Uncategorized

Hurricane season kicks off in June, so it’s time for the insurance industry to have one last review of your operations to ensure you are ready. During this time of year, your company’s hurricane risk management plan should include the usual preparations, such as having a staffing strategy to manage an increasing number of claims, shoring up your business continuity plan and having a supply chain plan to keep business running smoothly.
However, hurricane season serves another valuable purpose. It’s a good reminder to take the time to monitor your insurance programs.
Here is your checklist to ensure that your programs are adequately prepared for the season and well into the foreseeable future.

☑ Monitor your program experience

Evaluate your rate adequacy to determine if you are starting the season at the most appropriate rate.  Using your company experience and making rate filing adjustments now ensures you have the right pricing strategy before a natural disaster may strike.

☑ Check your competition

Keep an eye on your competition to ensure that your program is priced in line with the market. If your competitors are segmenting their business or using cutting-edge InsurTech to refine their pricing, and you have an older rating structure in place, an update to your rating algorithm may be necessary to prevent adverse selection. If your staff is not equipped to take on an extensive review of your competitors, an outside insurance support services provider can create a comprehensive assessment of where you stand in relationship to your competition. Equipped with this insight, you can take action quickly.

☑ Use new data fields to your advantage

The more granular your information on a property or region, the better. Today’s technological advancements enable pricing a risk based on many key factors, including elevation, surrounding building types, and a property’s proximity to water bodies. Take advantage of InsurTech data advancements to ensure your pricing structure is appropriately matched to risk. Adding new rating variables needs careful review for possible correlations with your current rating plan. Use outside insurance support services to provide actuarial support and predictive analytics when incorporating new data fields in your rating algorithm.

☑ Contract outside experts to evaluate your programs

Hurricane season may bring an increase in workload across the board. Many internal teams simply won’t have the capacity to evaluate your programs. This is where insurance support services consultants can help. Industry expertise, coupled with a focus on your data, delivers a fresh perspective on pricing adequacy. By monitoring your program in all areas (underwriting, rating, and competition), an outside consulting firm can help evaluate your products and alert you to any concerns before you become sidetracked by other issues.

☑ Pay close attention to your mix of business

Close monitoring of your insurance program’s mix of business is an insurance industry best practice. Competitor rate activity may have an unintentional impact on your program’s in-force business. Underwriting changes may add risk to your pricing strategy or result in shifts in your target market. Be prepared at this time of year to have an understanding of your exposure to risk.
Think of hurricane season as “spring cleaning time” for insurance companies. Though you already have a risk management plan in place in case a hurricane makes landfall, it’s important to take a step back and review the rate adequacy of your program as well. Make sure you start the season with adequate rates, keep an eye on your competition, and price your programs using the best segmentation and most competitive rates.

If you need help with any aspect of your program monitoring, call Perr&Knight.

I firmly believe that any man’s finest hour, the greatest fulfillment of all that he holds dear, is that moment when he has worked his heart out in a good cause and lies exhausted on the field of battle – victorious. – Vince Lombardi

I have just gleaned a remarkable bit of wisdom from Joe, a regional manager at a paint manufacturer in Upstate New York.
Joe, via an enthusiastic  LinkedIn comment, has provided this pearl:
“Do what you love and you will never work a day in your life.”
If only I had met Joe 25 years ago, perhaps a large portion of my workday would not be spent frustrated, angry or otherwise agitated as I agonize over the otherwise intractable problems my clients face as I attempt to solve them – that thing I do for a living.
As an optimist, I get a kick out of cutesy sayings and embrace the benefits of positive thinking. Lord knows I’ve read more than my fair share of self help books. But these pithy bits of unsolicited advice are wearing thin. There is, to my mind, no greater sense of satisfaction to be derived than doing the hard work – work that you don’t necessarily love – to achieve something worthwhile, to make a difference. Imagine if we all had the luxury of simply doing what we love and not working a day in our lives? What would that even look like? Anyone remember Caligula? How much wine can I drink, anyway?
I have a famous friend, a Hollywood honcho, who, among many other things, has produced feature films, managed the careers of A-list celebrities and written for one of the biggest TV shows of the past 20 years. I marvel as I watch him traipse across various red carpets, smile for cameras, earn millions – many millions – of dollars. I’ve listened intently on many occasions as he’s regaled me with tales of travels to St Tropez, development deals with HBO, rubbing elbows with everyone from Brad and Angelina to Gary Busey.
Dream job, right?
Sharing a drink in Santa Monica one evening, Steve (that’s his real name) lamented the difficulty of eking out a weekly script to keep the characters fresh on the television series he wrote and produced. He seemed nearly in tears as he described the process of crafting and editing line after line, word by word, to arrive at the finished product.  “I hate it I hate it I hate it! – It’s so hard!”
Then comes the production. The actors have to learn those lines and deliver them in a way that resonates with the writer’s intent. The early mornings and late nights getting the finished product “in the can” eliminate any sense of normalcy during the thirteen-week season. Location travel. Interviews. Writing. Re-writing. Shooting. Editing. To complete just a single show, the sacrifices are enormous. And that cycle is repeated for every episode. And every season.
But does Steve love what he does? You bet. His name rolls past on black credit-screens for an increasing number of movies and television shows. The high – the feeling of satisfaction seeing the end product nicely wrapped and well-received by an adoring public – is without equal. But I can tell you with some authority that Steve works his ass off.
The very thought that doing what you love doesn’t involve work is, well, just silly. In fact, I’d suggest the reality is that when you actually do something you love, you’re willing to work extra hard at it. You’ll put in the long hours. You’ll discipline yourself and remain committed to the pursuit of excellence.
So, Joe, thanks for that bit of advice. But I have to heartily disagree. The statement is just too simplistic. Too idealistic. It smacks of Quixotic hope, not reality. And if you’ll allow me to reciprocate, I’d suggest you adjust your trite to read thusly: Work harder than you imagine you could, committed to a cause greater than yourself, then stand back in awe as you fall in love with the finished product, amazed at what you can actually accomplish.

Foreword
Issues related to Operations have surely become increasingly more crucial in recent years for every insurance company. Even though no insurance manager can presumably deny this statement, there is a worrying lack of analysis and research about the actual state of Operations in the Italian insurance industry. (It is astonishing to find no books about this topic when visiting a bookshop in Italy). This situation is further worsened by the uncertain boundaries of this function, since Operations related activities are delivered in several Departments, including Sales, Business Lines (Underwriting), Operations and Claims.

So, while in manufacturing the concept, and as such the scope, of Operations is quite clear cut, it is difficult to say the same in the insurance world. In fact, there are at least 3 different scopes assigned to this function in Italian insurance companies.
In a strict view, Operations is only in charge of policy administration, which includes activities related to the issuance of policy documentation and endorsements and the booking of premiums (both new and renewal premiums. Other tasks, theoretically under the roof of Operations, are subdivided between Sales (Customer Service), Underwriting and Claims. Unfortunately, this is still the most common organizational chart in Italian insurance companies.
In an ideal world, all of these tasks (previously pictured in any color except grey) should be led by Operations. In this wide approach, Operations should include customer service at the start (whenever the customer applies for an insurance coverage, or the broker asks for a quotation),at the end of the value chain (when the same customer/broker submits a claim), and a portion of underwriting and claims (so called “fast track-underwriting” and “fast-track-claims”).
Some intermediate choices are possible, of course, whereby for example Operations includes customer service but not fast track underwriting.

*                *               *

This survey was conducted in 2011-2012 by sending a detailed questionnaire to the Operations Directors of the main Italian insurance companies. It is an attempt to fix a lack of information and provide researchers, managers, consultants, and any other practitioners interested in Operations Management with critical elements of knowledge about Insurance Operations in Italy.
Objectives and Assumptions
The aim of this research is self-explanatory – that is, to identify the current state of Operations in Italian insurance companies. This search has, of course, been oriented by some specific assumptions, which have heavily impacted the objectivity of this work.
The first assumption affects the scope of the analysis, which regards every insurance company, regardless of size (large/small), geographical presence (multinational/local), business line (life/non life), or reach of business area (niche/general), due the early stage of the Operations research.
The second assumption considers Operations as a set of business processes which directly support and enable the effective implementation of the strategy of the insurance company. As such, any assessment of the Operations Department is strictly dependant on the company’s strategic landscape.
The third premise views the components of Operations as a business system subdivided into a structure (static component), a process (dynamic component) and some supporting tools (reporting).These three elements have to be synchronized to attain the best results.
Ultimately, this search takes into consideration the existence of some conditions which are external to the Operations Department but inside the insurance company which highly impact the overall level of operational performance.
On the basis of the above mentioned assumptions, the questionnaire used to gather data has been structured as follows:

• Strategic Landscape;
• Features of the Operations Department;
• Strategy, Planning and Control of the Operations;
• Operational Reporting;
• External Success Conditions;
• Operations Department Role (assumed and perceived).

Strategic Landscape
The wide-reaching strategic landscape where the Operations Department acts has been investigated by asking for:

• the performance influencing factors;
• the actually implemented strategies.

The answers to the first question have shown a correct awareness about the relevance of customer service (ranked first among the factors), followed by excellence in business processes. Immediately after these two factors, the respondents mention the traditional performance determinants of the insurance companies (underwriting quality and claims’ trend). Less decisive – but still ranked in the upper section – are product and process innovation. Operations Directors have not determined that (excessive) regulation (for example, Solvency II) or labor cost are as important for their company’s performance.

Notwithstanding this proactive attitude about the performance influencing factors, the strategies actually followed so far don’t seem fully consistent with this view since the most popular strategy has been organizational change/restructuring, followed by investment in IT systems and cost reduction, while investment in distribution channels and sales/marketing ranked only 5th and 6th respectively. The investment in IT systems (ranked 2nd) is very significant, of course, however it is quite worrying that business processes improvement ranks lower since this enables the full exploitation of IT investments.

Features of the Operations Department
The Operations Department is a well consolidated function in insurance companies, since about 70% of companies confirm that the department is more than 5 years old and that this Department’s staff is composed of at least 10 employees. In this comfortable panorama there are still a small but not negligible number of companies (8%) where an Operations Department does not yet exist.

Regarding organization, the Operations Department position is located immediately under the General Manager/Country Manager in two thirds of the companies.

It is often united in the same department with IT, and less frequently with the Underwriting.

It seems that Operations Departments are not well articulated internally, which could confirm the low specialization level of its resources.

Strategy, Planning and Control of Operations
The strategies followed in the Operations Department seem consistent to the perceptions of the main factors influencing the performance of the insurance company, since response time, service affordability, customer assistance and quality have been mentioned by the Operations Directors as the key strategic priorities.
Quite surprisingly, cost has a medium relevance, while customization and agility in product/service offerings have not been reported among the most important objectives.

The Operations Department is fully involved in the planning process and the company’s budget includes a section devoted to Operations.

Unfortunately, the targets assigned to Operations seem generic, since the operational metrics are not included in the budget in more than 60% of the companies.

Regarding control, the most sophisticated type (steering control) is cited as the most spread (more than three fourths of the companies have it), but 15% of the respondents declare not to have an Operations Plan.

In general, the culture of Operations (in terms of value) has a very limited impact on the other responsibility units of the insurance companies, since the performance evaluation process of these units simply doesn’t take into consideration their operational performance.

Operational Reporting
In spite of the absence of operational metrics in the budgeting plan, the introduction of operational metrics on a periodic basis is quite common in Italian insurance companies.

The key business processes are measured in almost half of the companies and (quite unbelievably) 15% of the insurers yet don’t measure their processes.

The most popular measurement objects affect backlog and cost. Less widespread are the indicators regarding cycle time and productivity. This potentially disproportionate focus on backlog could be attributed to an excessive fragmentation of business processes and IT systems.

The strong interest in operational measurement just mentioned does not imply for the time being the adoption of reliable and sophisticated tools, since the Excel spreadsheet is still the most popularly used software.

Needless to say, activity based costing is not used by 85% of the respondents, which makes impossible any determinate link between traditional financial and operational metrics according to a balance scorecard’s approach.

External Success Conditions
The actual success of the Operations Department is strongly influenced by the existence of some conditions outside of the Operations Department, but inside the insurance company, related to:

• medium term perspective;
• operational performance assessment in staff evaluation;
• business process management;
• relationships between financial control and operational indicators.

