Insurance is a rather overlooked aspect of risk and compliance functions. Most companies try to prevent risk first rather than manage it. But no matter how diligent your preventive measures are, there will always be some residual risk lurking. Insurance policies are your friends to help manage that residual risk.
In this article, learn about insurance compliance, both from the point of view of companies providing insurance coverage as well as companies looking for it to manage their risks.
8 Common Insurance Compliance Issues
What are some key compliance issues that the insurance industry is presently facing or may face in the future? Based on regulatory trends and surveys, risk and compliance teams of insurance carriers, brokers, providers, reinsurers, and commercial policyholders would do well to pay attention to the following insurance regulations and compliance concerns.
1. Sustainability and Climate Compliance
By being selective about the sustainability and climate-related risks they're willing to take on, insurance carriers, producers, and brokers are in critical positions to influence entire sectors toward improved sustainability and climate resilience.
Surveys show that at least 20% of insurers have denied insurance coverage for unsustainable operations. Policy buyers too must realize this and improve the sustainability of their operations and supply chains.
Regulatory compliance is also moving toward more transparency on these aspects by asking for detailed sustainability reports from companies:
- The European Union (EU) has enacted the Corporate Sustainability Reporting Directive (CSRD), and its insurance regulators are guiding insurers on appropriate underwriting strategies.
- The United Kingdom (U.K.) has enacted the climate-related financial disclosures amendment based on the Task Force on Climate Disclosures (TCFD) recommendations.
- U.S. federal regulations on mandatory climate reporting are expected this year.
In these reports, companies must lay out their climate and sustainability risks, opportunities, and related business strategies. However, these aspects for a carrier heavily depend on the climate risks, opportunities, and strategies of all their policyholders. Brokers and producers need such information as well to analyze, select, or sell the most suitable insurance products.
An emerging concern then is how to ensure accurate and comprehensive sustainability reports from all levels of the insurance ecosystem.
2. Consumer Protection
Regulators around the world are introducing better consumer protection for insurance customers:
- Through its consumer duty principle, the U.K. has turned customer interest into a prime directive for insurers. Insurers, producers, and brokers are prohibited from false advertising, misleading claims, or selling unsuitable insurance products.
- The EU has legislated better protections for policyholders if insurers become insolvent.
- The Fair Access to Insurance Requirements plans of various U.S. states provide state-backed property insurance for customers who are ignored by private insurers.
- The National Association of Insurance Commissioners (NAIC), an association of all U.S. state departments of insurance, published a model unfair insurance practices act. All states have adopted it through state insurance laws to protect policyholders from unfair practices and deceptive selling by insurers, producers, or brokers.
- U.S. state laws like California's annuities and life insurance policies bill, scheduled to come into effect in 2025, have moved the industry toward more transparency and disclosures.
Many of these laws and regulations get amended frequently. Plus, implementing them properly requires in-depth understanding, continuous internal monitoring, and comprehensive documentation to avoid litigation and compliance risks.
3. Data Protection and Privacy Issues
Another regulatory trend is toward improved personal data protection, privacy, and cybersecurity for customer data:
- The Gramm-Leach-Bliley Act was amended for financial services, including the insurance sector, to meet new cybersecurity challenges. It also introduced new privacy rules for non-public personal information of policyholders.
- Many U.S. states have legislated data protection and privacy regulations for their residents. For example, California has the California Consumer Privacy Act and the California Privacy Rights Act.
- The EU has enacted the Digital Services Act and the Digital Markets Act to protect online consumers. Though they don't directly apply to the insurance sector, insurance companies that store customer data on cloud online services are indirectly affected.
- Existing regulations like the Health Insurance Portability and Accountability Act (HIPAA) or the General Data Protection Regulation also impose several compliance requirements.
Potential policy buyers typically have to hand over their sensitive financial data, or that of their employees, to insurance carriers, producers, or brokers. All these companies must have airtight data lifecycle management and cybersecurity practices to implement data confidentiality and privacy effectively.
4. Third-Party Insurance Protection
It's absolutely essential that all companies accurately assess their third-party risks and mitigate them through insurance policies purchased by themselves or by their third parties.
Insurance carriers, producers, and brokers must also assess their customers' risks and ask them, or their third parties, to have additional insurance coverage for some operations or projects. Similarly, reinsurers too must assess the third-party risks of their carrier customers.
In summary, comprehensive third-party risk management is a must for everyone connected to insurance.
