White Paper: Technology Solutions for Insurance Compliance Challenges


Insurance is a large and important part of the economy; the $1.2 trillion of premiums written annually represents 7% of the U.S. GDP. The market is served domestically by over 4,000 distinct groups whose products touch almost every person and facet of life in the United States.

The industry is undergoing significant transformation; this is by necessity as the consumer market has shifted, but also due to new technology and business models. By way of a few well-known examples:

  • Distribution is one area ripe for disruption: currently, 90% of policies are sold through an agent, but this is quickly changing. You need only to think of “Flo” from Progressive’s ad campaign and Geico’s gecko mascot to observe the shift towards the direct-to-consumer model.
  • The ubiquity of connected devices offers the potential for new, insightful data for underwriting decisions. The information collected from a health tracking app on a smartphone could provide insight for assessing risk for health and life policies, or a dedicated telematics device in a car (think of a purpose-built, black box-like transmitter that tracks driving behavior) could provide invaluable insight into pricing an auto policy.
  • The on-demand economy (Uber, Airbnb) is creating demand for short-duration policies.

The towering market size, a prominent role in the economy, the potential for transformation – all are factors which make Insurtech a leading area of investment. To date, the most prominent areas of focus within the industry have been on the pieces of the puzzle which drive revenue: namely product design, underwriting, and distribution. At the same time, it’s worthwhile to expand outside of identified investment trends with a question: what other opportunities for disruption exist within the insurance industry?

One area which would realize immense benefit from a fresh technology approach is compliance reporting.

This initial question, in turn, begs another: what new technologies can be leveraged to generate the greatest gains in data quality, data consistency, and reporting efficiency? In this white paper, after reviewing the business challenge of compliance reporting in the insurance industry, the applicability of cloud software and blockchain technology in this area will be examined.


The Business Challenge:

Insurers are regulated on the state level, and are subject to different rules – both for operations as well as reporting – in each state in which they write policies. A carrier with a national presence must comply with filing requirements as specified by each individual state’s Insurance Commissioner. Additionally, it may face statistical filing requirements (typically to ISO or ISS), rate filings, product filings, ratings agency filings, and other filings which arise (such as the Department of Labor’s Fiduciary Rule requirement set for rollout in April, 2017).

Additional filings may result from new requirements based on the changing landscape such as:

  • Loss events: a data call may be issued in the wake of a hurricane, flood, tornado, or earthquake to track the timely payments of claims.
  • Political landscape: an insurance commissioner may require additional reporting to influence carrier behavior. For example, as chronicled in a January, 2016 press release, California’s insurance commissioner announced a “data call that requires insurance companies to disclose annually their carbon-based investments” in an explicit attempt to spur companies to “voluntary divest from their investments in thermal coal.”
  • Local or world events: insurer loss from an increase in terrorism led to TRIA (Terrorism Risk Insurance Program). This program, administered through the NAIC, seeks to quantify a company’s exposure for a claim type as the government provides a backstop against related losses.

Compounding the challenges associated with heterogenous and dynamic state reporting requirements, companies must also make separate and unique filings for each entity: this creates a multiplier effect. A typical mid-sized company generates thousands of filings each year. Due to both this volume and the associated scheduling challenges, companies are not able to conduct a meaningful review of data before submission. Furthermore, as different reports are filed by different teams across the enterprise, the processes to gather and report accurate data are inherently complex; due to organizational and structural limitations, companies struggle to make timely, high-quality filings.


Current State/Systemic Reporting Challenges:

Information Technology:

Many insurance companies have grown through acquisition; M&A activity is frequently driven by revenue and profit considerations by way of scale or geographic expansion. Integration and rationalization of Information Technology (IT) systems is not only an afterthought, it’s often not even a consideration. The result is a larger, more complex organization supported by a proliferation of systems. It is common for insurers to maintain dozens of IT systems with overlapping or identical functions, each serving different business units.

Even for companies without a history of acquisition, IT is an area of chronic underinvestment, particularly in comparison to the twin core competencies of insurance – distribution and underwriting. The economics of building a sophisticated, internal system to manage compliance reporting make a comprehensive in-house solution untenable for individual companies. Accordingly, the ad hoc processes created to handle the tasks rely heavily on readily-available tools and processes – email, phone, and meetings for collaboration, Microsoft Office products for documentation and tracking, physical printouts for review and storage.

Organizational Structure:

Personnel within insurance companies are organized by job function – and certainly not compliance reporting requirements. Tax Accounting is separate and distinct from Legal/Compliance, which is similarly siloed from the Financial Reporting Team, as are Actuarial, and Marketing, and Sales (and so on). Each team operates independently, and, especially for larger or distributed organizations, it’s not unusual for members of one team to be ignorant of the compliance reporting functions of other teams, let alone the names of the people responsible for the filings.