Regarding the first condition, the survey states that the short term horizon is absolutely dominant (62% of the companies don’t have a multi-year Operations planning) and even a significant portion (15% of the total) of the insurers which, apparently, have a medium/long range planning for the Operations, since they state to have a formalized plan, actually do not have a formalized planning, which means that their long range planning is not significant and their behavior is strictly tactical, being influenced by the top management’s needs in a precise time.

The importance of Operations is, of course, determined by the use of the operational indicators in the Human Resource Management: it seems that staff assessments are weakly related to the staffs’ operational performance.

The third influencing factor – the existence of effective business process management – is certainly the most crucial. The answers to the survey evidence that BPM is still in an early stage in the Italian insurance companies: while the process mapping is adopted in every company, it does not mean that a BPM is actually in place, since in about 80% of the insurers the business processes are not reviewed by each business owner in a systematic way, but only in case some particular events occur (for example, top management change or crisis).

Ultimately, Operational Reporting is highly integrated into the wider Company Reporting in only less than a fourth of the interviewed sample.

Role of the Operations Department
The last questions of the questionnaire deal with the role of Operations as perceived by other Insurance Managers.
The analysis of the answers seems to indicate that Operations Directors may not be fully aware of his significance for the success of his company (Question 26), while the other members of the top management team are more prone (at least apparently) to assign an expanded role to Operations (Question 27).

Findings & Conclusions
The Operations Department currently acts in a problematic environment, between the absolute need to improve customer service and to strongly monitor and reduce costs. In such a situation it could happen that the choices and decisions of the Operations Director are loose or inconsistent, even though some research about the most successful insurers demonstrate that improved customer service and cost reduction are not necessarily conflicting objectives, provided that the insurance company is able to do more (customer service) with less (human and IT resources), which absolutely requires not only the avoidance of fragmentation in processes and IT systems, but also to centralize some functions, like back office and IT.
Operations represent a fully recognized portion of the Insurance Company budget, however significant improvements are needed in specifying their objectives, in order to influence effectively their behaviors, and in measuring them; a long way is still to come about this point.
Fortunately, a spontaneous use of operational metrics is spreading in the insurance companies, even though the tools adopted so far are not sophisticated enough to ensure a reliable measurement, which negatively impacts the acceptance of these indicators in the company’s other departments.
Business process management is certainly the most powerful enabler of Operations management, since it promotes the operational mindset, that is a correct orientation towards tangible results. As such, it is not surprising that the typical values and culture of Operations are not widespread in the company, and that the same CEO is in any case not involved enough in Operations Strategy Development.
Despite all these weaknesses, it is reasonable to believe that the pressures from the environment and the strong awareness about the cruciality of Operations will make this function one of the key success factors of the most profitable and growing insurance companies in Italy.

*                *               *

Everybody is fully aware that the Italian insurance business is not adequately developed, as reported by the low level of Premium to GDP ratio (around 7% is the value of total insurance premium on GDP ratio, compared to about 10% in France and 9% in EU15), particularly in non life non auto segment (auto insurance is compulsory, of course, as such its size in Italy – around 1,3% – is quite comparable to other European countries,), while the life insurance in Italy has some but less room for development (its premium on GDP ratio amounts to 4,7%, as opposed to 3,2% in Germany, 6,2% in France and 9% in UK).

The deep reasons for this underdevelopment are not easy to deal with, since they stem from: a) the low level of insurance culture among Italians, b) the high weight of welfare state, destined for a profound slash in the medium term and c) the peculiar structure of the manufacturing industry, where small and medium enterprises predominate. However, some of the most important constraints to the growth of the insurance business that include:

• the very low level of customer satisfaction;
• the complexity of the insurance products (usually, very expensive insurance coverage, quite difficult to assess and appreciable by the client, particularly in case of SME);
• the high level of administrative costs incurred by the insurance agencies (about 82% of premiums is channeled by agencies in non life insurance), which reduces the time devoted to sales

can be successfully overcome by improving the effectiveness and scope of Operations ,by spreading its culture, and by achieving business process excellence through the use of BPM and other process-related techniques, such as Six Sigma or Lean Production.

Angelo Minafra is the Head of Operations at AIG United Guaranty Italy. He can be reached for comment at angelo.minafra@yahoo.com.

Introduction

Insurance is defined as a “system to make large financial losses more affordable by pooling the risks of many individuals and business entities and transferring them to an insurance company or other large group in return for a premium.”[1]  A multitude of sources not only define insurance terminology but provide educational opportunities as well.  However, the business of insurance is generally poorly understood by those who do not work directly within the industry.

Consider, for example, a new consumer’s perspective of establishing a new relationship with a company for auto or homeowners insurance.  Many first-time buyers of personal insurance are in their late teens or early twenties.  They know that in order to drive off the lot or to get through closing, they need a policy and in some cases, this may be all that they know.[2]

Determining whether to accept a new customer is part of underwriting.  The underwriting process is designed to ensure that the expected financial risk to the company as presented by new customers does not exceed the price of the policy.  Once a policy offer by the company is accepted by the applicant, the relationship between the insured and company is governed by the contract issued by the company to the insured.  Multiple decision points exist throughout the initial and renewing policy terms to ensure that the risk originally accepted remains acceptable to the company, and if not, that appropriate underwriting action be taken.

The complexities in the underwriting process of the personal lines insurance industry are to a great extent based upon the contract and compliance with various categories of laws.  The affects of legal requirements as they apply to insurance consumers are found throughout all decision points of the underwriting process, which is first presented from the contractual perspective to serve as a comparison to the changes made to be legally compliant.

U.S. P&C Personal Lines Insurance Underwriting Process – Contractual Perspective
The life cycle of the underwriting process includes these steps:

1. An applicant requests a quotation or a policy.
2. When the risk is not acceptable, the agent or a company underwriter would so advise the applicant and the process would stop.  Until a policy has been issued, the company has no contractual obligations towards the applicant.  The risk may become acceptable if the applicant accepts a premium increase by:

a.     application of a surcharge

b.    placement in a higher rating tier

c.     placement in an underwriting company with a higher rating structure as compared to the company that received the applicant’s request, or

d.    partial acceptance of the coverage request.  For example, if an applicant requested towing coverage for a vehicle for which several towing claims were recently made, the policy may be acceptable so long towing coverage was not included for that particular vehicle.

These four decisions are types of an “adverse underwriting decision”, which refers to any decision in which the consumer is told “no” in any fashion.  “No, we won’t offer you a lower price” is why a surcharge or placement in a higher rated tier or company is adverse.  “No, we won’t offer everything you requested” is a restriction of requested coverage, and “No, we won’t offer a policy to you” is a refusal to issue.

3. When the risk is acceptable or made acceptable, the application will be rated, a quotation provided, and an offer to insure is made.  The offer may be good for a short time, perhaps a week.  Should the applicant not request coverage during this time, the underwriter may flag the file to follow-up with the applicant shortly before a competitor’s policy would expire (“x”-date follow-up) six or 12 months in the future.  When the applicant accepts an offer to insure, a policy will be issued.
4. By contract, a newly issued policy may be cancelled within a specified period of 30-60 days from the inception date.  Companies want to retain newly acquired business but reserve the right to cancel should additional information be received which, if known before offering to insure would have resulted in the offer not being made.  Cancelling a policy for underwriting reasons is another type of adverse underwriting decision. When an applicant did not fully disclose the driving record of all drivers to be rated on the policy, the underwriter may elect to cancel the policy rather than continue.  Or the policy may be acceptable if the insured agrees to an increased premium or a coverage restriction.  By contract the insurance company must send a written notice to the insured which conforms to contractual provisions when making an adverse underwriting decision.
5. The insured is contractually obligated to make timely and adequate premium payments to maintain the policy.  When adequate and timely payments are received by the company, the policy will continue. Otherwise, the policy would be cancelled based upon the contractual provisions regarding cancellation for nonpayment of premium.
6. Insureds have the right to request cancellation of the policy at any time.  When an insured requests cancellation and the risk is acceptable to the company, the company may attempt to keep the insured as a customer.  If successful, the policy will continue and if not successful, the company will cancel the policy and may set an “x”-date follow-up.
7. Insureds may requests policy adjustments during the policy term.  When there are no underwriting concerns with the policy or the request, adjustments will be made as part of routine servicing of the policy.  Also during the policy period, the company’s claim department may provide information about the insured or the insured property to the underwriting department.  If the information forwarded by the claim department is not judged to materially change the risk, the information would be noted in the file but no further actions would be taken. An underwriter will review requests to adjust the policy and information provided by the claim department.  When the characteristics of the policy, the adjustment request, or the information from the claim department is not acceptable to the underwriter, a review of the contract takes place to determine if an adverse underwriting action may be taken.  If permitted by contract, the underwriter may elect to send an adverse underwriting notice at that time.  If the risk is not acceptable but the contract does not permit action at that time, any changes requested by the insured may still be made.
8. The last type of adverse underwriting decision to be discussed is not renewing a policy, which is contractually permitted so long as sufficient notice is given to the insured.  Before the expiration date of the policy, a review of the policy for continued acceptability will be made.  When it is determined that the policy is no longer acceptable as written, written notice of nonrenewal, adverse modification, surcharge, tier placement, or company placement needs to be sent to fulfill the contract.  If the policy is continued, either as is or after certain adverse underwriting decisions, it is rated and a renewal offer is sent to the insured.

The underwriting process starting at step 5 then repeats until the policy is terminated, either by the customer or the company.  The link below is a graphical illustration of this entire cycle.
Figure 1 – Underwriting Process – Contractual Perspective
The effects of complying with the major categories of laws on the underwriting process follow.

U.S. P&C Personal Lines Insurance Underwriting Process – Contractual and Compliance Perspective

The contractual perspective of the underwriting perspective is simple when compared to the changes required to comply with federal and state laws that affect the business of insurance.[3]  Federal laws generally apply to entire industries or identified activities.  These two federal laws have a significant impact on the personal lines underwriting process.[4]

1. U.S. economic sanctions, administered by the U.S. Treasury’s Office of Foreign Assets Control (OFAC).  The emphasis on compliance with OFAC sanctions increased greatly following the terrorist attacks of September 11, 2001 on U.S. soil.  OFAC regulations affect the underwriting process by prohibiting financial transactions with individuals named on government sanction lists.
2. The Fair Credit Reporting Act, as administered by the Federal Trade Commission.  The FCRA, enacted in 1970 and last amended in 2010, affects the underwriting process when consumer reports are used in the underwriting process.

Each state has unique requirements but the focus here is on laws that are common to most states (with two exceptions).  To further narrow the focus, the illustration is limited to personal auto insurance although it would generally apply to all personal lines policy types.

The categories of state laws that significantly affect the underwriting of personal auto insurance are:

1. Generalized rating and service laws, referring to requirements that affect how a risk is rated or how service to the applicant/insured is provided.  Many of these requirements are derived from the National Association of Insurance Commissioner’s (NAIC) Model Act 880 – the Unfair Trade Practices Act. Introduced by the NAIC in 1947, the Act prohibits unfair discrimination between similar risks and offers other protections.  All states have adopted this model act, at least in part.[5]
2. Underwriting, referring to the initial determination of risk acceptability and continued acceptability.  All jurisdictions regulate adverse underwriting decisions of auto insurance, although the specific application varies (as to how restrictive or permissive the law is, the number of days notice required, type of mailing, etc.). 
3. Privacy and Underwriting combined, based on the 1980 NAIC Insurance Information and Privacy Protection Act, Model 670, and applied to P&C insurance by 13 states.[6]  The Act requires that insurers notify consumer of privacy rights and specific notices associated with adverse underwriting decisions.
4. Privacy based on the state insurance privacy laws required by the Gramm-Leach Bliley Act (GLBA) of 1999.  Forty states used NAIC Model Act 672, the Privacy of Consumer Financial and Health Information Regulation.[7]  The Act requires that insurers notify consumers of privacy rights and to take certain actions based on choices made by consumers.
5. Residual market or assigned risk plans provide basic insurance coverages for applicants who cannot obtain coverage in the voluntary market.  All locations have some variation of a residual market.[8]  Two states (New Hampshire and North Carolina) have reinsurance facilities which require insurers to service risks that the insurer would not voluntarily provide coverage for while the state is the reinsurer.  Both states also have “take-all-comer” requirements – an insurer must accept an applicant and cannot terminate coverage for underwriting reasons.

