulation or taxation of such business." Congress passed McCarran-Ferguson in 1945 in response to the Supreme Court's 1944 ruling in United States v. South-Eastern Underwriters Association, which had held that insurance was interstate commerce. The Act restored state authority.

New Hampshire enacted the first state insurance regulation in 1851, predating federal involvement by nearly a century. The landmark Paul v. Virginia case in 1869 further cemented state authority by holding that issuing insurance policies was not interstate commerce under the Constitution. That ruling guided the regulatory structure until South-Eastern Underwriters reversed it in 1944.

Today, all 50 states and the District of Columbia operate an independent Department of Insurance (or equivalent) that licenses producers, reviews and approves policy forms, sets rate-filing requirements, and conducts market conduct examinations of carriers and agencies.

What State Departments of Insurance Regulate

State DOIs have jurisdiction over six core areas.

Rates. Carriers must file rates with the state DOI before using them in most lines. Most states use a prior-approval system (rate must be approved before use), a file-and-use system (file with the DOI and use immediately), or a use-and-file system. California uses prior approval under Proposition 103 for personal auto and homeowners.

Policy forms. Every policy form sold in a state must be filed with and approved by the state DOI. Forms approved in one state are not automatically valid in another. This creates real compliance work for carriers writing in multiple states.

Solvency. State DOIs require carriers to maintain minimum surplus levels, submit annual financial statements (using NAIC statutory accounting principles), and hold reserves sufficient to pay future claims. The NAIC's accreditation program creates baseline standards, but each state's solvency requirements apply independently.

Licensing. Producers, agencies, and adjusters must hold a license in every state where they conduct business. Licensing requirements include pre-licensing education hours (which vary by state and line of authority), passing a state exam, and completing continuing-education requirements to renew.

Market conduct. State DOIs examine carrier and agency claims handling, underwriting practices, rating accuracy, and producer conduct. Market conduct examinations can result in fines, license suspensions, and corrective action orders.

Consumer protection. State laws govern unfair trade practices, anti-rebating rules, unfair claims settlement practices, and privacy protections for policyholders. Anti-rebating statutes prohibit producers from offering clients anything of value (beyond the policy) as an inducement to purchase insurance.

Where Federal Law Applies to Insurance

Federal law does not regulate the core business of insurance - but it affects many adjacent activities. Six federal statutes create direct compliance obligations for agencies and carriers.

ERISA (29 U.S.C. § 1144)

The Employee Retirement Income Security Act preempts state regulation of employee benefit plans maintained by employers, including self-insured health plans. This is the largest federal carve-out. An employer that self-insures its employee health benefits is not subject to state insurance mandates - it is regulated under ERISA by the Department of Labor. Fully insured employer health plans (where the employer buys coverage from a licensed insurer) remain subject to state regulation because the insurer is regulated at the state level.

ACA (42 U.S.C. § 18001 et seq.)

The Affordable Care Act sets minimum standards for health insurance - essential health benefits, preventive care mandates, guaranteed issue, community rating, and metal tier requirements. ACA requirements apply to individual and small-group markets in all states. Large-group markets face ACA employer mandate rules. States can impose additional requirements on top of ACA minimums.

FCRA (15 U.S.C. § 1681)

The Fair Credit Reporting Act governs the use of consumer reports in underwriting. Carriers using credit-based insurance scores to underwrite or rate policies must comply with adverse action notice requirements under FCRA § 615 - notifying the applicant when a consumer report led to a less favorable outcome.

GLBA (15 U.S.C. § 6801 et seq.)

The Gramm-Leach-Bliley Act requires insurance agencies and carriers to maintain privacy policies for nonpublic personal information, provide annual privacy notices to customers, and restrict sharing of customer financial data with non-affiliated third parties. Agencies receiving nonpublic personal information trigger GLBA compliance obligations.

TCPA (47 U.S.C. § 227)

The Telephone Consumer Protection Act governs telemarketing calls, auto-dialed calls, and text messages. Insurance agencies conducting outbound telemarketing campaigns must comply with TCPA consent requirements, honor the national Do Not Call registry, and maintain internal do-not-call lists.

FTC Safeguards Rule (16 C.F.R. Part 314)

The FTC's revised Safeguards Rule (effective June 2023) requires insurance agencies that qualify as financial institutions under GLBA to implement a written information security program. Requirements include encryption of customer data, multi-factor authentication, annual penetration testing, and designation of a qualified information security officer.

New York Regulation 10

New York Insurance Department Regulation 10 (11 NYCRR 185) governs credit insurance - specifically, credit life, credit accident and health, credit property, and credit unemployment insurance written in connection with loans and credit transactions. It sets maximum rates, minimum benefit standards, and disclosure requirements for credit insurance products. Regulation 10 applies only in New York. Agencies writing credit insurance in New York must follow Regulation 10's requirements; no equivalent federal rule governs credit insurance in other states.

