CHAPTER 1306. IDENTITY RECOVERY SERVICE CONTRACT PROVIDERS AND ADMINISTRATORS
OCCUPATIONS CODE
TITLE 8. REGULATION OF ENVIRONMENTAL AND INDUSTRIAL TRADES
CHAPTER 1306. IDENTITY RECOVERY SERVICE CONTRACT PROVIDERS AND
ADMINISTRATORS
SUBCHAPTER A. GENERAL PROVISIONS
Sec. 1306.001. SHORT TITLE. This chapter may be cited as the
Identity Recovery Service Contract Regulatory Act.
Added by Acts 2009, 81st Leg., R.S., Ch.
36, Sec. 3, eff. September 1, 2009.
Sec. 1306.002. DEFINITIONS. In this chapter:
(1) "Administrator" means a person, other than the provider of
the identity recovery service contract or an employee of the
provider, who is responsible for the third-party administration
of an identity recovery service contract.
(2) "Commission" means the Texas Commission of Licensing and
Regulation.
(3) "Consumer" means an individual who, for a purpose other than
resale, buys a motor vehicle that is:
(A) distributed in commerce; and
(B) normally used for personal, family, or household purposes
and not for business or research purposes.
(4) "Department" means the Texas Department of Licensing and
Regulation.
(5) "Executive director" means the executive director of the
department.
(6) "Identity recovery" means a process, through a limited power
of attorney and the assistance of an identity recovery expert,
that returns the identity of an identity theft victim to
pre-identity theft event status.
(7) "Identity recovery service contract holder" means a person
who purchases or otherwise holds an identity recovery service
contract.
(8) "Person" means an individual or an association, company,
corporation, partnership, or other group.
(9) "Provider" means a person who is contractually obligated to
an identity recovery service contract holder under the terms of
an identity recovery service contract.
(10) "Reimbursement insurance policy" means a policy of
insurance issued to a provider to:
(A) reimburse the provider under an identity recovery service
contract the provider issued or sold; or
(B) pay on behalf of the provider all covered contractual
obligations that are incurred by the provider under an identity
recovery service contract the provider issued or sold and that
the provider does not perform.
Added by Acts 2009, 81st Leg., R.S., Ch.
36, Sec. 3, eff. September 1, 2009.
Sec. 1306.003. IDENTITY RECOVERY SERVICE CONTRACT. In this
chapter, "identity recovery service contract" means an agreement:
(1) to provide identity recovery;
(2) that is entered into for a separately stated consideration
and for a specified term; and
(3) that is financed through a retail installment contract under
Chapter 348, Finance Code.
Added by Acts 2009, 81st Leg., R.S., Ch.
36, Sec. 3, eff. September 1, 2009.
Sec. 1306.004. CONTROLLING PERSON. (a) In this chapter,
"controlling person" means an individual who:
(1) possesses direct or indirect control of at least 25 percent
of the voting securities of a corporation;
(2) possesses the authority to set policy and direct the
management of a business entity;
(3) is the president, the secretary, or a director of a
corporation; or
(4) is a general partner of a partnership.
(b) An individual who is a controlling person of a corporation
or other business entity that is the general partner of a limited
partnership is a controlling person of the limited partnership.
Added by Acts 2009, 81st Leg., R.S., Ch.
36, Sec. 3, eff. September 1, 2009.
Sec. 1306.005. EXEMPTIONS. This chapter does not apply to:
(1) an identity recovery service contract sold or offered for
sale to a person who is not a consumer; or
(2) an identity recovery service contract sold by a motor
vehicle dealer on a motor vehicle sold by that dealer, if the
dealer:
(A) is the provider;
(B) is licensed as a motor vehicle dealer under Chapter 2301;
and
(C) covers its obligations under the identity recovery service
contract with a reimbursement insurance policy.
Added by Acts 2009, 81st Leg., R.S., Ch.
36, Sec. 3, eff. September 1, 2009.
Sec. 1306.006. EXEMPTIONS FROM CERTAIN OTHER LAWS. Marketing,
selling, offering for sale, issuing, making, proposing to make,
and administering an identity recovery service contract are
exempt from the Insurance Code and other laws of this state
regulating the business of insurance.
