By Larry Danielson, Principal, Deloitte Consulting LLP

The insurance industry is one of the most regulated industries, with states controlling company licensing, producer licensing, and product, financial and market regulations, with an end goal to protect consumers.

Insurance carriers have to comply with regulations such as the Gramm-Leach-Bliley Act (GLBA), Sarbanes Oxley (SOX), the Health Insurance Portability and Accountability Act (HIPAA), Federal Rules of Civil Procedure (FRCP), and various statutory reporting requirements. The regulatory environment is also constantly changing and expected to become more complex in light of the current credit crisis and turmoil in the financial services industry. Recently, Treasury Secretary Paulson proposed more federal control of regulations for the insurance industry, at the expense of state oversight.

Return on Investment for Regulatory Technology Projects
The response of insurance organizations to these regulations is mostly reactive. Too often, the decision to invest in regulatory technology is made through a return on investment calculation that pits the cost of fines against the cost of technology. However, organizations are not thinking about the impact on brand value and reputational risk from non-compliance to regulations. The cost of reputational damage is immense, and in addition to the fines, also includes soft costs such as decline in share price and associated erosion of market capitalization, lost business, management diversion, etc. The cost of reputational damage often can run into tens to hundreds of millions of dollars and, in extreme cases, can cause regulators to revoke the insurance carrier's license to operate. Accordingly, compliance systems must be recognized as a "must have," and investments in them should be made with respect to the magnitude of exposure insurers face, with special attention to reputational risks.

Planned Approach to Understanding Data and Requirements
In this context, insurance organizations' investment in regulatory technology is a matter of strategic planning. If planned appropriately, regulatory necessities can serve as a catalyst to a better understanding of the organization's data and associated processes for all purposes. Structured efforts, systematically analyzing and classifying data up-front can lead to a significant cost reduction from data rationalization, reduction in data redundancy, and reduced business and IT effort needed to reconcile data. In addition, appropriate data classification can also yield broad business and operational benefits through better knowledge of an organization's information assets. A world-class regulatory technology platform would combine this knowledge to specific statutory requirements that are different for life, health & annuities and property & casualty carriers.

Synergies with other Initiatives
A planned response to regulatory technology also includes exploring synergies with an insurer's other proposed and in-flight initiatives. For example, regulatory reporting can leverage existing or planned enterprise data warehouses. Similarly, when complying with record retention requirements, organizations should leverage any broader enterprise content management (ECM) initiatives. Regulatory technology can be beneficial to other initiatives as well. For example, data analysis and data classification can support information lifecycle management (ILM), business continuity/disaster recovery or any other initiatives that could benefit from data analysis and classification.

Sponsorship and Governance
Often it is unclear who should sponsor regulatory and compliance technology initiatives – whether the business, CIO, chief risk officer or the CEO. A well-planned regulatory technology initiative requires appropriate executive sponsorship and a governance structure that has representation from business, IT and regulatory/compliance. The cross-functional nature of the governance structure will ensure that regulatory technology initiatives are informed by the perspectives necessary to make them successful.

This is a public forum. Techweb and its affiliates are not responsible for and do not control what is posted herein. Techweb makes no warranties or guarantees concerning any advice dispensed by its staff members or readers.

Community standards in the message center do not permit hate language, excessive profanity, or other patently offensive language. Please be aware that all information posted to this forum becomes the property of United Business Media and may be edited and republished in print or electronic format as outlined in United Business Media's Terms of Service.

Important Note: The Message Center is NOT intended for commercial messages or solicitations of business.