Conjeevaram Baradhwaj, Executive Vice President (Legal & Compliance) & Company Secretary at Future Generali India Life Insurance, delves into compliance aspects and impacts:
Ravi Lalwani: New age compliance is a subject of growing complexity. How are you simplifying it so that more and more people in the organization can understand it effectively?
Conjeevaram Baradhwaj: In simple words, compliance is all about ‘knowing what you should do (or not do) and doing what you are supposed to do (or not do what you are not supposed to do)’ – first one is knowledge and the second one is execution.
Understanding the requirements of the compliance team is the first step, ie, having the right knowledge. Certain regulatory requirements are specific only to certain stakeholders within the company. A walkthrough of the regulatory requirements (face-to-face meeting or through teams meeting) with all the concerned functions is made to train them on their requirements, understand their questions and provide them with a reply and finally agree on the way forward. Discussions with stakeholders happen on the interpretation of regulatory notifications, benchmarking with competition, financial implications for implementing the requirements, and alternative methods of achieving compliance.
Simplification is therefore achieved in 3 ways:
(a) Automating the processes to the extent possible – With AI and ChatGPT already influencing the way we operate, the future is about how we use AI to enhance compliance achievement through process reengineering. You train the systems more with facts, information, behavior, etc, and the results can be more accurate. But, end of the day, there is no substitute for the human mind on subjective matters, but to a great extent, such subjectivity can be reduced.
(b) Continuous training of the stakeholders – Humans design and define the basics of machine intelligence – while machines do not commit mistakes, the employees must be trained on the compliance requirements and to check whether the rules have been defined correctly and the output is consistent, logical, and rational.
(c) Frequent testing of operational systems – This is to check whether the desired compliance is achieved and share the results with the team. This will help the teams understand the requirements better and make necessary corrections in the processes defined.
What are the difficulties you encounter in ensuring the rising data compliance requirements? How have you resolved most of these difficulties?
Personal data compliance is not yet passed in India on the lines of GDPR in Europe. The digital data protection bill is on the anvil and can be expected shortly. The formation of the Data Protection Board will ensure data privacy and controls and actions for non-compliance. Data is required across the company for various purposes – for analytics, research, industry-level data shared with insurance information bureau, data required for underwriting, etc. Besides some of the data are also available on websites and the companies are prone to hacking and data theft. While controls have been built by companies on who can have access to policyholder data, employee data, agent data, etc, still instances of data theft have surfaced despite controls being implemented. This shows that there is a continuous need for monitoring the gaps within the organization and plugging these gaps.
The challenge in data sharing is customer data confidentiality, especially personal sensitive data or information like about health, income, family history, etc. As per IT rules (reasonable security practices & procedures and sensitive personal data or information), written consent of the owner for sharing the data and purpose of sharing is required to be obtained. However, distributors and agents in insurance companies have access to the data of the customer they source. These agents will have to also ensure data confidentiality. Training and controlling these agents and other distributors in complying with the data confidentiality requirements continues to be a challenge.
We have instituted controls within the organization by restricting access rights to the customer data on a need-to-know basis and data encryption and other information security controls have been implemented.
Besides taking disciplinary action for violation of information of the security policy, all employees are given training on the information security and data confidentiality requirements, and system controls to prevent data leakage and theft are in place.
What are the most common tech-operational problems and how do you resolve them?
Technology projects are mostly cantered around digitalizing insurance sales, policy issuance, and policy servicing stages. The customer onboarding journey is mostly digital. Digital proposal form filling, uploading of KYC documents, and eKYC have enabled the digitization of the customer onboarding process. Often we find that customers do not understand the health declarations given in the proposal form and sign without reading the declaration of health which forms the basis for life and health insurance. We advise our distributors to ensure that all the questions, especially on health, income, and family details are entered after checking with the customer. Otherwise, there is a risk of non-disclosure and repudiation of claims.
At the policy servicing stage, most of the financial and non-financial requests can be submitted online or through email. However, every process is verified and approved from a compliance angle on the identification of the persons submitting the request, verification of KYC documents, verification of mobile number, verification of email ID, verification of the bank account (by taking canceled cheque), and transfer only through NEFT/RTGS, etc.
Maturity claims are also automated, while death claims intimations are submitted offline and online since claim investigations are done, processing of death claims is manual, and settlement happens through NEFT/RTGS. The customer is informed about the status of the claim from time to time.
What are the newer compliance training programs are you arranging for compliance teams and other teams?
With the developments happening globally on the compliance side, the following special training is arranged for employees of the company:
a) Anti-bribery & corruption laws and controls
b) International sanctions & embargoed countries
c) Anti-trust laws
d) Fit & proper requirements for senior management team
e) Diversity & inclusion
f) Sustainability & ESG practices
g) Information security
h) Whistleblower policy (Reporting Concerns)
What is the profile of people getting into the field of compliance these days?
Nowadays people having operations knowledge in insurance companies find compliance as a natural career development destination. For example, an employee who has worked in underwriting, policy issuance, policy servicing, or claims well understands the compliance requirements while implementing them within their function. They possess good knowledge of operations and systems and therefore can assist in translating the compliance requirements by embedding them into the company’s processes.
The compliance team requires a combination of people who can understand the regulatory requirements in substance and form and people who have experience in executing compliance requirements. Compliance is consummated only when the knowledge meets execution.
Read more:
AI a tremendous opportunity for insurance brokers – Debasish Panda