How these laws affect underwriting is discussed in general terms.  The affects of each unique state law have their own complexities in procedures, notices, training, etc., and the specific details of each requirement are intentionally undeveloped.  The color key below identifies these laws throughout the various steps of the underwriting process.
How these categories of laws affect underwriting is presented in a time sequence begining with a new applicant requesting a policy and ending with the policy being renewed.  All of the individual sequences are part of the underwriting process and are used as to graphically display the entire process with the color coding above.  The first category to discuss is economic sanctions.

U.S. Economic Sanctions (OFAC) Compliance – Confirming Consumers Are Not Sanctioned on U.S. Government Lists

This process starts when an applicant contacts an insurer, or an agent of the insurer, and requests a quotation for a policy.  From the insurer’s perspective, applicant means someone who:

• has not had a previous relationship with the insurer,
• obtained quotations or insurance with the company in the past but presently does not have any active business, or
• an active policyholder who is requesting a quotation for a new policy.

The U.S. Treasury, through its Office of Foreign Assets Control (OFAC), requires all American citizens and businesses to confirm that all persons they do business with are not named on government lists of sanctioned individuals.  This may be done by collecting from applicants the same information that appears on the government lists:  name, date of birth, address, Social Security Number (SSN), and the number and issuing country for a passport.  This information would then be used to screen the applicants against the lists.

All U.S. citizens are required to have a SSN.  Some but not all non-U.S. residents of the United States have been issued Social Security Numbers.[9]  Simple collection of the SSN of all applicants having a SSN will not necessarily lead to compliance with OFAC requirements.  Validation edits in the SSN field to prevent collection and reliance on duplicate numbers, invalid numbers, or number combinations that have not or will not be issued are needed[10].  If the applicant is not a U.S. citizen and does not have a SSN, then the passport information should be obtained to screen against the government lists.

When after screening there is a positive match, then financial transactions between the insurer and applicant is prohibited unless a license is obtained from OFAC before proceeding with the transaction.  Declining a risk is typically an underwriting function; however, according to OFAC, a declination in this case would be based on an Executive Order addressing foreign affairs which preempts state insurance laws.[11]
Figure 3 is a picture of the underwriting process with respect to an applicant requesting a quotation for a policy and compliance with OFAC requirements.
Consumer Report Compliance

Once it is determined that an applicant and all other prospective insureds are not sanctioned by OFAC, or if sanctioned but a license was obtained from OFAC, the next process is determining if a consumer report will be used to underwrite the policy.  Typical examples of the types of consumer reports used in personal lines insurance are investigative consumer reports, insurance scores, motor vehicle reports (MVR), and loss history reports (often generically referred to as a C.L.U.E. report, or Comprehensive Loss Underwriting Exchange).  Two laws affecting privacy, rating, and underwriting need to be addressed.

The Insurance Information and Privacy Protection Act (IIPPA) requires that before personal information about a consumer is obtained from a source other than the consumer or a public database that the insurer is to apprise the consumer of rights available under the act.  To comply with this requirement for applicants who do business over the phone when a consumer report will be ordered, a verbal scripting of these rights is required.  The Fair Credit Reporting Act permits insurance companies to obtain a consumer report when the report will be used in the underwriting process with an individual consumer.
The next phase of the underwriting process is determining if the risk is acceptable.

Quoting and Risk Acceptability and Adverse Underwriting Decision Compliance

The same three outcomes when determining acceptability exist:  acceptable as is, acceptable with modifications, or not acceptable.  The first two outcomes result in the risk being rated.  The last two outcomes require written notice of an adverse underwriting decision.

Two states require insurers to offer auto liability insurance to all who request it because such coverage is mandatory (often called a “take-all-comer” (TAC) requirement).  Insurers may not refuse a TAC under state law.  However, OFAC has issued an opinion that an insurer must refuse to write any request for insurance from for anyone on a sanction list or to obtain a license from OFAC before writing the policy.  The Fair Credit Reporting Act requires notice when the adverse underwriting decision is made, in whole or in part, upon information contained in a consumer report received from a consumer reporting agency.  IIPPA requires notice when the adverse decision is made regardless of whether a consumer report was relied upon.  The wording of an adverse underwriting notice is dependent upon:

•  whether the individual consumer is named on an OFAC list
•  the type of policy
• whether a consumer report was used
• where the consumer resides
• provisions of the state’s version of the Unfair Trade Practices Act and any other applicable state laws, and
• the contract between the insured and the insurance company.

When a quotation is provided and an offer to insure is made, the consumer will decide to accept the offer or not.  When the offer is not accepted, many insurers will follow-up.  When the consumer ultimately agrees, it may be necessary to order consumer reports.
Figure 5 shows how all this fits together.
If a request is made to issue the policy, then determining which written privacy notice or notices must be sent needs to be determined next.

Consumer Privacy Notice Compliance and Adverse Underwriting Decision Compliance

Insurers send consumers a privacy notice to comply with the requirements of the Gramm-Leach-Bliley Act (GLBA) privacy provisions.  IIPPA has separate privacy provisions than those of the GLBA.  In an IIPPA location, the consumer will receive both the GLBA and IIPPA privacy notices if the insurer does not voluntarily extend IIPPA privacy rights to consumers outside of IIPPA states.

GLBA requires the notice be given to all new consumers and then annually thereafter.  However, it would not be necessary to send an additional GLBA notice to an existing consumer.  IIPPA requires the notice to be provided with each new policy and also at least annually with renewal policies.

While a company may simply provide the GLBA notice with every new policy, there are consequences to doing so.  There is an expense associated with printing, paper, postage, etc.  More practically, a company may not legally alter its data sharing practices without having first notified all affected consumers.  This means that if the company relies on its annual GLBA notice, it could time changes to when the mass mailing is sent.  If, however, the company routinely sends a GLBA notice, then it would have to send an off-cycle notice, thereby changing the date of the mass mailing.  From a consumer perspective, there could be several notices received in the mail addressing privacy matters.
Once the privacy notice process is complete, the company enters into the initial underwriting period in which it may re-assess its risk decision.
Initial Underwriting Period Risk Acceptability and Adverse Underwriting Decision Compliance

Some companies avoid the expense of consumer reports when preparing a quotation.  If the applicant decides not to buy a policy, this expense is not incurred.  Most locations allow insurers a set amount of time, typically 45 or 60 days, in which to evaluate its risk decision.  For insurers that wait to order consumer reports until after a policy has been issued, the company evaluates the information provided by the consumer report and determines if the risk is acceptable.  The outcomes are the same as before:  acceptable as is, acceptable with modifications, or not acceptable.  Once again, the first two outcomes result in the risk being rated.  The last two outcomes require written notice of an adverse underwriting decision.

When the policy is continued, either as is or following an adverse underwriting decision, the insured is contractually obligated to make timely and adequate premium payments to maintain the policy.  This is a continual process occurs which occurs throughout the life of the policy.  When appropriate amounts are timely received by the company, the policy will continue.  Otherwise, the policy would be cancelled in accordance with the contractual provisions regarding cancellation for nonpayment of premium.
The next process, which is also continuous, encompasses insured’s requests to cancel the policy, making decisions regarding consumer requests for policy changes and/or communication from the company’s Claims Department that may be made during the life of the policy.

Consumer Requests (Policy Cancellation or Policy Adjustments), Claims Department Communications, and Adverse Underwriting Decision Compliance

An insured may request to cancel the policy at any time during the policy term.  If the company’s experience with this consumer is favorable, the company may attempt to change the insured’s decision.  If this effort is favorable, then the policy is allowed to continue.  If not, then the policy is cancelled and any unearned premium must be timely returned.  If the company’s experience is not favorable, then the request would likely be fulfilled without any further action or follow-up.  Also throughout the life of the policy, the insured may make requests or the company’s claims department may send notices to the underwriting department.  The request or the information provided has to be evaluated, after which it may be determined that request or information means the risk is acceptable as is, acceptable with modifications, or not acceptable.

The first two outcomes result in the risk being rated.  The last two outcomes require written notice of an adverse underwriting decision, if the laws of that jurisdiction permit sending notice at this time.
If the policy is continued, the next process is the review of the risk to determine continued acceptability before the company agrees to renew the policy.
Periodic OFAC Compliance, Renewal Risk Acceptability and Adverse Underwriting Decision Compliance
Periodically, OFAC expects that businesses check the government lists again to validate that there are no matches.  This may be done as often as determined by the company to be prudent, but it is likely done before a policy renews or paying a claim.  Renewal risk reviews are usually completed by insurers before each policy renewal, regardless of the periodic OFAC review.  Insurers typically check all insureds’ experience with the company.  Unfavorable factors, such as a poor payment or loss history are considered.  If it is decided to obtain a consumer report, it may be necessary to provide the appropriate notifications before doing so.

If a consumer report is obtained, it must be evaluated with sufficient time to send a notice of adverse underwriting, if that is the ultimate decision.  Any information provided by the company’s claims department is evaluated during this review also.  Once again, the outcome of the evaluation is acceptable as is, acceptable with modifications, or not acceptable.
The first two outcomes result in the risk being rated for an offer to renew the policy.  The last two outcomes require written notice of an adverse underwriting decision, if it is permitted to send notice at this time.
If the policy is continued, it is then rated and renewed.
The final process is determining which privacy notices to send with the offer to renew the policy.

Renewal Consumer Privacy Notice Compliance

As previously noted, if the GLBA notice was already sent within the past year, it is not necessary to send it for the renewal of this policy.  However, the IIPPA notice must be sent with the policy at least annually.

From here, the cycle continues throughout the life of the policy. While this may not be the exact steps or sequence of steps that are followed from company to company, this presentation shows the essential processes and complexity of personal lines insurance underwriting.

The link below shows how all of these processes fit together into a cohesive flowchart.
Figure 10 – Underwriting Process – Contractual and Compliance Perspective
Summary
Most insurance consumers believe the business of insurance is difficult to comprehend, even though there are educational opportunities to learn more about insurance.  Insurers are bound by the contract issued to insureds and have incentive to maintain positive customer relationships in order to remain profitable.  When insurance companies do not abide by the contractual language or fail to comply with statutory requirements, the consequences to the company range from negligible to catastrophic.  Additionally, not only consumers but regulators, examiners and auditors, rating agencies, and courts expect insurers to comply with all applicable contractual provisions and regulations.
As demonstrated in the preceding graphs, insurance is made even less comprehensible to consumers and others outside the industry based on changes to processes necessitated to comply with the various laws that affect the business.  Although both consumers and companies would benefit from consumers being better informed, when considering the range of regulatory requirements above the contractual provisions, the insurance industry has limited opportunities to simplify its processes so that insurance consumers achieve a level of understanding with any significant depth.
Appendix A:  Major U.S. Federal Laws and General Affects on P&C Personal Lines Insurance Companies

Appendix B:  Insurance Information and Privacy Protection Act State Populations[12]

INTRODUCTION

REFERENCES

ENDNOTES

Joseph L. Wiest, CPCU, ARC, ACP, is a corporate compliance director of market conduct with a top ten P&C insurance group.  He is a graduate of the University of Nebraska, having earned a B.S. in business administration. Since 1984, he has been employed in the insurance industry, working 20 years for a major personal lines direct writer, holding positions in customer service, line underwriting, staff underwriting, and compliance.  He also served as the compliance officer of a nonstandard auto carrier for two years.  He has earned a business ethics certificate from Colorado State University in addition to nine other professional insurance designations.

Introduction
All businesses, including insurance companies, have a philosophy, or an ethical position, whether to comply or not comply with external requirements.  This article analyzes the processes of a compliance program in the context of the property and casualty insurance industry of the United States, from the perspective that a company’s philosophy is to comply with external requirements (laws), and that the company has an established and effective compliance program.  The processes within a compliance program are discussed in more detail below and are offered as a model of best practices.
A company’s philosophy is often stated in a corporate ethics policy which provides a general framework for the entire company.  The effectiveness of a company’s compliance program is largely dependent upon the given company’s philosophy.  A philosophy that is supportive of compliant practices gives these companies a competitive and profitability advantage over companies that do not have a supportive policy or an ineffective compliance program.
A compliance program, like any other program, is administered through its processes.  Beyond a supportive philosophy, the effectiveness of a compliance program is dependent upon processes within the program.
To ensure understanding, the terms listed below are used as follows:

• Compliance:  the act or process of conforming to a desire, demand, or proposal or to coercion, a disposition to yield to others¹
• Laws:  a rule of conduct or action prescribed or formally recognized as binding or enforced by a controlling authority² (includes laws, statutes, regulations, administrative codes, court rulings, and hearing decisions as issued by a governmental agency with jurisdictional authority)
• Program:  a plan or system under which action may be taken toward a goal³
• Process: a series of actions or operations conducing to an end⁴

The Processes of a Compliance Program
The goal of a company’s compliance program is to assist the company in meeting its financial goals by focusing on at least three separate processes.

