Insurance Compliance Is About to Be Rewritten: An Ex-CCO’s 3-Year Prediction
The traditional insurance compliance role will no longer exist but it will be a strategic leadership/compliance function.
About Danette
If we rewind 10 years, how did insurance compliance typically operate? What did the workflow look like - people, processes, systems?
[Danette] - Compliance from an Insurance industry perspective typically operated using a lot of manual processes. This involves a number of people and touchpoints. Often you would see home-grown systems, occasionally built by an employee, specific to the needs of the team and/or organization. It consisted of email chains, excel spreadsheets, manual tracking and then periodic manual reviews from compliance professionals at different levels and legal at different stages. I would argue AI started in its infancy 10 years ago. I don’t think it was at round table discussions or in board rooms but I have been studying it on the global business platform for many years, just making observations on trending.
Fast forward to 2 years ago - what has changed? Were insurers truly digitized, or were they just digitizing manual processes?
[Danette] - The discussion around AI tools and AI usage is just getting started. The NAIC came out with a bulletin on the Use of AI in December of 2023. Insurers are starting to look at how they are using AI and how they can evolve with AI tools. However, I think insurers have not truly digitized or used the full breadth of AI. The concept of AI isn’t fully understood in 2023. Many carriers have tools like SharePoint or workflow tools but they have limited automation due to the legacy platforms that they had built. I think we are finding that the legacy platforms are truly impeding on some insurers' ability to advance or move the needle forward as quickly as AI is forcing the industry to move. There are two groups starting to form - one where they know AI will change how we do things going forward but don’t know exactly what that will look like, they are excited to see the change, and the other group that is resistant to AI and going to hold back until it has been explored more, fearful of AI.
Where are we today? In your view, how mature is AI adoption in insurance compliance - especially in areas like filings, advertising review, and regulatory change management?
[Danette] - Our world is changing at a rapid pace. Technology is no different. Companies are struggling to keep up. Technology allows companies to make some large adjustments. In my opinion, I would say insurers are middle of the road in terms of adoption or maturity as it relates to AI. Adoption of AI or technology requires capital and finding ways in which the AI adoption would impact profitability positively. With the rapid change in technology, it is increasingly difficult to always generate a positive impact to the bottom line. Instead of viewing it that way, I think where I have seen the most impact today, is the key phrase “work smarter, not harder”. Utilizing AI adoption to enhance the role, not replace it is key. There are so many things that can be done if you understand the technology that is available to you.
Three years from now, what will look fundamentally different inside a compliance department? What will AI realistically automate - and what will always require human judgment?
[Danette] - The proper use of AI will allow insurers to enhance their roles drastically. It will automate some of the compliance functions like regulatory change management, filings, and certain processes. We will see AI used in automating underwriting, claims and human resources functions. However, compliance will always require some form of human judgment or oversight. If the data or the AI tool has some disparate or discriminatory impact, human oversight is necessary to catch that. Empathy can never be replaced by AI but some AI tools have been trained to respond in a similar way. AI enhances the compliance function but doesn’t replace it. We will see the use of AI in compliance in areas of underwriting and risk evaluation, automation in claims processes and voice recognition, and I would propose the HR function will drastically change in companies that are more advanced. AI can create and generate job descriptions, job postings, screening of applicants but the building of a culture is where you need a skilled leader. Regulations and laws place a framework or a boundary in which we can operate, structure is good. In the coming years, the compliance departments that are more advanced will be using AI to enhance their functions.
For insurers evaluating AI in compliance today, what are the best practices you would recommend? Where should they start - use cases, governance, or data?
What are the biggest mistakes you see insurers making when they try to introduce AI into compliance workflows?
[Danette] - Every time something has gone off the rails, I have found it could have been easily corrected if compliance was brought in from the very beginning, from the early stages. Initially, compliance may have what seems like a list of never-ending questions, but that is okay. As long as the business is completely transparent with compliance from the beginning, it forges a partnership with the same vision and goals. Everyone is working on the same team. We win together and we learn, only get better together. An innovative compliance leader will help you reach your goals and cross the finish line as long as you give them a seat at the table.
How should compliance leaders balance innovation with regulatory risk? What does responsible AI usage look like inside an insurer?
[Danette] - As noted above, an innovative compliance leader will help you reach your goals as long as you give them a seat at the table. This allows for more creative thinking but also expedites the regulatory review process since they understand the AI usage, compliance can explain it to the regulator. Responsible AI usage is allowing some level of risk but making sure that the AI usage doesn’t result in a discriminatory or disparate impact, an “ick” factor so to speak. It is important to build out a strong enterprise risk management process and strong internal audit function. Document, document, document.
If you had to make one bold prediction about AI in the broader insurance industry over the next 3 years, what would it be?
[Danette] - AI has the potential to completely transform underwriting, claims and human resources teams/functions if done correctly. I think we will see companies scale the executive functions and see AI enhance the roles of the associates in these areas. In some smaller organizations, we might see smaller teams at all levels of the organization. I could see underwriting and claims being combined into one singular product function.
Not eliminating the need for governance, but I think we might see one or two companies build processes where AI does every function in its entirety. We might see a group of leaders have a governance team and then everything else is tech focused or AI focused. We aren’t there yet but this would not be a traditional insurance company. It would be more aligned with a tech company.
And more specifically - what is your single biggest prediction about AI in insurance compliance?
[Danette] - As it relates to insurance compliance, AI could provide real-time regulatory mapping. I think that the use of AI might scale other teams in the insurance industry but I would make a bold prediction and say that we will see more compliance roles open with very forward-thinking and strategic job descriptions. AI still requires human oversight and that will be done within compliance and at the senior leadership/executive level.
The traditional insurance compliance role will no longer exist but it will be a strategic leadership/compliance function.
If you were stepping into a Chief Compliance Officer role today, what would be the first AI capability you would invest in - and why?
[Danette] - I would invest in a tool or an AI capability that can automate as much as is allowed in your organization. The more you can automate and bring some of those legacy platforms into the automation, the more you can be efficient and then focus on strategy going forward. If you have processes automated, those processes are generating money or reducing expenses, you can focus your energy on strategic impact in the future. It goes back to “Work Smarter, Not Harder”. A brief illustration to tell the story - If you purchase an investment product, that investment product is likely building money or wealth while you are generating a paycheck. At the end of your career, the idea is that you built generational wealth. AI can do that for the business if done correctly.
Spend 30 minutes to an hour each day using AI in your day to day functions. Keep building on that. I have used AI to build menus for home and workout regiments to reach goals in addition to compliance plans and compliance roadmaps. AI saves time so I can invest my energy into more impactful things. If you do this, people will learn the value of the tools and we can only get better from here.
