This article was originally published in the 2019 Winter PAMIC Pulse – The Pulse is a mutual insurance industry publication that aims to help companies understand emerging issues. Articles in the Pulse offer advice on how to grow and protect businesses. The impact of the Pulse reaches throughout the Mid-Atlantic states through readers from of PAMIC’s many member companies.
In 2018 alone, we’ve witnessed an unprecedented change in the insurance industry. With the adoption of big data and an emphasis on cybersecurity, insurance carriers are looking towards technology and the future to become even more efficient. It’s been estimated that $2.4 billion was spent on big data alone in 2018. But while an organization is growing, there’s always the looming presence of regulatory requirements and audits to be mindful of. When preparing for an audit or a request for proposal, you want to highlight the strengths of your organization and showcase to potential clients and examiners that when it comes to the myriad of regulations; you’re on top of your game.
The market conduct examination or NAIC’s risk-focused exam are two examinations insurers will surely be familiar with. When it comes to keeping your organization a well-oiled machine, these play a critical role in demonstrating risks and areas your organization can improve and, since the financial crisis of 2008, must meet certain requirements as it relates to licensing, products, financial, marketing and consumer relations practices.
Understanding what goes into each examination and their respective criteria will vastly differ from state to state. These examinations are a necessary evil in ensuring insurance organizations are in compliance with the law. Pennsylvania, for example, focuses2 on areas like sales, advertising, claims payment, underwriting, and rating.
Review the criteria of what your state exams investigates in conjunction with your current procedures. Also pay close attention to federal insurance regulations. By understanding these in advance and in comparison to your procedures, you’ll be able to locate any shortcomings and make corrections, hopefully, in time to keep from having to report violations in your examination responses. Whether it’s a history midterm or the market conduct exam, the key to passing any exam comes down to studying and refinement.
Being Prepared for Audits
Document, document, and document! The importance of having strong documentation policies in place can’t be understated when it comes to being fully prepared for an external audit. Using physical records alongside electronic records is a guaranteed way to ensure your paper trail can be easily traced.
Also consider conducting an internal audit beforehand in preparation for an external audit. There are many benefits that can come from performing one. From improving operational efficiency to ensuring that the organization is still in compliance with laws and regulations, internal audit programs can help find cracks before external audits, ultimately saving your organization time and money.
Cyber attacks are increasing year over year especially in the insurance industry. In fact, the cost of remedying a cyber-attack in the insurance industry are among the top three due to regulation fines. Cybersecurity has since become a key focus point for auditors and examiners.
35 states have already introduced5 multiple bills in relation to cybersecurity and while most of these bills are still pending, don’t let them be the driver for your organization to impose cybersecurity regulations in the workplace. Working with other members of your organization is critical in ensuring that each department and each person is on the same page when it comes crafting a solid cybersecurity procedure.
How to start can be a huge hurdle for organizations but consider these steps to help create your roadmap:
1. Explain why cybersecurity is important and what the risks are.
• If your employees are aware of how a cyber breach can affect your clients and hurt your organization, they’re more likely to be an active participant in cybersecurity training.
2. Provide online cybersecurity training.
• Plenty of organizations are already including cyber training courses as part of their onboarding process. An effective cyber training course with highlight the importance of using secure passwords, how to detect fraudulent emails, and the warning signs that a website you’re visiting is compromised.
3. Remain consistent.
• Regardless of procedure, maintaining consistency can provide a challenge for any organization. Once an employee has completed their cyber training, you want to ensure your employees know exactly what do when they come face to face with a phishing email or what a suspicious link looks like.
Creating a cybersecurity policy isn’t one-size-fits-all, every organization has a wide range of needs. Be mindful every step of way to keep your policy tight and secure.
The importance of revisiting your policies every 1-3 years is key to your organization’s success. Best practices and regulations are constantly changing, and you’ll want your policies and procedures to be up to date with those changes. Being proactive can help you win new clients and improve your outcomes for your next audit or exam.