07:35 AM
IT Isn’t Tapped for Compliance
The insurance industry fails to embrace the full business value of IT when it comes to addressing regulatory requirements and instead relies primarily on manual processes and ad hoc measures, according to a study conducted by ACORD (Pearl River, N.Y.) and business rules solutions provider ILOG (Mountain View, Calif.). The survey is based on responses from employees of P&C, life insurance and reinsurance companies, who were asked to consider how effectively their companies address compliance mandates. According to Beth Grossman, assistant vice president, industry relations, ACORD, there were no real surprises in the study, which illustrates the caution of carriers in reacting to regulatory requirements.
Despite the fact that most insurers have assigned compliance officers to manage the impact of regulatory demands, the industry does not tap the full value that IT has to offer when it comes to addressing requirements mandated by regulations such as HIPAA and Sarbanes-Oxley, finds the study. "Today, compliance rules exist in the heads of [compliance] experts," says Maneeza Malik, industry marketing director, financial services, ILOG. However, "To really ensure efficient enforcement of regulatory compliance, [IT must play a part] in automating these rules and making them a part of core processes that span lines of business."
But even when IT resources are utilized, insurers seeking to streamline and automate core business processes to help manage the impact of compliance are faced with a number of hurdles, the study points out. Forty-one percent of respondents report having a reactive rather than proactive culture and 28 percent said that they are working with inflexible technology infrastructures that do not easily support changing regulations.
Additionally, as carriers strive toward automation to enhance compliance efficiency, a complexity of systems adds challenges to the task, especially when it comes to larger insurers. "The larger the carrier, the more complex the job of aligning the business and IT sides of the organization when it comes to enforcing regulatory compliance," relates Malik. In an effort to make the project more manageable, she breaks the process into four steps. "Companies must first translate the regulations into implementable rules, then they must understand what the impact of the regulation will be on their core processes," says Malik. The next steps are to "educate their staff and, on the IT side, figure out how they will implement these regulations, because most large carriers operate multiple systems and a myriad of technologies."