Managing Information Risk in the Insurance Industry
Insurance companies are acutely aware of risk. It’s kind of their thing. And when it comes to risks related to their business operations, getting in front of potential issues is a critically important calculation. Employee communications is one area that has changed so much in recent years, risk-averse insurance companies should be giving it a diligent examination.
Almost all business communication is done online now. The quick and ongoing adoption of tools like video conferencing, collaboration platforms and mobile chat applications has forever changed the way business is conducted. New tools, combined with the move from centralized offices to distributed home networks create a brand-new set of risks:
- Cybersecurity risks: The use of unsecured home networks and unauthorized devices creates blind spots for IT and security teams, paving the way for increases in fraudulent activity
- Regulatory risks: When communications tools are downloaded or deployed before policy controls can be implemented, compliance gaps exist if those communications are not being archived or monitored
- Legal risks: The distribution of communications across multiple tools, devices and networks can increase the risk of intellectual property loss, employee misconduct and reputational damage
- Data privacy risks: Privacy complications can arise if collaboration tools are not used exclusively for business purposes
Whether workers are on a mobile device, working at home or in an office, they need to be able to communicate securely and compliantly. Having a comprehensive view of those communications — and the ability to find and resolve issues efficiently and proactively — is a critical step toward ensuring that cybersecurity, regulatory, legal and data privacy risks are being managed. This kind of agility is made possible with modern, cloud-based solutions for compliance, supervision and e-discovery.
Opportunity costs of outdated compliance technology
Organizations in the insurance industry may be resistant to the idea of moving to cloud-based technology for managing information risk. Oftentimes companies are held back by concerns about the cost and risk of migrating data and adopting new tools. Perhaps there is institutional inertia when it comes to changing how things are done and the resources that would require. Legacy archiving and monitoring technologies are often embedded into business processes. But how much is supporting old systems in a new world costing these organizations?
With outdated technology for managing communications, companies are likely supporting multiple systems that aren’t integrated, don’t scale, and cost valuable resources to manage. Plus, there are opportunity costs to maintaining stagnant technology. For example, enabling the latest conferencing tools offers a new channel for connecting with clients – but outdated, disparate infrastructure built for managing email and phone monitoring makes insurance companies vulnerable to the risks hidden in today’s Slack chats and text messages.
Regulators are expecting companies to enhance their oversight capabilities to manage accelerated digital transformation, and they’re paying attention to how insurance organizations have adapted compliance processes in the new normal. Under guidance from the Department of Justice (DOJ), updated in June 2020, regulators are evaluating the effectiveness and adequacy of corporate compliance programs and “whether the corporation has made significant investments in, and improvements to, its corporate compliance program and internal controls systems.”
Moving to the cloud might be perceived as a risky endeavor, but it provides insurance companies with the tools to get ahead of business risks. Delaying a move toward modern technology and maintaining the status quo can inhibit business growth and cause problems down the road.
Tips for risk management in insurance
Ultimately, upgrading to modern, scalable, integrated technology for managing communications is not just about the mitigation of risk. It's about enabling your employees to be more effective in the way they engage with clients and each other.
The events of the past year and the uncertain future of the workplace should be a catalyst for modernizing compliance and e-discovery in insurance. Business communications are happening through an ever-expanding network of channels (email, chat, text message, collaboration, conferencing, mobile apps, etc.) that all need to be accounted for. CCOs and risk management professionals can take this chance to explore innovative approaches and strategies to modernize and future-proof their efforts.
To stay ahead of compliance, security and legal risks, insurance companies should start with the following practices:
- Install a cross-departmental communications governance council to collectively make decisions about communications technology and the implied risk across the business
- Implement or update internal communications policies so employees are aware of permitted or prohibited communications channels and supervision practices
- Deploy a cloud-based solution for collecting, preserving, monitoring and producing communications (preferably AI-enabled to pinpoint red flags and serve up business insights)
The tools people use to collaborate will continue to evolve. This makes information risk management an ongoing challenge. Lessons learned from 2020 can serve as a guide to prioritize updating policy, technology and training — and better prepare for the next wave of communications channels to emerge.
Share this post!
Smarsh
Scalable for organizations of all sizes, the Smarsh platform provides customers with compliance built on confidence. It enables them to strategically future-proof as new communication channels are adopted, and to realize more insight and value from the data in their archive. Customers strengthen their compliance and e-discovery initiatives and benefit from the productive use of email, social media, mobile/text messaging, instant messaging and collaboration, web, and voice channels.
Smarsh serves a global client base that spans the top banks in North America and Europe, along with leading brokerage firms, insurers, and registered investment advisors. Smarsh also enables state and local government agencies to meet their public records and e-discovery requirements. For more information, visit www.smarsh.com.
Latest posts by Smarsh (see all)
- Strategic Partnerships Highlighted at SmarshCONNECT 2024 - April 15, 2024
- What Are Financial Firms Saying About 2023’s Regulatory Squeeze? - January 10, 2024
- Form ADV Amendments: Frequently Asked Questions (FAQ) for RIAs - December 6, 2023
Smarsh Blog
Our internal subject matter experts and our network of external industry experts are featured with insights into the technology and industry trends that affect your electronic communications compliance initiatives. Sign up to benefit from their deep understanding, tips and best practices regarding how your company can manage compliance risk while unlocking the business value of your communications data.
Watch it Work
Contact Us
Chat
Subscribe to the Smarsh Blog Digest
Subscribe to receive a monthly digest of articles exploring regulatory updates, news, trends and best practices in electronic communications capture and archiving.
Smarsh handles information you submit to Smarsh in accordance with its Privacy Policy. By clicking "submit", you consent to Smarsh processing your information and storing it in accordance with the Privacy Policy and agree to receive communications from Smarsh and its third-party partners regarding products and services that may be of interest to you. You may withdraw your consent at any time by emailing privacy@smarsh.com.
FOLLOW US