How to create a compliant and secure insurance firm
Using expert insights from Capgemini and kompany, we determine the best way to maintain a compliant and digitally secure presence in insurance.
As insurance becomes increasingly digitised, regtechs are gaining prominence as guardians of IT security. Consisting not simply of ‘cyber defense’ programmes in this context, but rather the methods by which an insurer can remain fully compliant with regulations at all times, IT security for the industry has reached a difficult stage in its development. As the landscape continues to shift and old protocols no longer hold true, InsurTech Digital sought out information on how companies are using pioneering technologies - including blockchain, data analytics, artificial intelligence (AI) and automation - to eliminate cyber threats and enhance the customer experience through improved transparency.
Providing guidance on how insurance companies can enact the highest standards of IT security are Chris Heaven, Global Head of Cybersecurity Go to Market (GTM) at Capgemini, and Russell E. Perry, Founder and CEO of Austrian regtech platform ‘kompany’.
A three-step roadmap for enabling security and compliance
Before discussing a solution, we must first identify how the contemporary insurance industry’s security issues first arose. Something that Heaven and Perry both point out is insurers’ tendency to employ external security experts to undertake expensive and time-consuming audits on key processes like underwriting. This practice can be prohibitively expensive for SMBs (small-medium businesses) and ultimately yields an unsatisfactorily shallow impression of a company’s IT posture. Perry adds, “Most companies today also tend to base their business verification on outdated, inefficient and manual KYB (know your business) processes that, on top of everything else, offer a poor experience for their clients.”
These problems are the relics of an older industry where legacy tech had not yet been supplanted by pioneering digital alternatives. As such, the road map for modernisation involves a thorough reassessment of five essential insurance aspects: client acquisition, underwriting, portfolio monitoring, post-claim support and value-added services.
Step one: Client acquisition and underwriting
Key solution: AI and automation
The data-rich nature of the insurance makes it perfect for optimisation via AI and automation. With the capacity to improve not just the front-office but the back-office too, insurers have the opportunity to assess risk and perform the underwriting process using client-sourced data and globally-sourced data (i.e. news, market reports, police notifications, etc). Furthermore, esoteric sources like the dark web can provide invaluable indicators of past and future security compromises.
“By combining these two views, insurers can calculate a risk score with which to price and define terms of a policy,” says Heaven. “A process that used to take days or even weeks is now reduced to minutes. This approach can be deployed at scale and also drives down the cost of acquisition.” Perry states that kompany has undergone this transformation firsthand: “Having started by optimising data access via our Live Search network, we are now using AI to make this data more manageable. Where shareholder records are inconsistently collected or stored, AI-based software structures this data, therefore facilitating risk officers’ tasks significantly.”
It should be noted that both commentators still expect a degree of physical auditing to persist. However, this will be complemented and enhanced by automation.
Step two: Portfolio monitoring and post-claim support
Key solution: close collaboration with regtechs
A central characteristic of threats to security and compliance is their volatility; risk assessment must be an ever-changing process if it is to retain accuracy, credibility or value. AI and automation can certainly assist in keeping knowledge of risk points up-to-date, but the benefits of close collaboration between insurers/insurtechs and regtechs cannot be overstated.
“These companies [regtechs] can automatically assess regulation and compliance during the acquisition and policyholder monitoring phases against existing and emerging standards. This is crucial as compliance adherence is also becoming a mandatory condition of business outside the financial regulated sector,” states Heaven. “The best way to guarantee the veracity of data is to take it directly and in real-time from the primary source,” says Perry. “In kompany’s case this means official commercial registers and financial and tax authorities themselves, leveraged through our global proprietary network to over 200 countries and jurisdictions.”
By working closely with regtechs operating in this way, insurers can bolster the integrity of their decision-making during the claims process by utilising time-stamped and audit-proof information.
Step three: Value-added services
Key solution: blockchain
While technology is crucial to offering customers a modern experience, it is often the culture in which it is deployed that differentiates a company from its competitors. IT security is an additional avenue that can be valuably exhibited to garner trust and loyalty from the public, while also reducing the risk of a claim being made in the first place.
“And a step beyond accessibility and manageability is accountability,” explains Perry. “kompany’s new blockchain-based product, ‘’, creates an immutable record that these checks have taken place, streamlining the process for businesses and customers alike. While business verification automation has always made sound sense, the COVID-19 situation has acted as a clarion call for companies to accelerate their digitisation efforts following the significant increase in business fraud and supplier/vendor failure.”
A culture of openness on the topic of security and compliance, claims Heaven, is something all insurance companies should embrace if they want to create trust and lower risk simultaneously. “The client experience can be enhanced by sharing insights on their security posture, thus enabling continuous improvement and plugging security gaps. Policyholder onboarding should preferably include training to improve cyber awareness, including what to do in the event of an attack.”
“IT security will need to keep pace with the evolving threat landscape and how it relates to both the compliance needs of the business and/or the risk appetite the organisation has adopted,” Heaven says.
Indeed, as previously discussed, security and compliance will forever remain an ongoing process and never a fully-realised state of being. However, by following these three steps, insurers can build a faster, more efficient and ultimately more compliant business than ever before (kompany estimates a 50% reduction in costs and 90% less time wasted).
Taking these factors into consideration, there is no reason that insurers can’t turn the ‘burden’ of maintaining IT security into an asset for gaining a competitive advantage.
A prominent and diverse leader in international business, Perry founded kompany in 2012. His other ventures include being a founding member of IRTA (International RegTech Association), Coalhunter Mining Corporation and mInnovatve - the latter of which coined the term ‘the digital oil field’ in 2003.
Now part of Capgemini for over 13 years, Heaven’s tech credentials are further validated by his experience as COO and Programme Director at . In addition, he holds an MBA, DipM and DipCD in Executive Global Management through New York Stern Business School, UCL and Leads University.