The Great Reconfiguration: Modernizing Insurance Compliance

According to Deloitte [1],

“In the future, the entire regulatory reporting process will likely be automated end-to-end, from source system data to report mapping and business rule automation to report generation.”

Automation and cognitive intelligence can accomplish what would normally take thousands of hours of manual work in mere minutes, with minimal to no human involvement. Businesses can leverage these technologies to simplify their arduous processes and save valuable time.

Pleasantly, the banking and securities industry is ahead of the game. According to Tech Monitor[2], The financial services industry has embraced robotic process automation (RPA) with great enthusiasm, reportedly accounting for 29% of the RPA market in 2022 – the highest among all sectors.

RPA harnesses the capabilities of bots and software programs designed to execute repetitive tasks through a user interface, by replicating human interaction with software through direct interaction with application front ends.

This technology is revolutionizing the way routine tasks are tackled. As it continues to evolve, firms are expanding their use of automation and cognitive intelligence, hoping to optimize their performance and drive business success.

The insurance sector has the chance to follow the lead of the banking and asset management industry and leverage the experiences gained by pioneers to automate its internal operations. However, full automation necessitates a comprehensive and prolonged implementation process, and a change in mindset and corporate culture. This article delves into the intricacies of Business Process Automation and examines the roles and responsibilities of the various stakeholders, including companies, developers, and regulators.

Downloading: Robotic Automation tutorial

According to the Market Research Community [3], IT Robotic Automation Market is poised for substantial growth, with projections estimating an increase from USD 3.2 billion in 2021 to USD 81.1 billion by 2030.

Compared to the banking industry, the insurance sector has been slow to adopt Robotic Process Automation (RPA); to date, insurance companies have only employed limited RPA tools in underwriting and pricing.

Despite this, the insurance sector faces similar pressure to enhance its digital presence as other industries.

First, they need to meet the growing demand for digital experiences from consumers; companies who have embraced digital channels have already reaped significant benefits, as offering user-friendly interfaces provides them with a vast amount of valuable consumer data. Although the level of consumer expectation may vary from market to market, influenced by factors such as technology adoption, subscription culture, and general behavior toward new products.

Second, insurance companies need to answer regulatory demands for heightened standards, increased scrutiny and enforcement, and the challenges posed by multiple overlapping laws and regulations across various jurisdictions. Thus, the need to shift from a reactive and issue-solving mindset to a proactive one, with improved predictive and analytical compliance skills.

To this end, the insurance sector can take advantage of the current automation options to streamline key basic elements of the regulatory reporting process, including data extraction and preservation, documentation, standardization of aggregated data, and report formatting. Automation can also help reduce the risk of human error while ensuring data cleansing and validation.

Insurance organizations are also presented with specific challenges related to governance, risk management, internal audit, and control. By using automation, they can exert control over their processes, such as customer onboarding and approval, and conduct data quality reviews at various stages of the data flow, such as insurance claims:

Data Flow Diagram – Source: smartdraw

Many high-volume transactions and reporting processes, including regulatory reporting, are currently conducted by humans. The automation of these processes within insurance companies can enhance their effectiveness, freeing up valuable resources for higher-value tasks. Automated processes can operate on a 24/7 basis with minimal human supervision, resulting in improved data quality, documentation, and report accuracy, as well as the potential for ongoing updates. Moreover, they can also assist in avoiding repetition of steps caused by manual mistakes and discrepancies, and in maintaining data lineage records with a strong emphasis on data integrity, documentation, and accuracy.

Despite requiring a substantial transformation of the organization’s operations, regulatory reporting is an ideal candidate for significant automation, offering improved efficiency and performance. As explained by Deloitte [4], progressive improvements such as data extraction and standardized reporting can be targeted in the short term, to access intelligent reporting and analysis capabilities in a decade’s time frame.

Nonetheless, the early stages of implementation are faced with several difficulties, including the presence of established processes and systems, concerns surrounding governance and accountability, fragmented data sources, and the potential for processing errors. Moreover, the adoption of new technology can be met with resistance or apprehension from human end-users, who may be fearful of being replaced or rendered obsolete by something perceived as a more efficient alternative.

However, beyond technical and human aspects, insurance companies will also encounter both internal and regulatory obstacles.

Loading Fail: A Collective Approach Needed

Insurance compliance encompasses a multitude of documents and procedures, including updated codes of conduct and policies in response to newly enacted laws and regulations, the detection and reporting of fraud, Anti-Money Laundering (AML) and Know Your Customer (KYC) protocols, the efficient handling of customer complaints, ongoing monitoring and testing, and regulatory reporting.

The success of technology in addressing regulatory compliance challenges for insurance firms depends on overcoming three key barriers, both internal and regulatory:

  1. The question of data accessibility within the firm, where data management presents a significant challenge.
  2. The need for a standardized and precise expression of existing regulations, to allow for automation rules creation across entities.
  3. The current restrictive regulations on data sharing which hinder automated solutions for KYC and AML compliance.

