Regulatory scrutiny of the insurance industry has never been more acute. Government regulators from a host of disparate disciplines are intensely focused on making sure we have the controls in place to avoid another financial meltdown.
Compounding matters, insurance companies have begun to look more and more like financial services companies, taking deposits, underwriting interest rate and debt swaps, and adding collateralized mortgage obligations to investment portfolios. This has led to a proliferation of regulatory eyes on insurance companies.
In 2012, at a time when cost containment is essential, many of these factors will converge. Accordingly, here are the top five compliance issues that insurance companies will face in 2012.
1. Preparing for additional audit scrutiny
Audits and examinations are nothing new for the insurance industry. But for the first time, insurance companies will be subject to banklike examinations, with more scrutiny on portfolios and investments.
Companies will be faced with getting to know a whole new slate of external regulatory auditors, and will need to address documentation challenges as they answer regulatory inquiries. This will require a better understanding of what will be tracked, what information will be required on an ongoing basis and how to set up the right system for tracking that information.
2. Scrutiny of data access
In this era of near-daily data breaches and increasingly sophisticated hackers, regulators are acutely tuned into how carefully client data is protected. Insurance companies in particular face some unique challenges in this area, as they hold extremely sensitive client data, such as financial and medical information.
Regulators will be looking for details of how companies are protecting their data, where it is stored and what safeguards are in place. This issue becomes a greater challenge when you factor in mergers and the resulting consolidation of data. After a merger you need to determine where your data is housed — is it all in one place or contained in disparate systems? Additional considerations include whether or not you have the same security standards across the enterprise.
3. Governance and reporting
Corporate governance has been a hot buzzword ever since Sarbanes-Oxley first burst onto the scene post-Enron in 2002. But now, the Securities and Exchange Commission and the National Association of Insurance Commissioners are taking a closer look at the quality of governance.
It is no longer enough to have a corporate governance committee that is merely a forum for communal chitchats. In 2012, companies need to have governance with teeth — groups that can make real decisions, informed by real access to company information.
Regulators will be looking carefully at what decisions were made and/or implemented at the recommendation of the governance committee, in order to demonstrate that the committee has real decision-making authority.
4. Know Your Customer (KYC)
This regulation is an important piece of due diligence that insurance companies now have to perform as an offshoot of anti-money laundering legislation. Essentially, companies are now required to confirm whether customers are who they say they are and demonstrate an ability to classify customers appropriately. To complicate matters, this regulation applies to both existing and new customers, which means taking a retroactive look at decades of customer records.
Additionally, insurance companies need to make sure that the money used to purchase large insurance policies does not come from ill-gotten gains. Banks have been bound by KYC rules for years, but now insurance companies will need to adopt best practices for meeting these requirements.
Of course the big question here is how does someone prove who they are to a satisfactory level? Not an easy question to answer, since the most sophisticated criminals have access to the sophisticated equipment needed to forge identification papers.
5. Complying with international regulations
As of Jan. 1, 2013, U.S. carriers with operations in the European Union will be required to be in compliance with the Solvency II Directive. The regulation requires carriers to prove that they have adequate capital to underwrite the policies they are selling in European markets.
In order to be prepared for this directive to kick in, 2012 will be the year that insurance companies need to get their books and processes in order. For most, this will mean a complete duplication of domestic reporting efforts, but with a separate set of European-style financial statements.
Now what?
There is good news if you’re feeling overwhelmed by these challenges: The government is still figuring out how to regulate insurance companies at the same time that you’re trying to figure out how to comply. Just as you start to put processes in place to make sure your company is in compliance, the government is setting up their own processes. They will not expect companies to be perfect on day one, but it is crucial to move toward best practices now to avoid being blind-sided when auditors come knocking at your door.
If you’re not sure where to start, look toward the financial services industry. Best practices for handling these regulations have already been established, and smart companies will leverage that knowledge and apply it to their own business. With proper planning and the right team in place, these regulatory and compliance challenges can be handled right the first time, on time and within budget.
Alan Morley is Head of AML and Compliance Practice at GFT. Alan has extensive experience in financial regulations in the U.S., UK and elsewhere and is a proven leader in the strategic use of technology to enhance business policies, processes and performance in global risk and compliance (GRC).
Over the last 18 years, he has worked with global banks on improving anti-money laundering transaction monitoring capabilities, control room surveillance, OFAC sanctions filtering, 314a screening, KYC and client remediation processes, legal discovery and regulatory risk assessments. With GFT, he works with clients from all regions throughout the U.S., EU, the Americas and Asia-Pacific.
