The demands for organic growth are intersecting with an increasing volume of regulatory pressures tied to consumer protection to create a perfect storm for insurers.
Regulation is largely a stepchild of markets; as the economy ebbs and flows, so does lawmakers' interest in protecting businesses and the consumers who rely on their services. Lately, thanks mostly to technology-enabled customer communications and transactions, consumers are the focus of much of the regulatory interest affecting insurers in the United States and abroad.
Yet, against the backdrop of increased reporting requirements to satisfy consumer protection mandates, insurers may ask, "How much is too much regulation?" The G20 recently asked the Financial Stability Board (FSB), which coordinates the work of national financial authorities and international standards organizations for effective regulatory policies, to cooperate with the Organization for Economic Co-operation and Development (OECD), which provides a forum for governments to seek solutions to common economic problems, in its work with consumer finance protection.
The OECD's reach into the insurance sector is not new; in May 2011, the organization agreed on revised OECD Guidelines on Insurer Governance, which calls for insurers to have "boards with necessary leadership, expertise, and independent decision-making, effective risk management and internal control systems and integrated firm-wide reporting within an insurer...."
It follows that industry groups are questioning this new "consumer agenda," especially in light of the potential for international and state regulatory issues to overlap with federal efforts. Recently, David Snyder, the American Insurance Association (AIA) VP and associate general counsel for public policy, cautioned regulators' support of mandates that may result in "duplicative and prohibitive regulation of a stable insurance industry and marketplace," calling out measures that are inefficient.
That cautionary note isn't stopping the National Association of Insurance Supervisors' (NAIC) International Insurance Committee from reviewing a full spectrum of international regulatory issues including the Solvency Modernization Initiative (SMI), recent developments before the OECD, and recommendations from the International Association of Insurance Supervisors (IAIS). The outcome of this review has yet to be published.
All this activity means insurers must improve their understanding of regulatory risk, as well as identify and track changes to regulatory policies. The costs associated with making even simple changes to compliance functions are significant and create additional demands on resources. According to a Thomson Reuters' Governance, Risk & Compliance business unit report, more than 84 percent of compliance officers surveyed believe the flow of regulatory information will increase in 2012. More than a third of those respondents report spending an entire workday each week considering regulatory changes.
Insurers reviewing their consumer strategy, therefore, must take into consideration the largest possible risk of doing business with this mobile technology-enabled and social media-wielding market, and weigh that against the cost of compliance.
Social Media
In an informal community such as Facebook, despite the fact that information may be publicly displayed, consumers are not thinking about insurance repercussions when posting.
"If I'm friending my insurance company on Facebook and then start asking them questions, giving them details about me and sharing personally identifiable information, an insurance company does have a duty of care to remind me that I really ought not to be doing that because I'm opening myself up to personal identity fraud," says Sarah Carter, VP of Marketing, Actiance.
"Then again, the insurance company also has a duty to understand the suitability of products they're selling to the consumer, and in that way, social really is a very good thing because you can identify more about a lifestyle and potential risk factors by potentially tracking what folks do on social networks."
To assist insurers, regulatory bodies have tried to provide guidelines for most basic communication and branding purposes, which mostly translate old rules of communication to new mediums.
"The NAIC are following very much what FINRA, in the broker/dealer space, did: making sure communications are reviewed before they're sent, making sure the proposed product is suitable and the records are retained," Carter said.
Mark Henneges, head of digital strategy, ING U.S., provides a basic checklist for compliant social media communications: have a system of review for posts; archive all conversations carefully, date them and make sure they're easy to access; and maintain the responsibility and integrity owed to advisors and reps as well as the public.
Indeed, social media is, on a basic level, just another form of electronic communications and so the old rules apply. But what about social's potential beyond basic communication and branding?
"If you distill it down, here are the two challenges: companies don't want to be left behind, and they want to make sure that if they do something in the social world, they're doing it in an effective and positive way," Carter says.
This is why Kathleen Mayko, digital community manager at Massachusetts Mutual Life Insurance Company (MassMutual), says the insurer developed strong relationships with legal and compliance departments. Those ties have only grown with the company's increasing use of social technologies.
"We still work with them to keep abreast of various regulatory bodies' published guidelines and to obtain guidance," Mayko says. "We also work closely with our technology vendors to ensure that our record-keeping and archiving responsibilities are in line with all applicable guidelines and that we can flex for any new regulations that are introduced."
