Oct 28, 2020

How to create a compliant and secure insurance firm

William Girling
6 min
Using expert insights from Capgemini and kompany, we determine the best way to maintain a compliant and digitally secure presence in insurance
Using expert insights from Capgemini and kompany, we determine the best way to maintain a compliant and digitally secure presence in insurance...

Using expert insights from Capgemini and kompany, we determine the best way to maintain a compliant and digitally secure presence in insurance.

As insurance becomes increasingly digitised, regtechs are gaining prominence as guardians of IT security. Consisting not simply of ‘cyber defense’ programmes in this context, but rather the methods by which an insurer can remain fully compliant with regulations at all times, IT security for the industry has reached a difficult stage in its development. As the landscape continues to shift and old protocols no longer hold true, InsurTech Digital sought out information on how companies are using pioneering technologies - including blockchain, data analytics, artificial intelligence (AI) and automation - to eliminate cyber threats and enhance the customer experience through improved transparency.

Providing guidance on how insurance companies can enact the highest standards of IT security are Chris Heaven, Global Head of Cybersecurity Go to Market (GTM) at Capgemini, and Russell E. Perry, Founder and CEO of Austrian regtech platform ‘kompany’.  

A three-step roadmap for enabling security and compliance

Before discussing a solution, we must first identify how the contemporary insurance industry’s security issues first arose. Something that Heaven and Perry both point out is insurers’ tendency to employ external security experts to undertake expensive and time-consuming audits on key processes like underwriting. This practice can be prohibitively expensive for SMBs (small-medium businesses) and ultimately yields an unsatisfactorily shallow impression of a company’s IT posture. Perry adds, “Most companies today also tend to base their business verification on outdated, inefficient and manual KYB (know your business) processes that, on top of everything else, offer a poor experience for their clients.” 

These problems are the relics of an older industry where legacy tech had not yet been supplanted by pioneering digital alternatives. As such, the road map for modernisation involves a thorough reassessment of five essential insurance aspects: client acquisition, underwriting, portfolio monitoring, post-claim support and value-added services.

Step one: Client acquisition and underwriting

Key solution: AI and automation

The data-rich nature of the insurance makes it perfect for optimisation via AI and automation. With the capacity to improve not just the front-office but the back-office too, insurers have the opportunity to assess risk and perform the underwriting process using client-sourced data and globally-sourced data (i.e. news, market reports, police notifications, etc). Furthermore, esoteric sources like the dark web can provide invaluable indicators of past and future security compromises.

“By combining these two views, insurers can calculate a risk score with which to price and define terms of a policy,” says Heaven. “A process that used to take days or even weeks is now reduced to minutes. This approach can be deployed at scale and also drives down the cost of acquisition.” Perry states that kompany has undergone this transformation firsthand: “Having started by optimising data access via our Live Search network, we are now using AI to make this data more manageable. Where shareholder records are inconsistently collected or stored, AI-based software structures this data, therefore facilitating risk officers’ tasks significantly.” 

It should be noted that both commentators still expect a degree of physical auditing to persist. However, this will be complemented and enhanced by automation.

Step two: Portfolio monitoring and post-claim support

Key solution: close collaboration with regtechs

A central characteristic of threats to security and compliance is their volatility; risk assessment must be an ever-changing process if it is to retain accuracy, credibility or value. AI and automation can certainly assist in keeping knowledge of risk points up-to-date, but the benefits of close collaboration between insurers/insurtechs and regtechs cannot be overstated. 

“These companies [regtechs] can automatically assess regulation and compliance during the acquisition and policyholder monitoring phases against existing and emerging standards. This is crucial as compliance adherence is also becoming a mandatory condition of business outside the financial regulated sector,” states Heaven. “The best way to guarantee the veracity of data is to take it directly and in real-time from the primary source,” says Perry. “In kompany’s case this means official commercial registers and financial and tax authorities themselves, leveraged through our global proprietary network to over 200 countries and jurisdictions.”

By working closely with regtechs operating in this way, insurers can bolster the integrity of their decision-making during the claims process by utilising time-stamped and audit-proof information. 

Step three: Value-added services

Key solution: blockchain

While technology is crucial to offering customers a modern experience, it is often the culture in which it is deployed that differentiates a company from its competitors. IT security is an additional avenue that can be valuably exhibited to garner trust and loyalty from the public, while also reducing the risk of a claim being made in the first place.

