E-Mail Can Be A Minefield For Insurers

The term killer application–commonly abbreviated to “killer app”–is often used in information technology circles to refer to a computer program that has become so indispensable or desirable that it justifies the purchase of computer systems or infrastructure purely in itself.

The advent of business computing networks and global Internet connectivity changed the computing landscape forever, but the term “killer app” prevailed, and is still applied to highlight software that drives purchase decisions.

For decades, big businesses held the mantra that “communication is key.” For modern global enterprises, this rule of thumb has required some updating, but the philosophy remains the same. Electronic communication platforms are now as diverse and numerous as business needs, but e-mail is the new killer app.

In the insurance sector, electronic messaging–e-mail in particular–has become an indispensable tool for maintaining, managing, reviewing and storing business critical communication. Not only have e-mail systems commonly become the preferred media for business communication, they often also serve as de facto filing systems.

Inevitably all this power, flexibility and ubiquity is balanced by weakness, abuse and danger–and accordingly, e-mail has also become a significant source of risk to all sectors of business.

In recent times, it has become particularly vital for insurers to feel confident they have done everything possible to ensure proper use of all electronic communication. An unforgiving regulatory spotlight has been shone on insurers, forcing compliance with a raft of legal mandates for measuring related risks.

Firms are now obliged to maintain an accurate, comprehensive messaging archive for up to a decade or more, covering everything from meticulous corporate news digests to flippant remarks between co-workers, with every pertinent business missive and carelessly thrown dollop of gossip falling in between.

Thanks largely to rogue accounting cases brought against high-profile global firms such as Enron, most businesses are aware of the Sarbanes-Oxley Act, which dictates records management and retention policies for all public companies that fall under the jurisdiction of the U.S. Securities and Exchange Commission. However, there are also several other major areas of compliance to which businesses must adhere.

With regulations such as HIPAA, GLBA and SOX, not to mention internal corporate policies thrown into the ring, we begin to see why forward-thinking insurance CEOs are so adamant that their company messaging systems are squeaky clean and their data confidentiality is standardized.

Suddenly, the once positive notion of e-communication as a powerful and indispensable killer app is beginning to take on negative connotations. Without protection and help to meet compliance and regulatory requirements, insurers could be forgiven for instead regarding e-mail as a hostile threat to their operations.

Improper use of e-communication can severely damage credibility with insurance peers, colleagues, shareholders, partners–and, of course, clients–while ultimately impacting revenue.

More than any other business sector, insurers are painfully aware of the need to hedge against the risk of potentially catastrophic loss, even if that loss is accidental and unintentional.

It is high time insurers felt prepared, protected and invested in their own peace of mind if they are to be totally comfortable with the prospect of regulators sifting through their e-message archives.

The only way insurers can truly control and accurately supervise such systems is to eliminate associated risks by meeting regulatory compliance, protecting intellectual property and ensuring appropriate employee behavior.

Because the hidden financial costs and credibility risks associated with unregulated business communication are so serious, insurance firms must actively enforce corporate messaging policies.

Today this includes managing the threat to a wide range of communication channels from e-mail and Web mail, to instant messaging and e-mail-enabled PDA devices, and even corporate blogs.

Industry regulators are fully aware that technology solutions for managing threats in e-communication are available to firms that take compliance seriously, and no longer accept ignorance as a defense. Insurers that address regulatory requirements are far more likely to avoid future violations and investigations.

It's not all about enforcement and regulation, however. It is also crucial to ensure employees understand that these seemingly proscriptive guidelines aren't being put in place unnecessarily by the powers-that-be, but are vital for the overall health of the company.

It is important that employees using e-messaging genuinely buy into the idea of meeting compliance regulations, and are happy to be educated in the best methods to adhere to regulatory and corporate policies. After all, it's better for everyone involved if internal teams work to discover any unregulated communication hidden away in archives before an external regulator does.

The technical side of the insurance industry is evolving rapidly, with firms battling to manage new document and messaging formats all the time.

The sheer volume of e-mail exchanged with customers, partners and providers in particular is expanding exponentially, while becoming increasingly sensitive and open to external regulation. Insurance firms already have to understand risk, uncertainty and accident in their business, but equally they are fully aware of the value of precaution, readiness and protection.

Companies must be seen to be proactive in complying with regulators and make every effort to deter and prevent future occurrences of improper e-communication. They must make messages quickly accessible and easy to review with the lowest possible overheads and minimal fuss.

Because there is no technology silver bullet that will ensure every regulatory policy is exceeded without the involvement of every corporate employee, a long-term strategy maintained alongside such systems is key.

In return, educated employees will be happy to provide management teams with invaluable feedback and insights that will help reduce risk in the future.

Not only will this companywide understanding help redeem the reputation of the killer-app, it will streamline the compliance process, while simultaneously raising the public profile of the overall business in full view of clients, peers and regulators alike.