There is inherent value in an insurer's ability to rapidly and accurately respond to regulatory demands. A carrier that can quickly react to changing regulatory demands and generate a timely, clear and accurate picture of its financials is a business that can compete on the strength of greater efficiency and agility. And yet, insurers tend to put off compliance initiatives until they are forced to face them.
There often are good reasons for carriers' reluctance to undertake compliance-related projects, including the prevailing complexity of insurance systems and the need to prioritize technology investments. But technology is increasingly providing the means for insurers to proactively address current compliance demands and build in the ability to meet new demands -- generated both by regulation and the business -- more quickly and easily.
There could scarcely be a better time for insurers to think proactively about compliance, suggests Howard Mills, chief adviser within New York-based Deloitte's insurance industry group. Reflecting post-financial crisis public opinion, regulators have assumed a stricter posture toward financial services companies, a mood that is reflected in state regulators' market conduct exams on the issue of unclaimed life insurance death benefits. This year a task force of state regulators has driven the expectation that life insurers must proactively find out whether policyholders have died and locate their beneficiaries rather than wait until they receive a claim.
"It's not statutorily required, but it's developing into a regulatory expectation, and that's symbolic of the new regulatory environment that we're in," Mills comments. "The regulators are saying to the insurers, in effect, 'Look, you have all this data you could mine. You need to not just look at this as sitting in the vault; you need to proactively go out and search for it.'"Mills sees a more stringent regulatory environment emerging, characterized by an intense focus on capital, enterprise risk management, transparency and consumer protection. The Solvency II process is well under way in Europe, and a parallel effort has begun within American insurance regulation in the form of the NAIC's Solvency Modernization Initiative, Mills notes.
European Carriers Get a Head Start
European insurers, feeling the imminence of Solvency II, have embraced technology solutions to handle the regulation's demands. Bologna, Italy-based Unipol Gruppo Finanziario (about US$16.8 billion in annual revenue), for example, has adopted SAS's (Cary, N.C.) Risk Management for Insurance, according to Vittorio Corsano, regulation reporting/rating manager and project manager for Solvency II at the insurance and financial services provider.
"The data governance strategy for Solvency II requires special attention be paid to organizational issues, with a focus on people, processes, roles and responsibilities," Corsano relates. "This meets Committee of European Insurance and Occupational Pensions Supervisors [CEIOPS] guidelines and requirements."
The solution, however, delivers not only compliance improvement, according to Corsano, but also business value. Beyond meeting regulatory requirements, he explains, the SAS-based solution "is mainly needed to base the Solvency II project on data whose high quality -- from both the technical and business viewpoint -- is aiming to ensure efficient processing as well as compliance with set targets and purposes."
North American insurers, however, are yet to feel the urgency of new solvency regulation, according to Robin Spaulding, a manager within Capgemini's insurance practice. "The majority of work we do on solvency is in Europe," she shares. "We do a lot of road-map work with U.S. clients, and solvency is a topic that seldom comes up. Most clients in the U.S. know it's coming but are happily ignoring it."
Creating Competitive Advantage Through Compliance
Carriers on this side of the Atlantic would do well to improve the kinds of capabilities needed to meet emerging solvency regulation because those capabilities are competitive advantages to early adopters, suggests Christina Colby, VP of business information management for Capgemini's insurance practice. "If you look at Solvency II, it's really about driving to the appropriate level of capital transparency -- how does capital reside within the insurer? Very few insurers can answer that for themselves today," Colby elaborates.
"The mechanisms to provide the information required by Solvency II work through data governance, data quality, and basically data aggregation and integration -- all things of inherent value to the business," Colby adds. "But it's almost always labeled as a compliance initiative rather than as a creative endeavor to derive competitive advantage."
Whatever the regulatory issue, insurers' ability to comply is affected by the disunity and poor quality of their data, Spaulding asserts. "A lot of our work is with clients with legacy systems from '70s and '80s," she relates. "They have multiple legacy systems, and terminology is different from system to system, and typically the data mapping is not very good -- in that kind of environment you can't achieve transparency."
Insurers that put the right technology foundation in place can respond to a wide variety of regulatory demands as they develop, Spaulding says. "It will eliminate a lot of what we have called 'fire drills' -- the rush to deal with demands you're not prepared for," she says. "With the right capabilities in place, insurers can say, 'Go ahead, throw some new regs at us.'"
Data: The Truth and Nothing But the Truth
Farmington Hills, Mich.-based Amerisure ($550 million in direct written premium) has achieved transparency into its operations by implementing a comprehensive and single-source data repository used by all of the carrier's operational systems, reports Debbie Szmagaj, the P&C carrier's VP, IT, application services. The repository replaced multiple proprietary data stores with a "single source of the truth" and has become the de facto repository for operational information at the company, she says.
In addition to having rationalized all of the company's statistical information through the establishment of the central repository, Amerisure built compliance into its environment by designing user interfaces that prevent non-compliant actions. "Our claims and policy front ends are designed such that if you aren't filed for a rule, rate or form in a particular state or Amerisure company, you will not see that option available to you in that user interface," Szmagaj explains.
"That's the main way we control compliance and reporting to the regulatory bureaus. We do not present it as an option, and there is no override on the front end -- if it's not in our rating engine or validated in a table, you won't see it and you can't override anything," she adds.
"When we implemented our workers' comp front end, compliance was our No. 1 goal from the standpoint of filings, rates and rules," Szmagaj continues. "We used to get fined for not rating right or what we reported was wrong, or we'd get criticized in market conduct studies."
Szmagaj relates another instance in which the North Carolina regulators called the carrier out for failing to rate commercial auto strictly within the state's guidelines. "We showed them how we were going to be rating through our new front end," she reports. "And they said, 'That's exactly what we're looking for,' and waived the fine."
Amerisure also uses ISO's (Jersey City, N.J.) rating engine for all lines of business except workers' compensation. According to Szmagaj, the rating engine delivers all the statistical codes that the carrier will then send back to the bureau. "We don't interpret rating manuals -- we let ISO's rating engine do that for us," Szmagaj says. "We get the updates from them through rate books and then just execute the rating engine. It's a beautiful thing."
Because the data from ISO is streaming in real time into Amerisure's data repository from its operational systems, it prevents input of problematic data, according to Szmagaj. "Your data going in is clean," she says. "You don't have to cleanse your data. It's done for you."