Workflow Templates for Insurance: Insurance Agency Office Closing Checklist

Client File and NPI Security

Lock paper client files in fire-rated cabinets

Walk each producer's desk and the CSR pods. Loose ACORD 125/130 applications, dec pages, loss runs, and printed COIs all contain NPI under GLBA and must be in a locked cabinet overnight — not stacked in inboxes. Pay attention to remarketing folders that tend to live on desks for weeks.

Clear desks of applications and dec pages

Clean-desk policy is a documented control under most agency WISPs and a Part 500 §500.11 expectation for vendors handling NPI. Anything left on a desk after close is treated as an unsecured exposure for the morning audit.

Confirm the shred console is locked

The shred vendor is a Part 500 §500.11 third-party service provider — premature disposal or an unlocked console is a reportable control gap. Verify the slot is closed and the bin is keyed shut.

Log out of the AMS and carrier portals

Applied Epic, AMS360, EZLynx, and each carrier portal session must be fully signed out — not just minimized. Persistent sessions left on shared workstations are the most common finding in agency E&O cyber audits.

Clear the shared printer queue

Pull any abandoned print jobs from the MFP tray — policy packets, COIs, claim acknowledgement letters often sit overnight. Cancel any held jobs in the device queue before close.

Pending Binders and Claims Handoff

Verify OFAC screening on today's binds

Pull the bind log and confirm each new policy and claim payee was screened against the OFAC SDN list today. A miss at the close step turns into an unauthorized transaction the next morning when premium posts.

Review the pending bind queue

Open the bind workflow in the AMS and identify any submissions where the insured expects effective dates before the next business morning. Anything time-sensitive needs an after-hours plan; do not let an indication roll into a quote without an underwriter touching it.

Coordinate the overnight binder with the on-call underwriter

Email the on-call underwriter the submission, signed application, current loss runs, and any binding-authority notes. Confirm carrier appetite and producer state licensing before the handoff — a bind by an unappointed producer is rescindable.

Roll the FNOL line to the after-hours TPA

Forward the claims intake line to the contracted TPA or carrier 24/7 number. Texas Chapter 542's 15-business-day acknowledgement clock starts at FNOL receipt regardless of what time the call comes in — gaps in coverage create prompt-pay exposure.

Flag open prompt-pay and statutory clocks

Note any claim approaching a state-specific deadline: TX Chapter 542 acknowledgement or decisioning windows, FL 90-day decision rule, NY 15-day acknowledgement under Reg 64. Add a morning-priority flag in the AMS so the assigned adjuster sees it first thing.

Technology and Backup Verification

Confirm the nightly AMS backup completed

Check the backup console for the most recent Applied Epic / AMS360 / EZLynx job status. The GLBA Safeguards Rule and NYDFS Part 500 §500.08 require routine, tested backups of NPI; an undetected silent failure for several days is a documented exam finding.

Escalate the backup failure to the MSP

Open a P1 ticket with the agency's MSP and copy the named CISO designee. A confirmed backup failure is a control deficiency that may trigger a 72-hour notification analysis under the NAIC Insurance Data Security Model Law if recovery is not assured.

Verify MFA on after-hours remote access

Part 500 §500.12(b) requires MFA for any individual accessing the agency's internal network from an external network — including producers connecting from home and any contractor with VPN access. Confirm tonight's remote sessions all show an MFA factor in the access log.

Power down workstations and shared printers

Servers stay up for nightly jobs; user endpoints and MFPs power off. A locked-but-running workstation left overnight is a target for credential-stealing malware and a finding on the next IT audit.

Facility and Physical Security

Secure premium checks in the night deposit

Premium checks held overnight are commingled-funds and fiduciary risk under most state producer regulations. Drop them in the bank night deposit or lock in the agency safe — not in a desk drawer.

Set the thermostat to night setback

Engage the after-hours HVAC schedule. In coastal or high-humidity offices, do not set back so far that file rooms exceed humidity thresholds — paper claim files and humidor-sensitive records degrade.

Inspect emergency exits for accessibility

Walk each marked exit. Boxes of file storage, printer overflow, or marketing materials cannot block egress paths — this is both an OSHA finding and a property-carrier loss-control inspection point.

Reconcile keys and access cards

Pull the access roster and confirm every issued key and badge is either with its assigned holder or in the lockbox. Terminated producers occasionally retain badges; reconcile here so it surfaces before payroll cutoff rather than at the next quarterly audit.

Arm the perimeter alarm system

Last person out arms the alarm, locks the entrance, and signs off below. The closing officer's signature is the documented chain-of-custody record for the night and is what the agency cites if a forced-entry claim arises against the building owner's policy.