At a time when insurance IT executives are under pressure to do more with less, the demands of regulatory compliance can seem to add insult to injury-it's hard enough trying to make wise technology investments without having precious resources diverted to compliance-related projects. But if some aspects of regulatory compliance may sometimes seem gratuitous, it's worth reflecting that regulations such as HIPAA, Gramm-Leach-Bliley, USA PATRIOT Act and Sarbanes-Oxley aim at a fundamental concern for insurance companies: being able to more efficiently and securely circulate and store vital documents. So if there's a silver lining to the compliance cloud, it's that it can provide an opportunity to establish content and records management solutions that will not only protect companies from the fines and loss of reputation associated with compliance failures, but will actually improve the way they do business.
Regulatory compliance is nothing new for insurance companies, but the menu of federal regulations that insurers now face brings unaccustomed challenges, according to John Sarich, FileNET's (Costa Mesa, Calif.) industry marketing manager for insurance. Mastering insurance records through their lifecycle is essential to achieving compliance to a variety of regulations, but insurers have tended to deploy disparate point solutions to handle documents. "Content management is an integral part of managing records, but insurers need to look at content management as an enterprise issue," Sarich opines. Only 20 percent of the information that enters the typical insurance company is structured-such as forms with defined fields-according to Sarich, and 80 percent is unstructured; for example, written correspondence, faxes, phone calls and e-mails. "Unstructured information is very loose and hard to manage, but all of it belongs in some kind of workflow and business process within the company," Sarich comments."
Getting that kind of hold on content can be a difficult and expensive task, but it is one that can lead to better collaboration between IT and business, according to Tim Hagn, manager of storage engineering and implementation at Zurich North America (Schaumburg, Ill., $13.6 billion in premiums written in 2002). Hagn diputes the contention that compliance is a gratuitous drain on resources, arguing that compliance forces IT and business people to sit down together and examine business processes from a workflow and information lifecycle management (ILM) perspective.
"These are conversations that for a lot of companies wouldn't normally happen, but they're happening now," Hagn says. "Information workflow and ILM are getting a longer look, and in some cases a first-time look due in some part to regulatory requirements." That interaction fosters tighter alignment of IT and business and results in a better understanding of their information stock-in-trade, in Hagn's view. "They find better ways of communicating information, better ways of determining its value, and arriving at appropriate classifications of data," he says.
Once companies put that understanding into practice, stepping up to emerging regulatory requirements is likely to be much less of a challenge. Hagn likens it to going up a staircase step by step rather than having to leap three or four stairs at time, Hagn says. "Your heart's not pounding nearly as much as it would if you hadn't laid that groundwork."
In the view of Barbara Koster, CIO, Prudential Financial (Newark, N.J., $422 billion in total assets), that groundwork is a matter of having the right customer data stored in the right manner. "The insurance business at Pru starts from the fundamental piece of data that's collected from the agent in his first interaction, right through to the death claim when the insured dies, or when the annuitant cashes in," she says. "We designed from the data elements to begin with, and that is now helping us with the regulatory environment, making sure we have the right information about the customer stored and then validated according to the requirements."
Anthony O'Donnell has covered technology in the insurance industry since 2000, when he joined the editorial staff of Insurance & Technology. As an editor and reporter for I&T and the InformationWeek Financial Services of TechWeb he has written on all areas of information ... View Full Bio