FREE Insurance Networking eNewsletters 
Solutions Helping Insurers Deal With Auditor’s Reach
Insurance Networking News, July 1, 2008
Though some may regard it as stodgy, the insurance industry isn’t static. One need only look at the steady flow of rules, regulations, statutes and bulletins emanating from both federal and state regulators to confirm this.
While audits are anything but new, laws such as the Sarbanes-Oxley Act, coupled with a broader move toward insurers viewing risk across the enterprise, has raised their profiles among insurers. “SOX has resurrected the importance of audits,” says Phil Dayalu, director of IT for Indianapolis-based Kaplan Compliance Solutions.
Advertisement
Market conduct exams review how insurance companies and their representatives treat consumers in the marketplace and whether companies are following state insurance laws and regulations in underwriting, policyholder service, claims, marketing and sales, producer licensing, and complaint handling. States including Kansas, Pennsylvania, Wisconsin and California post the findings of their market conduct examinations on Web sites of their respective insurance departments.
TRANGRESSIONS
Those in the insurance industry tasked with managing this complex process are all too well aware of the importance of the examinations, and of the attendant fines and disruption of business that can accompany transgressions.
Indianapolis-based Conseco Inc. certainly doesn’t need much reminding. In May, the life, health and annuities products provider reached a settlement with state insurance regulators and agreed to pay a $2.3 million fine to settle charges stemming from market conduct audits. The settlement was initiated by a multi- state market conduct examination led by Pennsylvania, Illinois, Indiana, Texas and Florida and related to long-term care claims practices and procedures, complaint handling, and sales and marketing practices at two of its insurance subsidiaries: Conseco Senior Health Insurance (CSHI) Co. and Bankers Life and Casualty Co.
As part of the deal, Conseco agreed to implement a state-monitored process improvement plan designed to achieve performance standards in claims and complaint processing and to invest $26 million on systems enhancements. “We’ve been diligently working toward best-in-class service through the process improvement and enhancement program we implemented in 2007, and are already seeing meaningful results in claims and complaint handling,” says Conseco CEO Jim Prieur.
HAYSTACKS
The need for capital improvements in order to meet market conduct requirements isn’t surprising considering that carriers have limited resources available for non-revenue producing functions. However, it is far from certain that a market conduct issue can be ameliorated with a quick technological fix. Although technology can greatly aid in these matters, it can’t do so alone and, accordingly, human knowledge—both historical and operational — is a necessity, says Kathy Donovan, manager of government relations for Minneapolis-based Wolters Kluwer Financial Services insurance compliance solutions group.
“Pure technology can serve as a vehicle for notification, but you need human analysis — you can’t have one without the other and have a successful system,” she says. “Someone has to ask: Is this something we need to push out to the field office, or what does the state expect?”
Another primary challenge for insurers is making sure that they are getting all the information about regulatory changes, Donovan says. Indeed, many statutes are constantly being revised in many states. Carriers operating on a regional or national basis need to keep abreast of the changes in every state in which they do business.
While knowing about changes is important, it may only be half the battle. Not every change is germane to every carrier, or every line of business within a carrier. Therefore, carriers need to sift through the reams of statutes and regulations and then prioritize the ones that affect their operations.
“There is just so much out there in terms of regulatory changes that insurers need to clearly identify the ones to which they need to pay attention,” Donovan says.
Moreover, even after the important needle of change is gleaned from the proverbial haystack, the question becomes what to do with it. Getting the information to the appropriate stakeholders with the organization is paramount.
AUDITS FOR ALL
One way to mitigate the risks and costs inherent with market conduct exams is to perform self-audits. There are applications available, such as the NILS INSource market conduct exam module from Wolters Kluwer, which alerts users to requirements singled out by state examiners in one or all jurisdictions, and links to past state market conduct criticisms relating to the requirements.
Carriers need to make sure that the changes required by those statutes are actually being implemented, and they need to prove it. Donovan says carriers should have a system in place that makes them confident that when they disseminate information to a functional area, they are doing so correctly. “Not only do they need to be in compliance, but they also need a tracking framework,” she says. “So, when a market conduct exam is called by one of the states and the examiners come in, they can demonstrate that they have their processes in place.”
There are other types of audits carriers can undergo to help gauge their progress. One is the SAS 70 Type II audit, which assesses the operational effectiveness of internal controls within service organizations. “With a Type I audit, you have an audit firm come in and look at procedures and that confirm that you have them in place and customer data is being handled properly,” says Dayalu. “Type II takes it a step further and tests all the controls that you have in place.”
Having a third-party auditor attest that they are doing things correctly gives insurers the confidence that not only do they have the correct policies and procedures in place, but they also have been tested, he says. To illustrate just how exacting the audits can be, Dayalu notes one metric involves whether the “lock out” screensaver on the desktop computer of someone being tested functions appropriately. “(Auditors) will actually sit there and time it,” he says. “If it locks, you’re fine, if it doesn’t, you get a qualification for it. They are very detailed and very stringent about the testing.”
For more information on related topics, visit the following channels:
