Insurance companies are acutely aware of risk. It’s kind of their thing. And when it comes to risks related to their business operations, getting in front of potential issues is a critically important calculation. Employee communications is one area that has changed so much in recent years, risk-averse insurance companies should be giving it a diligent examination.
Almost all business communication is done online now. The quick and ongoing adoption of tools like video conferencing, collaboration platforms and mobile chat applications has forever changed the way business is conducted. New tools, combined with the move from centralized offices to distributed home networks create a brand-new set of risks:
- Cybersecurity risks: The use of unsecured home networks and unauthorized devices creates blind spots for IT and security teams, paving the way for increases in fraudulent activity
- Regulatory risks: When communications tools are downloaded or deployed before policy controls can be implemented, compliance gaps exist if those communications are not being archived or monitored
- Legal risks: The distribution of communications across multiple tools, devices and networks can increase the risk of intellectual property loss, employee misconduct and reputational damage
- Data privacy risks: Privacy complications can arise if collaboration tools are not used exclusively for business purposes
Whether workers are on a mobile device, working at home or in an office, they need to be able to communicate securely and compliantly. Having a comprehensive view of those communications — and the ability to find and resolve issues efficiently and proactively — is a critical step toward ensuring that cybersecurity, regulatory, legal and data privacy risks are being managed. This kind of agility is made possible with modern, cloud-based solutions for compliance, supervision and e-discovery.
Opportunity costs of outdated compliance technology
Organizations in the insurance industry may be resistant to the idea of moving to cloud-based technology for managing information risk. Oftentimes companies are held back by concerns about the cost and risk of migrating data and adopting new tools. Perhaps there is institutional inertia when it comes to changing how things are done and the resources that would require. Legacy archiving and monitoring technologies are often embedded into business processes. But how much is supporting old systems in a new world costing these organizations?
With outdated technology for managing communications, companies are likely supporting multiple systems that aren’t integrated, don’t scale, and cost valuable resources to manage. Plus, there are opportunity costs to maintaining stagnant technology. For example, enabling the latest conferencing tools offers a new channel for connecting with clients – but outdated, disparate infrastructure built for managing email and phone monitoring makes insurance companies vulnerable to the risks hidden in today’s Slack chats and text messages.
Regulators are expecting companies to enhance their oversight capabilities to manage accelerated digital transformation, and they’re paying attention to how insurance organizations have adapted compliance processes in the new normal. Under guidance from the Department of Justice (DOJ), updated in June 2020, regulators are evaluating the effectiveness and adequacy of corporate compliance programs and “whether the corporation has made significant investments in, and improvements to, its corporate compliance program and internal controls systems.”
Moving to the cloud might be perceived as a risky endeavor, but it provides insurance companies with the tools to get ahead of business risks. Delaying a move toward modern technology and maintaining the status quo can inhibit business growth and cause problems down the road.
Tips for risk management in insurance
Ultimately, upgrading to modern, scalable, integrated technology for managing communications is not just about the mitigation of risk. It’s about enabling your employees to be more effective in the way they engage with clients and each other.
The events of the past year and the uncertain future of the workplace should be a catalyst for modernizing compliance and e-discovery in insurance. Business communications are happening through an ever-expanding network of channels (email, chat, text message, collaboration, conferencing, mobile apps, etc.) that all need to be accounted for. CCOs and risk management professionals can take this chance to explore innovative approaches and strategies to modernize and future-proof their efforts.
To stay ahead of compliance, security and legal risks, insurance companies should start with the following practices:
- Install a cross-departmental communications governance council to collectively make decisions about communications technology and the implied risk across the business
- Implement or update internal communications policies so employees are aware of permitted or prohibited communications channels and supervision practices
- Deploy a cloud-based solution for collecting, preserving, monitoring and producing communications (preferably AI-enabled to pinpoint red flags and serve up business insights)
The tools people use to collaborate will continue to evolve. This makes information risk management an ongoing challenge. Lessons learned from 2020 can serve as a guide to prioritize updating policy, technology and training — and better prepare for the next wave of communications channels to emerge.
Nothing in this document should be treated as an authoritative statement of the law. Action should not be taken as a result of this document alone. We make no warranty and accept no responsibility for consequences arising from relying on this document.
At LS Consultancy, we offer a complete solution with a range of cost effective, regulatory compliance and marketing products and solutions including copy advice and Copy Development services which are uniquely suited to supporting firms.
Why Not Download our FREE Brochures! Click here.
Call Us Today on 020 8087 2377 or send us an email.