The insurance industry lately is facing consistently increasing regulatory obligations along with the rising demand to adopt new technologies and exceed customer expectations.
With rising inflation, perpetual war, and the constant loom of a major recession, the insurance industry is facing the heat to navigate through uncertainty and chaos. Over the last few years, on one hand, the emergence of new technologies in the insurance space has been phenomenal. On the other hand, so has the incessant growth of regulatory requirements. These factors altogether are forcing insurance companies to look beyond the obvious and address the issues in a systematic and methodical manner. In this article, let’s dive deep to understand the present-day regulatory compliance for insurance companies in detail.
The risk of data breaches isn’t new to insurance companies, but the consequences have been greatly increased by the General Data Protection Regulation (GDPR) and the California Consumer Protection Act (CCPA). As a result of these new laws, regulators are examining with unprecedented rigor how companies protect and store their data.
Insurance companies have already started leveraging consumer data to offer targeted solutions and implementing new technologies that address various aspects to automate their mundane operations such as claims processing, and document management. According to the new rules and stringent regulatory compliance for insurance companies, they must put mechanisms in place to protect and manage their customer data. Insurance companies must design and implement robust data protection and security plans and develop them not only to protect consumers but also to avoid fines and other penalties imposed by regulators.
Multiple regulatory changes or upgrades have put the insurance companies in a difficult situation. The key regulations for insurance companies in 2023 are:
ARPA: American Rescue Plan Act of 2021 or better known as (ARPA) has transformed and revolutionized the insurance domain forever. ARPA provided an upgrade to the Premium Tax Credit (PTC) for two years for individuals who are eligible to purchase coverage through health insurance marketplaces. The upgrade increases the amount of PTC available for all income levels and removes the income limit to qualify for PTC previously set at 400 % of the federal poverty line (FPL) or $51,520/year.
Some of the impacts of ARPA on insurance companies are (based on the data shared by 13 states):
LDTI: Long duration targeted improvements (LDTI), is a modified accounting standard that the FASB updated to address its key concerns, driving leaps and bounds in insurance areas with new changes. Some of the notable impacts are:
For some insurers LDTI will be a catalyst for carve-out from operations that are no longer core to their strategy. For others, it may provide an opportunity to exert core competency in certain areas.
IFRS 17: IFRS 17 insurance contracts establish principles for the recognition, measurement, presentation, and disclosure of insurance contracts within the scope of the standard.
The objective of IFRS 17 is to ensure that an entity provides relevant information that truly represents the contracts. This information provides users with a basis for assessing the effects of insurance contracts on the company’s financial position and the results of operations.
Some of the implications of IFRS 17 are:
Changes in Affordable Care Act: The Affordable Care Act (ACA) has given millions of Americans new access to insurance, in some cases for the first time. Under the Affordable Care Act (ACA), insurance companies that sell health insurance through state or federal marketplaces generally offer plans in four different cost tiers, also known as actuarial value (AV): Bronze, silver, gold, and platinum.
Plans must offer the ACA essential health benefits package of covered services at each level. The differences between tiers reflect the differences between deductibles, and maximum deductible limits, as well as different co-payment and co-insurance levels and other plan features.
Plans with higher actuarial values, such as Gold and Platinum plans typically have fewer cost shares and higher rewards. Insurance companies need to be updated and thorough with the recent changes and the new regulations of ACA in place.
2023 Notice of Benefits and Payment Parameters Final Rule: On April 28, 2022, the Centers for Medicare & Medicaid Services (CMS) released their latest notice on benefits and payment parameters for plan year of 2023. Beginning in 2023, plans must ensure that members can access services within a maximum time or distance. These standards are specified in the final 2023 letter to issuers, which CMS also published on April 28, 2022. A few reforms to be in force are:
In its proposed rule, CMS would amend several ACA rules to restore prohibitions against discrimination based on gender identity and sexual orientation. Previous protections against such discrimination were repealed in a 2020 rulemaking.
CMS sets a uniform annual deadline for states to submit proposals for revisions or new benchmark plans submission. That deadline is the first Wednesday in May, two years before the effective date of the new EHB benchmark baseline.
CMS is removing a requirement that each year a state must submit a report on government service contracts that are added with those offered under the government EHB plans.
In the future, states will no longer be able to allow insurers to substitute benefits between the categories of EHB benefits, although they can still do so within a performance category.
Consumer expectations over the years have increased by leaps and bounds. With the advent of new technologies, consumers are no longer interested in the traditional insurance processes; rather, they want new-age bundled offerings. As insurance companies strive to improve their customer experience through automation tools that result in faster or streamlined claims processing and underwriting processes, they must consider the regulatory implications of these technologies. Also, integrate them into their monitoring and analysis processes to ensure fair enforcement across the board.
