Compliance Becoming Key Component of Core Systems

As insurers strive to holistically align their compliance cultures with day-to-day operations, a similar trend is emerging strictly within the technology realm. In the insurance software solutions market, carrier demand for compliance- and risk management-enabled systems is driving vendors to add this functionality to their broader industry solutions.

"The trend is toward baking in better risk management processes, controls and reporting tools within applications," reports Maurice DiMeo, insurance practice lead of Ernst & Young's technology and security risk services practice. "The vendors are getting smarter and realizing that that's a feature that needs to be there, and for homegrown software, insurers are looking at making sure they address that."

Donald Light, a San Francisco-based senior analyst in Celent's insurance practice, says that some insurers are looking to address compliance concerns when they examine new or upgraded core systems. "Specifically, as new business, policy administration and claims systems get changed and upgraded, there are three capabilities -- business rules, workflow and content management -- that new solutions will have. Those capabilities make compliance a lot easier," says Light, who also indicates that auditability is a key capability for which carriers are looking. "If you need to change a process because you have a new compliance requirement, a rules engine, workflow engine and/or content management system [place you] way ahead of the game."

One risk management area in particular that insurers increasingly are addressing on an application level is IT security, according to Ernst & Young's DiMeo. "Companies are really looking at what are the right kinds of security and application controls that should be baked into an application, rather than dealing with exposures from a security standpoint on the back end," he says.