Another report [5] from Deloitte isolates 11 internal parameters challenging the modernization of Insurance compliance, which can be classified into two main categories: weak governance and oversight, characterized by a lack of executive leadership buy-in, fragmented regulatory or compliance change management, lack of compliance strategic vision; and management and operational issues, such as a lack of clarity and engagement with the first line of defense groups, challenges related to resource and staffing, ineffective coordination across multiple jurisdictions, disparate risk methodologies, ineffective interaction and leverage of technology, inefficient operating models and confusion within the lines of defense.

Let us weigh this against another factor: the substantial financial burden associated with reporting. Since there is a lack of available data on the reporting burden for insurance companies, let us instead look at the financial industry. According to a 2017 survey [6] of companies within the international banking and capital markets industries, Tier 1 banks incur compliance costs exceeding one billion dollars annually, not including additional expenses such as lost revenue from penalties associated with non-compliance.

The following table, sourced from the European Banking Authority, provides a breakdown of the primary factors that contribute to reporting costs:

Insurance companies are not immune either to the challenge of compliance-related costs, particularly given the continually evolving and intricate regulations they must abide by.

Considering efficient automation of regulatory compliance leads to lower costs, accurate outcomes, and timeliness, both companies and regulators must adopt a comprehensive strategy that integrates regulatory requirements, data management, and technology to effectively transform regulatory compliance. Because, as the industry evolves, so should its regulators.

The standardization of regulations for automated compliance presents a daunting challenge: the translation into machine-readable language, an absolute requirement to enable the creation of a bot with rule-based reporting steps, including the extraction of data through a portable format, data cleansing and aggregation, and validation with specific format requirements. The role of human oversight also remains critical, especially for large, global firms that operate in multiple jurisdictions – the complexity of compliance further exacerbated by regulatory fragmentation.

It is important to note that regulation can create hindrances in itself: restrictions on data sharing complicate the development of automated solutions for KYC and AML compliance. Relaxing them would enable quicker identification and verification of customer risks, streamline the onboarding process, and enhance the monitoring of AML systems across borders and legal entities.

At the National Association of Insurance Commissioners’ fall meeting in 2017, then-president Ted Nickel, the Wisconsin insurance commissioner, highlighted [7] the insurance industry’s transformation driven by technology advancements. He emphasized the need for insurance regulation to adapt to these changes, warning that “history is littered with examples of companies and organizations failing to keep pace with change”.

In conclusion, regulators should anticipate an increase in their utilization of technology in the coming years, both to enhance their supervision and to adapt to changes in an industry that is rapidly becoming more digital and technology-focused.

What steps can be taken to facilitate an industry-wide reconfiguration that considers all parties and includes all participants while promoting responsible use and accountability?

Click to install: Regtech solutions

insurance companies are often hindered by outdated legacy systems such as data silos, manual workflows, and damageable inefficiencies, that struggle to manage modern compliance and reporting requirements.

According to Sean Smith, Risk Advisory partner at Deloitte Ireland[8],

“RegTech is designed to help firms automate the more routine compliance tasks and reduce operational risks associated with meeting compliance and reporting obligations. In the longer term, it should empower compliance functions to make informed risk choices based on data and provide insight about the compliance risks it faces and how it mitigates and manages those risks.”

By using cutting-edge technologies such as artificial intelligence, machine learning, and automation to optimize compliance and reporting processes, RegTech enables the circumvention of legacy infrastructure obstacles, facilitating a more informed analysis of risks and exposures by leveraging a larger data population than previously available. Historically, insurers have relied on limited sample audits to detect potential distribution/sales channel problems or policy rating inaccuracies. RegTech and analytics have the potential to revolutionize this process, as insurers can now monitor a broader population and swiftly identify areas of concern.

For successful implementation of Regtech solutions, insurance companies should prepare to cultivate a data-driven culture both internally and with regulators. This will necessitate changes in strategies and operational processes, with the implementation of a predictive approach. Regtech is a significant opportunity, but its full potential can only be realized through a comprehensive approach that extends beyond simply implementing one-size-fits-all solutions.

Insurance companies should define which compliance functions should be prioritized for automation, based on the evaluation of their complexity and time consumption. They should also assess if they have the needed talents to lead a technology-driven compliance strategy and can provide training to their staff as needed. They should ensure executive buy-in and organizational support with a clear definition of potential use cases within the firm. And finally, they should implement a solid updating system in place to keep up with market peers regarding the use of advanced technologies and data analytics.

How can Regtech be of benefit? With a multitude of applications available, there is a significant potential for alleviating the compliance burden of insurance companies. One such example is the digitization of KYC information through a unified portal, which can enhance the process by streamlining the refreshing of client records and may even facilitate the exchange of client data between firms. Of course, as explained above, such a solution still faces data-sharing challenges and restrictions.

