Technology and Insurance Insights

Insurance regulatory compliance made easier

Written by Maša Kete, Senior Business Analyst | Oct 27, 2022 11:50:40 AM

The list of insurance regulations governing the insurance sector reads like an alphabet soup: FATCA, KYC, CRS, AML/CFT, IFRS 17, IDD, GDPR, and a host of local laws and regulations that are turning regulatory compliance into a drawn-out uphill battle. To meet their obligations, life and non-life insurers across EMEA are investing a lot of time and effort into managing and defining their processes and data accordingly.

As their work was increasingly digitalized and manual tasks were replaced with software-powered automation, the idea of having compliance-related features included in the core system gained momentum.

And we, the Software makers listened. Nowadays, support for regulations has become a kind of basic requirement for insurance core systems. However, not all solutions were created equal when it comes to the breadth of support and intuitiveness of compliance functionalities for different insurance departments.

Table of Contents:

Compliance areas: technology support for compliance programs and compliance officers

AdInsure includes out-of-the-box functionalities for meeting regulatory compliance requirements, which means that the insurers can achieve compliance with only minor adjustments to fit their processes. Here are the core types of compliance that insurers need to focus on as they select their insurance core system.
 
  • Party compliance: the set of FATCA, CRS, tax identification, AML/CFT risk evaluation, and PEP categorization data
  • IFRS 17: unified data, eliminated data redundancy, and enabled required data prepping, validating, posting, and reporting; read more about it in our blog post on IFRS17 compliance 
  • IDD: IDD questionnaires, Agent training support
  • GDPR: tracking access to personal data, definitions of retention periods, data removal
  • Local regulatory requirements: for each of our clients, we analyze any additional local regulation requirements to provide support; new clients from a country where we already have a presence benefit from the already implemented local requirement

As this list shows, regulatory compliance is a complex field that also places significant costs on companies. In addition to overloading your compliance team, it also carries large financial investments into software and manpower.

However, the costs of non-compliance are rising more quickly than the costs of compliance. A study by Ponemon InstitutS has shown that between 2011 and 2017, the cost for organizations that experience non-compliance problems rose to USD 14.82 million from USD 9.37 million. Just consider GDPR which can result in astronomical costs. For example, Amazon was fined EUR 746 million in 2021 and WhatsApp was slapped with EUR 225 million.

Let’s look at individual types of compliance.

Party compliance: focus on financial risk management 

The party compliance set of functionalities deals with reporting on the source of the financial assets which converge into insurance. AdInsure can be used to set FATCA (Foreign Account Tax Compliance Act) and CRS (Common Reporting Standard) statuses for a client and report on the flagged parties to relevant financial institutions which exchange the collected data and perform due diligence procedures. The aim of AML/CFT (Anti-Money Laundering/Combating the Financing of Terrorism) controls put in place is to prevent the use of the financial system for the purpose of money laundering and terrorist financing by reporting on the declared source of the funds. Finally, clients identified as politically exposed persons (PEP) are treated as a high risk across all insurance processes. AdInsure sends system notifications to users because of their higher risk of potential involvement in bribery and corruption.

IFRS 17: accounting standards for the financial services industry

As our very own Nikola Aleksić says, IFRS17 is one of the biggest and most significant insurance accounting changes to happen in our lifetime. It is much more than a simple accounting change, and as such, requires a comprehensive approach in terms of the analysis as well as the implementation. AdInsure’s configurability was waiting for just such an opportunity to prove itself and it has proven to be more than up to the challenge. It supports relevant configurations of business events as well as high granularity of posting schemas. You can find out more about the topic in the following blog post:

IDD: assessing the needs to protect insurance clients

The primary objective of the Insurance Distribution Directive is improving customer protection through insurance needs assessment and a more customer-facing approach to consulting. The implications of the directive span through multiple AdInsure modules: the definitions of insurance products face more scrutiny, the salesforce is required to be qualified and trained and the sales process itself needs to be more transparent and understandable to the client.

AdInsure covers those requirements with the following set of functionalities:
  • AdInsure Studio makes the insurance product definition structured and configurable
  • Agent training definition allows for the registration of individual training scope and participants
  • The information about agent training can be used as a factor in the sales process: only agents that have passed the required courses are allowed to conclude policies without any additional limitations
  • IDD questionnaires are an integral part of the sales process, serving a dual purpose: recognizing the client’s needs and simultaneously recommending the most suitable insurance offer to help the agent find the most optimal insurance product for the client

GDPR: protecting personal data

General Data Protection Regulation is structured around six principles:

  1. Requiring transparency regarding the handling and use of personal data
  2. Limiting personal data processing to specified and legitimate purposes
  3. Limiting personal data collection and storage to intended purposes
  4. Enabling individuals to correct or request deletion of their personal data
  5. Limiting the storage of personally identifiable data for only as long as necessary for its intended purpose
  6. Ensuring personal data is protected using appropriate security practices
The configuration capabilities of AdInsure and Adacta professional support enable the insurers to define their process to ensure the collected personal data is kept at a minimum. Prevention is the best cure, as they say.

Since some personal data is required for any insurance-related process, AdInsure allows users to (at the lowest attribute level) set which records contain personally identifiable data. Once the personal data is collected, the customer also signs the consent that allows the insurance company to store and manage data for business purposes. Once the personal data is gathered and the system is aware of where it is kept, an audit log is used to track access to it. Every time data is viewed or modified, the system logs information about the activities related to stored data. The audit log is meant to be used by the DPO or compliance officers in cases of unauthorized data access.

Since storing and collecting personal data is permitted only during the lifetime of the related business process (for example, until an insurance policy is expired), GDPR requires businesses to define retention periods. Once the retention period for a document expires, personal data needs to be removed from the system.

Since the insurance business is built on the premise of statistical analysis of collected data, the removal and potential loss of data is a pain point for any actuary. AdInsure offers several options, ranging from data deletion and archiving to the preferred solution – data anonymization. In the scope of data anonymization, the personally identifiable parts of data are overwritten or deleted, while the statistically significant data is kept. For example, the first and last name of a person are completely irrelevant, as long as the information about their age, sex, and city of residence is preserved.

Some pain, some gain

Sure, insurance regulatory compliance efforts may seem like a costly but necessary proposition. However, compliance also brings several benefits. The 2019 Data Privacy Benchmark Study has shown that 42% of organizations agreed that privacy investments enabled greater agility and innovation, while 41% claimed they drove operational efficiency by organizing and cataloging their data. The same percentage of companies believed that they gained a competitive advantage over other organizations.

This data clearly shows that compliance initiatives are well worth it, especially if undertaken with the right IT support that streamlines the delivery of functionalities for compliance. AdInsure is the right solution for this, with full support for many global and local compliance requirements.