5. Market Conduct Guidelines
Closely related to consumer protection are market conduct issues to ensure fair practices and competition in the insurance market.
In the U.S., state insurance regulators prescribe market conduct guidelines and examination standards for companies in the insurance sector. Similar guidelines are prescribed by the Financial Conduct Authority (FCA) handbook in the U.K.
These regulations require insurance players to maintain comprehensive documentation on their products and conduct training programs for their employees.
6. Health Insurance Complexities
In the U.S., health insurance is a major factor that decides who gets access to health care and to what extent. There have been some recent regulatory developments in this area:
- Inflation Reduction Act: This landmark 2022 legislation reduced health care and insurance costs for Americans.
- Standardized insurance plans: To reduce the confusion of choosing between hundreds of medical insurance plans under the Affordable Care Act, standardized insurance plans were introduced in 2023.
Health insurance providers must set up appropriate online workflows to handle these changes. Their customers that offer health insurance policies to their employees must also be aware of these workflows.
7. Anti-Corruption and Anti-Money Laundering Laws
Insurance companies and groups must comply with the anti-corruption and anti-money laundering regulations of all the jurisdictions they operate in. In the U.S., they must follow the Foreign Corrupt Practices Act and the Bank Secrecy Act. In the U.K., they must adhere to the FCA regulations.
These ethical and legal issues typically arise when an insurance carrier, producer, or broker is asked to provide insurance coverage for a project in a foreign country that involves some kind of corruption or money laundering. Robust customer due diligence and third-party due diligence and data analytics are essential to identify such cases and avoid them.
8. Sanctions Compliance
Sanctions are "the new FCPA," according to Deputy Attorney General Lisa O. Monaco. As a result, compliance officers of insurance companies must make themselves aware of sanctions regulations, sanctions lists, and screening guidelines for insurers by the Office of Foreign Assets Control. Again, robust customer due diligence, third-party due diligence, and data analytics can help pre-emptively discover such issues.
Non-Compliance Case Studies
Let's study some case studies where companies failed to implement insurance compliance.
1. $6 Billion Penalty for Misleading Customers
Allianz, a large insurance provider, and its U.S. subsidiary systematically misled as many as 100,000 customers and investors from 2014 to 2020. In 2022, it incurred a whopping civil penalty of $6 billion in addition to criminal charges against its fund managers. This indicates poor internal due diligence and monitoring of customer protection processes.
2. FCPA Action Against Insurance Broker
Aon Corporation, an insurance and reinsurance broker, paid a penalty of $14.5 million for illegal payments to foreign government officials in the United Arab Emirates, Vietnam, Egypt, Indonesia, Costa Rica, Myanmar, and Bangladesh. This occurred for almost a quarter of a century, from 1983 until 2007, indicating poor internal controls.
3. Russian Insurance Group Faces Sanctions
In February 2023, the Independent Insurance Group, a Russian company in Moscow, was sanctioned by the U.S. Treasury for providing insurance services to Russian defense companies. Although no U.S. company seems to be associated with it so far, any insurance company that attempts to hire or partner with it will face sanctions evasion charges.
Best Practices for Insurance Compliance Programs
Knowing these common compliance issues and infractions, your company can implement an effective insurance compliance program by following these best practices:
- Effective sustainability and climate planning: Your compliance teams must keep themselves informed on environmental, social, and governance (ESG) trends around the world. Management must empower them to design and implement an effective ESG strategy. Climate risk planning is an essential component of this strategy.
- Enterprise risk management: Implement a robust enterprise risk management process that includes risk assessments of sustainability, climate, and third parties.
- Implement rigorous due diligence: Your customer and third-party due diligence must be exhaustive to avoid compliance risks. Make maximum use of data intelligence services and data analytics to discover as much information about an entity as possible. In addition to onboarding, ongoing due diligence throughout the relationship is also essential.
- Cybersecurity best practices: Develop a comprehensive cybersecurity risk management plan with continuous monitoring of your digital assets. Get your company certified and audited for ISO 27001 and HIPAA. Sign data protection agreements with all your third parties to prevent data leaks via your suppliers and vendors.
- Vendor insurance best practices: Whether you're an insurance player or just a customer, weave in mandatory insurance expectations to all your vendor contracts, and manage them with contract lifecycle management tools.
- Keep track of regulatory documents: Things like state insurance rules, NAIC standard provisions, or sanction lists are constantly changing. You need a way to keep track of these changes to avoid inadvertently becoming non-compliant after some changes.
Next, find out how you can implement these best practices practically in your company.