10 Years On, and Compliance is Still a Bear

Stacy Kaper just published an article here at Insurance Networking News on the 10th anniversary of the passage of the Gramm-Leach-Bliley Act, which points to the flaws such as lack of oversight over financial services holding companies.

While the government appears to be fumbling with proper oversight from the many laws and regulations passed in recent years, companies themselves are still searching for the most expedient ways to handle and verify compliance information.

How are insurance companies managing in a regulatory climate that may grow even tougher in the wake of the recent financial crisis? For the most part, compliance is a still work in progress, a new Celent report confirms. Celent's “US Insurance Compliance Survey 2009,” based on a survey of 210 companies, finds that 40% described their program as “robust,” while another 50% were still developing or starting to formalize their programs.

Compliance continues to be a vexing concern for many businesses. The Celent survey found that all respondents expected their compliance costs to go up over the next year by varying degrees. For many companies, at least in the early stages, compliance has been a mainly manual process, with full-time employees devoting weeks going through and preparing audits and reports. Plus, for many companies, compliance is like taxes—a cost of doing business.

But what if compliance helped the business in a more positive way? Over the years, some observers have talked about undertaking “sustainable compliance,” meaning not only meeting the letter of the law during reporting periods, but building compliance processes in a more automatic fashion into everyday business processes.

For example, eight out of 10 respondents to the Celent study indicate they have a formal, documented compliance program that deals with breach of data security events. The benefit reaches beyond simply meeting a mandate—data security is simply good business. If data security is built into the movement of all data across domains inside and outside the company, companies avoid the penalties for misuse and carelessness, but also have the trust and confidence of existing and potential customers. It's a selling point. Another benefit of compliance is better integration of data from across the enterprise, which is an additional boost to the business.

Technology can make these practices an automated part of all processes. Interestingly, Celent's Mike Fitzgerald, author of the compliance study, advises that insurers “beg and borrow automation” when they can. “The main technology challenge currently encountered by survey respondents is inability to communicate, share, and control data,” he writes. “This is a common problem, especially in operational areas. Celent suggests that compliance professionals find where similar issues have been solved and then adapt and adopt existing solutions.”

For reprint and licensing requests for this article, click here.
Compliance Policy adminstration Security risk
MORE FROM DIGITAL INSURANCE