Four Quick Wins in Reducing Compliance Risks in

Insurance Policies and Procedures Management

Executive Summary
Insurers today face two sets of very high standards when it comes to effectively managing their policies
and procedures:

External standards: Government regulation is imposing a growing number of mandates, including

an increasing trend toward procedural review as a key component of regulatory examinations.

Internal standards: High-level executives voluntarily set various standards in order to protect the

companys brand and ethical standing.

The typical response is to draft ad hoc hundreds and even thousands of policies and procedures, just to
get it down on paper and cover all the bases. Yet when these documents are not generated and
maintained systematically, critical stresses arise:

Information overload

Weak accountability

Poorly written and structured content

Inconsistency, overlap, and conict

Haphazard communication

These stresses drive up costs, severely limit the total overall effectiveness of a companys risk and
compliance efforts, and can place an insurer at greater risk of noncompliance.
The ideal solution would enable the coherent creation of policies and procedures and their coordinated
communication across the enterprise. Without such a system, companies cant effectively inform
employees about their responsibilitiesleaving them highly vulnerable to regulatory and ethical lapses.
This document begins by outlining in greater detail the real risks created by fragmented policies and
procedures management. It then presents a simple methodology for evaluating your companys current
state of policy and procedure management maturity. Finally, it offers a four-point plan that quickly and
cost-effectively addresses this critical compliance challenge and reduces risk exposure.

Four Quick Wins in Reducing Compliance Risks in Insurance Policies and Procedures Management

Five common stress points in policies and procedures management

When policies and procedures documents are allowed to originate anywhere in a company, the
organization is placed under several considerable stresses, each carrying considerable risk:
Stress Point #1: Information overload. Employees are often handed a manual that is hundreds of pages

long and contains every company policy and procedure. However,

Many pages of that manual wont apply to them.

The size and scope of such a document makes it very hard for employees to pinpoint any
particular procedure if and when a question arises.

Furthermore, employees are usually asked to sign the last page of the book to indicate their
understanding of its entire contentsa highly doubtful occurrence.

Stress Point #2: Weak accountability. If everyone is informed about every single policy and procedure, it

can never be clear who is truly accountable for its implementation. In fact, at many companies, no one
feels personally accountable because everyone believes that others are doing the job.
Stress Point #3: Poorly written, poorly structured, inconsistent content. When different teams with

different skills compose policy and procedure documents in their own different ways, uniformity and
consistency of content and style will sufferand sometimes vanish. In some cases, content can become
overly complex and difcult to understand, with documents written in an overly technical, legalese style
that the average employee simply cant understand.
Stress Point #4: Overlapping and conflicting documents. Without a well-dened means of managing

policy and procedure documents, multiple versions can become scattered around the organization as hard
copy, on system folders, and on intranet sites. When a change has to be made, there is no guarantee that
all previous copies will be updatedor even that the most recent version is the one being updated.
Stress Point #5: Haphazard communication. Many insurers address compliance issues with a disorganized

barrage of emails, memos, intranet sites, and verbal instructions. This overloads and confuses employees
and as a result inhibits action on new management directives.

Wolters Kluwer Financial Services

Using a maturity model to evaluate policies

and procedures management
The regulatory burdens on insurers escalate constantly. Therefore, policies and procedures management is
a constant, ongoing process whose effectiveness should be assessed and monitored with an eye toward
improvements over time.
A maturity model provides the framework for setting goals and measuring progress towards those goals.
One such maturity model is provided by OCEG Illustrated Series: V. Policies, Procedures and Controls. It
describes ve key maturity levels:

Level 1: Chaos

Level 2: Ordered

Level 3: Managed

Existing policies, procedures and controls are in a

state of chaos and it is unknowable whether they
are designed or operating effectively.

Some policies, procedures and controls are known

but their design and operating effectiveness is
questionable. Documentation is limited.

All key policies, procedures and controls are known,

and their design and operating effectiveness is
assessed. Documentation is nearly complete.

Policies and procedures are passed down through

an oral tradition and are prone to confusion and
inconsistency.

Policies and procedures are documented using

inconsistent language. Terms are not clearly defined or
consistently used..

Terms are consistency used within compliance silos.

However, there are still some cross-functional
inconsistencies.

Roles, responsibilities and accountability are not

clearly defined or absent.

Some roles, responsibilities and accountability are

understood.

A methodology to develop, implement and manage

policies and procedures is absent.

A methodology to develop, implement and manage

policies and procedures is still absent.

Key roles, responsibilities and accountability are

understood but cross-functional duplication is
commonplace.

Technology to reduce the cost and complexity

of management is absent.

Technology to reduce the cost and complexity

of management iis applied in an ad hoc manner

A methodology to develop, implement and manage

policies and procedures is in place within silos.

Technology to reduce the cost and complexity of

management is in place, but is often duplicated in
multiple silos leading to excessive costs.