By using data and analytics, self-assessments, and internal audits to proactively monitor their own operations, insurance companies can avoid getting caught in regulatory problems that stem from poor oversight or rogue agents. Insights from these ratings help insurance companies identify outliers, monitor rate compliance, and verify that products and services are being offered fairly to customers. This allows companies to fix any issues before receiving negative results and tarnishing their reputations.
Blockchain, cryptocurrencies, and other parts of the digital asset ecosystem have evolved exponentially. The Silk route and a plethora of cryptocurrency scams such as FTX have shaken the entire regulatory world over the last few years. This has raised regulatory concerns over customer protection, economic loss, and consumer education. In 2023, legislation could expand the scope of regulated financial entities and instruments.
States are expected to amend their state economic laws to accommodate changes to the Uniform Commercial Code to bring digital technologies under the ambit of regulatory laws.
Throughout 2022, the world has witnessed increasing interest from investors, regulators, customers, and other stakeholders in understanding and exploring the environmental, social, and governance (ESG) activities of organizations. The UK intends to make TCFD-compliant disclosures mandatory across the economy by 2025, with a significant portion of the mandatory requirements to be put in place by 2023.
These issues will continue to be a key focus for its regulators in the coming year. The Federal Insurance Office, NAIC, and SEC are expected to continue assessing climate change’s impact in the United States. The insurance industry is exploring other regulations in this area related to disclosure, risk, and resilience, among others.
Insurers are likely to be judged not just on the plans outlined in their annual sustainability reports, but on how their initiatives actually limit the impacts of climate change and other emerging systemic environmental risks. All this while addressing carbon emissions at source, diversifying the leadership and workforce, improving the inclusion of its products and services, and increasing transparency and accountability in its governance structures.
The insurance industry has been dealing with serious concerns about cybersecurity and privacy. The industry is responding to potential risks in related areas:
Citing insurer and 3rd-party incidents, USA Government insurance regulators have been warning for a while that no other industry is as vulnerable to security breaches as the insurance industry. At the same time, insurance companies collect significantly more data from personally identifiable customers than any other industry. To further improve cybersecurity, state regulators and industry participants are jointly drafting a third version of the NAIC Insurance Data Security Act by a government regulator.
Attention is primarily focused on regulatory consistency, the triggers that define a data breach, the definition of personal information, and the appropriateness of a waiver when a company complies with the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Any regulation that is eventually passed will require licensees to ensure that third parties also have adequate safeguards in place to protect the information in their possession, and the licensee will be responsible for any failure by third parties to protect such information.
Fraud is a pervasive threat in all types of insurance, although it’s a huge problem in auto insurance and health insurance. Insurance fraud is perhaps most commonly associated with consumers defrauding insurance companies, but it can happen vice-versa as well.
From a regulatory perspective, insurance companies should be extra cautious while dealing with fraudulent activities. Employees who act unscrupulously, such as collecting consumer premiums without returning a policy can potentially tarnish the insurance company’s reputation.
This potential risk has been heightened following the July 2019 updates to the Insurance Fraud Model Act, which strengthened prosecutors’ powers and eliminated many previous standards of evidence. For organizations that are often large and complex, self-regulation can be difficult. As a result, companies are turning to advanced analytics to identify anomalies and uncover potential fraud before it becomes a bigger threat.
Managing compliance on spreadsheets does more harm than good. Multiple versions of the data, inaccurate and outdated data and challenges in interdepartmental collaboration are some of the many drawbacks of using spreadsheet-based solutions for insurance companies.
Instead, a GRC platform like VComply not only tracks compliance and regulatory process but also monitors organizational risks and mitigates them quickly while tracking governance within the organization.
In addition, now, more than ever, compliance officers in the insurance industry are playing a critical role in assessing, monitoring, and mitigating risks on a daily basis.
In this volatile economic environment, industry executives now have to make an array of deliberate and quick strategic choices to succeed. Slow and incremental change might no longer be a viable option. VComply GRC platform can help insurance companies sail through this difficult situation with their all-in-one software solution.
The benefits of having VComply risk management solution include:
The insurance industry which used to be the yardstick for stability and predictability has been going through a complete paradigm shift. Constant pressure for growth without compromising profit, unprecedented climate change, increasing consumer demand, and too much regulatory compliance for insurance companies are disrupting the industry more than ever.
To know more about how VComply helps insurance companies keep pace with the key regulatory obligations in 2023, sign up for a personalized demo.
Are you ready to set up a trial of VComply and automate your compliance process?