Insurers' Compliance Efforts Are A Work In Progress

Many corporations are catching flak these days for various operational inconsistencies.For instance, a recent survey indicates that companies, including insurers, have implemented seemingly effective, written IT security policies, but have not optimized these efforts by providing proper training and certification to its people.

A report released by Mountain View, Calif.-based enterprise software provider ILOG Inc. and Pearl River, N.Y.-based industry trade group ACORD also exposes corporations' illogical strategies--this time regarding regulatory compliance and corporate governance.

The ILOG/ACORD survey of an undisclosed number of property/casualty, life and reinsurance companies found that response to fast-changing regulatory and corporate business-related governance demands is still mired in manual processes and ad-hoc measures.

Although insurers have experienced the ramifications of manual compliance efforts--such as redundancy and errors--most are not implementing automated solutions.

And, a majority of respondents have yet to deploy available solutions in order to align business objectives with information technology.

Insurance companies are appointing compliance officers to manage the impact of regulatory demands. But they're still failing to fully embrace the business value of IT in addressing laws such as HIPAA and Sarbanes-Oxley.

"There is a clearly defined line between companies that are embracing IT to address compliance regulations head on and those that are not," says Kate Ciravolo, vice president and counsel, government affairs, for ACORD.

"While we're pleased that the industry is taking the first step by appointing compliance officers to manage the process, those companies that fail to leverage this opportunity to automate core business processes and standardize across their enterprises are likely to fall victim to increasingly complex federal and state regulations," she says.

The next step

The ILOG/ACORD survey, conducted over the course of two months this past winter, asked representatives from the various insurance segments to consider how effectively their organizations are addressing compliance mandates and to report on the role of technology.

The report clearly discovered contradictions. For example, more than one-third of those surveyed (38%) agreed that the primary objective in managing the impact of compliance through IT is to improve operational efficiency in core business processes by using technology solutions that increase automation.

Yet, while the majority of organizations surveyed have designated a compliance officer or team to ensure they are meeting compliance regulations, less than one-quarter surveyed (21%) leverage their IT department in conjunction with that officer.

Rather, 42% of companies surveyed address compliance regulation issues on an ad-hoc, reactive basis.

This is an indication the industry is failing to put process-automating technologies in place to manage core business processes across lines of business, according to ILOG and ACORD.

The survey also found that 25% of companies surveyed planned to implement an enterprisewide strategy to address the obligations associated with regulatory compliance and related changes, while an equal number of respondents (25%) plan to implement a solution that allows monitoring for distinct lines of business.

For reprint and licensing requests for this article, click here.
Security risk Core systems Data security Compliance
MORE FROM DIGITAL INSURANCE