Data as a resource is a critical asset for insurers. With so much data available, how should they approach the management thereof when it comes to record-keeping and reporting? Angelique Strumpher, Administration Manager at SilverBridge, examines the impact regulation such as FAIS Fit & Proper, POPIA, PAIA, and FICA has on how data should be stored, retrieved, and protected.
“If a company is unable to securely store both data and documents pertaining to a ‘data subject’ (the term used to describe the consumer of products and services, in other words you and I are ‘data subjects’ in terms of POPIA), it could be faced with significant integrity issues around its IT protocols and data storage. This is a huge concern at a time when cybercrime is on the increase and ransomware attacks on data is a common occurrence,” she says.
Best practice models need to be applied as part of your IT policy and IT governance strategy, and disaster recovery controls and procedure. Part of this entails determining the level of protection an insurer needs to have in place when it comes to the access of company data, including staff, service provider, and policyholder information.
“Contrary to popular belief, regulatory pressures do not drive best practice but rather serve as a guide in terms of ensuring that the ‘data subjects’ are protected and that an insurer can demonstrate that they have implemented robust solutions and processes to protect data and documents at all times.”
Technology has had a positive impact on record-keeping strategies. One cannot be dismissive of the costs involved in implementing solutions, processes, and protocols to ensure data security and protection.
Record-keeping strategies include the outsourcing of paper-based document storage to companies that are experts in this field. They will ensure accountability for the entire document life cycle, which includes the safe destruction thereof as required by law after a transaction with the client or policyholder has ceased or terminated. It is important for an insurer to know the status of their policyholders to assist document outsource partners in this process.
“The use of the right technology platform should digitally enable an insurer in terms of how products are sold and how customers are serviced. This means that safeguarding and protecting data and digital documents become a business imperative and should be part of your Operational Risk Management Plan,” she says.
“The recent arrival of multi-national data centres will positively impact record-keeping and reporting. But there needs to be assurances that the information stored (data and digital documents) are easily accessible, securely stored, and backed up. This is to ensure that in the event of a disaster, the information in these data centres is not destroyed or used for criminal purposes.”
FIC reporting remains a critical part of any data environment regardless of where or how it is stored. Cloud-based solutions allow insurers to use AI technology to monitor data better and to report on and analyse potential “red flag” instances sooner.
“Improved data security and monitoring definitely assists with identifying potential money-laundering activities which includes fraudulent claims and the associated crimes that this supports. That been said, insurers must be cognisant of the changing regulatory environment and continually manage its policies and procedures to ensure safety, security, protection and availability of its data which is an inexhaustible company resource.” she concludes.