Here’s the Problem… A Process Is Only As Good As Its Weakest Link!

Rob McIsaac

Recently, I decided that I needed to update my life insurance portfolio. With a range of life events taking place, and a 10 year term policy purchased in 2004 coming to a natural end, I was poised to take quick action. Suffering from mild OCD, I actually started the process a full 8 weeks before the anniversary date. Little did I know that I was dancing on a razor’s edge in terms of timing. This sort of “secret shopper” experience has been frustrating, humorous and thought provoking all at the same time. Does it really need to be this hard? If a process is only as good as its weakest link, this one sets a new standard on the low side of the scale.

In an era of instant access, and nearly instantaneous gratification, I went online to start shopping at an aggregator site. To my surprise, this was less functional than the site I recalled from 10 years ago but it did earn me a call back from a call center agent. After going through the medical questions, we landed on the need to “draw fluids”, a process that could take 2-3 weeks to complete. Given the green light, this process started. It took 3-4 weeks to actually schedule the blood draw.

Thinking the process had run amuck, I went to a second carrier directly. After completing their app online, I was called back in minutes for the medical questions. Because of how I answered one question, I was cautioned that I wouldn’t qualify for the super preferred rate and that the agent had no idea what the premium might be. The thrust of the conversation was that it would likely be around 50% more, but that this was just a SWAG. Clearly surprised that I wanted to proceed anyway (not a great trait in sales) we again marched into the need to draw fluids. A process that could take, I was assured, 2-3 weeks.

The third carrier was a traditional Agency company that I decided to test to see if the web site channel worked. Although it took several business days for someone to respond, when they did, the agent was effective and knowledgeable. She was able to share different premium scenarios and suggest which products might best fit the need. While the low end price was higher than the direct company super-preferred rate, the “likely” rate based on the medical questions was lower. And, of course, drawing blood would take several weeks.

Several interesting points in the process:

  • For all practical purposes, the questions the carriers asked were exactly the same. The only variations seemed to be in looking at my driving record (3 years or 5) and my parents issues with illness (before 60 or 65). Other than that, it was cookie cutter.
  • All three companies declined the opportunity to get medical records (fluids, EKG, chest x- ray) directly from my doctor, despite the fact that they were available as part of an annual physical done two weeks earlier. All wanted to have their own chance to stick me with needles.
  • All three carriers used the exact same service to do the fluid draw and on site visit. Some effect envy for me there, since I got a “three for one” deal on the fluids and the list time. Each carrier wanted their own EKG original so I had to sit through that multiple times, but only partially disrobe once.
  • The direct carriers are decidedly poor at staying in touch with process updates. With them it feels like I’ve fallen into an abyss. The agency carrier seems to be far more engaged through my touch point.
  • Across the board, the process seems broken … or at least archaic. I became a little worried about coverage gaps with the ’04 policy exporting, but I shouldn’t have been concerned. The old carrier indicated that it takes a calendar quarter to actually lapse the contract … whose premium would triple on the next anniversary barring action on my part.

    At a time when the balance of consumer’s financial lives is so readily available through self service and guided experience, this seems like a trip back in time to a different world. Actions are measured in weeks and quarters rather than minutes and hours. Rather than full transparency on information and pricing, the process feels both secretive and ill-informed.

    The process also seems to be intentionally inefficient. When my doctor did his version of the fluid analysis, we had results in 2-3 days. The paramedic firm used by all three carriers said it took 2-3 weeks. How could that possibly be?

    Left to a natural course, this process could run (in total) 6-10 weeks, by my estimation. At that point, I will be presented with “take it or leave it” offers from all the carriers involved. I will, of course, have a personal choice to make at that point, armed with full disclosure and valid pricing as inputs. In the end, it will have a happy outcome for some.

    This got me thinking about my own children and their Gen Y peers. They would be highly unlikely to participate in an exercise as slow and as painful as this one. Baby Boomers like me may now be closing in on purchasing their last life insurance contracts as other life events loom.

    For carriers, the time to think about the required paradigm shifts is coming quickly. Those footsteps you hear are future generations of prospects but they may be running away, rather than toward, you!

