Bankers might argue, but some industry observers believedetecting a money-laundering scheme at a bank is a little lesscomplicated than uncovering similar activities at an insurancecompany. Its real easy to detect [at a bank], says Rick Delotto,senior research analyst for Gartner. Someone shows up with asuitcase full of money and a slightly confused expression on hisface. Bankers have had a 30-year head start over insurers indealing with money-laundering issues, but carriers are highlyexperienced in dealing with government regulators. The meat andpotatoes compliance issues for insurersform filings, rates,licensing, and proceduresare longstanding concerns on the minds ofcarriers, while money-laundering issues and growing lists providedby the Office of Foreign Assets Control (OFAC) have grabbed a greatdeal of attention over the last 18 months. Since 9/11, terrorismissues have taken the forefront, but regulatory issues are still inthe background, says Tom Tomlinson, directorrate development andfilings, at commercial line carrier Bituminous Insurance. The NAIChas to continue to strive to meet market goals as best it can.

The USA PATRIOT Act (take a deep breath here: Uniting andStrengthening America by Providing Appro-priate Tools Required toIntercept and Obstruct Terrorism) was the federal governmentsreaction to the 9/11 attacks. One of the chief areas of concern forlife insurers is a section dealing with efforts to stopmoney-laundering scams. While this area hasnt been a major concernfor property/casualty in-surers (at least for now), that group hashad to deal with the Treasury Departments OFAC list that requiresAmerican businesses not to conduct any business with those entitiesthat appear on the list. Lynn Snyder, assistant vice president ofcompliance for Chubb Group of Insurance Companies, says the OFAClist is difficult for insurers to deal with. There are so manynames, she says. You may not even know youre dealing with one ofthese listed persons or entities until a claim arises and youobtain more specific detail about the claimant.

There are software packages available, Snyder says, that willcheck on every risk an insurer faces to determine whether theinsurer is dealing with some type of prohibited entity or person.Its not foolproof, she says. But its probably the best the vendorshave come up with to date.

Many insurance watchers believe it is impossible to laundermoney through a property/casualty firm, but Delotto thinks thereare opportunities out there for those willing to take a loss.Kimberly Harris, Gartners research director, doesnt believe frauddetection systems used by most insurers are capable of combatingthis new wave of illegal activities. Fraud practices in the P&Cindustry are not that wonderful, she asserts.

The challenge is there are areas of fraud that may be new toinsurers. Insurers are good at what they are used to dealing with,Delotto says. Part of the Patriot Act compliance is dealing withdrug traffickers and traditional mobsters. The rest of it isdealing with governments and para-state organizations. The averageinsurance company can catch the average mobster. Whether it candeal with a government doing a long-term scam, I dont know. Whetherit can deal with a terrorist whos willing to accept a 90 percentdiscount on his cash, I dont think [an insurer] can do that.

Snyder knows this is new ground for U.S. companies and therearent always enough guidelines. Every claim we receive has to bechecked, she says. Every risk we write has to be checked, and wedont always have the correct or complete information to compare.When we write workers compensation policies, for example, we maynot get the name of every single person we are insuring. We may notfind out until a claim comes in, and then it is too late. Wevealready insured the person and may be subject to a penalty. Anotherproblem is the similarity of names. Is the person we are insuringreally the same as the name on the list?
She feels one advantage insurers have in this regard is they havebeen dealing with 52 political jurisdictions for years. There areonly 11 countries on the OFAC prohibited list at this time, but thelist of prohibited organizations and individuals is quite large,she says.

Delotto believes P&C insurers need to go beyond the OFAClists and follow Section 326 of the Patriot Act: Verification ofIdentification Program Rules. This is more than being a goodcitizen, says Delotto. Its sound business. Insurers have to do OFACanyway. All [Section 326] does is give you more information aboutyour customer, and certainly no businessman can say that is notprudent.

While You Were Away

Traditional compliance issues dealing with the 50 states,Washington, D.C., and Puerto Rico have not gone away while thenations attention has been diverted by terrorists. With so manydifferent regulators, insurers have become accustomed to theintermittent stops and starts, but Tomlinson feels insurers havemade it known to regulators that in todays world speed to market isan important factor for all lines of insurance.
The classic example Im familiar with involved [Bituminous] comingout with a product that was of interest and need to our contractingcommunity, says Tomlinson. To do that, we virtually have to filethat product nationwide. Each state has its own set of rules wehave to comply with, and every state has a different procedure inreviewing what we have submitted.

