Facing myriad and ever-changing regulatory mandates — and, in many cases, increasingly aggressive enforcement of those mandates — it stands to reason that insurers might crave technology to help them achieve compliance with greater confidence and at lower cost.
But while insurers are indeed investing in such compliance-specific technology, they are also discovering that IT initiatives driven by broader business performance goals often help ease the regulatory burden, too. The result? These companies have been able to reduce the “drag” that regulatory compliance exerts on their operations by making fruitful investments in their core business systems.
Diane Amodeo, chief underwriting officer for Excess Casualty at New York-based XL Group, explains it succinctly: “Excess Casualty went paperless to better manage our business processes and business continuity. Compliance with document retention and discovery requirements was an additional advantage.”
Amodeo offers a similar perspective in regards to her company’s underwriting systems. Web-based underwriting and pricing tools embed rules to ensure that underwriters work within corporate guidelines for risk management, pricing and profitability targets. But those same rules can just as readily be adapted to statutory regulations, ensuring that the required forms, filings and notices are sent to the right parties at the right time.
“Whether mandates are driven by corporate business strategy or regulatory agendas,” she explains, “we continue to use technology to build tools that reinforce and embed compliance seamlessly into every step of the underwriting process.”
Beyond Excel
The Motorists Insurance Group offers another example of how this works. The Columbus, Ohio-based carrier boasts about $680 million in net written premiums and $2.2 billion in assets. It also found itself managing an increasingly complex set of reinsurance agreements using Excel spreadsheets that were manually created from claims system data.
Anyone familiar with the way reinsurance is used to manage risk can understand how this could lead to governance issues. With separate spreadsheets for each reinsurance agreement, it was difficult to determine what the company’s exposure was with any single reinsurer. It was also difficult to see how an aggregate catastrophe agreement with one reinsurer might overlap with an excess loss agreement with another reinsurer.
To overcome these shortcomings, Motorists turned to Dallas-based Effisoft USA’s WebXL reinsurance management system. The WebXL system was integrated with the COSMO claims system used by Motorists’ main operating carriers and programmed to administer all ceded reinsurance agreements for Motorists’ personal property and casualty, commercial property, workers’ compensation, catastrophe, and boiler and machinery claims. The systems’ reporting capabilities were also enhanced with the addition of tools from SAP Business Objects.
The benefits were sundry. Motorists achieved better governance of its reinsurance agreements from a risk management perspective; with the automated system in place, the insurer was able to reduce the number of employees needed to administer its reinsurance pro- gram from three full-time equivalents to one and a half; and the new system positioned Motorists for growth because it allowed those one-and-a-half FTEs to man- age an even larger portfolio of reinsurance agreements.
Perhaps unexpectedly, the WebXL system also made it substantially easier for Motorists to fulfill critical compliance reporting requirements, such as the demanding Schedule F for reinsurance. It also became much simpler to respond to ad hoc reporting requests from state examiners, external auditors, rating agencies and reinsurers.
“Our primary goal was to automate the administration of our ceded reinsurance so we could better man- age risk and recoverables,” says Tom Brock, assistant vice president of finance at Motorists. “The simplicity, speed and integrity that WebXL offered from a compliance standpoint turned out to be an additional business benefit.”
Historically, business rules have been baked into operational systems by coding them into the application logic for each of those systems. But this requires specialized coding to create new rules and modify old ones as regulatory requirements change. Code-embedded rules can also make it difficult to understand where and how compliance enforcement mechanisms are being implemented across the enterprise.
This is one reason why newer applications that provide a more intuitive way for non-technical users to manage business rules have so much appeal. In Motorists’ case, the insurer used the WebXL system to abstract its reinsurance rules from the underlying claims system, creating a free-standing rules repository that serves as a single point of control and auditability for the entire enterprise.
Taking this approach also made it possible for the P&C carrier to transition from COSMO to Guidewire ClaimCenter without a big disruption to its compliance operations.
“If your business rules are buried in code, you’ll have a lot of difficulty making changes and being able to demonstrate to auditors when and how you made those changes,” says Donald Light, director of Celent’s Americas property/casualty practice. “This is why CIOs should have a seat at the table when it comes to compliance — and why they need to consider the audit ability of rules management across all enterprise systems, beyond simply having the task of implementing new rules.”
A Fascinating Quilt’
What makes compliance so challenging is the complexity and unpredictability of the regulatory landscape. Insurance is primarily governed at the state level. So insurers operating nationally have to track and comply with 50 different sets of mandates — 53 if you count the District of Columbia, Puerto Rico and the U.S. Virgin Islands — that address everything from product and pricing acceptability to educational requirements for registered agents.
In addition to issuing different regulations, these state governing bodies operate on different schedules and have their own cultures of enforcement, all of which is subject to the ever-shifting winds of regional politics.
This is not to say that insurers are exempt from federal regulation. On the contrary, insurance companies selling variable life policies, annuities and other securities-based products are subject to the same SEC regulations as any other financial services company. And those in the health insurance business have to comply with legislation such as HIPAA and the Affordable Care Act.
Matters become even more complex for companies doing business overseas. The regulatory authorities of sovereign nations take a variety of approaches to “non-admitted” insurance (i.e., policies issued in a country by carriers that aren’t licensed in that country and not subject to its insurance regulations). Some allow it, some forbid it and some place certain restrictions on it. Premium taxes also differ widely from country to country — and, while the insured parties are usually responsible for paying such taxes, insurers bear the responsibility for informing insureds about the tax liabilities associated with the policies they issue. And because they transfer funds across national borders, insurance companies also have to be cognizant of anti-money laundering regulations.
