Our journey to automated compliance

How can technology deliver a more automated, more reliable, and a more efficient compliance function? Through tech, machine learning and data analytics we can show you.

Navigating the world of risk and compliance within insurance is complex, with multiple bodies and regulations that govern it. To meet these regulations, insurance companies invest lots in people and resources to monitor activity and remain compliant. On the face of it, this makes sense given insurance is a financial product that millions of people rely upon. However, this means these costs are pushed onto the customer, driving up the cost of insurance for everyone. And more often than not, the operational nature of it results in human errors and missed opportunities.

At Open, we’re developing solutions to use technology to manage and monitor risk in a more effective and efficient way. These are just a few of the ways we’re doing that. 

Automated Code of Practice Centre

The General Insurance Code of Practice (COP) has been designed to raise customer service standards in the Australian insurance industry. It aims to ensure insurers are fair and honest in the way they deal with all their customers. For insurers to be compliant, there are a number of standards that they need to meet. This can range from keeping a customer updated at least once every 20 days during claims, to ensuring insurers transfer money on cancellation within 15 business days. 

Late in 2019, we embarked on a journey to see if we could develop our system so that (1) our operations team were notified immediately when we may be about to breach a requirement and (2) We could create an automated system that identified possible breaches across all requirements. To do this we started with assessing all ~150 sub-sections of the COP. We broke it down into sections that could be monitored with technology (~70%), and sections that we were not able to monitor(~30%). We took the 70% and worked towards building on our existing proprietary software to start monitoring these sections. Some of these are straightforward such as ensuring we respond to claim requests within 10 business days. However, some involved more complex technologies, for example using Natural Language Processing to read conversations and determine if transactions were conducted  in an honest and fair manner.

We’ve now built an automated centre that allows us to track breaches across a number of key areas in the COP. We’re still on this journey and have a long way to go. But, we’re confident this will enable us to best serve our customers and hope to scale this level of automated monitoring across other regulatory requirements.

Content marketing approvals

While tech is our core, we are also an insurance agency. We have arrangements with  distribution partners, allowing them to connect with our technology and distribute Open insurance products. We also have an end-to-end 

white-labelled insurance solution, allowing some partners to launch a white-labeled insurance product within weeks.All of these partners have their own online marketing channels they’ll use to promote the insurance. 

There are strict insurance and financial service regulations around promotion and advice to help protect consumers, which have been strengthened after the Royal Commission into Banking and Financial Services. t’s quite easy then to imagine how having so many partners distributing and promoting the insurance products we power  could turn into a logistical nightmare for us. Especially as we don’t have edit access to any of our partners websites and marketing channels. Sure, we require that all of our partners’ insurance marketing material is signed off by our compliance team, but the risk is always there that material changes after sign off, or the process isn’t followed. 

We quickly realised we couldn’t have a team of staff who’s sole responsibility was to scour partners’ websites for changes to approved content or new content we might not have seen. So we created Compliance Crawler, our automated solution. Each day the Compliance Crawler automatically ‘crawls’ our partners ‘insurance webpages for any differences to the approved versions, and returns one of two results – ‘no change’ or ‘new change identified’. Where a new change is identified, this alerts our team to what has been removed or added. We’ll then review this further to understand the change that has occurred, determine whether it’s compliant and address this with the partner directly.

Re-thinking quality assurance

A large part of our business is enabling insurance intermediaries to sell Open administered insurance policies to their customers. When people sell over the phone, it is possible for things to go wrong, such as pressured sales tactics and entering false information on a quote to generate a cheaper price, just to make a sale. If they were our employees we could use the tried and tested solution that most companies use, which is a mix of interaction and spot audits. This is where we pick phone calls and processes, listen to them and audit them. However, in this case they are not our employees and not all calls are recorded.

We had a few choices to make:

Do we not do any quality assurance and trust that our partners’ employees are trained and will always act in good faith? This was beyond our risk appetite.

Do we ask our partners to record all conversations so that we can monitor them? This would result in a significant burden on our partners, increasing the cost of insurance for everyone.

Do we ask our partners to record only some of the conversations so that we can monitor those? This would result in bad actors being able to manipulate information intentionally. 

We ended up realising that we could use technology to ensure that partners were doing the right things, without racking up unnecessary costs trying to gather recordings and manually listening to conversations. We’re in the middle of creating a process where customers who have been sold insurance over the phone, may get a message from Open where they are requested to confirm information. This includes confirmation of the purchase, agreed value, basic excess chosen etc. They are also requested to provide feedback on any concerns they have. This is different to your standard customer satisfaction surveys as we’re entirely focused on making sure the person on the phone has done the right thing. 

We went further and  combined this with a control centre where we can monitor partners based on irregular patterns with how they sell quotes. We’ve identified ~20 metrics where we want to monitor behaviour. This could be something such as short term cancellation rate, as an increase in this metric is usually associated with high-pressure sales. This operates in the background and if any partner on any metric goes above or below our target range, then our risk team is notified and we can work with the partner to deep dive in that area. 

These are just a few ways we’re using tech, machine learning and data analytics to manage and monitor risk in more effective and efficient ways. There’s still plenty of work for us to do in this space, and as we scale, we’ll continue to develop and optimise our systems. 

We’d love to hear how other insurance businesses are managing these problems. Let us know about your experiences in the comments, and if you have any questions please let us know.

@OI_Insurance