    Big data, mobile capabilities, access to a form of Telematics and other devices may all prove to be game changers sooner than we think. Remember what life was like before SmartPhone? I don’t either…

    The Target Data Breach and Lessons for Insurer CIOs

    Rob McIsaac

    While the Target stores “hack” was not the biggest in recent history, it is certainly one of the most visible and offers some important object lessons for insurance company CIOs. As we have now learned, malicious software was installed on company servers in late 2013, providing a gateway through which hackers were able to gather significant personal and confidential data on Target’s customers. The theft of this data has had significant adverse consequences for the company’s earnings, the trust of their customers, and the career plans of a number of high-profile individuals. The full scope the damage will be hard to quantify and the period over which recovery takes place will likely be measured in years rather than days or months. This is all pretty significant for a company that appears to have been ahead of the curve in thinking about these issues and had made significant investments in both people and technology to inoculate themselves from attacks prior to last year’s holiday shopping season.

    What went wrong?

    The origins of the issue of course extend well beyond Target’s environment. The debit and credit card infrastructure in the United States is substantially behind what is used in other markets (e.g., Europe). This problem has been well known for a number of years but participants in the ecosystem (e.g., retailers, card processors, banks) believed that this was someone else’s problem, certainly not their own. Since the issues emerged most obviously during the Great Recession, the natural tendency was to kick the issue down the road and hope, in the meantime, that the security risks could be otherwise managed. The sense seemed to be that it would take some future, seminal, event that would create a cause for action. That time may be upon us with this incident, although that is little consolation to impacted customers. As noted in a recent Business Week article, Target had actually made significant investments to get ahead of security concerns. Unfortunately, it also appears that they made notable errors in implementation which allowed the events to unfold with shockingly adverse consequences.

    Are insurance companies immune to these kinds of events? Of course not … and they increasingly will face these types of challenges as transaction volumes grow and the speed of transaction processing accelerates. Implementing tools that allow for transaction analysis of varying types is increasingly the domain of all players and financial services, banks and insurance companies included. As the systems are deployed one of the issues CIOs and their teams face is the need to install them so that they effectively operate within their own environments. Failing to tune these systems may produce false positives that will overwhelm the staffs responsible for final intervention in determining whether or not activity is malicious. This issue applies across all monitoring systems used by carriers, including things such as financial transactions, e-mail traffic and security access. Just having expensive software installed is of little comfort if it has not been effectively tuned and is being appropriately monitored in order to assess results. Fine tuning these systems can be as much art as science but is critical if a financial institution is going to achieve a project’s operational objectives.

    One of the interesting aspects of the Target case is that these were apparently lessons that the company had learned. The solution they implemented for transaction monitoring was very sophisticated and the company had spent considerable money both implementing it and in creating supporting infrastructure to analyze the results. According to the BW article, they had created a sizable organization in India to monitor the activity. The article goes on to note that this team did their job, effectively creating the appropriate level of alert and communication back to the corporate home office. The corporate home office was also well equipped to handle these types of incidents having created a command center that was specifically designed to deal with security related incidents.

    For some unknown reason, however, the communications between the teams in India and the United States went unnoticed or were ignored. What has become clear in recent weeks is that the failure had nothing to do with technology and everything to do with the process and human beings managing the process that were created to support that technology.

    There are a range of possibilities for why this happens; speculation on those causes is of little value at this point. The main message is that any process is only as good as its weakest link. This is hardly new news but it does reiterate the importance of real testing, in real world circumstances, to understand how components will react and interact. The parallels between incident management, such as this case illustrates, and disaster recovery events are reasonably significant. Practice exercises get people and technology working together to understand both the “happy path” toward resolving issues as well as to highlight areas where real world circumstances may deviate from a carefully crafted script. The magic for IT organizations can be in understanding those unanticipated events, and creating the mental shelf space for teams to be able to deal with those events by freeing them from needing to focus on relatively simple or mundane tasks. It remains to be seen exactly how the process in this incident broke down.

