The compliance and ethics functions within insurance organizations face continued regulatory pressure. But, nowadays, they must also deal with new threat vectors that are shaping a higher-stakes global compliance environment. More and more, investigative journalists are analyzing big data to spot fraud as well as compliance violations. Third-party agencies are increasingly using technology to identify incidents and monitor corporate behavior. Enforcement agency whistleblower programs are motivating employees to speak out about perceived violations. And, rapidly escalating grassroots campaigns, such as the #metoo movement, are making strong corporate culture and rapid-response capabilities even more critical. When these watchdogs form the genesis of a complaint, social media channels and the round-the-clock news cycle can rapidly increase awareness of the incident – in some cases even before the company itself is aware.
Compliance functions need the agility to adjust to business changes and to the inevitable surprises inherent in a dynamic business climate. But, without a strong technological underpinning to help them operate efficiently in real time, it will be challenging, if not impossible, to get ahead of new threat sources and changing business dynamics. From dashboards for improved decision-making, to sophisticated tools for monitoring employee compliance, to training informed with data from compliance monitoring, technology-based capabilities are now cornerstones of effective compliance management. By using the best available tools and information to protect their organizations and to scan the horizon for new requirements, trends and risks, compliance functions can keep pace with their organizations’ changing compliance needs.
But as a group, insurance sector compliance functions have some work to do on the technology front. According to the PwC 2018 State of Compliance study
, only 41% of insurance organizations use policy management technology within the compliance department (compared with 44% across industries and 54% in banking, for example). Just 47% use technology to monitor employees’ compliance with ethics and compliance-related policies and procedures (compared with 50% across industries and 52% in banking). While progress is being made, it lags that of certain other industries.
See also: How to Collaborate With Insurtechs
However, our study identified 17% of insurance survey respondents as “Leaders,” where executives were very satisfied with the effectiveness of their organization’s compliance program. This is on par with other industries in the study. The study’s overall Leader group shares a common denominator: Leaders take a more comprehensive and current approach to compliance risk management as enabled by technology. Leaders differ substantially from their peers in many of the operational aspects of compliance risk management, including executing differently in four key ways.
Leaders invest in tech-enabled infrastructure to support a modern, data-driven compliance function.
Technology helps organizations manage compliance in a dynamic and expansive risk universe. Leaders more often use data analytics tools, dashboards and continuous monitoring than their peers. More than half (54%) of Leaders in the study use data analysis tools, and nearly half have dashboards (49%) and engage in continuous compliance monitoring (48%). The effective use of cloud infrastructure, machine learning, advanced analytics and natural-language processors help organizations quickly analyze vast amounts of data and gain insights into business and customer behaviors, assess potential compliance issues and cost-effectively meet risk and regulatory challenges.
Leaders increase compliance-monitoring effectiveness through the use of technology and analytics.
Analytics, together with automation technologies, make the continuous monitoring of employee compliance across many areas of the business far more feasible. Two-thirds (66%) of Leaders use technology to monitor employees’ compliance with ethics- and compliance-related policies and procedures. And they more often use technology to monitor specific risk categories, such as fraud, gifts and entertainment, privacy, social media and trade compliance. Leaders are also gleaning more benefits from technology use in monitoring efforts - compared with their less effective peers, they are more responsive and even proactive in mitigating compliance issues.
Leaders streamline policy management to increase responsiveness and boost policy and procedure effectiveness.
Leaders take several steps to strengthen their policy management. They more often keep their codes of conduct, policies and procedures current and make them easily accessible across the organization. They also more often enable this streamlining through policy management technology, such as GRC tools, and measure the effectiveness of policies and procedures more comprehensively. Nearly two-thirds use technology to facilitate the policy management process.
Leaders take advantage of information and technology to provide targeted, engaging and up-to-date compliance training.
Leaders’ compliance training and communications are more comprehensive and current. They are often using multiple sources of information to inform and target their training and are thinking creatively about new ways to digitally engage employees in training activities. Leaders' approaches to training positively affect their organizations’ overall risk profile as they aim to minimize activities that potentially place the organization at higher risk.
See also: Guide for Insurtech Work With Carriers
Effective compliance risk management must be grounded in strategy and business engagement. Establishing the right tone at the top, assessing compliance and ethics risks and building governance structures that provide high levels of confidence in regulatory matters are all critical to effective compliance leadership. But operational aspects of compliance are where the rubber meets the road. With multiple new, highly motivated watchdogs now providing their own forms of oversight, the case for strengthening compliance risk management through technology is strong. Technology is more critical than ever in building programs that boost compliance program value, better manage risks and drive cost-effective compliance.