1. Pre-compliance monitoring
2. Compliance implementation
3. Post-compliance validation

Pre-Compliance Monitoring
The pre-compliance monitoring process focuses on three areas:  the monitoring of governmental agencies for proposed new laws or changes to current laws; analyzing these proposals to determine likely affects on the business; and possible attempts to influence the proposal to a more favorable outcome.  This process necessarily concentrates on the three branches of the government.
Besides governmental agencies there are other external sources that may impose limits on businesses.  Additionally, a business may limit its actions though policies the company adopts.  Table 1 summarizes this information.

Table 1 – Sources of Limitations upon Business Processes

Laws are enacted by and enforced through the authority of the government; contracts by the signing parties; and policies by companies.  Since laws are enforceable by the government, laws are complied with.  Companies voluntarily agree to sign contracts and thus voluntarily agree to fulfill their obligations under the contract and expect all other parties to the contract to do the same.  Companies and employees agree to a mutual exchange of payment for work.  By accepting payment, the employee agrees to the terms of employment, which includes agreeing to follow company policies, and companies expect their employees to follow company policies.  With the compelling forces behind contracts and company policies being self-imposed (voluntary), the proper term to describe abiding with contracts and policies is adherence, not compliance.

Each of the sources of requirements upon businesses is explored next.
Regulatory Agencies. State governments are the primary regulators of the insurance industry in the United States, based upon U.S. federal law (the McCarran-Ferguson Act of 1945), which stipulates:

No Act of [the U.S.] Congress shall be construed to invalidate, impair, or supersede any law enacted by any State for the purpose of regulating the business of insurance, or which imposes a fee or tax upon such business, unless such Act specifically relates to the business of insurance:  Provided, That after June 30, 1948, the Act of July 2, 1890, as amended, known as the Sherman Act, and the Act of October 15, 1914, as amended, known as the Clayton Act, and the Act of September 26, 1914, known as the Federal Trade Commission Act, as amended (15 U.S.C. 41 et seq.), shall be applicable to the business of insurance to the extent that such business is not regulated by State Law.⁵

Although state insurance departments are the primary regulators, many other state and federal agencies also affect the industry.  For example, a state’s Department of Labor has regulations that affect all businesses that hire employees.  Specific to insurance, regulations from a state’s Department of Motor Vehicles address topics such as financial responsibility and auto insurance identification cards.  The Federal Trade Commission, through the Fair Credit Reporting Act, imposes requirements upon companies that use consumer reports to underwrite or rate business.  To remain compliant, companies should monitor for new and changes in existing laws from the federal government and all state agencies.
A regulatory agency’s authority is derived from a legislative statute, which often empowers the appropriate regulator to publish regulations to implement and administer the statute’s requirements.  Some jurisdictions grant regulators the authority to conduct administrative hearings, which enable regulators to issue binding decisions without a formal court proceeding.
Legislative Actions. Some laws apply to all but exempted businesses.  Examples include income taxes, employee safety and payroll laws, and medical information privacy.  All companies are subject to income taxes unless exempted under the law.  All businesses that employ more than a specified number of employees must abide by employee safety and payroll laws.  Before an individual’s health information is obtained, medical care providers and the requesting party must abide by the privacy requirements of the Health Insurance Portability and Accountability Act (HIPAA).
Some laws apply only to a specific activity, such as the business of insurance.  Although most state statutes that affect an insurance company’s operations are grouped together in a state’s insurance code, some statutes that affect operational activities appear outside of the insurance code.  Insurers writing homeowners insurance need to know about statutes often categorized as family law for risks related to a daycare business in the home.  Insurers writing auto insurance need to review the motor vehicle or traffic code for laws about driver’s licenses and other topics.  A comprehensive review of all of the various codes is needed to identify all statues that affect the business of insurance.
In addition to legislation, another method of laws being enacted is ballot propositions which are approved in elections.  Twenty-seven states allow propositions to be placed on ballots in a variety of forms, including through the collection of voters’ signatures or directly by an elected legislature.⁶ The effect of ballot propositions that receive a majority popular vote is the same as a legislative bill that becomes law.
Judicial Decisions. Court decisions, called either case law or common law, may involve an individual or class, be from any level of government (city, county, state, or federal), and may or may not be specific to insurance.  A decision may be narrowly construed to the case decided or it may strike entirely or a portion of or redefine a statute, regulation, contract, or a previous court decision.  Insurance companies need to monitor case law because a violation of court rulings would result in non-compliance.
Non-Governmental Limitations on the Processes of Companies. Contracts into which a company voluntarily enters with a trade association, partner, vendor, or other businesses often require the company to agree to certain limitations or provide information on the insurer’s activities.  For example, a contract may specify that the products or services may only be used for lawful purposes, or have restrictions on whether data obtained through the particular business relationship may be shared outside that relationship.
A contract may also require the company to provide data on its activities.  A company may choose to be a member of a trade association or rating organization.  One of the requirements of being a member may include providing data on the company’s business activities, such as premium volumes by line of business or claim indemnification payments.
Lastly, a company may limit its activities through its own policies.  For example, many states permit insurers to use consumer credit information as a rating factor, yet a given insurer’s policy may be to not use credit information.  Thus, insurers may refrain from exercising legally permitted rights.
Upon identification of all of the sources of requirements, a compliance program would establish a process to monitor for changed or new requirements from these sources.  This is discussed below.
Initiation of the Pre-Compliance Monitoring Process
The pre-compliance monitoring process is initiated when an external requirement from a governmental authority is proposed.  Before laws are enacted, companies regularly analyze proposed laws to determine if their passage would require the company to change any of its business processes.  The pre-compliance monitoring process consists of at least three activities:

1. Monitoring the sources of law changes
2. Analysis of the proposed changes and the expected affects on the relevant business process.
3. Possible attempts to influence a governmental official to pass or not pass laws that are deemed beneficial or harmful to the company or expression of support for those proposals that are viewed as being favorable.

Employees responsible for the company’s compliance implementation process, in coordination with the business area or areas that would be affected should a legal requirement change, typically handle impact analyses.  The analysis is then communicated to the company’s staff that is registered as lobbyists of government officials.  Lobbying attempts occur in at least four different ways.

1. A legislator is asked to support or withdraw a bill or amend it to be favorable or have no effect.
2. The governor is asked to sign or veto a bill.
3. A regulator is asked to introduce or withdraw a proposed regulation or amend it to be favorable or have no affect.
4. Businesses directly communicate with customers or request communication through a trade organization or lobbyist.  The purpose of the communication is to educate customers as to the positive or negative affects on customers and the particular business of the proposed law and to request the customers to notify their elected officials of their support for or against the proposed law.

Companies may also attempt to influence the outcome of a pending court case.  Although the company is not a party in the lawsuit, if it has sufficient interest in the outcome, the company may attempt to persuade the court to decide the case in accordance with its interests.  This attempt is accomplished through an amicus curiae (friend of the court) filing.
While employees supporting the compliance implementation process identify suggestions to document a company’s stance on a proposed change, lobbying, developing customer correspondence, and filing legal petitions require specialized skills.  The first three lobbying methods usually are handled by the company’s staff with governmental affairs responsibilities or a contracted lobbying firm.  The fourth lobbying method would probably include these same areas along with the business department for customer communications, and staff or retained counsel, with the expertise to petition a court, would handle the last lobbying method.
The pre-compliance monitoring process assists a company to meet its financial goals by identifying legal requirements and attempts to mitigate the extent of these requirements.  A company that does not monitor and analyze proposed new laws and changes to existing laws faces unknown legal risks.⁷  The consequences of these unknown risks range from a nominal fine to a threat to the company’s survival.  A company that does not engage in lobbying activities may be limiting its opportunities to eliminate or constrain the affect of proposals, which if enacted, would be an expense to the company.
Once the compliance monitoring process is completed, the result will either be that the company is now subject to an altered or new requirement.  As this occurs, the next process within the compliance program begins.
Compliance Implementation
The goal of the compliance implementation process is to ensure that a company analyzes all laws which may affect its business activities and to make changes to become or remain compliant with those laws.  The compliance implementation process begins when a new law or changes to an existing law are enacted, which requires monitoring of all of the governmental agencies identified in the previous section.  A compliance implementation process and the staff that support it should bridge the company’s legal counsel with the company’s business functions. Once aware of a new or changed law, employees responsible for this process in a company react to the new law and proactively execute this process.
The steps in the compliance implementation process are to:

1. Identify all of the requirements contained in the changed or new law.⁸
2. Understand the requirements.  If the requirements are not understood, an attorney who specializes in the particular section of law should be consulted.
3. Understand the business process that is affected.  This is accomplished by meeting with the functional area responsible for the process.
4. Determine what changes, if any, need to be made to the business process in consultation with the functional area and other necessary areas (computer systems, etc.).
5. Document that the appropriate changes were made by the business area affected by the law.

Companies may choose to monitor for changes to laws by subscribing to a service or joining a trade association that provides notices of new statutes and regulations.  Another monitoring method is to routinely review state government legislative and regulatory websites for information on new statutes and regulations.
Case law, administrative law, and alternative dispute resolution methods such as binding arbitration, each of which issue binding decisions that address a specific situation, also need to be monitored.  Changes to a business process may be required to comply with a judicial or administrative ruling or arbitration decision.  If so, the compliance process steps should be followed to ensure the business process is appropriately changed to be compliant.
In addition to responsibilities for monitoring changes in existing laws or new laws, a compliance implementation process should be used to evaluate changes to processes initiated by management proposals.  This evaluation should help ensure that all business processes are compliant and that those who administer the compliance implementation process are aware of all business processes.  The first two steps in the compliance implementation process are modified during a review of management proposals to:

1. Find out what the requirements are as contained in the management decision.
2. Understand the requirements.  If the requirements are not understood, additional details should be sought from management.  As needed, an attorney should be consulted.

A compliance implementation process that is consistently followed will ensure that compliance is systemically integrated into all business processes.  This proactive control increases the likelihood that the company will be consistently successful and fulfills the goal of the compliance implementation process.
After the implementation process is completed, there may be interest in validating that the process was properly completed.  The final process to be completed is post-compliance validation.
Post-Compliance Validation Process
Post-compliance validation of the effectiveness of a compliance implementation process is conducted either internally or externally.  Validation is determined internally by an audit or externally by a regulatory examination, a regulatory or judicial hearing, or through arbitration.  From the perspective of the company, the goal of post-compliance validation exercises is to protect the company by determining whether the compliance implementation process was accurately completed.  From the perspective of an external examiner, the goal is protect insurance consumers by determining if the company was compliant or non-compliant.
Companies utilize internal auditing as a “safety net for compliance with rules, regulations, and overall best business practices.”⁹  State regulators have statutory responsibility and authority to conduct examinations and hearings to protect consumers.¹⁰  Judicial hearings and arbitration are legal proceedings that are granted respectively through lawsuits or contractual requirements.
An audit or exam that determines the company did not properly comply with the requirements of the laws under review subjects the company to:

• take corrective actions (possibly including premium refunds or additional claim settlements);
• assess the reason or reasons why the compliance implementation process failed; and
• regulatory fines.

