Final compliance requirements for life insurers probably will be issued sometime this spring, according to Brian Casey, corporate and regulatory insurance group, Lord Bissell & Brook (Atlanta). "Regulations will likely have either a 90- or 180-day compliance date after publication of the final rules," he says.
"Planning needs to start now because there are a lot of data and profiling issues, as well as segmentation that needs to be done," explains Neal Oswald, leader of the Canadian financial services practice, Cap, Gemini, Ernst & Young (CGE&Y, New York). The technology implications, he says, will require that business rules be put in place in order to profile segments and sub-segments of the customer population. Additionally, the use of analytic techniques will be necessary for comparison across segments and the identification of suspicious transactions.
One step many carriers are taking prior to the final release of regulations is education of senior management on AML and suspicious activity reporting policies and procedures. Although education of all affected employees is required under the proposed regulations, insurers are holding off on this step until after the official regs are released. "Employee education is probably realistically a second-quarter function for most companies because they do not want to get ahead of themselves," says Lord, Bissell & Brook's Casey.
Boston-based Manulife USA ($43.7 billion in funds under management) began drafting the Manulife Financial AML program in mid-2002. According to Andrew Corselli, vice president and chief compliance officer, the carrier established the program with the securities broker/dealer requirements of the USA PATRIOT Act in mind. Final requirements for that sector were released last June. Although Manulife USA is still awaiting the release of requirements for life and annuity providers, actual changes to ensure compliance will most likely be minimal. "Manulife USA will have to make some adjustments to the program and manual, but we have all of the legwork done," explains Corselli. The insurer plans to integrate its USA PATRIOT Act compliance procedures with the existing infrastructure it uses for regulatory compliance, including Gramm-Leach-Bliley, FTC requirements and many state insurance regs.
Also, the carrier's compliance database is being used for the reporting and tracking of compliance issues, including money laundering. "Once an issue is input, the compliance department tracks it until it is resolved and reports it to the internal audit department," says Corselli. "Semi-annual reports are also sent to senior management." Additionally, the carrier is in the process of installing Bridger Systems' (Bozeman, MT) AML software.
Because the PATRIOT ACT requires formal training programs for employees, the carrier is utilizing Blackboard's (Washington, DC) e-learning platform to educate several hundred employees. About half of designated employees have been trained, Corselli reports.
What About Producers?
A major challenge of compliance will be deciding if and how to include the producer community in required programs and procedures. Under the proposed regulations, agents and brokers are excluded from compliance requirements, but some observers insist their participation is necessary. "Producers need to be educated on what not to do, because by the time funds reach the insurance company, they are one order removed from the source of the crime," says CGE&Y's Oswald.