Added by Acts 2009, 81st Leg., R.S., Ch.
36, Sec. 3, eff. September 1, 2009.
Sec. 1306.007. PURCHASE REQUIREMENT PROHIBITED. A person
regulated by Chapter 2301 may not require the purchase of an
identity recovery service contract as a condition of a loan or
the sale of a vehicle.
Added by Acts 2009, 81st Leg., R.S., Ch.
36, Sec. 3, eff. September 1, 2009.
Sec. 1306.008. GENERAL INVESTIGATIVE POWER OF EXECUTIVE
DIRECTOR. (a) The executive director may investigate a
provider, administrator, or other person as necessary to enforce
this chapter and protect identity recovery service contract
holders in this state.
(b) On request of the executive director, a provider shall make
the records required by Section 1306.105 available to the
executive director as necessary to enable the executive director
to reasonably determine compliance with this chapter.
Added by Acts 2009, 81st Leg., R.S., Ch.
36, Sec. 3, eff. September 1, 2009.
SUBCHAPTER B. REGISTRATION REQUIREMENTS
Sec. 1306.051. REGISTRATION REQUIRED; EXEMPTION FROM OTHER
LICENSING REQUIREMENTS. (a) A person may not operate as a
provider or administrator of identity recovery service contracts
sold in this state unless the person is registered with the
department.
(b) Except for the registration requirement of this subchapter,
a provider, identity recovery service contract seller,
administrator, or other person who markets, sells, or offers to
sell identity recovery service contracts is exempt from any
licensing requirement of this state that relates to an activity
regulated under this chapter.
(c) If a person registered under Chapter 1304 registers under
Chapter 1306, the financial security used to comply with Section
1304.151 fulfills the requirements of Section 1306.101.
Added by Acts 2009, 81st Leg., R.S., Ch.
36, Sec. 3, eff. January 1, 2010.
Sec. 1306.052. APPLICATION FOR REGISTRATION OR RENEWAL; GENERAL
REQUIREMENTS. (a) An applicant for registration or registration
renewal must submit an application to the executive director.
(b) The application must:
(1) be in the form prescribed by the executive director; and
(2) include evidence satisfactory to the executive director of
compliance with the applicable financial security requirements
prescribed by Section 1306.101, if the application is for a
provider registration or renewal.
(c) The department may refuse to issue or renew a registration
if the applicant or a controlling person of the applicant has
violated this chapter or a rule adopted or order issued by the
commission or executive director.
(d) A person who makes a false statement in an application or in
any document provided with an application is subject to
disciplinary action under Subchapter D, including denial of the
application or suspension or revocation of a registration.
Added by Acts 2009, 81st Leg., R.S., Ch.
36, Sec. 3, eff. September 1, 2009.
Sec. 1306.053. ADDITIONAL REGISTRATION AND RENEWAL REQUIREMENTS
FOR PROVIDERS. (a) In addition to the requirements of Section
1306.052, an applicant for issuance or renewal of a provider
registration must file with the application:
(1) the reimbursement insurance policy required by Section
1306.102, if the provider is using a reimbursement insurance
policy; and
(2) a biographical affidavit, in a form prescribed by the
executive director, for each controlling person of the provider.
(b) The executive director may not issue or renew a registration
to a provider unless the provider provides evidence to the
executive director that:
(1) each controlling person of the provider is trustworthy and
can competently manage the affairs of the provider in compliance
with this chapter; and
(2) the provider can meet the provider's obligations under
identity recovery service contracts and this chapter.
Added by Acts 2009, 81st Leg., R.S., Ch.
36, Sec. 3, eff. September 1, 2009.
Sec. 1306.054. FEES. (a) As prescribed by this section, a
provider must pay annual registration and renewal fees and
quarterly fees based on the number of identity recovery service
contracts sold or issued and in force in this state. As
prescribed by this section, an administrator must pay annual
registration and renewal fees.
(b) To register or renew a registration, a provider or
administrator must pay the appropriate fee. The commission shall
set by rule the amounts of the registration and renewal fees
required to cover the costs of administering this chapter.