However, should the determination be that the company did properly comply with legal requirements, it will validate that the compliance implementation process was successful.  In so doing, it also confirms that the process assisted the company to meet its financial goals by avoiding the consequences of not complying as listed above.
Separate Skills Required for Each Process
The pre-compliance monitoring and compliance implementation processes each require skills unique to that process.  As noted, the lobbying skill of pre-compliance is different from the skills required with implementing changes to be compliant.  For each process to be effective, and therefore a competitive advantage, a company should select staff to administer each process of its compliance program with employees who have the required skills for the particular compliance process.  Similarly, the internal process of conducting audits or the internal process of supporting external examiners requires different skills than those necessary for pre-compliance monitoring and compliance implementation.  For a company to administer these processes as “other duties as assigned” is to fail to see the unique nature of each process.
Compliance Case Study
The case study below emphasizes the iterative nature of handling changes to existing laws and new laws and points out the differences of compliance and other business processes.  Activities are identified as occurring externally or internally with respect to the insurer and the entity taking the action.
The study entails what appears to be a relatively simple proposal:  to reduce the initial underwriting period, during which an insurer is permitted to cancel a policy with few restrictions, from 60 days to 45 days.  Such a change would require that the underwriting of newly accepted risks and determination to continue or cancel the policies in a shorter timeframe.
This fictional jurisdiction requires each insurer to file its underwriting manual and agree to arbitration for unresolved disputes between the insurer and insured; permits consumers to sue insurers; and the insurance department has the authority to conduct examinations and administrative hearings. This apparently minor change to one of a fictional jurisdiction’s underwriting laws also illustrates the complexity of compliance within the business of insurance.
I. Pre-Compliance (External):  State Legislature
A legislative bill is introduced to reduce the initial underwriting period from 60 days to 45 days.
II. Pre-Compliance (Internal):  Governmental Affairs, Compliance, and Underwriting Departments
The insurance company’s governmental affairs department notifies the compliance department of the bill.  After analysis of all expected changes necessary at a high level, the compliance department coordinates a response with underwriting and responds to governmental affairs.  Governmental affairs may take no action or work with a lobbyist or trade association, directly lobby legislators or the governor, or testify at a legislative hearing to ensure that the company’s position on the bill is known.
III. Pre-Compliance (External):  Legislature and Governor
The legislature passes the bill.  If the governor signs the bill, or if the governor vetoes the bill but the legislature overrides the veto, the bill becomes a public act.
IV. Compliance Implementation (Internal):  Compliance, Underwriting, Procedures, Training, Computer Systems, and Regulatory Filings Departments
The compliance department becomes aware of the public act and follows its process to:

1. Identify all of the requirements contained in the changed or new law.
2. Understand the requirements.  If the requirements are not understood, an attorney who specializes in the particular section of law should be consulted.
3. Understand the business process that is affected.  This is accomplished by meeting with the functional area responsible for the process.
4. Determine what changes, if any, need to be made to the business process in consultation with the functional area and other necessary areas (support, computer systems, etc.).
5. Document that the appropriate changes were made by the functional area.

The simple change of reducing the initial underwriting period from 60 to 45 days would be easily identified and understood by the compliance department.  An attorney’s assistance is not needed to clarify the change to the law, but staff counsel would likely be notified to ensure awareness of the change.  The compliance employee would then discuss the issue with an underwriting department employee to determine the scope of the changes.  After this consultation, a detailed account of all affected processes would be made.
Compliance with this change in law requires:

• Creation of a new mandatory amendatory endorsement that changes the section of the insurance policy which discusses the number of days notice needed to cancel a policy.  The endorsement needs to be filed with the state by the company’s regulatory filing department;
• Amendment and filing of the company’s underwriting manual by the company’s regulatory filing department;
• Modification of the procedures, forms and correspondence used to send notice of cancellation to consumers, training, and computer systems used by underwriters;
• Communication of the change to all underwriters; and
• Communication of the change to claims staff, so claim handlers are aware of the new amendatory endorsement as it affects policy effective dates.

The compliance specialist would document that the changes made to remain compliant took place by the effective date of the law, provided there was sufficient lead time to accomplish the necessary changes before the law’s effective date and in consideration of when regulatory approvals to use the amendatory endorsement and revised underwriting manual are received.
With both simple and complex laws, an insurance company must review all affected processes to ensure it is meeting its compliance obligations.  Thus, a company that has already established a systemic compliance process is in a better position to effectively comply with a law requiring complex changes than a company that does not have a systemic compliance process.
V. Post-Compliance (Internal):  Auditing Department
The company’s internal auditing or quality assurance/control department conducts an audit to determine if:

• Regulatory approval to use the amendatory endorsement and revised underwriting manual were received;
• The amendatory endorsement was attached to policies after the regulatory approval date;
•  All initial underwriting cancellations are sent within the first 45 days of the policy;
• Any claims were improperly denied based on an improper cancellation date, and;
• If any of these items was not properly handled, to determine what corrective actions are necessary.

VI. Post-Compliance (External):  State Insurance Regulator, Arbitration, and Judiciary, and Post-Compliance (Internal):  Various Departments

1. Customer Complaints:  Customers write to the insurance regulator and assert that cancellation notices are not valid because they were sent after the first 45 days from the policy issue date.  The regulator sends the complaint to the insurance company’s consumer affairs department, which would coordinate with the underwriting department to provide a response.
2. Market Regulation:  The state department of insurance conducts a market conduct examination.  With respect to this topic, the examination would review the same points which the company’s internal audit reviewed.  The business unit within the company that coordinates regulatory examinations is involved and would coordinate with the regulatory filing, underwriting and claim departments.
3. Administrative Hearing:  The state department of insurance holds an administrative hearing following consumer complaints alleging that cancellations are taking place after the first 45 days, to determine if the allegations are accurate.  The company would have representation at the hearing, perhaps a government affairs specialist, attorney, or underwriter.
4. Arbitration:  An individual consumer who believes that the initial underwriting period cancellation was invalid requests that the company submit to arbitration.  The company would likely be represented by an attorney at the arbitration proceedings.
5. Litigation:  An individual consumer, or a class of consumers, sues the insurance company for sending initial underwriting period cancellation notices after the initial underwriting period.  The company would be represented either by staff or retained counsel.

Both simple and complex legal requirements must be properly understood, coordinated, and implemented to ensure compliance.  A compliance process that is proactive and systemic permits a company to be proactive and systemic in handling allegations of non-compliance.
Summary
Every business, as part of the larger society, is subject to government oversight.  Businesses have an interest in proposed law changes that may alter their business processes (pre-compliance monitoring), in following laws (compliance implementation), and in confirming compliance (post-compliance validation) and therefore form a compliance program to administer these processes.  A pre-compliance monitoring process must monitor all government sources for proposals to change current law or for new laws to ensure risk exposures to the company do not remain unidentified.  With the enactment of a new law or a change to an existing law, a compliance implementation process reacts to the law to proactively change its business processes.  Post-compliance validation of a company’s compliance processes may be conducted by the company, a regulator, or through arbitration or a judicial proceeding.
The primary goal of any company is to be profitable.  One way for a company to meet its financial goals is to support compliance as a separate business function that links the company’s other business programs to the company’s legal counsel and governmental affairs lobbyists.  In so doing, companies establish a competitive advantage over companies that either do not support compliance activities, do not treat compliance as a separate business function, or have an ineffective compliance program or processes.
References

Initiative and Referendum Institute, “States with Direct (DA) and Indirect (IDA) Initiative Amendments; Direct (DS) and Indirect (IDS) Initiative Statutes and Popular (PR) Referendum”,.
The Institute of Internal Auditors, “Frequently Asked Questions – Internal Auditing”, [http://www.theiia.org/about-the-profession/internal-audit-faqs/?i=1078].
The Maven’s Word of the Day, “roger wilco”, [http://www.randomhouse.com/wotd/index.pperl?date=19970207].
Merriam-Webster, Inc., Merriam-Webster Online, Dictionary definitions of the words compliance, complying, law, process, and program, [http://m-w.com/dictionary/compliance], [http://www.m-w.com/dictionary/complying], [http://m-w.com/dictionary/law], [http://www.m-w.com/dictionary/process], [http://www.m-w.com/dictionary/program].
National Underwriter, “Insurance Legislation Surges This Year In Congress, Legislatures”, [http://www.property-casualty.com/News/2009/9/Pages/Insurance-Legislation-Surges-This-Year–In-Congress-Legislatures.aspx].
New York Insurance Law Chapter 28, Section 304 and Section 309, [http://codes.lp.findlaw.com/nycode/ISC/3/304  and http://codes.lp.findlaw.com/nycode/ISC/3/309].
Office of the Law Revision Counsel, U.S. House of Representatives.  “The McCarran-Ferguson Act, Section 1012 (b), [http://uscode.house.gov/uscode-cgi/fastweb.exe?getdoc+uscview+t13t16+1469+4++%28mccarran%2].
United States Army, Fort Belvoir, Virginia, History of the term WILCO, [http://www.afms1.belvoir.army.mil/dictionary/w_terms.htm].

Joseph L. Wiest, CPCU, ARC, ACP, is a corporate compliance director of market conduct with a top ten P&C insurance group.  He is a graduate of the University of Nebraska, having earned a B.S. in business administration. Since 1984, he has been employed in the insurance industry, working 20 years for a major personal lines direct writer, holding positions in customer service, line underwriting, staff underwriting, and compliance.  He also served as the compliance officer of a nonstandard auto carrier for two years.  He has earned a business ethics certificate from Colorado State University in addition to nine other professional insurance designations.

A Case for Change
Billing is a necessary function of the insurance transaction, and it is precisely that necessity that creates opportunity. A customer may go months or years without filing a claim, but every customer receives bills on a regular schedule. A customer may never read marketing materials insurers send—or even insurance policies themselves—but they will examine the bills they receive. Additionally, the majority of customer service calls a carrier receives are billing-related.
Therefore, billing represents a chance to build satisfaction and loyalty by delivering customers—and agents—flexibility, accuracy, and prompt resolution of discrepancies. In an Ernst & Young paper on billing transformation, authors David Connolly and Rick Raisinghani point out that, as an insurer’s first and most frequent touch point with its customers, billing presents an opportunity to create a positive experience and to build longstanding relationships.
Insurers do understand the direct link between billing and customer satisfaction. In 2008, Guidewire Software surveyed a wide range of Property and Casualty insurers in North America about the current state of their billing operations, how well current systems support their needs, and how they see their billing operations evolving in the future. In that survey, most carriers reported that billing is “important” or “very important” to customer satisfaction.
However, there is often a disconnect between carriers’ understanding of the importance of the billing function and their investment in technology to support the billing department. Carriers continue to run their billing operations on aging, legacy systems that simply cannot support emerging customer needs and expectations, let alone go beyond those expectations to provide competitive differentiation.
Guidewire’s survey found that few carriers believe that their current billing systems offer the flexibility required to support customer service excellence. Few systems can support multiple payment channels or payments by credit or debit card. Carriers may wish to correct these and other system shortcomings, but report that legacy billing platforms are simply so inflexible that functional enhancements are not feasible. Perhaps this is why so few of the carriers surveyed are confident that their systems will continue to support them when new demands inevitably arise in the future.
Understanding that billing is a customer service opportunity is an important first step. However, this step must be followed with a strategic investment in modern billing technologies that deliver process improvement, enhanced customer and agent service, and better control of and visibility into the billing operation. In fact, research firm Gartner says that for insurers, replacing legacy billing applications is a “strategic imperative.”[1]
A Legacy of Challenges
In the Guidewire survey, the overwhelming majority of companies use mainframe-based billing systems, including 84% of large companies (defined as over $1 billion in written premium). One-quarter of all respondents—and half of large companies—have billing systems that are more than 20 years old.
Part of the reason for the longevity of these systems is that carriers have worked to maintain, enhance, and modify them over the years to continue to meet business needs. However, legacy platforms tend to have several key architectural shortcomings:

• They are typically hard-coded, often in archaic programming languages that are increasingly difficult to support.

• They may not be a consolidated system but, instead, a collection of different applications purchased over time to perform different billing sub-processes and cobbled together with inflexible, point-to-point integration.

• Business logic and workflow is embedded in years of coding, making it difficult to change and leading to manual workarounds to overcome system limitations.

More troubling than these architectural limitations, however, are the business challenges created by legacy billing systems. In fact, in Guidewire’s survey, only 23% of respondents said that current billing platforms met their needs “very well.” Dealing with inefficient legacy platforms creates a host of problems.
Poor Customer Service. Regardless of the type of insurance they provide or the distribution channel they use, every carrier has a common opportunity for contact with customers: the bill. In fact, the bill may well be to be the only piece of carrier correspondence an insured actually takes time to read and the only one they call to discuss. Therefore, billing is a vital opportunity to build customer relationships.
Carriers understand this, with 54% of all carriers reporting that billing is “very important” to customer satisfaction, and another 26% considering it “important.” They also understand that customer satisfaction is directly related to customer retention: a full 100% of large carriers surveyed believed that billing impacts retention (see graph below). However, over half of survey participants (56%) believe that their current billing systems and processes inhibit their ability to provide superior customer service.

Do you think billing affects customer satisfaction?

Inflexibility. Survey respondents were asked if the ability to offer flexible billing options and a variety of billing programs to customers would be a source of competitive advantage. In aggregate, 85% “agreed” or “strongly agreed.”
However, carriers reported that their current billing systems did not allow them the flexibility they needed to offer these options. Over a quarter of survey respondents (26%) reported that enhancements to their primary billing system are so difficult that they are no longer made. In addition:

• 54% reported that their systems lacked support for credit card payments,
• 69% reported that their systems could not handle debit card payments, and
• 59% reported that they had difficulty administering new billing plans.