Yet, each team bears responsibility for the reporting of overlapping data. Tax Accounting handles Premium Tax Filings, while the Financial Reporting Team is the lead on Statutory Financial Reports, and Legal/Compliance takes care of the Market Conduct Annual Statement. Each of these filings contains data points that should be reflected identically in the other reports.

With different teams querying company core IT systems, often in slightly different ways and at different times, the values reported are not always in sync. Additionally, as the tasks and responsibilities of reporting are distributed across teams, companies also do not have a clear view of the time and resources spent on inefficient processes: there is a lack of visibility into just how expensive their current processes are. Companies are incurring significant costs and only achieving sub-optimal results.

Timing and Volume:

During peak times – for example, each March a mid-size carrier with a national presence may have several thousand state reports to file in addition to its annual Statutory Financial Report – companies are faced with two options: do they want the filing to be timely or accurate? As the costs of a late filing are automatic, companies routinely choose the former, filing incomplete or un-reviewed data and hoping for the best: it is not feasible to have meaningful review and signoff using currently available tools and processes.

The timely vs. accurate tradeoff, however, is a false choice. By employing new technologies, not only can efficiencies be realized on collaboration and review, but data quality can be achieved, and data consistency be enforced, programmatically.


Leveraging the Cloud:

Over the past decade, the possibilities unlocked by pooling a network of computers to store and process information have transformed whole businesses. This concept – the cloud – has been around for far, far longer, but only entered the mainstream of business conversation upon the advent of persistent, high-speed internet connections.

The most common —and successful – configurations for cloud-based, green-field software typically leverage one of three public cloud providers – Microsoft (Azure), Amazon (AWS), and Google (Google App Engine). These three collectively dominate the market with mature offerings and scale that makes the competitive position of these three unlikely be challenged (except by one another).

With any new technology, hype often exceeds reality, and its application may not be sufficiently beneficial or even appropriate in all areas. In this case – complex and voluminous reporting requirements for insurance companies – the advantages, indeed, are significant and live up to the promise. At the same time, marketing messages from software providers, particularly those with legacy offerings, obfuscate and conflate product terms.

By way of level setting, it’s worth defining the technology a little more closely. Cloud computing software:

  • is built on an existing platform such as Azure, AWS, Google App Engine, or Salesforce.
  • is accessible by users via a web browser and requires no installed software on the client computers.
  • leverages, but is not synonymous with, the internet: many legacy vendors offer installed software that exchanges data with private servers, often in a hosted environment across the internet. Despite marketing claims, these are not cloud offerings and do not share the related advantages.

From a software developer’s perspective, the cloud speeds delivery, reduces expenses, and radically improves the customer experience. The mature public cloud platforms offer tools which facilitate core pieces of development. At the same time, as cloud-platforms are pay-as-you go, the capital outlays for dedicated machines and bandwidth disappear. With fewer resources dedicated to building and maintaining a scalable infrastructure, software providers can concentrate on the value-added aspects of product development – building software that solves customer problems.


User Benefits of the Cloud:

Most relevant for the insurance industry is not the ease in which software can be built, however, but rather how processes become more efficient, data quality improves, and data consistency is ensured for the end users. The benefits of leveraging the cloud for compliance reporting are many-fold:

Setup and maintenance costs:

As cloud-based software is accessible only through a web-browser, the total cost of ownership of the software is lower than traditional software because there is no requirement for corporate IT to install or remove software in line with licensing agreements, manage patches and updates on users’ machines, and deal with operating systems-related compatibility issues. It’s common practice for users to log on and start using cloud-based software within hours of signing the licensing agreement.

Security :

The maturity of the public cloud infrastructure and its development toolset allow for a highly secure, regimented collaboration and reporting environment.  Installed legacy software, by comparison, requires developers to build security into each system uniquely; in addition, the associated processes for collaboration for non-cloud software – emailed attachments, paper printouts, shared files – create additional process and technology risk. The market has validated the proposition to entrust confidential and highly sensitive data to this technology: currently, over two-thirds of companies in the Fortune 500 leverage cloud-based software for their S.E.C. filings.

Furthermore, recent breaches have shown that security incidents are significantly more likely to occur in companies without both a focus on software development as central to operations as well as an historical core competence in data security. In practice, it is both safer and more effective for most traditional businesses to leverage and piggyback on specialized software developers and environments for security.

Purpose-built collaboration platform:

As cloud applications are inexpensive to bring to market, the barriers to entry for startups to create products for niche markets with point solutions are greatly reduced. This technology enables new, economical solutions to target specific business problems and processes replacing often-convoluted implementations of general-purpose tools such as the Microsoft Office suite. Cloud software intrinsically enables better collaborative processes as data collection, review, and reporting, and are all handled through applications which are accessed via a web browser.

