Data has become one of the most precious commodities in business today. The continually evolving digital environment means companies must adapt or risk getting left behind. For insurers, there needs to be a balance between delivering innovative solutions while meeting regulatory requirements.
Angelique Strumpher, administration manager for business process outsourcing at SilverBridge, examines this in closer detail.
The dependence of industry on data necessitated the governance and use of data, which paved the way for the development and implementation of data protection laws such as the Protection of Personal Information Act (POPIA) in South Africa and the General Data Protection Regulation (GDPR) in Europe. Even though the commencement date for the former remains uncertain, the grace period for the latter ends on 25 May this year. And while this impacts all industries, insurers will feel the pressure of compliance given how fundamental data is to their operations.
“Compliance is very much a strategic imperative for insurers in business today irrespective of whether you are a Corporate, a Brokerage or a Broker – we are all governed and impacted by the same regulatory outcomes when it comes to data compliance of our policyholders. In a digital environment being compliant is critical in ensuring channel and business success.”
The Insurance Act 18 of 2017 is designed to promote the maintenance of a fair, safe, and stable insurance market in the country. Expectations are that the Act will come into operation on 1 July 2018 but there is no confirmation of that happening yet with the deadline for comments on the draft regulation closing on 23 April 2018. The intention is to strengthen policyholder protection as well as provide for certain procurement and transformation requirements.
“This legal environment illustrates that compliance should never be considered a one-time thing. It requires insurers to continually manage the process and ensure that they tick all the necessary boxes across Systems Development, Product Development, and the Policy Management Life Cycle. Failure to do so will result in substantial fines and reputational damage. With numerous Fintechs waiting in the wings to snap up disillusioned customers, insurers must do everything they can to ensure they adhere to the regulatory framework.”
Becoming compliant (and maintaining it) is a complex process that requires commitment from all management levels. Fundamental to its success is to conduct an extensive audit that examines what data is being stored, accessed, and used across the organisation.
“We live in a time where customers expect insurers to know everything about them and offer them highly personalised solutions and affordable premiums. This requires an integrated data approach that is complex and has the risk of compromising personal information if governance and security processes are not in place. An internal audit aligned to POPIA and GDPR outcomes should be a priority to determine areas of improvement to ensure compliance.”
Understanding all the role players in terms of POPIA is a critical component in starting the process of classifying and categorising data. Using analysis tools and techniques developed for the unique requirements of the insurance industry becomes vital.
“Everything from data control and security to providing customers with the option to “erase” their data in the event of moving to another provider must be considered throughout the insurance data compliance process. Understanding the law when it comes to specific legislation and knowing which data is regulated are part of this [process] is a business imperative; as is data and document storage, and data and document destruction.”
Even though compliance brings with it certain universal elements and controls that must be in place, the journey of each insurer to achieve this will be different. There is no off-the-shelf solution that an organisation can install and become compliant overnight.
“Having a roadmap in place, if not already done, and maintaining the roadmap ensures that all decision-makers are on the same page when it comes to POPIA and GDPR requirements. This allows for transparency in the compliance process. Compliance knowledge becomes an Insurers’ power which could be a key differentiator in the market place in terms of reputation; which has a direct impact on business growth and business sustainability,” she concludes.