June 8, 2021
Balancing Digital With Compliance
by Joe Gaska
Insurers need to balance digital transformation efforts with increasing compliance requirements. Data ownership can help with both.
When the pandemic struck early last year, insurers had a wake-up call when it came to digital transformation. A report by Accenture revealed that the lack of digital, agile systems was evident in the industry’s response to COVID-19 when “insurers struggled to pivot to remote work and to continue meeting demands for sales and service.” However, things have changed for the better. A 2020 PwC report shows that core technology transformation (51%) and cloud technology (28%) are key priorities for insurers.
At the same time as these digital changes are happening, the industry is seeing more regulations pop up. Depending on their specialty, insurers already had to adhere to healthcare, financial and consumer privacy regulations. More recently, Maine and North Dakota adopted the National Association of Insurance Commissioners (NAIC) data security model law, which seeks to establish data security standards for regulators and insurers to mitigate the potential damage of a data breach. They join at least seven other states that have already adopted similar laws.
With the shift toward cloud infrastructure and applications well underway, minimizing risk and protecting data integrity and privacy become all the more important. Those in the insurance field need to balance new digital transformation efforts with increasing compliance requirements. Data ownership can help with both – here’s how.
Keep Compliance Top of Mind
When important data starts to move from legacy systems into mission-critical cloud or SaaS (software as a service) apps, like Salesforce, it can complicate regulatory compliance. While many insurers may believe they own the data within these apps, they don’t have the control over it that ownership would typically convey. And yet, they can still be held liable should something happen to a client’s data within the SaaS app.
Additionally, because insurers may also need to access SaaS data for analytic purposes, they’re likely to download, make their own copies and store it in their own folders and systems, creating data sprawl. Not only does this increase potential access points and vulnerabilities within an organization, but it can also cause other problems for insurers. From inaccuracies caused by data being changed in one version of copied data and not others, to the more straightforward issue of not knowing everywhere data is stored – and who is accessing it – data sprawl can be dangerous, especially where regulations are concerned.
See also: The Rules of Digital Transformation
To better ensure compliance and avoid these pitfalls, insurers should back up and own their data. Where data is stored is critical to how accessible, secure and auditable it is – which is why organizations should store data in the cloud infrastructure they’re already using, such as AWS or Azure, instead of keeping it in SaaS vendors’ — or backup vendors’ — environment.
Storing historical data in this fashion can help insurance companies in several ways. First, it decreases the surface area of exposure. The more copies of data floating around an organization — whether the insurer’s or the backup vendor’s — the more potential touchpoints, meaning there’s greater opportunity for unauthorized access, and it becomes harder to trace any changes. These issues can put an organization at risk for breaches, intentional and inadvertent data corruption and penalties when auditors come knocking. However, when data is in your organization’s own cloud data lake and can be streamed into business intelligence or analytics tools from a single source of truth, it reduces the number of copies needed, helping to ensure data integrity and maintain compliance.
Likewise, storing data in an insurer’s own cloud means the organization can set controls over who touches it and where it goes in the organization. This makes it easier to maintain a digital chain of custody – and trace when, where and who made changes. Many new regulations require audit trails that capture this information, something that gets increasingly difficult when data is stored and retained over time in third-party applications.
Data ownership as a key to growth
Data ownership not only helps insurers decrease risk and liability, it can also propel organizational growth.
Many insurers have already been tapping into historical data for predictive analytics, when it comes to policy writing, for example. By incorporating this new pool of SaaS backup data – which captures every change made – those models can become more accurate. Insurers get access to even more information that can lead to better insights and be used to improve everything from underwriting, pricing and risk assessment to recommendations about insurance plans and strategic marketing decisions – all of which affect an insurer’s bottom line.
As insurers begin to cross the digital divide, they need to be aware of compliance necessities that accompany digital change. With a sound data strategy, insurers can reap the benefits of creating a digitally driven enterprise while adhering to regulations and setting themselves up for continued success.