(c) Not later than the 30th day after the date each calendar
quarter ends, a provider must report to the department the number
of identity recovery service contracts sold or issued to
consumers in this state during the calendar quarter and submit to
the department a fee equal to $1 for each of those contracts.
(d) The information concerning the number of identity recovery
service contracts sold or issued by a provider that is submitted
under Subsection (c):
(1) is a trade secret to which Section 552.110, Government Code,
applies; and
(2) may be used only by the executive director and the
department for the purposes of this section.
(e) The commission shall adopt rules to implement this section.
Added by Acts 2009, 81st Leg., R.S., Ch.
36, Sec. 3, eff. September 1, 2009.
Sec. 1306.055. RENEWAL. The commission shall adopt rules
regarding the renewal of a registration issued under this
chapter.
Added by Acts 2009, 81st Leg., R.S., Ch.
36, Sec. 3, eff. September 1, 2009.
SUBCHAPTER C. PRACTICE BY IDENTITY RECOVERY SERVICE CONTRACT
PROVIDERS AND ADMINISTRATORS
Sec. 1306.101. FINANCIAL SECURITY REQUIREMENTS. (a) To ensure
the faithful performance of a provider's obligations to its
identity recovery service contract holders, each provider must:
(1) insure the provider's identity recovery service contracts
under a reimbursement insurance policy issued by an insurer
authorized to transact insurance in this state or by a surplus
lines insurer eligible to place coverage in this state under
Chapter 981, Insurance Code;
(2) maintain a funded reserve account covering the provider's
obligations under its identity recovery service contracts that
are issued and outstanding in this state and place in trust with
the executive director a financial security deposit consisting
of:
(A) a surety bond issued by an authorized surety;
(B) securities of the type eligible for deposit by an authorized
insurer in this state;
(C) a statutory deposit of cash or cash equivalents;
(D) a letter of credit issued by a qualified financial
institution; or
(E) another form of security prescribed by rules adopted by the
commission; or
(3) maintain, or have a parent company that maintains, a net
worth or stockholders' equity of at least $100 million.
(b) If the provider ensures its obligations under Subsection
(a)(2), the amount maintained in the reserve account may not be
less than an amount equal to 40 percent of the gross
consideration the provider received from consumers from the sale
of all identity recovery service contracts issued and outstanding
in this state, minus any claims paid. The executive director may
review and examine the reserve account. The amount of the
security deposit may not be less than the greater of:
(1) $25,000; or
(2) an amount equal to five percent of the gross consideration
the provider received from consumers from the sale of all
identity recovery service contracts issued and outstanding in
this state, minus any claims paid.
(c) If the provider ensures its obligations under Subsection
(a)(3), the provider must give to the executive director on
request:
(1) a copy of the provider's or the provider's parent company's
most recent Form 10-K or Form 20-F filed with the Securities and
Exchange Commission within the preceding calendar year; or
(2) if the provider or the provider's parent company does not
file with the Securities and Exchange Commission, a copy of the
provider's or the provider's parent company's audited financial
statements showing a net worth of the provider or its parent
company of at least $100 million.
(d) If the provider's parent company's Form 10-K, Form 20-F, or
audited financial statements are filed to show that the provider
meets the financial security requirement, the parent company
shall agree to guarantee the obligations of the provider relating
to identity recovery service contracts sold by the provider in
this state.
(e) The executive director may not require a provider to meet
any additional financial security requirement.
Added by Acts 2009, 81st Leg., R.S., Ch.
36, Sec. 3, eff. September 1, 2009.
Sec. 1306.102. REIMBURSEMENT INSURANCE POLICY. (a) A
reimbursement insurance policy that a provider uses to comply
with Sections 1306.053 and 1306.101(a)(1) must state that:
(1) the insurer that issued the policy shall:
(A) reimburse or pay on behalf of the provider any covered
amount the provider is legally obligated to pay; or
(B) provide the service that the provider is legally obligated
to perform according to the provider's contractual obligations
under the insured identity recovery service contract;
(2) if the covered service is not provided to an identity
recovery service contract holder before the 61st day after the
date of proof of loss, the insurer shall pay the covered amount
directly to the identity recovery service contract holder or
provide the required service; and
(3) if a refund is not paid to the identity recovery service
contract holder or credited to the identity recovery service
contract holder's account as required by Section 1306.108, the
insurer, after receiving written notice, shall pay the refund
amount directly to the identity recovery service contract holder.