The result of all this is what Robert McIsaac, a principal at insurance industry advisory firm Novarica, terms a “fascinating quilt” of regulations that can be extraordinarily difficult for even the largest insurers to track, let alone comply with.
That insurers typically run their businesses using a patchwork of applications, databases and spreadsheets that have been acquired over many decades only adds to the challenge. “It’s easy to conceive of a scenario where a life insurance company has multiple policies on the same individual in multiple systems, one of which may date back 40 years or more,” McIsaac remarks. “Getting a single view of that deceased policyholder when it’s time to pay a claim — or as part of a state’s auditing of death claim processing — can be mind-numbingly complex.”
All this makes it supremely challenging to ensure that the right people know about the right regulations at the right time. That’s why many insurers enlist partners such as Thomson Reuters and Wolters Kluwer to track, aggregate and manage regulatory information on their behalf.
An Eye to the Future
But insurers have to do more than just maintain comprehensive information about current regulations. They also have to track pending regulatory activity, so that they can prepare for new requirements coming down the pike. Yet, ideally, insurers would like to spare their busy employees from having to read and assimilate a lot of regulatory information that isn’t directly relevant to their jobs, even as they ensure that nothing that is relevant is overlooked. In response, regulatory content aggregators are attempting to add value by giving insurers the ability to slice and dice their reports in highly customizable ways.
“We work with clients to develop content taxonomies that align with the way their businesses are organized,” says Jessica Bolf, head of insurance proposition at Thomson Reuters. “This enables them to use their subscriptions to deliver information by product line, geography, or other attributes relevant to the specific roles and responsibilities of employees across their organization.”
It’s not enough, though, to provide accurate, up-to-date and relevant regulatory content to its employees. To pass a compliance audit, insurance companies also need to verify that those employees have actually read and understood the materials provided. There are several approaches compliance managers can take:
Passive tracking: For content posted on corporate intranets, standard Web tracking tools can be used to log page visits by individual users, along with the date of the visit, the time they spent on the page and click-path they followed to get there.
E-learning software: In situations where it’s important to confirm comprehension (such as the licensing of sales reps), generic e-learning software packages can be used to test users and record the test results for future reference.
Specialized compliance solutions: Companies can also deploy more specialized systems that maintain distribution lists, issue alerts when users do not attest to having reviewed and understood content within a given time frame, and provide compliance managers with dashboards for monitoring the insurer’s compliance posture across the enterprise.
Some state regulators also are trying to get into the automation act by providing services that help insurance companies track their licensed agents’ compliance-related activities online. Beyond up-dates on an agent’s licensing status, this can include information like class rosters for continuing education programs.
“Insurance companies want to get their agents productive faster, avoid license renewal problems and reduce the cost of licensing non-resident agents,” observes Keith Kuzmich, chief of the Division of Licensing Services at the California Department of Insurance. “We are committed to expanding our online services so we can help them achieve these goals while also providing essential protections for California’s consumers.”
Benefits of Due Diligence
While insurers may at times fall short when it comes to complying with regulations, being able to demonstrate reasonable due diligence to regulators can go a long way when things do go awry.
“If you can quickly give regulators electronic access to the business records they want and demonstrate reasonable efforts to comply with the intent of regulations, you can usually mitigate any fines and penalties associated with the discovery of some accidental breach,” suggests Sarah Mims, deputy general counsel at XL Group.
By the same token, insurers should take care that their compliance-related monitoring falls into the Goldilocks zone, and is neither too restrictive nor too laissez-faire. “If your settings are too loose, you could miss a material breach,” notes Novarica’s McIsaac. “On the other hand, if your settings generate a lot of false positives, you’ll also risk missing a breach because you were overwhelmed with data. But an auditor will see that you did in fact get the relevant alerts and will wonder why you didn’t do anything about them.”
Ultimately, as so many managers have come to realize, a well-run business is easier to keep in compliance than one that’s poorly run.
“If you lay new technology over a bad process, you’ll just get a bad process that goes faster,” McIsaac observes. “So it’s a good idea to first troubleshoot your processes before you implement technology that ensures that those processes are followed.”
—INN
The Social Media Challenge
Social media offers insurers a valuable new channel for supporting customers, engaging prospects and recruiting talent. But it is treacherous ground when it comes to compliance.
Social networks make it very easy for carrier employees and independent agents to inadvertently share information or make representations that are proscribed by regulatory mandates. And during the course of a bustling workday, it is all too easy for someone to mistype or miscommunicate in ways that can adversely impact brand value — as well as materially damage compliance.
One way to address these risks is with policies that explicitly define what is and is not considered appropriate behavior on social media. In some cases, insurance companies even employ “ghost posters” whose job it is to handle social media communications for agents and executives.
New York-based ING spinoff Voya Financial is mitigating its social media-related risks by partnering with Austin, Texas-based Socialware, which provides a variety of support services to companies in regulated industries. Essentially what Voya has done is create a library of approved content organized into different financial topics such as retirement readiness and holistic planning. Voya also gives its network of 2,400 broker-dealers the ability to create their own personal content within a
set of policy guidelines.
In addition, the Socialware tools provide metrics that help Voya’s marketers and broker-dealers determine what kinds of content generate the best responses.
“Working with a partner like Socialware has enabled us to get a very robust program up and running quickly, while also allowing us to leverage a lot of proven best practices that we would have had to discover ourselves over time,” says Voya CMO Ann Glover. “Given that social media is still in such formative stages, it also made sense to work with a partner that could keep up with the changes taking place with the media and with the approaches regulators are taking to insurance company activity on those media.”