This technology facilitates new, economical solutions to target specific business problems and processes, replacing ad hoc collections of general purpose productivity tools such as Microsoft Office that have been cobbled together to help an individual at a specific point in time.

Scaling – both up and down

On-demand computing allows for the handling of massive scale – both in terms of data and user base. The most illustrative example in recent history is the roll-out of the Pokemon Go application, built on the Google App Engine cloud. Despite wildly underestimating the massive, contemporaneous computing demands that would occur upon product launch – actual user activity exceeded target projections by a factor of fifty – the application and user experience still performed remarkedly well.

At the same time, cloud computing also scales down just as gracefully. Had Pokemon Go underperformed at launch, Google’s cloud platform simply would have dedicated fewer computing resources to its support with no penalty for too-rosy forecasts. Prior to the cloud, it was incumbent upon developers to build sufficient infrastructure to support user activity in the form of dedicated machines and bandwidth; this was a very expensive proposition with severe consequences for over- or under-estimation.

It’s hard to overstate how transformative cloud technology can be with respect to infrastructure considerations and capital spend. And, just as importantly, this also allows developers to focus efforts the value-added, customer-facing challenges of designing and building optimal solutions to solve business challenges.


A centralized system enables visibility and oversight. Senior C-Suite managers are provided with dashboards and tools which provide a window into process health, reporting compliance, and data quality.

Maturation and improvement on a compressed cycle

Finally, an often-overlooked benefit from cloud software is how quickly applications improve. The conventional upgrade cycles of installed software – quarterly or annually, with emergency patches for bug fixes and security issues – are replaced by a continuous delivery model. For cloud software, it is not unusual for software code to be released on daily basis, and as customer applications are accessed via a browser, users always are accessing the most up-to-date version. Due to the efficiencies of product development on cloud, software planning and development is far more agile and responsive – new features roll out far more quickly based upon customer feedback.


Why Not Blockchain?

Recently, blockchain – the technology underpinning bitcoin – has garnered significant attention in the insurance industry. By comparison, cloud-computing is already accepted and in use (although under-utilized), but is almost yesterday’s news next to this shiny new object in the technology space. You need only to attend an insurance technology conference to see the crowds drawn by any discussion of blockchain technology or services.

In many applications with insurance, blockchain will, indeed, live up to its hype. However, there are several considerations as to why blockchain is neither an obvious nor optimal solution for compliance reporting. Without diving too deep into the core technology (as this is the topic for another white paper), its value proposition relevant to this discussion can be distilled as follows:

Blockchain offers a digital ledger which is hosted across a network, facilitates information exchange without a central authority, and ensures data accuracy through the consensus of the network.

Blockchain has demonstrated significant promise for solving business problems in the insurance industry, such as claims processing or establishing the ownership and provenance of unique and valuable items including fine artwork or precious stones.

One attractive attribute of blockchain is how information at a given time – a block of information – is verified. Using cryptography, blockchain creates and enforces an immutable record of data at a point in time. This digital signature is separate and distinct from the data itself, and cannot be altered later. Each update to information is verified (using a distributed ledger and verification) and associated with a new digital signature (using hashing techniques), which the creates a new, sequential block of updated information.

However, while compliance reporting is challenging, the fact that the associated data is internal to the organization nullifies a key advantage of blockchain – the consensus of the network to verify transactions in the register.

Simply put, compliance reporting does not benefit from a primary attribute of blockchain technology for two reasons:

  • Its unique attributes which are advantageous in other areas of insurance are not directly relevant in this use case.
  • The features of blockchain which are applicable for compliance reporting are available through other technologies.

In short, leveraging the cloud in a forward-thinking implementation achieves the intended goals in a simpler and more elegant fashion. For example, a secure way to track data provenance and changes over time increases data quality and consistency for compliance reporting. Importantly, the mechanism to create the digital signature is by no means limited to blockchain. Hash functions, and other techniques, allow for developers to index key data values through assigning immutable values to data.



An Insurer’s compliance reporting process is an often-overlooked and underappreciated – both in its importance and its complexity. But, like higher-profile pieces of the insurance puzzle, it is ripe for innovation. The inherent attributes of cloud technology make it a natural fit for improving both the efficiency and the outcomes. By leveraging the cloud in these often-complex processes, insurers can reduce expenses while achieving better data quality and data consistency on values reported.

What you have here is great. I was thinking if there was a way to mention the opportunity to outsource security to people in the business of cybersecurity instead of the business of insurance (or whatever – along the lines of how most of the recent security breaches have take place in companies that are not in the software business). What you have is good, though, so you can skip this idea if you want to keep what you have short.