Challenges in Insurance Legal, Compliance and Enterprise Risk Management
For decades insurers have provided little to no automation to support their Legal, Compliance, and Enterprise Risk Management teams. This has resulted in this functional area being viewed as a bottleneck to launching new products and services. It takes time to understand local laws in entering new markets, analyze regulatory compliance and assess legal requirements. The sheer number of issues can be daunting. Changing contract or policy wordings, assessing D&O, Errors and Omissions, and Employer Practices risks can require numerous back and forth communications. Sorting through multiple legal entities, M&A and divestitures can be difficult to do when using simplified or non-existent tracking tools. Compounding matters is that the longer each case or project takes, the more cases overlap, causing tremendous inefficiencies and making the Legal team feel like it is continually fighting fires and struggling to keep up.
Microsoft Office tools, physical files, and some semblance of a case management system are no longer sufficient to assist this functional area in carrying out their duties, which are increasingly critical to every insurer’s success.
Transformational Thinking
Insurers need to shift towards transformation thinking with respect to Legal, Compliance and Enterprise Risk Management (ERM). (For a good definition of transformational thinking vs. legacy thinking, see
Reject these ideas:
The first step is to reject the idea that the Legal, Compliance and ERM can continue to function successfully with the limited technology they are have been provided. At the same time, understand that that most insurers are unwilling or unprepared to spend millions for Legal & Compliance systems.
Accept these ideas:
Begin with the idea that transformational thinking starts with the Legal department stepping up and categorizing their processes, procedures and activities into “Services.” A list of services like this would be a good example:
- Supporting customer-focused projects, and new products and services
- Assisting Sales and Marketing with entry into new markets by analyzing and complying with meeting local laws and regulatory requirements
- Safeguarding the interests of the company (e.g. compliance, enterprise risk management from a solvency perspective)
- Improving day-to-day operations by overseeing third party agreements, contract revisions and eliminating unnecessary legal entities
- Pursuing special activities on an on-demand basis (e.g. Eurozone task force, and dealing with other unanticipated risks)
Next, understand that the Chief Legal Counsel, and/or the Chief Compliance Officer, and/or the Chief Enterprise Risk Officer has to request funding for new systems (and future enhancements) by mapping their categorized activities (above) to the business unit leaders who are sponsoring and leading those revenue-generating programs.
Lead with these ideas:
The primary stakeholders should leadthe effort in launching a Legal, Compliance and ERM program that leverages new technologies and a major financial investment. Include the following best practices:
Define the data the department requires to review and approve new products and services, and request that Operations and IT conduct the extraction from the necessary systems and store them in to an information data store. Request IT and Operations to provide access to the data store and to the company’s document management system, which often includes a workflow management capability. This places Legal, Compliance and ERM in the midst of products and services development and will prevent delays caused by being involved late in the process.
Obtain a case management system, which will enable the department to electronically store, access and distribute information specific to cases. Treat new products and services, and new risks (e.g. Eurozone crisis), and new regulatory requirements as “cases.” Extend the case management to track the company’s performance against regulatory changes such as OFAC, SarBox, HIPAA, Solvency II, Basel II, new requirements from the FCA and PRA in the U.K., and data privacy laws across the globe. Utilize the system to track activities toward complying with local laws and regulations as an insurer enters emerging markets, M&A and divestitures. Collaborate with Actuarial services for data modeling and analytics to anticipate risks based on experiential data and external data sources.
Fund the first two steps by tying them to budgets and investment funds of the business units who are developing and selling new products and services, entering new markets, and fulfilling other “revenue-generating” activities.
Collaborate with the Sourcing and Procurement department, Finance, Operations and IT to store all new third party contracts in a single repository as part of a company-wide information and data strategy. All the aforementioned units will benefit by having access to one version of the most current information on third party contracts. This will help the company meet regulatory reporting and audit requirements, and provide transparency to enterprise risks such as business interruptions due to third party insolvency.
About the Author
Sam Medina is a global business transformation executive at TCS, who specializes in advising