Functionality of primary billing system

In today’s business climate, these limitations put carriers at risk of customer attrition. Customers expect options and flexibility, including electronic bill presentment and payment (EBPP) and the ability to choose payment schedules that best meet their needs. They are accustomed to using a variety of payment methods. Insureds who hold multiple policies with a single carrier expect to pay one consolidated invoice each billing cycle. Legacy systems instead force customers to select from a limited set of options—or choose another carrier that can be more flexible.
Billing Leakage. Insurers commonly think of leakage in the context of claims. However, leakage also occurs in billing when profit is lost as result of inefficiency or when a carrier fails to collect all that is owed in the form of premium payments.
Billing leakage includes “free” coverage provided because of faulty cancellation procedures, the inability to apply cash received quickly and automatically to the right accounts, high bad-debt reserves and write-offs, and inaccurate revenue reporting on earned premiums due to irreconcilable differences between different systems. The Ernst & Young paper also points out that billing errors, such as mistaken cancellations, lead to higher call volume and can have a direct negative impact on an insurer’s financial performance.[2]
The cause of all this leakage can be directly traced to legacy billing systems that rely on manual processes, contain only parts of the needed end-to-end billing functionality, and are difficult and costly to modify.
Inefficiency. Some carriers contend with a variety of billing systems, acquired to meet different needs over time. In fact, in Guidewire’s survey a third of large carriers reported using four or more billing systems throughout their organization. These systems are often nonintegrated, lacking a common user interface. Dealing with different systems makes it difficult for billing representatives to locate customer information quickly.
Legacy, “green screen” billing systems also lack the intuitive, web-based design with which today’s generation of users is most familiar. They also don’t support direct navigation, instead requiring users to page through many screens to retrieve the right information, which further diminishes efficiency. Legacy systems lack flexible workflows, leading to manual workarounds and “desk processes” created by billing center staff to solve common customer problems. Physical “sticky notes” to track tasks are an all-too-common sight at billing centers that contend with these platforms.
Increased System Maintenance Costs. Hard-coded, legacy billing systems require more IT resources than modern platforms in order to maintain the application and to modify it to accommodate new products. When those systems are written in arcane programming languages, with little or no documentation, this problem is intensified. In Guidewire’s survey, 75% of large carriers reported having more than five full time resources to maintain their billing systems.
Poor Agent Service. Agents are a valuable business partner for insurers, and carriers have deployed agent portals for rating and policy underwriting. Insurers have also worked to integrate the systems supporting those portals to agency management platforms to make it easier for agents to do business with them. Today, in addition to these sales-focused capabilities, agents are also demanding additional and more flexible billing management options, including details on commission and incentive plans and information on scheduled commission payments.
However, this information is often locked in mainframe systems and is difficult to expose to external agents. Legacy billing systems offer little or no native integration capabilities with agent portals or agency management systems, preventing agents from maximizing on online business functionality. In order to access billing and commission information, agents must instead contact the carrier and request it. They must then work to resolve any discrepancies in a series of subsequent calls. Additionally, the calculation and payment of commissions to agents is seldom automated in legacy billing systems, leading to payment delays and calculation errors.
Manual processes related to agency billing management waste time that agents would rather spend on sales and service. Carriers that cannot meet agents’ expectations around billing management will ultimately find themselves at a competitive disadvantage as agents remarket their existing book to other companies and steer new business to carriers who can ensure that they are paid on a timely and accurate basis for all of the business they produce.
Lack of Visibility into Billing. Survey respondents were asked how difficult their billing systems are to balance, and more than half of small carriers (under $100 million in written premium) reported that this is a key shortcoming in current billing systems. In other words, legacy billing systems are failing at their most basic function: managing the receivables process and recording details of these financial transactions.
Legacy billing systems are also not designed to provide reporting capabilities to management about the billing process itself and its impact on overall business performance. In a compliance-focused environment, this limitation is becoming increasingly troublesome. The Ernst & Young paper notes that billing is an area where the impact of regulatory compliance is becoming a concern and that “some degree of transformation may be more a requirement than an optional pursuit.”¹ Insurance companies need to address regulatory compliance matters in their billing areas to avoid non-compliance penalties.
Benefits of Billing Modernization
Insurers are coming to realize that the billing function must be modernized to mirror operational improvements made in other areas of the enterprise, such as underwriting, rating, and claims. Modernized billing departments will be characterized by flexibility, efficiency, and visibility, and will be supported by a modern billing administration platform. Compared to legacy billing systems, modern billing platforms feature:

• An open, standards-based architecture rather than proprietary systems hard-coded in languages that are increasingly difficult to support,
• Web-based, yet enterprise-grade, designs that minimize the “footprint” on user desktops and feature intuitive navigation,
• Automation and workflow modifiable via a configurable rules engine rather than locked in application logic, and
• Web-service APIs that enable integration into a service-oriented architecture (SOA), seamless connection to other core systems such as policy and claims administration, and support for agency and customer portals.

In contrast to legacy platforms, modern billing systems are designed to make it easier for insurers to provide faster resolution of customer questions, better management of agent commissions, automation of the billing lifecycle, flexible designs of billing, payment and delinquency plans, and painless integration with external systems.
Modern, web-based, enterprise-scale billing systems have proven to deliver insurers quantifiable business benefits in several key categories.
Enhanced Customer Service and Higher Retention. According to the Ernst & Young paper, when billing is properly managed, it can be a significant factor in preventing customers from switching insurance carriers. In contrast, when billing is poorly managed, an insurer could be placing its customer relationships at risk.
Customers understandably expect accurate statements and timely resolution of billing discrepancies. To resolve discrepancies faster, a modern, consolidated billing system serves as the “single source of the truth” for customer service representatives fielding billing-related calls. Once the customer record is located, customer service representatives can enter search parameters to jump to the precise information they seek, or they can navigate to that information using tabs or menu bars. Representatives can quickly and easily find the information they need to resolve a customer issue, reducing customer wait time and enhancing customer satisfaction with each interaction.
Modern billing systems also provide control surrounding customer interaction. Rather than handle exceptions outside the system with manual processes and sticky notes, modern systems support exception processing and provide automated dispute resolution to ensure that tasks are followed up on and completed. Visibility into the billing process enabled by modern systems also provides billing supervisors the information they need to intervene if necessary and resolve problems to customers’ satisfaction.
Increased Flexibility. Beyond accuracy and fast resolution of problems, customers expect flexibility in billing. They want many payment options designed to meet their individual needs and the ability to make payments using both their payment method and payment channel of choice.
Modern billing systems offer the ability to provide customers multiple bill plans and payment plans. These plans can be custom-tailored to meet the needs of individual customer segments, policy types, or regions. Plans can be configured to determine invoice timing, level of invoice detail, and assessment of fees. Invoices can be suppressed for amounts that fall below a configured threshold. Customers’ payment plans can be changed to accommodate a change in demand, and new billing and payment plans can be rapidly created and deployed at any time through system configuration, rather than requiring custom coding by IT. Modern systems are also designed to provide customers with self-service online bill review and payment.
This flexibility benefits not just customers, but an insurer’s marketing efforts as well. For instance, insurers that have already made an investment in modernizing policy administration have seen the benefits of being able to bring new products to market quickly. However, it is not uncommon for those same carriers to discover that their multi-million dollar investment in a new policy administration system may enable them to get products to market faster, they quickly discover that same level of flexibility and support of new product features does not extend to the billing system.  When migrating to modern policy administration systems, insurers should also consider the new payment, invoice and statement options required to support these new and innovative products.
Improved Efficiency. Carriers need a billing system that is not just easy to use and understand, but a  modern billing platform designed to put the most important and current information at the fingertips of customer service staff and enable billing representatives to retrieve information quickly, unlike systems that lack search and “jump-to” navigation capabilities. Particularly for companies that replace multiple legacy platforms with a single billing system, having a “single source of the truth” for customer information doesn’t just enable billing representatives to provide better customer service, it also increases their speed and efficiency.
Business process management capabilities that are native to modern billing systems also increase staff efficiency. Systems include task-oriented features such as inboxes, to-do lists, and trouble tickets to ensure that service tasks don’t fall through the cracks. Additionally, rather than locking business process logic into hard-coded routines, modern systems extract this logic and provide rules-based workflow that can be modeled and modified easily to reflect changing business practices.
And, when a billing system is intuitive and easy to use, internal staff proficiency is a much more achievable goal, with some carriers noting that training on their modern billing system required only four weeks compared to a six month training effort requirement in the legacy environment.
Improved Agent  Service. Providing superior service to agents is as important to a carrier’s long-term success as providing service to insureds. Whether carriers use captive or independent agents, modern billing systems enable them to significantly improve agent service levels. Unlike legacy platforms, modern systems are natively designed to present information about agent commission structures and payments through a web interface. They are built to perform within an SOA and incorporate web services integration technology to connect to agency portals and agency management systems and bridges.
Combined with automatic commission calculation and configurable business rules around these calculations, modern billing systems expedite payments to agents, thereby increasing agent satisfaction. The agency bill process can be further automated by the electronic transfer of statements between agent and carrier.
Easier Maintenance and Modification. The Ernst & Young paper points out that implementing a modern billing application offers insurers an opportunity to simplify their IT application architectures, and that architectures based on SOA principles provide an adaptable and scalable model for integrating the billing system into the existing environment.
Billing applications integrate with many other core systems, including the general ledger, policy administration system, and claims management system. A modernized billing application will allow a carrier to eliminate multiple, hard-coded interfaces with these systems.
Furthermore, when a carrier chooses a billing system built on the same platform as other administration systems, that carrier can then leverage a common set of skills and knowledge across its entire core systems portfolio. Business and IT analysts who are able to configure one core application can easily work with any other. Additionally, systems built on the same platform, being seamlessly integrated, reduce both overall implementation time and the ongoing cost of system maintenance and management.
Visibility into the Billing Process. Legacy billing platforms obscure the billing process by locking process logic into application code, by lacking system documentation around design, and by lacking sufficiently understood security and control mechanisms. These problems are exacerbated when there are multiple applications within a billing systems environment. Modern systems provide improved visibility that, in turn, leads to better service, reporting, and compliance.

• Service. Customer service representatives no longer waste time searching for customer information that is difficult to locate or housed in different systems. Instead, they have clear insight into customer data from a single user interface. This information is also presented in natural-language format, rather than being abbreviated and codified because of legacy system data-field display constraints. As a result of this visibility, not only is customer service improved, but representatives’ job satisfaction is increased.
• Reporting. Legacy systems make it difficult for companies to extract data and generate reports, particularly ad hoc reports. Modern billing systems provide prebuilt reporting capabilities and provide easier access to data, enabling insurers to mine customer information for business intelligence purposes that range from targeted marketing to overall operational improvement.
• Compliance. The visibility afforded by modern billing systems into billing processes greatly simplifies insurers’ compliance efforts and, in today’s environment, is quickly becoming a business necessity. By providing clear insight into processes and controls around processes, modern billing systems help reduce an insurance carrier’s cost and time related to testing of internal controls. They improve a company’s ability to reconcile billing data with the policy administration system, financial ledger, and other systems, and provide flexibility to adapt to accounting standards changes.