Snyder believes the states understand the wishes of the carriersto achieve some type of uniformity, but it is still a way off. Theyare far from it, which means that however many jurisdictions acompany writes in, multiple sets of laws and criteria apply toeverything we do, she says. If you dont have a systematicelectronic approach to handling these issues, its very difficult.But to try to build a computer system to handle this level ofcomplexity can have a major impact on your resources.

Doug Roller, CEO of Duck Creek Technology, agrees. Every [state]is different. Some are very progressive, and some are going to bemuch slower to respond, he says. There is a difficult balancing actfaced by those dealing in this market. You have to make a solutionthat is useful to the carrier but not intrusive to the [Departmentof Insurances] procedures.

Getting into Shape

Programming complexity also depends on the types of insureds andcoverages a company writes, as well as on the rate and formflexibility required. Snyder says the more uniformity in the stateregulations regarding rates, policy forms, and procedures, the moreeasily insurers can program their systems to achievecompliance.

Tomlinson thinks it is bad enough there are different rules forthe various states, but many of the states also make it hard forinsurers to submit their plans. Every state has a differentprocedure in reviewing what we have submitted, says Tomlinson. Somerequire you to unbundle your filing if you are doing something thatpertains to forms. If it has something to do with rates and rules,you submit a different plan for rates and rules. So youve gotsomething that can potentially be going in two different directionsin one insurance department.

Insurers understand red tape, but Tomlinson complains somestates are not responsive to the needs of their customers, both theinsurers and the insureds. Im not going to name the state, but itsa common assertion in the industry today that youll be lucky to getsomething approved in that state within a year, he says.

Passing Out Credit

He does give the National Association of Insurance Commissioners(NAIC) credit for turning around some of its processes, inparticular the adoption of System for Electronic Rate and FormFiling (SERFF), which allows insurers to deliver filingselectronically to the various departments of insurance in thestates. That has helped cut down the mail delays and the personalhandling issuesthe shuffling of paper in the insurance departments,says Tomlinson.

Over the last two years, thanks to a push by industry lobbyists,the NAIC steadily has improved its speed to market and achievedsome success. Tomlinson also believes regulators woke up when theClinton Administration began its look at repealing theGlass-Steagall Act. State insurance departments werent too hep onthat, exclaims Tomlinson. They saw themselves being put out ofbusiness.

Earlier this year, the NAIC made another step forward byagreeing to integrate SERFF into a commercial softwaresystemInSystems Tracker, an automated electronic compliancesolution. Cathy Weatherford, executive vice president and CEO ofthe NAIC, says the integration demonstrates the organizationscommitment to increasing the efficiency of electronic filing forinsurers. Our customers will benefit from another option tostreamline and automate the rate and form filing process, addingtremendous business value, says Weatherford.

Virtually all of the states now are using SERFF, and Tomlinson,who also uses the Tracker system, feels the combination will workwell, as Tracker creates the filing package for submission to thestates. Now, being able to submit the forms and rate packages asthey are being developed, rather than exporting them from onesystem into another, has improved the speed to market. Thats thetrue beauty of this arrangement, says Tomlinson.

Debbi Marquette, director of compliance solutions for InSystems,adds, In partnering with the NAIC, we are able to provide acomplete compliance automation solution for our customers,addressing every phase of the compliance life cycle. Such a movewas an inevitable step for the NAIC, according to Marquette. Itsnot like [the NAIC] had the money to build it itself, she says.

Forget-Me-Nots

The technology advantage is important in compliance effortssince the system can perform complex but repetitious functions. Forinsurers, that means the correct forms are used for the correctstates, and all the state-required endorsements are included on thepolicies. What we want to do with an electronic system is toreplace uncertain human behavior in certain areas. Underwriterssimply cant remember every possible thing they are supposed to bedoing, says Snyder. If you can set your system up to prohibitincorrect usage and to put required endorsements on the policyautomatically, you just have saved yourself from potentially majorcompliance headaches. As a compliance manager, Snyder says there isa good feeling that comes when an audit is conducted and thecorrect forms and endorsements are in place.

