Today’s property and casualty insurance IT department heads have their hands full, juggling issues related to core legacy vs. modernized or componentized build-outs, user and viability testing, network and choices around cloud, data access and management, and of course, privacy, security and compliance.
Working with the chief compliance officer, this juggling act takes place under increased pressure from leadership to meet the computing requirements of the organization in the most efficient, cost-effective manner possible, and under increased expectations from demanding business users and customers with whom they are transacting business.
And while the role of IT leadership hasn’t changed much over the years, the role of the insurance compliance officer has evolved from a “check the box” advisory role to a proactive one that involves verifying the practical application of the IT’s control environment, notes a white paper issued by Ethical Corporation, a global business publication. This means IT and compliance leaders must work together to make sure there is full and auditable compliance to a broader set of state and federal laws and regulations tied to everything from Sarbanes Oxley Act, to the Gramm Leach Bliley Act, the Payment Card Industry Data Security Standard (PCI-DSS) and to security standards tied to cyber threats, to name a few.
“The combined impact of these multiple regulatory influences on the insurance industry is tremendous,” says Chris Spoth, Executive Director, Center for Regulatory Strategies for Deloitte in a recent report. “Not only are there more regulators for some insurers to satisfy—and more regulations to comply with—but there is also a more aggressive tone in the air as various regulatory entities jockey for position and assert their authority.”
So whether dealing with shared functions across the enterprise, or facilitating a transaction with an agent or end user, it’s imperative to have comprehensive authority and security built into the systems to enable cross-company control, accuracy and security of data. This means holding the technology solution provider accountable for updating their own certificates of compliance, and choosing technology options that provide safe, secure transmissions as well as the ability to comply with reporting requirements.
Both consumers and insurers face new security threats from different sources every day. ISCS’s SurePower Innovation, a modern core suite of applications for property and casualty insurers, provides complete, time- and user-stamped financial tracking of all changes to a policy, including endorsements, premiums, payments, and payment schedules. A policy may even be viewed as a “snapshot,” to see how it appeared at a specific date in the past.
It’s imperative to have a record of every transaction, obviously, and a full audit trail. But ISCS believes it’s also important to have full security control at the individual user, role (group) and functional levels.
To make this possible, the company already has achieved compliance with the Payment Card Industry (PCI) Data Security Standard (DSS) as a Level 2 service provider, and this year announced the release of payment gateway functionality within its SurePower Innovation enterprise suite to enable payment processing for the company’s cloud and mobile applications.
Deloitte’s Spoth stresses the importance of investing more time, money and effort in the areas of risk management, compliance and governance. “To stay ahead of the curve, insurance companies should closely monitor regulatory developments at all three levels: state, federal, and international. This is true even for small insurers that only operate domestically, as the high degree of interplay that is currently taking place means that developments in one area will likely find their way into other areas very quickly.”
ISCS characterizes its PCI DSS compliance as an extra security measure for all merchants and service providers accepting credit cards or retaining financial information for customers. PCI DSS certification reflects our ongoing compliance with a high standard of credit card data security, and the company’s ongoing commitment to ensuring security of customers’ payment and financial information. In other words, while SurePower Innovation currently secures payment and financial information, ISCS is always actively working to stay ahead of the curve with all its technology offerings to make sure they include compliance- and security-related checks and balances.