The Continuing Expansion of the Insurance Compliance Officer Role

If it seems like insurance compliance officers are taking on an ever-expanding role in the industry, it is not in your imagination. To add, this expansion goes beyond the insurance industry since business sectors as diverse as the healthcare field, payment cards, energy and finance are swimming in new and updated standards, regulations and policies.

In addition to working in lockstep with insurance associations like the National Association of Insurance Commissioners (NAIC) and other regulatory bodies to develop risk management initiatives, insurers are also working on their own to tighten internal protective processes.

What Is a Compliance Officer and What Are the Core Tasks of This Role?

With even the most basic insurance-related regulations, an insurance company needs the special skills of a compliance officer, whose job it is to make sure the company adheres to the requirements of any related regulations, standards, laws and policies. He or she reviews and assesses all existing and new regulatory changes, as well as the company’s own internal policies and standards.

Each of these duties is still an integral part of a compliance officer’s responsibilities, but in recent years, those responsibilities have increased in depth and breadth.

There Are a Few Key Reasons Why the Role of the Insurance Officer Is Expanding

Whether due to an event—or series of events—outside the immediate insurance industry, or in response to direct internal concerns, insurance compliance officers have a lot on their plates due to some large-scale changes and risks that transpired over the past decade, as well as many more going forward. There are several reasons this important staffer may become even busier.

The Great Recession of the Late 2000s Forced the Insurance Industry to Double Up on Tasks

After the housing bubble crisis of the late 2000s, and the subsequent Great Recession, many industries needed to expand their scope to survive the fallout. The insurance industry did in fact take on new services that are similar to those offered by financial institutions.

While the last embers of that dark time have largely passed, many insurance companies continue to perform some expanded tasks to this day, making it necessary to comply with a variety of regulations.

The Rapid Changes in Technology Lead to Additional Regulations

The insurance company remains one of the most disrupted industries in the global economy, according to Captive.com. It turns out that 85 percent of CEOs are concerned about the rate of technological change and how they will address all the regulations, standards and policies that accompany those changes.

While the new and emerging technologies also give these CEOs a sense of optimism for the future of their business, they understand that they must also increasingly rely on the knowledge and attention to an array of regulatory details. For each new digitization put in place, there may be one or more regulation attached.

Cybersecurity Risks Are on the Rise with Increased Adoption of Emerging Technologies

The need for increased duties for an insurance compliance officer go beyond regulatory matters when it comes to managing emerging technologies and online business practices. Potential data breaches and other cybercrimes associated with technology mean that you are likely to require more from this pivotal staff member than ever before.

In November 2017, Accenture reported that CEOs have every reason to be concerned, based on the following numbers:

These risks alone have called for an expansion of the role of insurance compliance officer.

Corporate Governance Disclosure

Starting in 2018, every insurer must file a Corporate Governance Annual Disclosure (CGAC), according to the Model Act and Regulation from the NAIC, which intends to offer regulators more in-depth details on an insurer’s corporate governance practices.

This disclosure encourages high visibility with its strict regulations, making it essential that insurers offer as much information as possible to avoid non-compliance penalties.

Risk Management and Own Risk and Solvency Assessment Model Act #505

The Own Risk and Solvency Assessment (ORSA) Model Act #505 features requirements for maintaining a risk management framework, pursuant to the domicile state of the insurer. This Act continues to consume a great deal of insurance compliance officers’ time, working to meet the requirements for 2018 and beyond.

4 Tips to Help Your Insurance Compliance Officer Manage His or Her Expanding Responsibilities

It may feel overwhelming for insurance compliance officers who are doing their best to keep up with core responsibilities, as more work continually appears in their in-box. There are some key strategies to help keep everything on track for compliance without increased stress.

1. Develop a Team of Accountable Personnel to Assist the Insurance Compliance Officer

Even without the broad expansion of the insurance compliance officer’s role, which is evidently the case across the industry; this key staffer will need a reliable and highly competent team for backup.

A few important supporting team members may include:

• A legal professional well-versed in the finer points of insurance law, such as legal issues surrounding various regulations, standards and policies.
• An accounting staffer who can work with the auditing team to provide necessary documentation and answer financial questions about any issues during audits and reviews.
• One or more IT employees available to access and decipher data, work with the auditing team to answer questions and perform general troubleshooting tasks.

2. Assess the Current State of the Insurance Company’s Compliance Strategies

If your insurance company’s overriding compliance strategy does not include each new external law, regulation, statute and policy, as well as internal risks and threats, such as those involving network issues, it is important that the insurance compliance officer determines this as quickly as possible.

Some important steps the insurance compliance officer can take to perform this important step include:

• Catalog Data Assets. It is important to identify all information that the insurance company collects, stores and transmits. Such information might include customers’ personal information like names, birth dates, account information, social security numbers, physical addresses, or even Internet Provider addresses.
• Map Out Data Storage and Networking. In addition to collecting and storing data, your organization is likely to transmit that data. It is important to ensure that your cloud storage solution features optimal backup and recovery capabilities while your internal networking system is updated and operating in peak condition.

3. Design and Implement a Comprehensive Compliance Program

If the insurance compliance officer discovers that the current compliance program does not address the issues, he or she can build a compliance program that ticks off every box on their checklist. While there is no one-size-fits-all structure for a compliance program, following are a few key considerations and features to include:

• Seek ample guidance from relevant regulators, or regulatory bodies—via direct communication or checking the official website—such as MAR/SOX, GLBA and GDPR.
• Consider various risks that may affect your business and incorporate an Enterprise Risk Management (ERM) into the program.
• Account for any third party risks that may threaten your business.
• Focus on strategies to managing cybersecurity and avoiding big data misappropriation.
• If outsourcing any services that may include cloud services or payroll processing, you may ask your insurance compliance officer to work with your auditing team to prepare for System and Organization Controls (SOC) auditing schedule.

4. Test the Effectiveness of the Compliance Program

It is difficult to know the true effectiveness of a compliance program without performing realistic tests. These tests are also helpful in ensuring preparedness for annual reviews and audits, so they are certainly worth the time and effort.

Your insurance compliance officer should—perhaps in collaboration with your auditing team—a mock regulatory inspection to help highlight any weaknesses to allow for documentation and correction of the issues before the official audit.

Does Your Insurance Compliance Officer Need Some Backup from an Experienced and Sympathetic Auditing Team?

Our auditing team at I.S. Partners, LLC. has witnessed the ever-expanding role of the insurance compliance officer. We can help your important insurance professional get up to speed on all relevant regulations to ensure compliance. What’s more, we can help devise a strategy that streamlines operations while also reducing stress, worry and headaches for everyone.

Call us at 215-675-1400 send us a message or launch a chat session to discuss what we can do to help your insurance compliance officer take on his or her broad expanse of duties with ease, confidence and guaranteed compliance.

About The Author

Bernard Gallagher

Bernard has over 25 years of experience working in the Healthcare, Insurance, Banking and Telecommunications industries. Bernard has expertise in MAR, HIPAA and Sarbanes Oxley Compliance, IT Security and Privacy Management, Enterprise Risk Management (ERM), Health Care Insurance, Banking and Financial Services and Department of Insurance.