(b) For a reimbursement insurance policy to comply with Section
1306.101(a)(1), the insurer issuing the policy must:
(1) maintain surplus as to policyholders and paid-in capital of
at least $15 million and annually file with the executive
director copies of the insurer's audited financial statements,
National Association of Insurance Commissioners annual statement,
and actuarial certification if the certification is required and
filed in the insurer's state of domicile; or
(2) maintain surplus as to policyholders and paid-in capital of
at least $10 million but not more than $15 million, demonstrate
to the satisfaction of the executive director that the insurer
maintains a ratio of net written premiums, wherever written, to
surplus as to policyholders and paid-in capital of not more than
three to one, and annually file with the executive director
copies of the insurer's audited financial statements, National
Association of Insurance Commissioners annual statement, and
actuarial certification if the certification is required and
filed in the insurer's state of domicile.
(c) The insurer may not cancel the reimbursement insurance
policy until the insurer delivers to the provider and the
executive director a written notice of cancellation that complies
with the notice requirements prescribed by Subchapters B and C,
Chapter 551, Insurance Code, for cancellation of an insurance
policy under those subchapters. Cancellation of the policy does
not affect the insurer's liability for an identity recovery
service contract issued by the provider and insured under the
policy before the effective date of the cancellation.
(d) If the insurer or provider cancels the reimbursement
insurance policy, the provider named on the policy may not issue
a new identity recovery service contract after the effective date
of the cancellation unless:
(1) the provider files with the executive director a copy of a
new policy that meets the requirements of this section and that
provides coverage after that date; or
(2) the provider complies with other financial security
requirements provided by Section 1306.101(a).
(e) A provider is considered the agent of an insurer that issues
a reimbursement insurance policy for purposes of obligating the
insurer to the identity recovery service contract holder in
accordance with the identity recovery service contract and this
chapter. The insurer issuing the reimbursement insurance policy
is considered to have received the premium for the policy on the
date the identity recovery service contract holder pays the
purchase price of the identity recovery service contract.
(f) This chapter does not prevent or limit the right of the
insurer to seek indemnification or subrogation against a provider
for any amount the insurer pays or is obligated to pay to an
identity recovery service contract holder on behalf of the
provider.
(g) In this section, "net written premiums" means the sum of
direct written premiums and assumed reinsurance premiums, minus
ceded reinsurance premiums.
Added by Acts 2009, 81st Leg., R.S., Ch.
36, Sec. 3, eff. September 1, 2009.
Sec. 1306.103. APPOINTMENT AND RESPONSIBILITIES OF
ADMINISTRATOR. (a) A provider may appoint an administrator
registered under this chapter to be responsible for:
(1) all or any part of the administration or sale of identity
recovery service contracts; and
(2) compliance with this chapter, except for Section 1306.101.
(b) The appointment of an administrator under this section does
not affect a provider's responsibility to comply with this
chapter.
Added by Acts 2009, 81st Leg., R.S., Ch.
36, Sec. 3, eff. September 1, 2009.
Sec. 1306.104. PROVIDER REQUIREMENTS. A provider may not sell,
offer for sale, or issue an identity recovery service contract in
this state unless the provider gives the identity recovery
service contract holder:
(1) a receipt for, or other written evidence of, the purchase of
the contract; and
(2) a copy of the contract within a reasonable period after the
date of purchase.
Added by Acts 2009, 81st Leg., R.S., Ch.
36, Sec. 3, eff. September 1, 2009.
Sec. 1306.105. PROVIDER RECORDS. (a) A provider shall maintain
accurate accounts, books, and other records regarding
transactions regulated under this chapter. The provider's
records must include:
(1) a copy of each unique form of identity recovery service
contract sold;
(2) the name and address of each identity recovery service
contract holder who provided the holder's name and address;
(3) a list of each location at which the provider's identity
recovery service contracts are marketed, sold, or offered for
sale; and
(4) written claims files that contain at least the date and a
description of each claim related to the identity recovery
service contracts.
