The Devil is in the details: dealing with apparently “minor” regulation

While the demands data protection regulation places on the IT department are well-understood, there are a multitude of other regulations that can damage the organisation if not followed.

Even apparently minor lapses in compliance can, if not dealt with, lead to a domino effect with catastrophic consequences.

IT can help ensure that every regulation, no matter how apparently minor it seems, is obeyed and isn’t a risk to the business.

Looking at the insurance industry as a single example, there is a wealth of regulations on how information is stored, shared, presented, and even how customer complaints are dealt with, which must be followed.

A global perspective

Ensuring compliance with all these regulations at all times would be a challenge for any organisation; one which is multiplied when operating in multiple territories.

Acceptable business practice in one region can easily see an organisation falling foul of regulators, with the associated penalties, in another; even within the same nation.

>See also: Increased compliance regulations? You need a GRC solution

For instance, US state laws vary considerably when dealing with how insurers record information and share it with their customers. A recent change in these laws by the state of Texas presented insurers with the expensive, time-consuming task of altering their forms to match.

One firm estimated making the changes would take 500 person-hours.

However, with access to the data and automation tools to perform the changes automatically, and in line with the new rulings, IT teams at prepared insurers were able to complete them in a fraction of the time.

This goes beyond a single event in a single state; intelligent use of automation, together with the right information such as customer addresses, means those insurers can ensure appropriate, compliant customer communications in every state, regardless of the local laws.

Changing documents might seem a minor concern, yet IT has still allowed insurers to better comply with local regulations without investing excessive time.

Keeping the customer happy

IT can help keep the business compliant far beyond the post room. For example, and returning a little closer to home, the EU’s 2015 rules on Alternative Dispute Resolution demanded insurers pay closer attention to how they deal with customer complaints; from understanding the root cause to the way in which they treat the customer.

A failure to comply could mean a visit from the Financial Conduct Authority, which has often shown a willingness to make an example of organisations through sizeable fines.

IT can already provide strong support to customer services; such as by storing and analysing data so that businesses can personalise communications and offerings to ensure the customer is always getting what they both want and need.

Streamlining the customer complaints process can work on the same principles, reducing the risk of breaking compliance while at the same time improving the customer experience.

To start, accurately recording customer complaints and linking them with specific customers’ accounts and activity means the organisation can analyse this data to identify a root cause of any complaint, as well as a solution.

>See also: Risk management: more than a regulatory exercise

The customer’s journey through the complaints process should also be automated wherever possible. Not only will this make the process faster, and so reduce any customer stress.

It will also make it easier to identify when an independent arbitrator is necessary, contact that arbitrator, and so keep the customer as content as they can be.

The safety net

Even the most well-known regulation, such as data protection, can still trip up organisations if the full details aren’t understood.

For instance, while the common perception of data protection revolves around securing customer data by any means necessary, the majority of data protection breaches identified by, and acted upon, by the Information Commissioner’s Office (ICO) concerned data sent to the wrong people in error, and a failure to inform customers who might be at risk.

Considering insurers will be privy to some of the most sensitive details of their customers’ lives, up to and including what action to take if they die or become critically ill, any breach of data protection could be catastrophic both for them and their customers.

Indeed, this year has already seen Royal Sun Alliance fined £150,000 by the ICO for losing the data of almost 60,000 customers.

IT should be able to prevent these incidents before they happen; segregating data and automating actions such as customer communications can greatly reduce the risk of accidentally sending information to the wrong address, as well as helping make any response to a breach as fast and comprehensive as possible.

>See also: What Brexit and Trump mean for compliance

Throughout history there are thousands of examples of tiny actions or omissions having vast, often unintended consequences.

The IT department can help its organisation, whether in the insurance industry or elsewhere, avoid this; by ensuring that the business is equipped to deal with minor, as well as major, regulations.


Sourced by Mike Davies, VP EMEA North, GMC Software

Avatar photo

Nick Ismail

Nick Ismail is a former editor for Information Age (from 2018 to 2022) before moving on to become Global Head of Brand Journalism at HCLTech. He has a particular interest in smart technologies, AI and...