Ray Simon, president of software developer INSTEC, believescarriers need to have a good architecture to deal with constantchanges in rates and forms. Changes and software dont go togetherwell, he says. And for most carriers, their core competency isinsurance, not software.

On the rating side, Snyder says the criteria are different invirtually every state. For the most part, you have some kind offiled rating plan you have to work with, and if its not filed, youhave individual risk filings that have to be sent to the state forapproval, she says. Chubbs system uses rating sheets that follow anindividual states filed rating plan. We save everythingelectronically so it feeds these documents right into ourelectronic customer file, according to Snyder. Once the underwriterdetermines the coverage and prices the risk, this information feedsautomatically to quote, which feeds automatically to bind, whichfeeds automatically to issuance of the policy.

The Chubb system also employs pop-up reminders. One of ourissues involves the use of loss-control notices on policies, shesays. Which notice we use depends on which coverages have beenpurchased for a particular package policy. The pop-up reminderessentially says, If they bought this coverage, you use thisnotice. The system also could look at the coverages purchased andbuild the notice by selecting wording modules appropriate only tothose coverages.

Whats the Issue?

Insurers are required as well to be in compliance with areas suchas claims handling, policy issuance, and nonrenewal notices. Snyderpoints out insurers are required to give a certain number of daysnotice if a policy wont be renewed. De-pending on which state theinsured is in, the system pulls up the right form or letter for theunderwriters to use so they know the proper information to includein the notice, says Snyder. Electronic policy issuance caneliminate discrepancies between what was bound and what was issued,according to Snyder. The issuance time can be reduced to minutesinstead of days.

Of course, not everything can be done electronically. Snyderpoints to optional endorsements as one area. If you have a largenumber of possible endorsements to use, finding the bestendorsements to use along with the other endorsements to use can bevery challenging, she says. These are things that are just not costeffective to try to program. Between the broker, the insured, andthe underwriter, the policy generally receives very careful review,and any confusion will be resolved.

Tomlinson believes the NAIC is listening to insurers today,something it didnt always do in the past. It has listened andlearned over the years, he says. He points to the SERFF concept asone area of improvement. It is willing to listen and value whateverinput we can offer into its process, so [the solution is]ultimately seen as workable for all parties involved, Tomlinsonadds.

He believes it took a push from the federal government to getthe states eventually working together and with the insuranceindustry. If the states didnt get on board and get reciprocalarrangements set up fast enough, that would have been anotherfeature that would have fallen into the hands of the federalgovernment.

Final HIPAA Privacy Deadline This Month

Ready or not, HIPAA privacy guidelines take effect on April 14.Even though most health insurers are likely to be in compliancewith the regulations, Don Seiden, president of the consulting firmHospITech Solutions, believes some insurers actually believed theentire issue was going to disappear.

Seiden places part of that blame on the government, which hefeels hasnt been uniform in the way it has issued rules anddeadlines. I think some people actually took the attitude the wholething was going to go away, he says. But that is not going tohappen. All the dates are firmed up now, he adds. Although thegovernment could change the legislation annually.

Most of the larger insurers already are in compliance with theprivacy rules, and Seiden believes their emphasis will now be toensure employees understand the requirements. For some of thesmaller insurers, I dont think they readily adapted to thecompliance efforts, he says.

Seiden asserts that because the HIPAA legislation is sopervasivecovering payers, providers, and everything in betweenthegovernment does not have the manpower to investigate whether everyhealth insurer is compliant. Its going to go on a complaint basis,he says. They arent going to go after anybody unless a disgruntledemployee or a consumer turns them in.

Compliance has been difficult for insurers, Seiden says, warningthings are going to get tougher in the coming months and years. Ithink the rule that will be the toughest for insurers is the onedue in October of this year, which is transactions and codes, hesays. That is the one that is going to affect IT as it standardizesthe way payments are sent and received. That requires quite a bitof work.

The original deadline for transactions was last October, butSeiden says most insurers applied for a one-year extension. Theprovisions of that extension call for insurers to meet a deadlineof April 16, 2003, to prove they can send and receive claims. Therest of the time [until October] will be to convert filestructures, he says.
Looking off into the future, security standards need to be in placein the year 2005.