Reduced Billing Leakage. Manual processes and workarounds required in a legacy environment introduce more opportunity for human error into the end-to-end billing process. These errors cost carriers in terms of free coverage provided to non-paying customers during the cancellation process, write-offs of amounts that do not reconcile, and premium calculation mistakes.  When carriers need to rely upon manual reconciliations typical of a legacy environment, the result is often found in excessive billing leakage.
Improved efficiency, reduced errors, and optimized collection activities minimize billing leakage. Modern billing systems automate many common tasks, increasing accuracy and allowing billing staff to focus on exception processing. These systems allow carriers to incorporate best practices into their billing systems and instill process consistency. Additionally, integration with both portals and other core administration platforms eliminates reentry of data, further reducing the chance of errors.
In modern billing systems, collections are also improved. First, providing a wide array of flexible billing options makes it more likely that customers will be able to find a plan that best matches their financial situation, thereby minimizing the chance of delinquency. Better visibility into the collection and payment processes also allows carriers to project cash flow more accurately based on current invoice data, rather than historical data, which is particularly important as economic conditions fluctuate. Receipts are predictable and manageable, and carriers are better able to manage collection activities.
Increased Sales Opportunity. Finally, because the billing statement is a piece of correspondence that customers are likely to read, it is to an insurer’s advantage to maximize the value of this correspondence. However, legacy billing systems offer little support for customized invoice messaging, and customers will ignore marketing messages that are not targeted specifically to them.
Modern billing systems connect to document production systems through flexible, standards-based interfaces. This integration enables carriers to drill down into customers’ accounts and create customized marketing messages based on what they know about individual policyholders, the types of policies customers already have, and whether or not a customer is a desirable target for up sell or cross-sell.
Case in Point
A $2.5 billion specialty lines carrier contended with a decades-old billing system that constrained its ability to increase efficiency and improve customer service.
Problematic for the insurer’s customers, the system supported only two payment plan options and lacked the ability to process credit card or recurring ACH payments. For its billing staff, complex screens made it difficult to navigate the system, locate information, and answer questions in a timely manner. For company management, the system had limited reporting capabilities, lacked robust security provisioning, and required manual reconciliation with the general ledger. And finally, the aging platform was experiencing internal balancing issues and unexplainable system failures.
Replacing its legacy platform with a web-based, enterprise billing system delivered a host of business benefits:

• Payment plan options were increased from two to twenty.
• Customers can now pay with credit card or recurring ACH.
• Billing representatives can provide rapid response to customer inquiries and faster dispute resolution.
• The company’s agents can view commission information online and in real time.
• Call volume from agents and internal business units has been reduced.
• System training time for billing staff was trimmed from six months to four weeks.
• The system provides automated journal entries, drillable reconciliation reports, ad hoc report generation, and a detailed audit trail for control and compliance.

Bringing Billing to Light
Most carriers understand that the impacts of billing processes are not limited to the back office. Billing affects customer satisfaction and customer retention, and a customer-focused billing strategy can create real competitive differentiation.
However, legacy billing systems are not compatible with delivering customer-oriented billing service. These systems lack the ability to put vital information at the fingertips of billing center staff. They cannot support flexible billing options and channels that customers expect. They cannot connect to agent portals or agent management systems. And the inflexible, often proprietary architecture of these systems makes them difficult to change in order to extend new capabilities to staff, customers, and agents.
Few carriers Guidewire surveyed believe that their legacy billing systems are a suitable platform for meeting emerging needs. This realization, combined with the proven benefits delivered by modern billing systems, is prompting more and more carriers to investigate and invest in new solutions.
The Ernst & Young paper points out that “custom-built billing solutions are a thing of the past.” When looking to modernize their billing systems, carriers have an array of solutions in the marketplace from which to choose, and it can be difficult to evaluate and select a billing platform that best meets their needs. Guidewire provides a free Billing Starter Kit, including a detailed Request for Information document, which carriers can use to guide their selection process. The kit is available at http://www.guidewire.com/our_solutions/billing_starter_kit.
In a competitive environment, carriers look for any edge that can make their service stand out from the competition. A modern, customer-focused billing solution provides that edge.
References

Introduction
The property and casualty insurance policies that most Americans buy depend on a system by which insurers file rates—the fees they charge for insurance policies—and forms—the language and forms insurers use to describe those policies to consumers. All 50 states and the District of Columbia have separate laws concerning these rates and forms. Increasingly, these rates and forms flow through a computer program called the System for Electronic Rate and Form Filing (SERFF), which is owned and operated by the National Association of Insurance Commissioners (NAIC). Nineteen states require that all filings go through SERFF.
This article explains the System for Electronic Rate and Form Filing’s structure and raises questions regarding its usefulness. The article’s first section provides a broad overview of the “admitted” or “standard” insurance market, and describes why rate and form filing are essential to its continuation in its current form. The second section describes the history and function of SERFF. The third section discusses three major problems with SERFF. The fourth and final section proposes a series of solutions that would solve these problems. SERFF, as it currently exists, raises serious practical, equity, and legal questions—particularly relating to the delegation of taxing authority—and needs reform.
Rate and Form Filing: The Admitted Market Described
Most Americans buy insurance in the “admitted” or “standard” market. Two fundamental features distinguish this market from the “non -admitted” or “excess and surplus” (E&S) market: “utmost good faith” sales and a near  certain guarantee that claims will be paid. These two features imply a level of third-party oversight of rates and forms.
Utmost good faith refers to the circumstances under which nearly all insurance policies are sold. Essentially, it means that buyer and seller agree to disclose all pertinent information to each other in an honest and forthright fashion. Insurance consumers must disclose all pertinent risk information to their agents and agents must provide accurate, straightforward, common sense descriptions of the products they are selling. Agents do not have to perform detailed investigations of their customers’ lifestyles and risk factors and consumers do not have to understand every legal detail of the policy language. In other words, when a customer tells an agent that a roundtrip commute is 40 miles, the agent can simply assume that is true. When an agent tells a customer that a policy will cover theft from a car, the customer can rely on thefts, as they are commonly understood, being covered.
A regime of utmost good faith contracts in a common law system requires broad consensus on the meaning of specific contract terms. To facilitate standardization, a private, national organization called the Insurance Services Office (ISO) maintains standardized forms that serve as the basis for almost all insurance policies.¹ All states have different laws governing insurance, so these general standard forms must be modified for every state. Different companies, furthermore, modify these forms to gain a competitive advantage or to serve their customer base. (For example, one auto insurer that began by serving government employees continues to provide special discounts for most people who work for the government, while another insurer that focuses on the military provides special coverage for military uniforms.)
These standard forms require state level reviews in order to bring them into compliance with various state insurance laws. Without such reviews and a broad agreement on the meaning of policy language, any ambiguity or dispute would require significant legal wrangling. Maintaining both state specific insurance regulation and an utmost good faith system requires that someone at the state level check forms for compliance with state laws and regulations, but it does not necessarily need to be government doing so. Form review and regulation can be handed over to private parties—some states, including California and Virginia, contract out some aspects of it.
The admitted market also provides a near ironclad guarantee that insurers will pay all legitimate claims. It carries out this guarantee through solvency regulation and a system of state level guarantee funds.
Solvency regulation, also known as actuarial adequacy regulation, is essentially a post facto effort to prevent fraud. It is a way of making sure that companies can actually pay the claims for the policies they write. Since insurance is mainly a promise to pay in the event that something unexpected and adverse happens, companies making those promises must have reasonable assurance that they can keep them. This, in turn, requires that someone oversee insurance company investments—insurers could not, for example, put all their money into penny stocks—and make sure that they charge rates high enough to pay the claims they can reasonably expect. In the excess and surplus market, contracts and detailed examination largely accomplish this. In the admitted market, solvency regulation does it.
Actuarial adequacy regulation requires that someone monitor the rates being charged. This does not mean that government has to approve them or has any authority to say that they are “too high”—in some states, including Illinois, Wyoming, and Vermont, government officials have little or no say over how high rates should go—but it does mean that someone must stop rates from going below the level needed to pay claims. Even states that do not require filing of rates still require that companies keep information to justify their rates open to inspection.
In addition, all 50 states maintain state guarantee funds. With the exception of New York’s fund, these guarantee funds function as industry run associations.² Insurance companies that want to operate in the admitted market must participate in the guarantee fund. When and if an insurer proves unable to pay its claims, the guarantee fund imposes a special tax, called an assessment, on all companies writing insurance policies in the admitted market. The system certainly implies some moral hazard, but given that insolvent companies face a severe penalty in that their assets are liquidated in full, the moral hazard from guaranteeing payment of their claims does not seem that severe. Guarantee funds do not always assure 100 percent payment of claims and few cover very large claims from very wealthy individuals or business.³
For insurers and consumers who do not feel they need the assurance of the admitted market, it is almost always possible to do business with excess and surplus companies, which do not have to submit their forms or rates to any state authority.
The E&S market is not chaos. In fact, it can—and sometimes does—function a lot like the admitted market. Two parties in the excess and surplus market can swear they will deal with one another on an utmost good faith basis. All states, furthermore, have laws mandating that excess and surplus companies charge adequate rates. Although all excess and surplus lines policies are unique, some relatively common types of policies— coverage of collections of exotic cars, for example—function very much like policies in the admitted market and may even draw on the same ISO forms.⁴
SERFF and Its Owner
The System for Electronic Rate and Form Filing took on its current form in the mid 1990s. The system, says its owner, the National Association of Insurance Commissioners, “is designed to enable companies to send and states to receive, comment on, and approve or reject insurance industry rate and form filings.”⁵ It does this, but not very well.
NAIC is an unusual organization. It has some aspects of a government entity and some aspects of a private one. On the one hand, NAIC describes itself as a private organization, and has some features of the same. It is registered under section 501(c)3 of the Internal Revenue Code, does not report directly to any particular government any more than any other non profit, does not need to follow any government hiring and purchasing rules, and is not covered by freedom of information laws. Like other associations, NAIC works to advance the interest of its members, through model legislation and lobbying.⁶
On the other hand, NAIC has significant government like features. First, all of its members are jurisdictional – usually state -insurance commissioners. Twelve are state wide elected officials and all of the others are reasonably important state level officials. Second, it has some powers that broach on lawmaking, including its administration of large parts of the Interstate Life Insurance compact, which harmonizes life insurance standards and practices around the country and sets technically voluntary “standards for accreditation” to which almost all states adhere. Therefore, NAIC has enough power for it to deserve the same scrutiny that one might apply to a government, especially since it owns and manages SERFF.
How SERFF Works
The System for Electronic Rate and Form Filing is a paperwork flow management tool. SERFF creates a universal interface for dealing with correspondence between insurers and insurance regulators. It assigns a unique number to each filing and provides a standardized place to manage correspondence between rate examiners and insurance company employees.⁷
For more than a decade, SERFF has managed the paper flow for insurers and state insurance departments alike. The training manual that NAIC publishes for SERFF says that the system “promotes uniformity and has the added benefit of supporting the flexibility states need to accommodate their differing requirements and laws.”⁸ SERFF pursues its first goal by making use of standards – uniform forms and product codes – that NAIC and ISO have introduced and through its administration of the Interstate Life Insurance Compact.⁹ As noted, nearly everything – including some of the standardized forms – remains subject to state level oversight and changes in order to conform to various states’ laws.
The NAIC’s management – which ultimately reports to state insurance commissioners – has total ownership over SERFF. Currently, a joint industry government board of 13 members – seven from government and six from industry – oversees SERFF. The board requires a supermajority of 10 to make most decisions. However, NAIC has often acted without the board’s approval. In 2007, for example, NAIC introduced a premium tax filing companion to SERFF called OPTins without ever even mentioning it to the board.¹⁰  In 2008, the NAIC culminated this trend when it announced plans to take away nearly all of the board’s power and demoted its status to that of an “advisory group.”¹¹
NAIC remains the sole owner of all SERFF trademarks and intellectual property. The system has found widespread adoption. As of early 2009, 19 states mandated its use and all others used it in some respect.¹² Every national insurer and every domestic insurer operating in those 19 states must use it and pays its filing fees.
SERFF’s Revenue
SERFF supports itself through fees paid by the industry; NAIC sets these fees on its own. SERFF sets a standard filing fee of $7 per filing and allows companies to buy “blocks” of filings at prices that can go down to $6 each. State insurance regulators pay no actual fees to participate in SERFF.¹³ The NAIC and SERFF’s board can vary these fees without any consent from state authorities. Being mandatory, SERFF makes a lot of money for NAIC. Business Insurance Magazine reports: “At a December 2007 SERFF board meeting, the NAIC provided financial data through Oct. 31, 2007, that showed nearly $2.46 million in SERFF revenues and nearly $1.29 million in operating expenses, resulting in a profit of about $1.17 million.”¹⁴
During 2007, NAIC’s best year ever financially, this comprised about 20 percent of the $5.5 million in surplus earned by NAIC – what a private company would call profit. For 2008, no hard data are available but it appears that NAIC’s surplus will total only about $120,000 according to industry data made available to the Competitive Enterprise Institute. According to NAIC, SERFF processed over 500,000 filings during 2008 and, charging a minimum of $6 per filing, this would have produced at least $3 million in revenue.¹⁵ However, since $6 is only a floor for fees charged, many transactions would have netted more than that.
Problems with SERFF
For as much money as SERFF makes for NAIC, the program does not accomplish its job particularly well. It has rarely been updated, its profits appear to constitute monopoly rents, and its structure may well violate several state constitutions. This section describes the problems.
SERFF is Out of Date. In essence, SERFF is a reasonably simple, customized database application. As a piece of software, it is not complicated or expensive to create. The interface appears to be something that someone familiar with the software could create in a few days with an off- the- shelf rapid development tool such as Oracle’s Application Express.¹⁶ (Building and coding queries, however, would take more time.)
SERFF does not fully automate the process of rate filing. Many otherwise standardized – or semi -standardized – forms and supporting data must be submitted via attached PDF documents, rather than through a fully interactive interface.¹⁷ The software is not up to date. It uses Microsoft Internet Explorer 6—an eight year old Web browser—as its default client interface.¹⁸ Users are advised to use Adobe Acrobat 6, released in 2003, to deal with documents submitted through SERFF. In short, as a computer program, SERFF provides nothing exceptional. SERFF announced no major upgrades to its software during 2008.
SERFF’s value comes from its standardization and the work that state insurance departments – and their industry clients – have put into making their forms available online. Given the software’s enormous profits, it is odd that NAIC has invested so little in it and failed to bring it up to date.
SERFF Is Unfair. The “profit” that SERFF earns is what economists term a “rent” –  surplus revenue obtained due to a third party’s interfere in an otherwise mutually beneficial bilateral exchange. As noted, nineteen states require that all filings go through SERFF and thus require insurers to pay NAIC’s fees. These fees would be called taxes were they to flow to state governments. Instead, the NAIC collects the fees and spends the money on purposes that it never fully discloses to the payers. The excess profits can fairly be described as a tax for private purposes since insurers have no choice in many states but to pay them. It is fundamentally unjust to mandate the payment of a tax to a private party. People and corporations deserve choices. The states themselves do not share in NAIC’s revenue from SERFF. The money it earns goes to NAIC, not to the state insurance departments that must pay to comply with it.
SERFF Ought to Raise Constitutional Questions. Several (though not all) states that mandate the use of SERFF have provisions in their constitutions that ought to raise questions about the legality of the system. Many state constitutions allow only the “state” or the “legislature” to collect taxes. Thus, a serious question exists whether SERFF’s fee might be considered an authorized “tax.” The fee, after all, is collected by a private party and set without direct control or oversight by any legislature. Insurers and others who pay SERFF fees may have grounds to launch a legal challenge to the system. Eight states that mandate SERFF filing have provisions that might be used to challenge SERFF.¹⁹