Level 4: Integrated

Silos are broken down using centralized oversight

and coordination and decentralized management.

All key policies, procedures and controls are known,

and their design and operating effectiveness is
assessed. Documentation is complete.

Key roles, responsibilities and accountability are

defined without gaps or unnecessary overlap.

A common methodology to develop, implement and

manage policies and procedures is in platforms are
consistently used across the enterprise.

Common technology to reduce the cost and

complexity of management is in place.

Training and support are available.

Level 5: Transparent

Policies, procedures and controls are embedded

within core business processes and technology
and are almost invisible to the workforce.

Accountability for policies and procedures is built

into job descriptions and performance evaluations.

Compliance training is embedded within existing

job training.

Compliance support is embedded within

transaction systems.

Compliance considerations are built into general

business decisions.

XPLANATIONS by XPLANE

207 XPLANE.com and OCEG

With an understanding of the maturity level of its policies and procedures management, an insurer can
then embark on an improvement plan. The plan that follows comprises four quick wins that can
substantially improve a companys risk and compliance posture in relatively short order. At the same
time, the plan lays the foundation for a broader, enterprise-wide risk and compliance strategy. Such a
strategy is vital for any insurer seeking to minimize both exposure and costs in the face of relentless
regulatory demands.

Four Quick Wins in Reducing Compliance Risks

Four Quick Wins in Reducing Compliance Risks in Insurance Policies and Procedures Management

Four Quick Wins for improved policies & procedures management

Quick Win #1: Prioritize the most pressing policy and procedure
compliance challenges.
In a heavy-volume, heavy-demand compliance environment, every policies and procedures issue can seem
to be the most important. Additionally, business units with their own policies and procedures processes
may lobby to muscle their concerns up to the head of the queue.
Before: Few insurers are prepared for a large scale, big bang project to optimize thousands of policies and

procedures enterprise-wide. The sheer scope of such an implementation is daunting, even paralyzingas
can the process of determining just where to begin. Plus, managers who already have specic compliance
mechanisms in place may not want to change the way they do things.
After: The best way to optimize policies and procedures is often to apply quick wins 2 through 4 to

whichever single issue is deemed the most pressingthen apply those tactics to other issues down the
road.
The logical top priority would usually be those policies and procedures that have the greatest immediate
bottom-line impact. For example, in the area of regulatory compliance, the companys track record of
performance in market conduct examinations is a good indicator. If certain processes are a source of
signicant recurring penalties for non-compliance, they should receive priority attention. External
providers can also supply information on enforcement trends over time, and compliance personnel can
respond accordingly.
Immediate tangible benefits:

Policies and procedures compliance goals are aligned across the organization.

The organization develops a sharper focus on achieving near-term success with a mission-critical
policies and procedures challenge.

The organization lays vital groundwork, establishing the best practices and technology needed to
ensure the success of long-term, enterprise-wide policies and procedures optimization.

Wolters Kluwer Financial Services

Quick Win #2: Implement a shared system for policies and procedures
document management.
With priorities established, the next step towards improving policies and procedures compliance is the
creation of a shared system where policies and procedures documents are housed and updates are
implemented, monitored, and managed.
Before: Without a shared system, policies and procedures take on an unmanageable life of their own.

Underwriting, claims, product development, and licensing departments in different business units may
maintain policies and procedures documents in different formats and use different terminology in different
ways. Some documents may be written simply and clearly, while others are arcane, even
incomprehensible to the typical employee.
The problem worsens when employees, executives, insurance regulators, or outside auditors have
questions about company policies or procedures. These individuals have to go on time-consuming and
costly hunting expeditions to nd the answers they need. Even so, they still might not nd all the
information relevant to their search.
After: A Web-based, shared system for policies and procedures management brings uniformity of location,

content, revision, and distribution to all policies and procedures. In addition to creating a common ling
system for these documents, such a system promotes a unied approach to document structure and
terminology for all of an insurers disparate compliance teams. It also places all documents under a
common management systemincluding search functions, version control, and metadata structures.
With its functionalities fully optimized and leveraged, a shared system ultimately becomes a resource that
is intuitive, easy to use, and embraced organization-wide.
Immediate tangible benefits:

The quality of policies and procedures documents improves.

Staff can locate relevant documents in far less time.

Inconsistencies in language and formatting are eliminated.

Redundancies in policies and procedures are also eliminated.

Compliance managers can easily pinpoint gaps in policies and procedures coverage.