Mutual vs. Stock Insurance Companies: Is Regulation Different?

No. Both mutual and stock insurance companies are regulated by the same state Department of Insurance under the same statutes. The ownership structure differs - mutuals are owned by policyholders, stock companies by shareholders - but both must meet the same licensing, solvency, rate-filing, form-approval, and market conduct requirements. A mutual insurer like Erie Indemnity faces the same regulatory requirements as a stock insurer like Travelers.

The one area where structure matters is conversion. When a mutual company demutualizes (converts to stock form), the process is regulated by the state DOI and requires policyholder approval. But ongoing operations are subject to identical regulation regardless of structure.

State vs. Federal Regulation Checklist for Agencies

Use this checklist to verify your agency addresses both regulatory layers.

State Compliance

• Producer licenses current in all states where you place business
• Continuing-education hours tracked per state requirement
• Agency license renewed before expiration in each state
• Anti-rebating policy in place and documented (see anti-rebating)
• Carrier appointments filed in each state where required
• Market conduct examination procedures documented

Federal Compliance

• GLBA privacy notice delivered annually to customers
• GLBA data-sharing practices reviewed against § 6802 restrictions
• FTC Safeguards Rule information security program in place (agencies qualifying as financial institutions)
• TCPA consent documentation for any outbound telemarketing
• FCRA adverse action notices issued when consumer reports affect underwriting decisions
• ERISA awareness for employer-clients with self-insured health plans

Summary Table: State vs. Federal Jurisdiction

For more on state licensing compliance, see Post #456 on producer licensing requirements and Post #459 on continuing education by state.

Frequently Asked Questions

Is insurance regulated by state or federal law?

Insurance is primarily state-regulated under the McCarran-Ferguson Act (15 U.S.C. § 1011), which grants states the authority to regulate the business of insurance. Federal law applies in specific areas: ERISA governs self-insured employer health plans, the ACA sets minimum health insurance standards, GLBA imposes privacy obligations, FCRA governs consumer report use in underwriting, TCPA covers telemarketing, and the FTC Safeguards Rule requires information security programs. State and federal obligations run in parallel for most agency activities.

What was the first state to enact insurance regulation?

New Hampshire enacted the first state insurance regulation in 1851, creating the first state insurance commission. The Paul v. Virginia case in 1869 reinforced state authority by ruling that insurance was not interstate commerce. That framework held until United States v. South-Eastern Underwriters Association (1944) ruled otherwise, prompting Congress to pass McCarran-Ferguson in 1945 to restore state primacy.

Does New York Regulation 10 apply in other states?

No. New York Insurance Department Regulation 10 (11 NYCRR 185) applies only in New York. It governs credit insurance - including credit life, credit accident and health, credit property, and credit unemployment insurance - written in connection with loans and credit transactions in New York. No equivalent federal regulation covers credit insurance. Agencies writing credit insurance in states other than New York follow those states' own rules, which vary.

Is mutual insurance regulated differently than stock insurance?

No. Both mutual insurers (owned by policyholders) and stock insurers (owned by shareholders) are regulated by the same state Department of Insurance under identical statutes. Solvency requirements, rate-filing, form approval, market conduct examinations, and producer licensing rules apply equally. Erie Indemnity (mutual) and Travelers (stock) face the same state regulatory obligations. The only structural distinction appears during demutualization, which requires DOI approval and policyholder vote.

What does a state insurance commissioner regulate?

State insurance commissioners regulate the entire domestic insurance market within their state: solvency and financial condition of carriers, rate filings, policy form approval, producer and agency licensing, continuing education requirements, market conduct of carriers and producers, consumer complaint resolution, and enforcement of state insurance statutes including anti-rebating and unfair trade practices laws.

What does ERISA do to state insurance regulation?

ERISA § 514 (29 U.S.C. § 1144) preempts state laws that relate to employee benefit plans. For self-insured employer health plans, this means state health insurance mandates - benefit requirements, form approval, network adequacy rules - do not apply. The employer is regulated by the DOL under ERISA instead. Fully insured plans (where the employer purchases coverage from a state-licensed insurer) remain subject to state regulation because the insurance contract is regulated at the carrier level.

Written by Javier Sanz, Founder of BrokerageAudit. Last updated April 2026.

BrokerageAudit's Policy Checker flags state and federal compliance gaps before they become violations. Track producer licenses across all states, monitor CE deadlines, and verify policy forms against DOI filings in one place. Explore Policy Checker