• Georgia: “Except as otherwise provided in this Constitution, the right of taxation shall always be under the complete control of the state.”²⁰

• South Dakota: “No tax or duty shall be imposed without the consent of the people or their representatives in the Legislature.”²¹

• Rhode Island: “All taxes…shall be levied and collected under general laws passed by the General Assembly.”²²

• Minnesota: “The power of taxation shall never be surrendered, suspended or contracted away.”²³

• New Hampshire: “No subsidy, charge, tax, impost, or duty, shall be established, fixed, laid, or levied, under any pretext whatsoever, without the consent of the people, or their representatives in the legislature, or authority derived from that body.”²⁴

• Massachusetts: “No subsidy, charge, tax, impost, or duties, ought to be established, fixed, laid, or levied, under any pretext whatsoever, without the consent of the people or their representatives in the legislature.”²⁵

• Michigan: “The power of taxation shall never be surrendered, suspended or contracted away.”²⁶

• Oklahoma: “The power of taxation shall never be surrendered, suspended, or contracted away.”²⁷

SERFF Does Not Perform Its Central Function Very Well. SERFF’s central function is to facilitate exchange of information on insurance rates and forms across states, but in some instances, the data exchanged through SERFF seems scanty. For example, in addition to some check boxes, SERFF’s property and casualty rate filing. Web forms require only eight discrete pieces of data – which essentially amount to “How much do you want to charge?” and “How many people will this impact?”²⁸ That sort of data will satisfy few, if any, state regulators alone; all states have regulations beyond this.²⁹ Nearly all states require additional data justifying the rates based on loss experience, impact on the company solvency, fairness to various protected groups, and compliance with numerous other state laws.
Conclusion: A Proposed Solution
Rather than maintain these mandates, NAIC could best advance its own mission by opening SERFF to competition. In establishing a series of uniform standards for data exchange relating to files and forms, NAIC has done the job most consistent with its non profit mission. However, in earning monopoly rents, failing to update its software, and maintaining a fee structure that may violate some state constitutions, NAIC behaves in a questionable manner. It should strive to improve SERFF for states and insurers alike by separating its functions and creating a flexible “open source” license for SERFF.
As long as NAIC acts like a government in many respects, it merits the same scrutiny and oversight as governments do. A reform process for SERFF would involve three actions:

• Separation of SERFF’s intellectual property from its operations;
• Creation of an “open source” license for SERFF; and
• Allowing free competition between providers of “SERFF standard” software. Essentially, SERFF would become a standard rather than a specific application.

SERFF reform would require splitting SERFF into two entities – at least one of which should be independent of NAIC. The first entity would administer SERFF as it currently exists. It could be a wholly independent, investor owned company, a for-profit subsidiary of NAIC, or some other private entity. As a private company, it would collect all fees owed for SERFF filings under the current system, set its own prices, and be able to do anything else that the law does not specifically prohibit.
Another entity, a non profit consortium independent of NAIC – perhaps controlled by an industry regulator board – would own SERFF’s intellectual property. It would license the SERFF trademark, oversee a “standard” SERFF code base, and certify privately produced software as “SERFF compatible.”
This code base would be governed under an “open source” license.³⁰ Like all open source licenses, it would grant programmers the right to modify, redistribute, and profit from the SERFF source code. Anybody who wanted to create a product and market it as SERFF compatible would have to subject it to a review process overseen by the consortium. (The consortium members could agree to use only products that passed this review process.) The process would provide assurance that various SERFF compatible products could exchange data freely, work with one another, and share common filing tracking numbers. Review fees would fund the consortium’s operations. Such a process has worked for dozens of other Internet applications – HTML/HTTP (for Web pages), MIME (for e mail), Rich Text Format (for word processing documents) – are all “open” standards maintained through consortia. Many parties market and distribute applications that use them and all of the applications, for the most part, work pretty well together. States and companies wishing to depart from the SERFF standard could do so.
The opening of the SERFF source code would solve most of SERFF’s problems. Most importantly, the questions about delegation of tax responsibility would be resolved. SERFF would clearly be a private market product and no state or company would have any specific obligation to pay money to NAIC or to anybody else in particular.³¹
States and insurers satisfied with the NAIC’s current management of SERFF could continue using the same software they use now. On the other hand, those states and individuals who have problems with the system could choose from a variety of new products that would spring up in the wake of the opening of SERFF’s current business model. Some operators might simply license the product to insurers and allow unlimited use for a flat fee. Others might continue with NAIC’s pay -per- use filing system. Some might charge nothing for the product and make money off of technical support, sales of related products, or even (as is the case with the Linux operating system) the notoriety gained through having developed the product. Since NAIC would no longer have a monopoly on the product, no constitutional questions would exist. As different developers create new applications that serve the same functions as SERFF, people dissatisfied with the old software’s progress could finally take their business elsewhere.
In addition, a more open version of SERFF would bring market forces to bear. Having the choice among multiple ways to file forms and make actuarial adequacy information available would make it easier to create new products within the admitted market. Constitutional questions about the delegation of tax authority would also vanish.
SERFF as it exists does not work, and therefore a better system is worth considering. A competitive, open -source SERFF system would work better than the existing system and would increase freedom for insurers and consumers alike.
This article was originally published May 1, 2009 in issue no. 155 of the Competitive Enterprise Institute’s OnPoint series.
References

1 For example, nearly all homeowners’ insurance policies for single family detached houses get written on the basis of a form called the “HO 3” which covers 16 named perils and everything else that is not specifically excluded.
2 New York has a pre funded guarantee fund managed by the state as an insurance company. Its functioning is, in many respects, similar to the Federal Deposit Insurance Corporation.
3 Florida’s insurance guarantee fund is typical. The fund covers claims up to $500,000 for homes and $300,000 for most other claims. See “About FIGA,” http://www.figafacts.com/faq.asp. For another example, New Jersey offers coverage up to $300,000.http://www.njguaranty.org/infoCenter/faq.asp
4 For reasons that lie beyond the scope of this paper—probably related to the transaction costs implicit in duplicating the current features of the admitted insurance market without a governmental rate overseer or mandatory guarantee funds— very few individual consumers choose to buy policies in the excess and surplus lines markets. Most well known insurers do not operate in the excess and surplus lines market and those that do typically do so through subsidiaries that maintain distinctive, independent brand identities.
5 National Association of Insurance Commissioners/SERFF, “About SERFF,” 2008, http://www.serff.com/about.htm.
6 NAIC does much of its lobbying through its D.C. office. NAIC’s major policy positions include opposition to national regulatory modernization for insurance and support for global solvency standards.
7 Ibid, p. 15, pp. 169 224.
8 NAIC, SERFF Version 5: Industry Manual, 2007, p. 4.
9 Ibid.
10 Ibid.
11 Meg Fletcher, “Stoked to Carve SERFF: NAIC Proposal Called ‘Hostile Takeover,” Business Insurance, August 11, 2008.
12 NAIC, “List of States that Mandate SERFF,” http://www.serff.org/index_state_mandates.htm.
13 SERFF rates are not published in any widely available source; industry sources reported the fees. State insurance departments do have some costs. They must have computers to handle SERFF filings and NAIC strongly recommends that they use Adobe Acrobat Professional. Acrobat Pro lists at $160 but is available for $140 on several websites.
14 Fletcher.
15 NAIC, “SERFF Surpasses 500,000 Transactions,” December 6, 2008,http://www.naic.org/Releases/2008_docs/serff_500000.htm.
16 In fairness, Web based Rapid Application Development frameworks did not exist when SERFF’s first version came online.
17 Ibid, p. 94.
18 Microsoft Corporation, “Windows History: Internet Explorer History,” 2007,http://www.microsoft.com/windows/WinHistoryIE.mspx. See NAIC (2007) for requirements.
19 In all of these states, “workarounds” exist that could make it possible for the current system to continue. In the four states that reserve the power of taxation to the legislature, the legislature could simply pass a statute mandating the payment of SERFF fees. However, states that forbid the surrender, suspension, or contracting of revenue collection could face more significant problems—state courts could consider the ability of NAIC to set fees on its own as an instance of “contracting away.”
20 Constitution of the State of Georgia, Article VII, Section 1(I).
21 Constitution of the State of South Dakota, Article VI, Section 17.
22 Constitution of the State of Rhode Island, Article VII, Section 1(I).
23 Constitution of the State of Minnesota, Article X, Section 1.
24 Constitution of the State of New Hampshire, Article 28.
25 Constitution of the Commonwealth of Massachusetts, Article XXIII.
26 Constitution of the State of Michigan, Article XI, Section 2.
27 Constitution of the State of Oklahoma, Article X, Section 5.
28 Ibid, pp. 88 89.
29 Regulators have not specifically complained about this because they typically work to enforce their own state laws.
30 NAIC would likely select a given license from the long list of licenses that have gone through the Open Source Initiative’s Review Process. Open Source Initiative, “Licenses by Name,” http://www.opensource.org/licenses/alphabetical.
31 By way of analogy, consider common law court requirements for the format of legal briefs. Since any decent desk top publishing software can produce the same brief, the requirement does not impose any specific “mandate” or “tax” even though it may impose a burden of sorts.

Eli Lehrer is a senior fellow at the Competitive Enterprise Institute where he directs CEI’s Center for Risk, Regulation, and Markets. RRM, which operates in both Washington, D.C. and Florida, deals with issues relating to insurance, risk, and credit markets.  Prior to joining CEI, Lehrer worked as speechwriter to United States Senate Majority Leader Bill Frist (R.-Tenn.). He has previously worked as a manager in the Unisys Corporation’s Homeland Security Practice, Senior Editor of The American Enterprise magazine, and as a fellow for the Heritage Foundation. He has spoken at Yale and George Washington Universities. He holds a B.A. (Cum Laude) from Cornell University and a M.A. (with honors) from The Johns Hopkins University where his Master’s thesis focused on the Federal Emergency Management Agency and Flood Insurance. His work has appeared in the New York Times,Washington Post, USA Today, Washington Times,Weekly Standard, National Review, The Public Interest, Salon.com, and dozens of other publications. Lehrer lives in Oak Hill, Virginia with his wife Kari and son Andrew.