Four Quick Wins in Reducing Compliance Risks

Four Quick Wins in Reducing Compliance Risks in Insurance Policies and Procedures Management

Quick win #3: Link policies and procedures to requirements

and roles, and fully document changes to content.
With policies and procedures residing exclusively in a Web-based, shared system, compliance managers
can leverage system functionality to associate or link them with:

The specic requirements that drive them (i.e. regulatory mandates or corporate goals)

The specic organizational roles to which they apply (i.e. business unit managers)

A shared system will also automatically track revisions as they are assigned and executed.
Before: When compliance managers do not intentionally and clearly document the relationships of

regulatory requirements to policies and proceduresas well as assignments in the organization for their
proper implementationmisunderstandings by those involved in each mandate inevitably result. Multiple
managers can create conicting and/or redundant procedures as they each pursue fulllment of policies.
Beyond conict and redundancy, this reliance on individual managers personal knowledge over detailed
documentation costs an insurer critical insight if and when those managers leave. As a further risk, such
dependence makes any sort of policies and procedures auditing activities virtually impossible to
accomplish.
After: Appropriate assignment of policies by business unit, line of business, or other organizational

hierarchy methods enables managers to:

Logically link procedures to the policies they support

Link regulatory requirements to the content

Link policies and procedures to organizational units

Effectively distribute targeted, relevant content to the exact audience responsible for and in need
of compliance guidance.

Additionally, implementation of automatic tracking of changes keeps an ongoing record of who edited
which policy when, and provides an on-demand audit trail.
Immediate tangible benefits:

Staff requires far less time to nd relevant documents.

Procedures become more understandable to those who have to follow them.

Compliance success is not compromised by the loss of key personnel.

Insurers can readily provide evidence of updates to policies and procedures to

key stakeholders, including regulators.

Wolters Kluwer Financial Services

Quick Win #4: Improve attestation

When an insurer manages policies and procedures through a shared system, that organization is wellpositioned to request that employees conrm or attest that they have received the necessary documents,
understand the policies, and will follow the procedures.
Before: Most insurers perform attestation manually. They rst distribute hard copy and/or electronic

documents on an ad hoc basis. They then try to keep track of sign-offs in a variety of spreadsheets
scattered across the company.
The attestation challenge multiplies if multiple policies and procedures are lumped into a single large
document. In such cases, employees must sign to indicate their understanding of the entire document
rather than the specic area thats actually relevant to them.
Complicating the matter further still are third parties, such as suppliers and contractors, who may be
affected by certain policies. It can be particularly difcult to get documents to and receive attestations
from these entities. Recipients may also get confused by the inconsistent formats that different
compliance teams usetoo confused to attest to their understanding of relevant procedures.
After: Leveraging attestation tracking through a shared system will streamline compliance-related tasks

considerably. Such a system gives compliance managers a window to easily see who has not provided a
response, and follow up with those individuals. An ideal shared system would provide employees and third
parties with only those policies and procedures that affect them.
Immediate tangible benefits:

It takes far less time to distribute materials and collect attestations.

Confusion arising from inconsistent formats and irrelevant content is eliminated.

Third parties are more seamlessly integrated into compliance processes.

Compliance staff and upper management gain greater visibility on compliance activities thanks to
improved reporting.

An insurers top policies and procedures challenge may be achieving a consistent model for compliant
claims practices, protecting the privacy of customer data, or any other concern. The four quick win
principles we have outlined will enable compliance managers to meet pressing project deadlines and stay
within budget, while leading their organizations forward along the policies and procedures maturity scale.

Four Quick Wins in Reducing Compliance Risks

ARC Logics for Financial Services from

Wolters Kluwer Financial Services
This revolutionary solution combines the proven technology of ARC Logics, a Wolters Kluwer business, with industry content,
regulatory content, and the expertise of Wolters Kluwer Financial Services. ARC Logics for Financial Services enables organizations
to efciently manage compliance risk, operational risk, and audit.
ARC Logics is a modular integration of four key risk management components: Policies and Procedures, Risks and Controls,
Program Management and Audit. Together, the modules provide a common collaborative platform to monitor, measure, and
manage compliance and operational risk across all business lines and legal entities. With ARC Logics, organizations are able to
fulll immediate enterprise risk management objectives in a targeted, cost-effective manner while concurrently building a holistic,
enterprise wide program.

Wolters Kluwer Financial Services provides best-in-class compliance, content, and technology solutions
and services that help nancial organizations manage risk and improve efciency and effectiveness across
their enterprise. The organizations prominent brands include ARC Logics, Bankers Systems, VMP
Mortgage Solutions, PCi, AppOne, GainsKeeper, Capital Changes, NILS, AuthenticWeb and Uniform
Forms. Wolters Kluwer Financial Services is part of Wolters Kluwer, a market-leading global information
services company focused on professionals with annual revenues (2009) of 3.4 billion ($4.8 billion),
approximately 19,300 employees worldwide and operations in over 40 countries across Europe, North
America, Asia Pacic, and Latin America.
Wolters Kluwer Financial Services
130 Turner Street, Building 3, 4th Floor
Waltham, MA 02453
Toll-free: 800.481.1522
Email: Insurance.Solutions@WoltersKluwer.com

To learn more visit

Insurance.WoltersKluwerFS.com/ARCLogics.

Wolters Kluwer Financial Services