Just as carriers are using technology in novel ways to cope with existing regulations, other regs may be waiting around the corner.
Despite the insurance industry being more highly regulated than almost any other, compliance issues are more apt to elicit resigned murmurs than howls of protests from insurers. Much like gravity, regulatory compliance is widely acknowledged as an immutable fact of life, and people in the industry realize no matter how much they wish it otherwise, it is not going away.
“It’s an everyday thing,” says Kevin Christy, R&D manager at Edina, Minn.-based Western National Mutual Insurance Co., adding that the vagaries of insurance requirements in certain states can sometimes be onerous.
Yet, while recent years have seen new regulatory requirements from Sarbanes-Oxley Act to the Patriot Act impact the way companies operate, the use of technology is helping insurers mitigate some of the hassles.
When one considers the mountains of paperwork insurers were already working under, it’s fortunate for insurers that this new growth of regulatory requirements has coincided so neatly with the rise of the Internet as the medium of choice for electronic filing.
SERFF USE IS UP
One electronic interface that is making life easier for insurers is the System for Electronic Rate and Form Filing (SERFF), Christy says. SERFF’s intent was to provide a cost-effective, electronic method of handling insurance policy rate and form filings between regulators and insurance companies. Developed by the National Association of Insurance Commissioners, the concept for SERFF traces back to the early 1990s, yet is just now becoming widely used.
“It’s been around for awhile, but just recently some states began mandating its use,” Christy says. “It really took off last year.”
Christy says he generally is happy with SERFF, and is especially happy that he no longer has to wait for mail to be delivered. “The turnaround times are faster now,” he says. “It’s an improvement. We probably have more than 300 filings a year between rates and forms and new introductions.”
Yet, certain states require SERFF filings while others don’t.
“Some states have been slower to adopt and put the new technology in place, but I think they are all getting there—pretty much everything has gone electronic at this point,” says Debbi Marquette, director, compliance solutions for Whitehill Technologies Inc., which was recently acquired by Frisco, Texas-based Skywire Software, whose offering, Tracker, automates the state filing process and is integrated with SERFF. “SERFF has been a driving force behind that, making sure that companies are utilizing electronic distribution means to get filings to the states,” she says.
THE SOX ERA
While the road to SERFF adoption was drawn out and, until very recently, voluntary, insurers had no such luxury when complying to the reporting requirements of SOX.
“The compliance era kicked off with SOX,” says David Hurwitz, VP marketing of Islandia, N.Y.-based CA’s Business Service Optimization business unit. “Initially organizations just threw people at this. Part of that reason is that failure is not an option.”
One of the results of the scramble to comply with SOX is that the cost of compliance was through the roof. “SOX, if nothing else, was the full employment act for consultants and accountants,” Hurwitz says. “You can keep paying for them or you can start to automate. This isn’t going away, and the question is how to do this more cost effectively.”
Christy says that as a mutual company, Western National is exempt from some of the more onerous aspects of SOX, which primarily targeted publicly traded companies. “It hasn’t been too bad for us, but it has certainly added some tasks.”
Marquette agrees that by forcing insurers to automate, SOX may eventually lower the cost of compliance. “I think Sarbanes-Oxley helped because companies realized they had to put processes in place,” she says. “In most companies, it’s not the compliance regulations themselves [that cause trouble] as much as management of the process.”
Hurwitz notes that because SOX and other regulations end up getting cross-referenced to similar controls, redundancies can be reduced if a company has the proper visibility of its processes. “Just because there’s an additional regulation doesn’t mean you need a different set of controls,” he says. “Your existing set of controls, if properly understood and cross-referenced, probably will meet most regulations. There is an opportunity to slash redundant activity in your IT organization.”
OLD TECHNOLOGIES, NEW USES
Marquette says that rather than seeking out new technologies to meet regulatory requirements, many insurers could do well with a synthesis of existing technologies. “The technologies already existed, but they hadn’t been used in this way before,” she says, adding that some companies are taking a project management approach to compliance, and using existing technologies, such as workflow, can provide insight and accountability into processes. “Nothing gets missed if everyone can see where a project stands, and can view benchmarks and company standards,” she says. “That openness alone will make a company more successful because nobody wants to be seen as the bottleneck, it’s put accountability in place.”
Another existing technology that carriers can use to tackle compliance is rules-based systems. Yet, David Straus, SVP of marketing for Redwood City, Calif.-based Corticon Technologies Inc., notes that the technology is of little value in and of itself. “The heart of a compliance system using rules are the rules,” he says. “It’s the knowledge—your people know more than your policies. It’s probably not pragmatic to think that we can automate everything.”
Strauss says the biggest benefit of a rules-based system in consistency, but stresses insurers should never confuse consistency for compliancy. “When you automate things, you move from one problem to another,” he says. “You can take these rules and put them into code, but what if the rules are wrong?”
Consequently, Strauss stresses auditing, and says that you can use business rules both to guide people through the compliance process, but also to review it after people make decisions. One of the primary benefits of this set-up is that it allows these reviews to happen in real time. “Instead of an auditor running a spot check, you can check every transaction through the business rules,” he says. “Instead of having a report that cuts the data, you have a dashboard on which you can see patterns of non-compliance.”
Strauss says that although the rules have to change, and the data analysis will change because you’ll want to cut the data a different way along different vectors, the pattern is reusable for different types of compliance.
NEW CHALLENGES
One different type of compliance is starting make waves among life insurers—the issue of annuity suitability. A 2007 research report from Needham, Mass.-based TowerGroup Inc. says life insurers should go above and beyond current regulatory requirements when dealing with the issue of annuity suitability.
The report, by Senior Analyst Rachel Alt-Simmons, says the widespread adoption of the “model law,” which holds insurance companies—not just the selling agents or broker-dealers—accountable for ensuring the appropriateness of their annuity products, presents new liabilities and challenges. “The adoption of this regulation places insurance companies under extreme pressure to find ways to ensure the products they sell are suited to the investors,” according to Alt-Simmons.
The largely paper-based nature of annuity processing systems, coupled with a lack of standardized industry processes, will make compliance difficult, the report says. “These paper-based processes make it difficult for insurers to screen applications in an automated fashion. That is because existing policy administration systems may not be able to support the business rules engines needed to weed out inappropriate transactions.”
The report suggests that insurers adopt a proactive approach to addressing suitability by leveraging business intelligence technologies. “The implementation of traditional business intelligence software solutions is essential to better understand and interpret the behavior of the broker, selling organization and end consumer. The increased transparency of business processes provides opportunities to mitigate compliance risk.”
Much like suitability is forcing some to consider a proactive approach, the issue of the Solvency II, a set of insurance requirements passed by the European Union is causing many insurers not only to look ahead, but to look across the pond.
Much like its banking analogue, Basel II, Solvency II requires insurers to provide a detailed glimpse of their risk management processes.
Ewa Dewor, senior executive in global risk and regulatory management for Bermuda-based Accenture, sees the impact of Solvency II reaching beyond Europe. “While Solvency II is only mandatory for European insurance, players with subsidiaries across the globe need to ensure the compliance of the whole group,” she says.
Because it covers every risk an insurance company is facing, Solvency II has the potential to impact a company’s risk management capabilities and, ultimately, its potential from a risk/return perspective, Dewor says.
“That means it’s not a stand-alone approach dealing with just underwriting risk or asset risk. It includes credit, market and operational risk, which have to be considered and are part of the capital requirements,” Dewor says. “It also obliges insurance companies to invest their risk management into their processes, and to prove that they have the risk information available out of the risk model and that they use it in their daily decision making.”