ING's Henneges spoke to the difficulties in accommodating such flexibility, asserting that while you need to staff appropriately for governance and day-to-day review, it's more about implementing integrated business practices than establishing a team or infrastructure. "When you look at social media becoming an integral part of business, it's not something that lives within one particular group," he says.
The need for flexible, diligent social operations has kept insurers cautious of moving forward too quickly. With mobile technologies, they may not have as much of a choice. "In about two-and-a-half or three years, if you don't have a way for individuals to interact with you via mobile, then you're going to be left behind," Carter predicts. Similar to social media, regulators are attempting to slowly shepherd insurers into the space.
"The regulators don't care that you share data on a mobile device or a desktop PC or a bit of paper," says Carter. "It's all about the content of that piece of communications. Of course, with mobile, it's harder to control and secure data."
Keeping Data Safe
This feeds into what insurers continue to view as the largest risk: data protection and privacy.
Yet the challenges and related approaches to data protection and privacy are different at the enterprise level versus the agent or consumer level, notes Kelly Purcell, EVP, global marketing and sales at eSignSystems. "What drives insurers to focus on data protection at the enterprise level is fear of noncompliance," she says. "Problems with data loss or breaches result in financial fines, affect the band, and at the consumer level entire groups are going after insurers with class action suits."
Case in point: In October 2011, the U.S. Securities and Exchange Commission introduced guidelines calling for publicly held companies to disclose cyber incidents and whether cyber insurance has been purchased. And while organizations do not legally have to disclose this information, plaintiffs' attorneys are likely to use the SEC guidelines as a threshold liability standard, notes Kevin Kalinich, global practice leader of cyber insurance for Aon Risk Solutions.
"Additional implications of these guidelines remain an unknown," Kalinich says. "If an organization does not disclose its cyber incidents, it may face fines from the SEC and open the door to increased shareholder lawsuits for not properly disclosing or assessing the risk of an attack. We may also see a time when credit rating agencies take cyber security exposures into account when evaluating a company, just as Standard & Poor's has done with enterprise risk management."
To date, there's been a price to pay as a result of this increased scrutiny, notes Paul Delbridge, partner with PwC's actuarial and insurance management solutions practice. "For a long time, we've seen banks and insurers reluctant to provide full connectivity; for example, account transactions transmitted over Blackberries or iPhones. Any insurance that offers a platform must be careful to lock down information in order to protect their brand and sanctity of information."
The Role of e-Signatures
Although not publicly held, Midwest Family Mutual Insurance Co. has a strong compliance effort underway tied to data protection, which is closely tied to its customer agenda.
"We are focused on the customer, and that includes a two-tier marketing approach using our 600 independent agents," says Aaron Boyd, VP, Marketing and R&D at Midwest Family. "As part of that focus, we want to make it as easy and efficient as possible to distribute a policy and provide the best claims service for our insureds, but we need to do all of it safely and securely."
The insurer is currently evaluating additional portal and e-signature technologies as a way to help agents book more business at the point of sale. "We've relied on our independent agents to print the app, gather the signature and then keep it in their office," Boyd says. "But we know we need a more seamless way to capture a more secure, legally binding signature for both personal and commercial lines."
ESignSystems' Purcell believes that agents are driving carriers' e-sign initiatives. "Independent agents are not writing insurance in front of the customer as much as they would like, while captives also feel they are behind the eight ball, asking for e-signature technology to protect the transaction. Both fear the loss of competitive advantage," she says.
Boyd agrees that the nature of e-signatures, the transmission of information to a secure room where a person can log in and sign, documenting time in, time out, what was reviewed and what was signed, solves several problems. "It's automated, so you are forcing the agent and the insured through the process," he says. "We have proof we have the signed app, which can be accessed anywhere by the agent or the insured at the agent's office. Plus, it's digitally archived, so it becomes a data element, whereas paper and a file sitting in an agents' office isn't something we can absolutely verify exists. With a digital app, we can check a box and have it," he says.
Midwest Family's ongoing focus on the customer means providing good customer service to the agents through its existing portal, Boyd says. "Agents are advocates of the consumer, so they go hand-in-hand with customer engagement."
With a 96-percent agent customer satisfaction rating, the insurer hopes to apply the same philosophy to its customers. Midwest Family is currently developing an insured portal, where policyholders can access information directly, make payments online, complete a first notice of loss, and more.
For mobile apps, while adoption is imperative, a more long-term mindset is required to maintain compliant practices. All customer and agent technology initiatives will include data privacy and protection features that make them compliant with regulatory requirements.