Moreover, Regtech has the potential to help firms comply with GDPR by monitoring data collection, providing audibility, and recording access requests. Other solutions can help retrieve and transform high-quality, granular information into a single, harmonized dataset that can be analyzed for risk assessment; crucial for policyholders’ risk coverage; using machine learning techniques.

Lastly, firms can employ Natural Language Generation (NLG) solutions to automate the creation of regulatory reports.

Geoffrey Nichil, the expert in predictive analysis and NGL processing for the data studio of Foyer Group, discusses the prospective developments in the insurance industry amidst this significant reconfiguration:

“For many years, insurers have been using data to anticipate and measure risks. The use cases are varied and can include the optimal determination of insurance premiums, the calculation of reserves or the prediction of cancellations.

Recently (2010), Machine and Deep Learning methods have made it possible to accelerate the optimization and automation of processes (internal or for the customers) with, for example, the use of neural networks to automatically recognize customer claims and extract information from them.

Compliance is no exception in this context. The subjects where data and the analysis of this data are used are also varied: identification of cases of fraud via Machine Learning, optimization of customer knowledge via the use of open data and clustering, or the detection of anomalies in internal processes with graph methods.

The main challenges encountered are, in my opinion, of two types:

  1. Collecting the right data and ensuring its quality
  2. Being able to extract and synthesize useful information from this data

For the first point, solutions such as the implementation of Data Fabrics (see for more details) seem promising; data is connected, defined and quality control is integrated by design.

For the second point, the advent of ChatGpt and consort (ChatBot allowing the production of content (question/answer) using natural language; see for more details) opens the way to the automatic production of synthetic information adapted to the context.

Insurance companies face a lengthy journey towards implementing automated solutions that can enhance compliance efficiency, but it’s an essential path to tread. This journey will enable stakeholders to gain valuable knowledge along the way. Since technology is becoming increasingly prevalent, being a frontrunner in this field presents numerous opportunities for significant gains – if everyone is fully aware of the inherent risks and prepared to address AI failures modes, listed by Gartner[9] as “data corruption, model theft, and adversarial samples” confusing the neural network infrastructure.

As the Harvard Business Review[10] summarized,

AI and ML systems can help create large amounts of value for many organizations. However, as with any new technology, the risks must be understood — and mitigated — before the technology is fully integrated into the organization’s value-creation process.

Written by Oriane Kaesmann

Header image generated on Midjourney

[1] « Modernizing regulatory reporting in banking & securities: Where to get started » – Deloitte Center for Regulatory Strategy – Americas (last accessed: 08 February 2023)

[2] « Intelligent automation in financial services: Leading the way » by Pete Swabey for Tech Monitor (last accessed: 10 February 2023)

[3] IT Robotic Automation Market Size, Share & Trends Analysis, Type (Tools, Services), Application (Banking, Utilities, Healthcare, Other), Region and Forecast Period 2022 – 2030 (last accessed: 09 February 2023)

[4] “How robotics and cognitive automation will transform the insurance industry », Deloitte (last accessed: 09 February 2023)

[5] « InFocus Insurance regulation and technology: Adding business value to compliance », Deloitte (last accessed: 09 February 2023)

[6] « Financial Markets: Embracing RegTech » – TABB Group (last accessed: 10 February 2023)

[7] As quoted by Deloitte Insights in “Insurance regulators in an era of advanced technologies: Challenges and opportunities in oversight” (last accessed: 10 February 2023)

[8] « Insurance regulation and technology – InFocus: Optimizing digital transformation in the insurance industry » by Deloitte (last accessed: 10 February 2023)

[9] Anticipate Data Manipulation Security Risks to AI Pipelines – Gartner Research (last accessed: 17 February 2023)

[10] « The Case for AI Insurance » by Ram Shankar Siva Kumar and Frank Naglefor Harvard Business Review (last accessed: 17 February 2023)


Oriane Kaesmann

Oriane began her academic journey with a strong passion for literature and psychology.

However, her fascination with new technologies led her to pursue an LL.M. in Space Law at Luxembourg University. She gained valuable experience by interning at the Luxembourg Space Agency and subsequently joined an energy provider focused on the circular Moon economy, and sustainable electricity production with zero carbon impact.

Motivated by her dedication to sustainability, Oriane ventured into the financial sector. She specialized in sustainable finance, working for an international bank, a renowned Big 4 firm, and a consultancy firm, also focusing on compliance and AML/KYC. In search of cutting-
edge developments in the financial industry, Oriane then joined the LHoFT, where she dedicates her time to research and crafting insightful articles and reports on transformative fields such as artificial intelligence, cryptocurrencies and blockchain, Fintech, Regtech, and inclusive finance.

Share This Story!

White Paper

The AI Revolution In Financial Services

Read More