Insurance & Technology is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


05:09 PM
Connect Directly

The Compliance Challenge

To meet the increasing challenges of regulation, insurers' compliance departments must partner with IT to centralize efforts, deploy automation technologies and institute controls.

Q: What are the biggest challenges carriers currently face in terms of regulatory compliance?

A: Joseph D. Spada, Lincoln Financial Group: The amount of new regulations coming through on a state and federal level is a big challenge. In addition, there is increased regulatory scrutiny of the industry. Companies and their compliance departments need to align and adjust resources to meet the regulatory needs these challenges present.

A: Neil Weiss, Mobius Management Systems: Simply keeping up with (and absorbing the costs of) ever-increasing compliance requirements is itself a major challenge. For example, accelerated reporting schedules require access to and the consolidation of data residing in multiple, disconnected systems across the organization. Companies must conform to different requirements by state, a cumbersome process that must be automated. Data must be 100 percent accurate, and its validation must be automated to reduce dependence on labor-intensive, error-prone manual processes.

Q: How can IT help insurers meet compliance challenges?

A: Spada, Lincoln Financial: IT plays an integral role in supporting initiatives to bring automation to a company's compliance program. For example, IT support is key in the implementation of automated applications to monitor for money laundering activity. Compliance departments need to partner with their IT resources to seek out and develop ways to systematically support compliance initiatives.

A: Bruce Allen, Robert Frances Group: IT is responsible for determining how to automate compliance requirements and processes without breaking the budget. Oftentimes, IT is called into the discussion late, leading to expensive backpedaling. The most effective role is for IT to be at the table early on in the enterprise compliance planning process to ensure proper technology planning.

Many companies use ad hoc informal processes for mapping organizational processes to each required law, policy and/or regulation. A centralized method, however, can mitigate costs and risks and create a single view of compliance that will make it possible to identify new opportunities for the firm. The IT organization working with HR and the lines of business, therefore, should define and develop a strategy to restructure employee roles and responsibilities and the organization's processes to create a cross-functional team to manage enterprisewide IT compliance efforts effectively.

In addition, a focus on technology solutions for compliance can take away from the more important work of fixing controls and processes. Organizations speeding toward change often are addressing technology decisions around controls in parallel to or even before process and organizational issues are resolved. Therefore, it is important for IT organizations to put technology decisions after the other important control determinations.

A: Weiss, Mobius Management Systems: The role of IT is central to compliance. In just one example, the system of comprehensive internal controls mandated by Section 404 of the Sarbanes-Oxley Act makes the widespread practice of spreadsheet consolidation riskier than ever. No matter how well-defined and well-documented the rules that produce the data, once they are imported into a spreadsheet for further manipulation, control and the ability to ensure accuracy are lost. Finance and IT must work together to acquire or develop systems that automate the collection, verification, audit, balancing and reconciliation of financial information across all corporate applications and platforms.

A: Tim Ansberry, Hyland Software: Insurers' IT departments are looking at compliance management systems that will provide their businesses with appropriate tools to help control the documenting and testing of compliance procedures. In addition, insurers are adopting technology for managing documents, the life cycle of those documents and business processes. These tools help to automate processes and ensure policies and procedures are followed. Going forward, IT departments should make certain that new technologies can be used in conjunction with, or can leverage, existing core technology investments.

Q: What technologies should insurance companies leverage in their compliance efforts?

A: Allen, Robert Frances Group: Solutions for compliance are emerging from many areas, including application development, business intelligence, business process management, change management, content/document management, data management, disaster recovery/business continuity, financial management, project management, rules management, security, systems management and workflow. But before IT looks at packages or solution areas, insurers need to make an informed decision as to what compliance risk exposures they intend to mitigate and/or control. There are far more areas to mitigate than funding will allow for; it is imperative that the firms determine where the best place is for them to spend their funds.

A: Weiss, Mobius Management Systems: One often-overlooked technology that has broad applicability is a robust solution for automating the balancing and reconciliation of a wide range of information - financial reports, hospital billing codes and transaction data. This capability will enable companies to integrate business systems, automate processes and link procedures with audit trails, ensuring accountability by archiving and tracking all processes.

A: Ansberry, Hyland Software: Insurers should look at compliance management systems that either provide or integrate with document management and workflow tools. Compliance management technology should address compliance from two perspectives: the front end of compliance, which is the management of your compliance documentation and ongoing monitoring of compliance; and the back end of compliance, which assists with the day-to-day compliance efforts, such as document retention, imaging and process automation.

Q: Will insurance regulation remain primarily state based, or will it evolve to a more centralized, federal regulatory model? How can insurance IT organizations best prepare for an uncertain future regulatory environment?

A: Spada, Lincoln Financial: With the support of the industry and trade groups, we'll see some type of federal chartering option within the next five years. I don't think that will be in place of state regulations, but in addition to them, where companies will be able to choose whether they'll be regulated by the states or the feds, similar to the banking model. The other consideration is the Interstate Compact that the NAIC has proposed and a number of states have adopted. Once 26 states have adopted the Compact, it will be in effect. In either scenario, the regulatory landscape will change, and IT needs to partner with compliance to ensure the company is effectively meeting the needs relative to the regulatory environment.

A: Weiss, Mobius Management Systems: The insurance industry will see additional layers of federal regulation added on top of state regulations, making it something of a hybrid. This means its IT strategy should prepare to continue to support state and federal compliance. As additional requirements are becoming more and more detailed, and as companies are having to respond to each state separately, IT organizations should look to automate as much of this process as possible - forms management, automated underwriting, quotes and ratings - based on each state's business and legal rules.

A: Allen, Robert Frances Group: While there will continue to be more federal unfunded regulatory mandates, overall regulatory control likely will remain at the state level and decentralized, rendering compliance more difficult for insurers and IT groups to address. Formulation of service-oriented-architecture-based services is the best way to prepare, given that compliance will require an understanding of how the code works and where business processes are embedded, and a consistent approach to implementing changes.


The Experts: Regulatory Compliance

Joseph D. Spada

AVP, Market Conduct Compliance, Life and Annuity Compliance

Lincoln Financial Group


Bruce Allen

Vice President and Service Director

Robert Frances Group

(Westport, Conn.)

Neil Weiss

Director of Insurance Solutions

Mobius Management Systems

(Rye, N.Y.)

Tim Ansberry

Industry Manager, Back Office Operations/Sarbanes-Oxley

Hyland Software

(Westlake, Ohio)

Peggy Bresnick Kendler has been a writer for 30 years. She has worked as an editor, publicist and school district technology coordinator. During the past decade, Bresnick Kendler has worked for UBM TechWeb on special financialservices technology-centered ... View Full Bio

Register for Insurance & Technology Newsletters