Automating Rules and Principles
Regulatory compliance is a massive subject to cover in a 2,000 word article, so I’m going to keep it simple. I’m going to look at how two different insurance RegTech startups have approached it from a Conduct perspective and a Prudential perspective.
Broadly speaking, by CONDUCT I mean the rules that define the way financial services firms engage with customers. The regulations apply the same to everyone and include Know Your Customer, Anti-Money Laundering, data protection.
To be compliant with conduct based regulation, all firms check the same actions against a predefined list. It’s a binary process. You are either compliant or you are not. And if not, you do not pass go, do not collect £200 and go directly to jail!
On the other hand, by Prudential, I mean the regulatory principles for managing balance sheets. These tend to be principle rather than rule based to allow insurers the ability to reflect the nature, scale and complexity of their business. The big one here for insurers is Solvency II , which came into force across the European Union on January 1st, 2016.
Solvency II is about more than just capital, solvency and reserving. It covers corporate governance, public disclosure, supervisory reporting and risk management. And it’s a comprehensive principles based programme of regulatory requirements for insurers where the application of sound business judgement is tested. But of course, sound business judgement might look like a low risk investment choice to one person and placing everything on black to another. Unlike Conduct, Prudential is not based on binary tests.
Using Artificial Intelligence to satisfy Conduct compliance
In April 2015, I wrote this article about Recordsure, titled “Artificial Intelligence to Restore Trust to Pensions and Annuities”. I have known the Recordsure CEO and founder, Joanne Smith for over 10 years, having previously worked with her and TCC, a business she founded in 2000 to offer expert advice and services in the world of risk and compliance.
Recordsure was borne out Joanne’s understanding of the problems that financial institutions faced when complying with Conduct rules and regulations. Two years on from writing the first article, I was curious to find out how this banking and insurance RegTech business had developed. So, last week I caught up with Joanne and the Commercial Director for Recordsure, Mark Braddock.
“With Recordsure, we are able to create efficiencies in a regulatory environment”, Joanne explained to me. “By increasing the span of control in a supervisory line or getting a better line of sight over a process, our clients end up improving the process as well as meeting their regulatory obligations for that process.
“For example, take the sales process for an insurer, a major focus for regulation. Insurers are constantly looking at training to improve the quality and effectiveness of their agents. They want to understand if the agents are doing a good sales job, or simply order taking or not properly assessing the needs of their customer. And are they meeting their regulatory obligations in the process.
“We’ve built Recordsure so that our clients gain a better understanding of the customer journey to improve customer engagement and their best practice sales processes. Using Recordsure, the insurer improves the sales process and ticks the compliance box at the same time”.
With the InsurTech mantra being “it’s all about the customer”, this sounds like sweet music to my ears! Here we have an insurance RegTech solution that focuses on the customer and drives operational efficiency and compliance foe the insurer in the same breath.
Insurance RegTech from the Outside In
The way it works today is that firms tend to sample between 1% and 5% of all calls using a team of humans to listen in for compliance issues. With Recordsure, insurers are able to review and assess up to 100% of calls, using technology to do the heavy lifting.
Recordsure is a platform for digitally listening to all customer conversations. Using a combination of AI, natural language processing and some pretty smart human analysis, Recordsure automates the assessment of a conversation and identify potential compliance risks.
Mark Braddock explained; “We come at it from the end customer’s perspective. Our starting point is not to make the insurer compliant, but to improve the experience and engagement for the insurer’s customer.
“Compliance is what our clients get as a by-product. We’ve built a product suite to improve the entire customer experience, making both qualitative and quantitative process improvements. And compliance comes too.”
Recordsure takes a platform approach to solving a business problem
In a nutshell, Recordsure is a software as a service platform that records conversations, uses AI to analyse and classify them, and machine learning to pinpoint specific problem areas for management attention.
To be clear, this is not another speech analytics tool. This is a technology platform that is in a whole new ball game!
The platform tech “listens” to live or recorded calls between agents and customers. Typically these are via the call centre, but can also be taped in a face-to-face meeting. Insurers are also able to take historical recordings and process them through Recordsure.
The output is an automated transcript of a call that is, according to Recordsure’s Braddock, “about 80% accurate in translating the spoken word into digital text.” This transcript is feed into the Recordsure machine learning platform where the conversation is analysed using Artificial Intelligence.
Making sense of unstructured data
This analysis of the transcript is not simply a word search or pattern recognition process. Recordsure uses AI to contextualise the conversation.
This is the important bit!
Recordsure use machine learning to continuously improve the platform’s understanding of the use of language in the context for which it is being used.
Let me explain what I mean. Imagine Insurer A is using Recordsure to analyse direct sales calls for their auto line through an internal call centre. The Recordsure platform will be “trained” to recognise the specifics of the conversation relevant to Insurer A’s internal governance and compliance processes.
The Recordsure platform categorises each conversation into thematic sections relative to the purpose of the review. In doing so, the platform pinpoints specific parts of the conversation depending on specific rules and reports whether they are being upheld or contravened.
The Recordsure three step platform approach is called Capture, Classify and Assure. In this screenshot from the Assure stage, it shows a recording of a customer conversation. The colour coded sections of the conversation relate directly to business rules and show where the rule has been covered in the conversation. This is an automated process!
What about principles based regulations?
Having looked at rules based Conduct regulations, let’s turn our attention to an insurance RegTech startup addressing the principles based Prudential regulations of Solvency II.
Nobody really knows exactly how much the insurance industry has spent on Solvency II. The last report I can find estimated €3bn had been spent and that was from 2013! And it is almost certainly the case that the vast majority of that spend has returned little or no business value to insurers.