(b) The records required by this section may be maintained in an
electronic medium or through other recordkeeping technology. If
a record is not in a hard copy, the provider must be able to
reformat the record into a legible hard copy at the request of
the executive director.
(c) Except as provided by Subsection (d), a provider shall
retain the records required by this section until at least the
first anniversary of the expiration date of the specified period
of coverage under the identity recovery service contract.
(d) A provider that discontinues business in this state shall
retain its records until the provider furnishes the executive
director with proof satisfactory to the executive director that
the provider has discharged all obligations to identity recovery
service contract holders in this state.
(e) An administrator appointed to maintain the provider's
records is responsible for compliance with this section to the
same extent as the provider.
Added by Acts 2009, 81st Leg., R.S., Ch.
36, Sec. 3, eff. September 1, 2009.
Sec. 1306.106. FORM OF IDENTITY RECOVERY SERVICE CONTRACT AND
REQUIRED DISCLOSURES. (a) An identity recovery service contract
marketed, sold, offered for sale, issued, made, proposed to be
made, or administered in this state must:
(1) be written, printed, or typed in clear, understandable
language that is easy to read;
(2) state the name and address of the provider;
(3) state the purchase price of the contract and the terms under
which the contract is sold;
(4) state the terms and restrictions governing cancellation of
the contract by the provider or the identity recovery service
contract holder before the expiration date of the contract;
(5) identify:
(A) any administrator;
(B) the contract seller; and
(C) the identity recovery service contract holder, if the
identity recovery service contract holder provides the holder's
name;
(6) state the amount of any deductible;
(7) specify the services to be provided under the contract and
any limitation, exception, or exclusion;
(8) specify any restriction governing the transferability of the
contract; and
(9) state the duties of the identity recovery service contract
holder, including any duty to protect against any further damage
and any requirement to follow the instructions in the identity
recovery service contract.
(b) The identity of a person described by Subsection (a)(5) is
not required to be preprinted on the identity recovery service
contract and may be added to the contract at the time of sale.
(c) The purchase price is not required to be preprinted on the
identity recovery service contract and may be negotiated with the
identity recovery service contract holder at the time of sale.
(d) An identity recovery service contract insured under a
reimbursement insurance policy under Section 1306.102 must:
(1) state the name and address of the insurer;
(2) state that the identity recovery service contract holder may
apply for reimbursement directly to the insurer if:
(A) a covered service is not provided to the identity recovery
service contract holder by the provider before the 61st day after
the date of proof of loss; or
(B) a refund or credit is not paid before the 46th day after the
date on which the contract is returned to the provider under
Section 1306.107; and
(3) contain a statement substantially similar to the following:
"Obligations of the provider under this identity recovery service
contract are insured under an identity recovery service contract
reimbursement insurance policy."
(e) An identity recovery service contract that is not insured
under a reimbursement insurance policy must contain a statement
substantially similar to the following: "Obligations of the
provider under this identity recovery service contract are backed
by the full faith and credit of the provider."
Added by Acts 2009, 81st Leg., R.S., Ch.
36, Sec. 3, eff. September 1, 2009.
Sec. 1306.107. RETURNING AN IDENTITY RECOVERY SERVICE CONTRACT.
An identity recovery service contract must require the provider
to allow the identity recovery service contract holder to return
the contract to the provider not later than:
(1) the 20th day after the date the contract is mailed to the
identity recovery service contract holder; or
(2) the 10th day after the date of delivery, if the contract is
delivered to the identity recovery service contract holder at the
time of sale.
Added by Acts 2009, 81st Leg., R.S., Ch.
36, Sec. 3, eff. September 1, 2009.
Sec. 1306.108. VOIDING AN IDENTITY RECOVERY SERVICE CONTRACT.
(a) If an identity recovery service contract holder returns an
identity recovery service contract in accordance with Section
1306.107 and a claim has not been made under the contract before
the contract is returned, the contract is void.
(b) An identity recovery service contract holder may void the
identity recovery service contract at a later time as provided by
the contract.
(c) If an identity recovery service contract is voided under
Subsection (a), the provider shall refund to the identity
recovery service contract holder or credit to the account of the
identity recovery service contract holder the full purchase price
of the contract. If the provider does not pay the refund or
credit the identity recovery service contract holder's account
before the 46th day after the date the contract is returned to
the provider, the provider is liable to the identity recovery
service contract holder for a penalty each month an amount
remains outstanding. The monthly penalty may not exceed 10
percent of the amount outstanding.
