In my previous post I wrote about the “DLA Piper 2016 Compliance & Risk Report” (DLA) that contains some very interesting information about general compliance, rather than specific to the insurance industry. That post was the first of a series to look at this report and here's the second.
In the interim, we received the April 18, 2016 edition of Insurance Compliance Insight (ICI), which reported on an EY report titled “A time of evolution for compliance: laying foundations for future success: Global insurance Chief Compliance Officer survey.” (EY)
One of the things that Alan Prochoroff, editor of ICI, pulled out of the EY survey related to differences in approach depending on whether the compliance function reported to a legal or a risk based function. DLA Piper reported that 44% of respondents said their CCO reported to the Chief Legal Officer, while 25% reported to the CEO and 29% reported directly to the Board. (DLA, p. 5). There was no mention of reporting up through a risk-based function in that report. EY reported that in the insurance industry, 35% of respondents to their survey said that the function reports to the CLO/General Counsel, 20% to the CEO and 15% to the Chief Risk Officer/Risk. (EY, p. 4). Prochoroff reports that “EY found that compliance pros on the risk side tend to be more advanced in their use of risk management tools and techniques like risk appetites, risk registers and risk metrics. Importantly, those on the risk side also can be more forward-looking in terms of seeking to manage potential regulatory risks.”
Prochoroff also noted that “All of the companies conduct compliance risk assessments, and they also monitor key controls that are the company’s first line of defense.” Our experience is consistent with that, as we see much more interest in independent assessments from carriers, fraternals, IMOs and insurance agencies. Roger Hayashi, Compliance and Risk Mitigation Assistance (CARMA) Program Co-Director, will be giving a session on this important topic at our upcoming Currin Insurance Compliance Symposium in June.
The DLA report indicated that “monitoring” was considered the weakest part of the compliance program by 66% of respondents! In the commentary to this section it states “Experts note that being able to monitor (in real time) and audit compliance programs is crucial – and that companies should consider building it into quarterly or annual audits of plans. ‘You’ve got to do something to figure out if the program is working – and if not, where it needs to be tweaked,’ one CCO said.” (DLA, p. 23).