The point here is that when it comes to Prudential regulation, the challenge for an insurer is complex and complicated. Principles based regulation is a test of corporate judgment. It requires more than the digitization of a process. Up until now, this has been the realm of the auditors and consultants who have provided human effort to drive a spreadsheet approach to managing this complexity.
The issue with this approach is that, whilst the firm might satisfy the regulator, it is near impossible to turn this effort into business value.
This point was first made to me by Waleed Sarwar, the founder and CEO of insurance RegTech platform provider, CoVI Analytics. (BTW, CoVI stands for Context Visualised.)
Waleed and I first met during the inaugural InsurTech cohort at Startupbootcamp where Waleed combined humour and a deep understanding of the subject to make a presentation on Solvency II interesting and engaging! Given the complexity of the subject, it was a no-brainer for me to call Waleed to discuss this further and get an update on CoVI Analytics.
Keeping Compliance Simple
I asked Waleed about the platform he had built at CoVI. “Our vision is to make compliance simple. To do that we’ve built two products on the platform”.
“The first is CMILE, which is like Google meets Pinterest for compliance. The purpose of CMILE is to make is easier for an insurer to find, review and manage regulations that apply to them”.
“The way that financial institutions digest the regulations into their operations is first to collect the rules that apply to them in a spreadsheet. These rules are then converted into instructions for the business through internal policies and procedures (e.g. remuneration policy) that the firm operates by”.
“The second is CORE, which enables firms to operationalize their “instructions” or response to the regulatory requirements into compliance activities. These usually take a form of a risk that the business needs to manage. That is why we have seen the Risk and Compliance functions dove tail onto one position at most insurers”.
“Firms call this their risk management framework. CORE simplifies the language of risk and compliance for the business. This creates better engagement with the Risk & Compliance function from the business. Improved business engagement helps eliminate replicated compliance processes and improves operational efficiency.”
Making Compliance business as usual
This is the rub with the way of working today when it comes to implementing regulation. It’s horribly inefficient and it’s never ending.
As a one-off exercise, this is fine to throw a small fortune at a team of consultants and set your policies for the next 5 years. But when the regulations or management strategies change, it triggers a chain reaction that brings with it an avalanche of work and effort. Updating the spreadsheets, rewriting processes, retraining of staff, burying the business under a thick layer of bureaucracy.
And once these operating policies are in place, the challenge for the Exec is to get the business units to follow them. It is this operationalisation of compliance policies that cause firms the most grief as each different business unit applies it’s own interpretation for its own specific business function.
Of course, the real issue for the Exec is having the visibility of exactly what is happening down in the business units. This is where CoVI’s CORE comes into its own.
Insurance RegTech replaces expensive consultants
When I asked Waleed about the tech inside CoVI he explained, “We found that machine learning is not suitable for reading and understanding raw legal text. It is effectively its own language, which is why we built CMILE based on neural language processing (NLP). This enables CMILE to look for “usage”.
“We combine NLP with machine learning to determine an appropriate interpretation of the regulations, specific to the unique requirements of our customer. This is essentially how the consultants and auditors work. They apply their firm’s interpretation of Prudential regulations from one customer to another.
“With CMILE we are democratising the application of these interpretations.”
Fintech meets InsurTech meets RegTech
After 2008, the cost burden of compliance increased massively. No great surprise there given the widespread failure of financial institutions in so many ways. A decade on and the cost of these failures is still being felt, both in the wider economy as well as within the institutions themselves.
And this creates a real challenge for insurers who need to drive out costs. Which is why insurance RegTech is so fundamental as part of the overall digital (InsurTech) strategy for insurers. This is because there is still a gap on what needs to be done (to be compliant) and the resources available to do it.
Quite simply, being fully compliant all of the time cannot be done on a human level. Technology is the only way to achieving near 100% regulatory compliance at an affordable level of cost.
Today, an insurer’s risk management structure relies on 3 lines of defense. Line 1 and line 2 are checking functions and the 3rd is audit. All 3 lines of defense rely on teams of people performing checks against pre-defined compliance and governance rules (usually contained in a spreadsheet).
Using solutions from insurance RegTech startups like Recordsure and CoVI, insurers can (largely) automate line 1 activity. Which, in turn, reduces the need for the 2nd line. The combined effect is a much smaller requirement for the 3rd line of defense.
I’m not advocating a 100% automated strategy for risk and compliance, but this shift to straight through processing means that insurers can achieve greater scale, greater consistency and, therefore, a higher level of compliance.
Insurance RegTech means having your cake and eating it
Readers of this article are probably thinking that this all sounds great, that this is just incremental cost to the business. Typically, they’d be right because driving up customer experience or implementing new data analytics tools tends to also drive up cost.
But this is where the whole Fintech movement has delivered across financial services. Because the innovative application of technology has proven successful in driving out cost.
With both Recordsure and CoVI Analytics, the cost of taking a technology based approach will drive costs down, not up. Just think about it this way; less consultants, fewer bad sales calls, increased compliance, greater visibility across the business.
And remember, the FCA’s Senior Insurance Managers Regime and the ‘fit and proper’ requirements within Solvency II means that the insurance executive cannot hide behind organisational complexity for compliance failures. They can also go to jail if they don’t follow the rules.
At the end of the day, what the regulator wants, what customers want and what shareholders want is a better-run insurance firm. This is the mature outcome that insurance RegTech startup’s like Recordsure and CoVI have proven they can deliver for the good of everyone.
The author, Rick Huckstep, is an InsurTech thought leader, advisor and speaker. He is the Chairman of The Digital Insurer.