By Mike Davies, VP EMEA North, GMC Software
It already feels like an age since the Autumn Statement and Spending Review, when businesses were left to weigh up the possible economic and regulatory fallout from George Osborne’s announcement. A high level of scrutiny on such announcements isn’t always made by those working within IT departments, however. IT’s focus on regulation and the economy has traditionally been restricted to issues that directly affect it; for instance, if the Government announces tougher data protection laws, or tax breaks on IT infrastructure, the impact is clear. However, there are a multitude of regulations, often apparently minor, which could still severely damage the organisation if not followed. Such legislation can provide the perfect example of the butterfly effect, where an apparently insignificant event has far-reaching, destructive consequences. Take the insurance industry: while the importance of protecting customers’ data isn’t in question, there are a host of regulations on how information is stored, shared, presented, and even how customer complaints are dealt with, which must be followed. IT has a critical role to play in helping ensure that every regulation, no matter how minor it appears, is followed to the letter.
Could a flap of the wings in Brazil lead to a tornado in Texas?
Staying on top of these regulations is a challenge for any organisation; but it becomes even harder when the business operates in multiple territories. What passes for acceptable business practice in one area could easily be grounds for financial penalties or worse in another. For example, in the US different states have different laws on how information is recorded and shared with insurers’ customers. When the state of Texas recently changed its laws, insurers faced the expensive and time-consuming task of altering their forms to match – one firm estimated the total time at 500 person-hours.
That said, insurers whose IT teams had access to the data and automation tools to perform the changes automatically, and in line with the new rulings, could complete them in a fraction of the time. More so, intelligent use of automation means those insurers can ensure that their customer communications are appropriate and compliant in every state, no matter what the local laws; simply by having access to the right data such as customer addresses. Changes to documents are a seemingly minor concern, but again IT has allowed insurers to comply with local regulation without having to invest precious time.
Time to lay down the law on complaints
Closer to home, it’s not just the post room where IT can protect against compliance. For instance, in July 2015 EU rules on Alternative Dispute Resolution meant that insurers now needed to pay extra attention to how they dealt with customer complaints; from understanding the causes of the complaint to how they then dealt with the customer. Failure to comply could attract the attention of the Financial Conduct Authority, which as a regulator has often shown a willingness to make an example of organisations.
The IT department has already proven it has a strong role in supporting customer services; such as by allowing organisations to store data and personalise their communications to ensure they’re always giving the customer what they want. These same principles can make the complaints process far more streamlined; not only increasing customer satisfaction, but reducing or removing the chances of involving the regulators. To begin with, being able to accurately record complaints and link them with that specific customer’s account and activity makes it much easier to identify the root of the complaint, and a possible solution. Automating the customer’s process through the complaints procedure also speeds up the exercise, making the customer a lot happier; whether the process is handled internally, or whether automated systems can identify and, if necessary, contact an independent arbitrator as residents demand.
Pave over the pitfalls
The IT team can also help with the often overlooked dangers presented by some regulations. For instance, when mentioning data protection, most organisations’ and IT departments’ minds will turn to securing data behind encryption and firewalls. Yet the vast majority of data protection breaches acted on by the Information Commissioner’s Office occur when data is sent to the wrong people by mistake; whether over email, in the post or even by fax. For insurers, who will often be dealing with some of the most sensitive aspects of a customers’ life, up to and including what occurs after their death, sharing information incorrectly in this way would be catastrophic. Not only for the regulatory response, but for the impact on their customers.
This is another scenario where the IT team can come to the rescue; by segregating data and automating actions, such as customer communications, so that there is little to no chance of the business accidentally sending information to the wrong address.
The annuls of history are crammed with examples of people, organisations and even countries that were fortified against the most powerful threats, only to be brought low by a single, seemingly insignificant chink in their armour. By ensuring that it helps the business deal with the apparently minor regulations as well as their more obvious cousins, the IT department will ensure the organisation is protected – whether in the insurance industry or beyond.