“And a step beyond accessibility and manageability is accountability,” explains Perry. “kompany’s new blockchain-based product, ‘KYC onchain’, creates an immutable record that these checks have taken place, streamlining the process for businesses and customers alike. While business verification automation has always made sound sense, the COVID-19 situation has acted as a clarion call for companies to accelerate their digitisation efforts following the significant increase in business fraud and supplier/vendor failure.”

A culture of openness on the topic of security and compliance, claims Heaven, is something all insurance companies should embrace if they want to create trust and lower risk simultaneously. “The client experience can be enhanced by sharing insights on their security posture, thus enabling continuous improvement and plugging security gaps. Policyholder onboarding should preferably include training to improve cyber awareness, including what to do in the event of an attack.”


“IT security will need to keep pace with the evolving threat landscape and how it relates to both the compliance needs of the business and/or the risk appetite the organisation has adopted,” Heaven says.

Indeed, as previously discussed, security and compliance will forever remain an ongoing process and never a fully-realised state of being. However, by following these three steps, insurers can build a faster, more efficient and ultimately more compliant business than ever before (kompany estimates a 50% reduction in costs and 90% less time wasted).

Taking these factors into consideration, there is no reason that insurers can’t turn the ‘burden’ of maintaining IT security into an asset for gaining a competitive advantage.

About our commentators:

 Russell E. Perry, Founder & CEO, kompany

A prominent and diverse leader in international business, Perry founded kompany in 2012. His other ventures include being a founding member of IRTA (International RegTech Association), Coalhunter Mining Corporation and mInnovatve - the latter of which coined the term ‘the digital oil field’ in 2003.

Chris Heaven, Global Head of Cybersecurity GTM, Capgemini

Now part of Capgemini for over 13 years, Heaven’s tech credentials are further validated by his experience as COO and Programme Director at BT. In addition, he holds an MBA, DipM and DipCD in Executive Global Management through New York Stern Business School, UCL and Leads University.

Share article

May 28, 2021

FCA bans ‘price walking’ for insurers from Jan 2022

3 min
The City regulator has said insurers must not raise prices at renewal and penalise loyal customers

Insurers will no longer be allowed to raise premiums upon annual customer renewals following a new ruling by the Financial Conduct Authority (FCA)

The new move, which comes into effect in January 2022, will directly affect people renewing their home or motor insurance because they will pay no more for their premiums than a new customer. 

The FCA said the change will save loyal customers an estimated £4.2bn over a 10-year-period. However, it also admitted the move could mean cheaper deals for new customers can no longer be sustainable for insurers attempting to attract business. 

Price walking practices ended

According to reports, the FCA has been working on changing the rules on ‘price walking’ as it is termed, because customers are charged more their annual premiums, even though their level of risk remains the same. The system has resulted in complaints from consumer groups that loyal customers pay more unnecessarily.

Speaking about the regulatory change, Sheldon Mills, from the FCA told the BBC

"These measures will put an end to the very high prices paid by many loyal customers. Consumers can still benefit from shopping around or negotiating with their current provider, but won't be charged more at renewal just for being an existing customer."

Victory for the customer

Consumer groups have hailed the change as a victory for customers who have ended up paying higher premiums unnecessarily, but admitted it presented huge implications for insurers in the short term.

Consumer Intelligence CEO, Ian Hughes said, “These changes represent a tsunami for both insurers and their customers, but we should be in no doubt that the fault line that sits underneath this is fair value, mentioned 153 times in the final statement. GIPP changes will feel like just a ripple for those who don’t offer fair value to customers."

He continued, “This is going to be a bumpy ride for insurance brands and consumers alike in the short term. Today, the FCA has revealed that cash and cash-equivalent incentives, other than toys and carbon off setting, cannot be used to entice new customers without being offered to renewing customers. This means the savviest consumers who shop around each year will see prices rise and discounts and offers disappear.

“However, there is an opportunity for the industry to take advantage of all this change that is coming and do something that will be good for brands, good for the industry and good for consumers."

Consumer Intelligence PR and communications manager, Catherine Carey agreed, and described the victory as “a shot in the arm for innovation.”

Carey said the move “presses a giant reset button on the relationship between price and value, it will change the relationship between brands and consumers.”

She explained, “We expect to see insurers changing their models and new firms entering the market for the first time as loss-making year one pricing phases out. If you look at these new rules, and specifically the introduction of fair value, it’s the most exciting time for the development of the general insurance market for decades.”

Hughes also warned against insurers resisting the regulatory change, “Those that don’t take advantage of the opportunity are going to find it really tough.”

He added, “The tipping point we find ourselves at today is a critical point in the journey of this industry and there is an opportunity to be positive.”


Share article