Insurers face the threefold challenge of conforming to the laws and regulations specific to the states in which they operate, staying ahead of changes to those laws and regulations, and complying with federal laws and regulations that affect them.
In 2009 alone, more than 24,000 state and federal laws or regulations that affect the U.S. insurance industry were changed or created. In the push to meet regulatory requirements, organizations often draft ad hoc hundreds or thousands of policies and procedures. As the regulatory environment grows more complex, technology is a key component in helping insurers effectively manage their policies and procedures and reduce their compliance risk.
Fragmented policies and procedures management can lead to problems such as overlapping and conflicting documents, weak accountability, haphazard communication and general confusion among employees. It can also lead to problems in regulatory examinations. As of January 2010, the National Association of Insurance Commissioners' examination standards state that exams should be performed with a focus on risk management, and policy review is a central component of that examination process.
To begin improving policies and procedures management, insurers should first evaluate the current process they have in place. A maturity model, such as the Open Compliance & Ethics Group (OCEG) Illustrated Series: V. Policies, Procedures and Controls, can facilitate goal setting and assessment of progress. According to the OCEG's maturity model, which outlines five key maturity levels, Level 1 (Chaos) is characterized by the following:
- Existing policies, procedures and controls are in a state of chaos and it is unknowable whether they are designed or operating effectively.
- Policies and procedures are passed down through an “oral tradition” and are prone to confusion and inconsistency.
- Roles, responsibilities and accountability are not clearly defined or absent.
- A methodology to develop, implement and manage policies and procedures is absent.
- Technology to reduce the cost and complexity of management is absent.
Insurance organizations that find themselves toward the lower levels of the maturity model will have more work ahead of them. However, referring to a model such as this one provides a baseline for building a better policies and procedures management process. It can also help an organization prioritize what needs to be done.
By identifying and prioritizing the most pressing policy and procedure compliance challenges, the organization will lay the groundwork for enterprise-wide enhancement and address mission-critical objectives in the short term. A review of the company's track record of performance in market conduct examinations can help pinpoint the policies and procedures that have the greatest immediate bottom-line impact. Processes that result in recurring penalties for non-compliance should receive priority attention. Insurers should also refer to research about current enforcement trends, which can shed light on what regulators are looking for.
Once an organization has evaluated its current processes and identified what needs to be accomplished, they should also consider how technology can create efficiencies. Here are three key areas where technology can offer important benefits:
- Document management
Underwriting, claims, product development and licensing departments in different business units may maintain policies and procedures documents in different formats and use inconsistent terminology. Some documents may not be comprehensible to the average employee without standardized language. Moreover, if employees, executives, insurance regulators or outside auditors have questions about company policies or procedures, valuable company time and resources can be spent trying to track down answers – and these efforts may not yield all the relevant information.
By implementing a shared technology system, an organization can achieve uniformity of location, content, revision and distribution for all policies and procedures. In addition, search functions, version control and metadata structures will be unified under a common management system, increasing usability and accessibility for staff.
Well-documented policies and procedures promote consistency, efficiency and compliance. A shared system will improve the overall quality of policies and procedures documents, eliminate redundancies, and allow compliance managers to quickly and easily discover gaps in policies and procedures coverage.
- Linking policies and procedures to requirements and roles
Among the other benefits of a Web-based, shared system, it can help make procedures more understandable to staff. For example, it can assist compliance managers in linking policies and procedures with their related regulatory mandates or corporate goals, as well as the organizational roles to which they apply. A shared system also will automatically track revisions as they are assigned and executed.
When the relationships of regulatory requirements to policies and procedures are not clearly documented and tied to assignments for implementation, misunderstandings by employees involved in each mandate inevitably result. Multiple managers can establish conflicting and/or redundant procedures as they each pursue policy execution.
In addition to creating conflict and redundancy, a reliance on certain managers' personal knowledge over comprehensive documentation puts an insurer at risk of losing crucial insight if those managers leave and precludes any policies and procedures auditing activities.
In contrast, assigning policies by business unit, line of business, or other organization hierarchy methods will prevent the loss of key personnel from compromising compliance success. It will also enable managers to logically connect procedures to the policies they support, link regulatory requirements to the content, define policies and procedures in terms of organizational units and effectively deliver targeted, tailored content to the audience responsible for and in need of compliance guidance.
By implementing the automatic tracking of changes, the organization will also be able to keep an ongoing record of who edited which policy when. This can serve as a very helpful audit trail for demonstrating to regulators and other key stakeholders that required updates have been made.
- Improving Understanding of Policies and Procedures
Technology can also help ensure that an insurance organization's employees, contractors and suppliers have received and understand its policies and procedures.
Simply distributing hard copy and/or electronic documents on an ad hoc basis and trying to keep track of sign-offs in various spreadsheets scattered throughout the company can be difficult, and the challenge increases if multiple policies and procedures are compiled into a single large document. In such cases, employees must sign to recognize their comprehension of the whole document, rather than the specific areas relevant to them.
Third parties, such as suppliers and contractors, can complicate the matter further. It can be particularly difficult to get documents to and receive attestations from third parties. Also, they may get confused by inconsistent formats that different compliance teams use, which can delay the attestation process.
A shared system, meanwhile, can help seamlessly integrate third parties into compliance processes, give compliance managers a clear view of who has not provided a response and help streamline follow-up with those individuals. It can also allow the organization to provide employees and third parties with only those policies and procedures applicable to them.
A technology platform can help an organization overcome its top policies and procedures challenges, such as achieving a consistent model for compliant claims practices, and enable advancement along the policies and procedures maturity scale. OCEG describes Level 5 (Transparent) maturity with the following attributes:
- Policies, procedures and controls are embedded within core business processes and technology and are almost invisible.
- Accountability for policies and procedures is built into job descriptions and performance evaluations.
- Compliance training is embedded within existing job training.
- Compliance support is embedded within transaction systems.
- Compliance considerations are built into general decision systems.
While promoting transparency, a technology platform can enable compliance managers to meet high-priority deadlines and stay within their budgets. It also can provide more control of the audit trail and expanded flexibility for adjustments as regulations change. Finally, by increasing the efficiency of compliance efforts, it can set the stage for a broader, enterprise-wide risk and compliance strategy.
Pam Ewing is director of Professional Services, Insurance, for Wolters Kluwer Financial Services. Steve Taylor is senior product manager for the company. They can be reached at [email protected] and [email protected].
Want to continue reading?
Become a Free PropertyCasualty360 Digital Reader
Your access to unlimited PropertyCasualty360 content isn’t changing.
Once you are an ALM digital member, you’ll receive:
- Breaking insurance news and analysis, on-site and via our newsletters and custom alerts
- Weekly Insurance Speak podcast featuring exclusive interviews with industry leaders
- Educational webcasts, white papers, and ebooks from industry thought leaders
- Critical converage of the employee benefits and financial advisory markets on our other ALM sites, BenefitsPRO and ThinkAdvisor
Already have an account? Sign In Now
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
