Robert Gogle looks at the relationship between technology and international compliance

Financial failings at Trenwick, Independent Insurance and The Accident Group (TAG) will only serve to increase the intensity with which new regulatory and compliance strictures are prosecuted in the global insurance industry.

Increasingly, the push by governments to e-enable services and to facilitate the electronic exchange of information demands that the main thrust of regulation on both sides of the Atlantic is towards better corporate governance and accountability. The International Association of Insurance Supervisors (IAIS) continues to push for increased transparency and a resolution of jurisdictional disputes, but the most compelling force for uprated compliance within the industry emanates from Washington, DC.

Sarbanes-Oxley and Basel II

On July 25 2002, the Congress passed one of the most sweeping changes to securities law since the 1930s. The Sarbanes-Oxley Act, designed to enhance and enforce corporate governance and accountability, contains serious provisions for the creation, management, security, distribution, archiving and disposal of vast amounts and varieties of corporate content. Its provisions cover trade reports, ledgers, electronic communications, memos and correspondence - in both electronic and paper form.

The advent of Sarbanes-Oxley has created an unprecedented level of debate and activity around financial reporting and regulatory compliance. Insurers, intermediaries and suppliers will assume full responsibility for the information included in their financial reports and are required to review and certify the procedures through which they gather and compile such information.

Meanwhile in Europe, financial service providers will spend almost $4bn on credit risk management software and services over the next two years in order to comply with Basel II regulations. Spending will reach $1.93bn in 2004 and peak at $2bn in 2005 as firms seek to meet the 2006 deadline for compliance.

This trend is likely to result in increased pressure on IT resources, heightening the importance of IT within insurance organisations. The need for insurance companies to re-evaluate, consolidate and integrate their processes has never been greater.

Regulatory opportunity

The unifying theme that ties together all of the Financial Services Authority (FSA) consultation papers and proposed regulatory changes in the UK is the focus on firms to ensure that they are meeting the standards required for regulatory compliance. These standards govern transparency of processes, controls over the quality and timeliness of business processes, the appropriateness of staff carrying out those processes and the levels of customer service.

Appropriate technology solutions can support and actively encourage process improvement, and as such can be used to facilitate change. Once the right solution has been implemented, compliance with the new process becomes relatively simple. Amending existing documentation may satisfy some of the FSA's requirements, such as brokers' duty to disclose their relationship with insurers. Most of the significant regulatory impact will require improved control and understanding of business processes. There seems to be little doubt that the changeover in general insurance to the FSA's regulatory regime could result in companies leaving the market. Weaker or smaller players may find the raised barriers to entry insurmountable.

In practice, what this means for the remaining stronger players is that FSA regulation of the general insurance sector presents an opportunity rather than a threat. Successfully negotiating the FSA regulatory challenge will enable the remaining players to absorb some of the new business created as incumbent players leave the market. Those organisations that are willing to change, using appropriately compliant IT in order to accomplish that change, are likely to find a less crowded market waiting for them on the other side.

As a senior insurance practitioner, how do you deal with the complex maze of confounding regulations, shifting timetables, evolving business ethics, corporate policies and responsibility, digital archiving and immediacy of access? Certainly, a result of the burgeoning regulation is that insurance IT departments will have more responsibilities delegated to them than ever before. In addition to ensuring information systems are reliable and efficient, technologists also need to ensure that the information stored within those systems can be relied upon for an ever-increasing range of legal and regulatory purposes. As such, insurance practitioners should ensure that new technology investments are evaluated not only on their business or productivity benefits, but also on their legal and regulatory strengths and weaknesses. In the final analysis, information is of little use if an organisation cannot use it when and how it needs to.

Using software tools you already have and connecting them in a compliance management architecture can reduce your future regulatory costs, no matter what the regulation, while improving and optimising business processes.

Document management

While holding hard copies of documents centrally can improve service quality, a document management solution that offers full version control can reduce the risk of decisions being made based on the wrong set of documents. This is particularly important with policies. Since claims can occur at any time in the life of a policy, and changes can occur in the conditions of that policy in the same period, it can be difficult to ensure that the claim file is accompanied by the relevant version of the slip. When this process occurs manually errors can arise, leading to mission-critical decisions being based on wrong or out-of-date information.

Document management solutions can reduce the chance of these errors, reduce processing times and improve client service levels. Processes also become more transparent, improving levels of client communication and confidence.

Trust, security and certainty

In an industry that relies heavily on perceptions of credibility and trust, insurance companies are particularly concerned with the issue of accountability. For them, compliance is more than a priority from a regulatory standpoint; compliance is absolutely essential to the integrity of the corporate brand and to retaining clients in a fiercely competitive marketplace.

The direct costs of non-compliance through fines, penalties and litigation can be high.

Insurance practitioners must not only document their internal procedures but also demonstrate that they have strictly adhered to them. This effort represents perhaps the most difficult and complex aspect of compliance under Sarbanes-Oxley. Underwriters, brokers and their auditors will need to review and adapt their processes. Auditors will require a company's officers to identify, document and evaluate key internal processes and controls. Properly implemented identity management solutions such as TrustAssured's digital signature approach from Royal Bank of Scotland will be able to provide insurance executives with contract certainty and improved audit trails.

Data capture and retention

Businesses worldwide currently use more than 300 million desktop computers that together store 150,000 terabytes of information. The number of email messages sent per day will grow from 31 billion in 2002 to 60 billion by 2006. In 2001, 250 billion text messages were sent using wireless devices, and business users are expected to make up nearly half of the 500 million people that will be using instant messaging by 2006.

Clearly, a major challenge for any large IT department today is managing the sheer volume of information. IT departments must use precious storage resources wisely while providing secure, failsafe access to company systems.

To make matters even more difficult, an increasing amount of the information generated by organisations today has legal and compliance significance and must be captured and retained in a manner that evidences integrity and trustworthiness.

In the London insurance market, administering the wide variety of documents required for processing demands considerable resource from brokers and managing agents. Business process outsourcing (BPO) provider Xchanging provides assistance with policy issuance, premium collection, claims settlement and clearing services. Xchanging has also pioneered the market repository and the market wordings database, an electronic library of information that serves the insurance process from covernote through claim handling to litigation. This paper-free approach speeds up business considerably and allows practitioners to work collaboratively, reducing costs and encouraging transparency.

Looking to the future

Key priorities for IT investment going forward include the development of new risk aggregation and risk management models. These include the stochastic modeling capabilities (algebraic modeling which informs the formulation of risk management and worst-event planning processes) that could be required under the evolving regulatory framework, such as the new rules which will be applied to firms relating to the sale and administration of general insurance from January 2005. In addition to aiding with regulatory compliance, many believe such systems can underpin more accurate pricing and reserving.

In April, a joint announcement from Microsoft and the Association for Cooperative Operations Research and Development (ACORD) described an effort to create a forms service linking standardised insurance forms to XML web services. The new information-gathering application based upon InfoPath will enable insurance agencies to fill out electronic forms once and then link the data with the click of a button to other forms, databases, back-end systems and applications via XML web services. Aimed at helping the insurance industry reduce the overhead associated with complex transaction processing and the errors that result from having to re-key data several times, the forms service is expected to standardise the way forms relate to industry-specific XML data standards such as ACORD's.

Undoubtedly, legislation and regulation will increase the pressures on IT systems, the CIO and the risk manager. But they also engender opportunities for the streamlining of processes and, in doing so, positioning technology as a key enabler in the business. The message for all organisations with compliance and regulation is that change is not optional.