(d) The right to void an identity recovery service contract is
not transferable.
Added by Acts 2009, 81st Leg., R.S., Ch.
36, Sec. 3, eff. September 1, 2009.
Sec. 1306.109. CANCELING AN IDENTITY RECOVERY SERVICE CONTRACT.
(a) A provider may cancel an identity recovery service contract
by mailing a written notice of cancellation to the identity
recovery service contract holder at the identity recovery service
contract holder's last known address according to the records of
the provider. The provider must mail the notice before the fifth
day preceding the effective date of the cancellation. The notice
must state the effective date of the cancellation and the reason
for the cancellation.
(b) The provider is not required to provide prior notice of
cancellation if the identity recovery service contract is
canceled because of:
(1) nonpayment of the consideration for the contract;
(2) a material misrepresentation by the identity recovery
service contract holder to the provider; or
(3) a substantial breach of a duty by the identity recovery
service contract holder.
Added by Acts 2009, 81st Leg., R.S., Ch.
36, Sec. 3, eff. September 1, 2009.
Sec. 1306.110. LIMITATIONS ON PROVIDER NAME. (a) A provider
may not use a name that:
(1) includes "insurance," "casualty," "surety," or "mutual" or
any other word descriptive of the insurance, casualty, or surety
business; or
(2) is deceptively similar to the name or description of an
insurance or surety corporation or to the name of any other
provider.
(b) A provider may include in its name "guaranty" or a similar
word.
(c) This section does not apply to a provider that, before
September 1, 2009, included a word prohibited under this section
in its name. A provider described by this subsection must
include in each identity recovery service contract a statement
substantially similar to the following: "This agreement is not
an insurance contract."
Added by Acts 2009, 81st Leg., R.S., Ch.
36, Sec. 3, eff. September 1, 2009.
Sec. 1306.111. MISLEADING STATEMENTS PROHIBITED. A provider or
the provider's representative may not, in the provider's identity
recovery service contracts or literature:
(1) make, permit, or cause to be made any false or misleading
statement; or
(2) deliberately omit a material statement if the omission would
be considered misleading.
Added by Acts 2009, 81st Leg., R.S., Ch.
36, Sec. 3, eff. September 1, 2009.
SUBCHAPTER D. DISCIPLINARY ACTION
Sec. 1306.151. DISCIPLINARY ACTION. On a finding that a ground
for disciplinary action exists under this chapter, the commission
may impose an administrative sanction, including an
administrative penalty as provided by Subchapter F, Chapter 51.
Added by Acts 2009, 81st Leg., R.S., Ch.
36, Sec. 3, eff. January 1, 2010.
Sec. 1306.152. INJUNCTIVE RELIEF; CIVIL PENALTY. (a) The
executive director may institute an action under Section 51.352
for injunctive relief to restrain a violation or a threatened
violation of this chapter or an order issued or rule adopted
under this chapter.
(b) In addition to the injunctive relief provided by Subsection
(a), the executive director may institute an action for a civil
penalty as provided by Section 51.352. The amount of a civil
penalty assessed under this section may not exceed:
(1) $2,500 for each violation; or
(2) $50,000 in the aggregate for all violations of a similar
nature.
Added by Acts 2009, 81st Leg., R.S., Ch.
36, Sec. 3, eff. January 1, 2010.
Sec. 1306.153. MULTIPLE VIOLATIONS. For purposes of this
subchapter, violations are of a similar nature if the violations
consist of the same or a similar course of conduct, action, or
practice, regardless of the number of times the conduct, act, or
practice occurred.
Added by Acts 2009, 81st Leg., R.S., Ch.
36, Sec. 3, eff. January 1, 2010.
Sec. 1306.154. ADMINISTRATIVE PROCEDURE. Sections 51.305,
51.310, and 51.354 apply to disciplinary action taken under this
chapter.
Added by Acts 2009, 81st Leg., R.S., Ch.
36, Sec. 3, eff. January 1, 2010.