    One element to consider is how tools are used in separate geographic locations as well as how communication process loops can be “closed” to assure confirmation of high priority concerns. Another to consider is the difference in cultural norms which can exist between teams in different parts of a country (to say nothing of different parts of the world) when they are attempting to share information. The nuance and subtlety which are an embedded part of the English language are important for CIOs and their teams to consider, particularly as they move to take advantage of resources in different geographic locations. While this is hardly news too many organizations, the importance of making sure this is well understood throughout the chain of command is directly correlated with the practical importance of the information being shared.

    Target is hardly the first company in financial services to learn this lesson, but their logo made for a Business Week cover that will be hard to forget.

    For insurance company CIOs, this is also a reminder that there are a range of security threats which need to be dealt with in the near-term. With Windows XP now in the final weeks of support, many CIOs face the unenviable task of selecting from a series of less than optimal choices for risk mitigation. Doing nothing is not an option! Recently, my colleague Tom Benton published a brief on IT Security issues specifically related to insurance carriers. In light of the targeting of Target, this is something that carries renewed important for all of us.

    Information security is a messy business. It is not something that can be ignored, given the costs both financial and reputational terms. Even as plans for expanding channels and touch points became clear in our Survey of 2014 Carrier IT Budgets, the security challenges may be expanding faster than oeverall spending levels. We live in interesting times. Good hunting!

    Novarica Research Council Impact Awards: Nominating Committee Announced

    Matthew Josefowicz

    The deadline for the 2013 Best Practices Case Study Compendium and Impact Awards is at the end of this month, and we’ve already received our first submission! We’re looking forward to many more by the end of the month.

    I’m very pleased to announce the members of the 2013 Novarica Research Council Impact Awards Nominating Committee. These insurer CIOs will review all submissions and select the nominees for vote by the full council of 300+ members.

    The committee members are:

    • Alexander Bockelmann, Fireman’s Fund
    • Don Desiderato, New York Life Investment Management
    • John Heveran, Liberty Mutual
    • Nimesh Mehta, National Life Group
    • Peter Moreau, Amica
    • Murali Natarajan, RLI Corp
    • Tony Paris, Pioneer State Mutual
    • David Shaw, Sammons Group
    • Samir Srivastava, The Hartford
    • Wayne Umland, Glatfelter Insurance Group
    • Richard Wiedenbeck, Ameritas
    • Andy Wood, Wilton Re

    The submission form for the 2013 compendium and awards is online here, and you can download a summary of last year’s report here.

    December New Research Roundup

    Summaries of all reports are available for free downloads on our site. Some of our recent reports include…

    Business and Technology Trends

    • Business and Technology Trends: Commercial Lines. Commercial market pricing is showing a decided recovery, leading commercial lines carriers to invest in core systems replacement, agent portal functionality, and business intelligence and predictive analytics.

    (see full list of Business and Technology Trends Reports at http://www.novarica.com/sectorreports/)

    CIO Surveys, Best Practices, and Case Studies

    • US Insurer IT Budgets and Projects for 2013. Modest budget increases, core PAS replacement projects, business intelligence, agent portal enhancements, and mobile and social media pilots are all on the 2013 priority list for insurer CIOs.
    • Best Practices Case Study Compendium 2012. These case studies, the fruit of the first annual Novarica Research Council Impact Awards, provide a useful set of examples of impactful IT projects. They offer insurer business and IT executives detailed examples across a broad range of diverse industry initiatives.

    Novarica Market Navigators

    Executive Briefs and Checklists

    • Minimizing Project Risk Checklist. Insurers’ core missions are tied to managing risk in a cost effective and predictable manner. This brief illuminates common factors that contribute to IT project failure and offers a checklist to reduce project risk.
    • Insurance IT Transformation Checklist. In order to survive and thrive in the future, CIOs need to facilitate and support business transformation efforts. This report provides a roadmap of things to consider for a transformational program.

    Novarica Research Council Impact Awards Nominees Announced

    Matthew Josefowicz

    Today we announced the nominees for the Novarica Research Council Impact Awards, which will be judged by all 300 members of the Novarica Insurance Technology Research Council, making them the largest peer-jury awarded recognition in the industry.

    The nominees were selected from more than 40 submissions of case study information by insurers, most of which will be included in a compendium published this fall. I want to thank the nominating committee of Research Council members for their work in selecting the nominees. Committee members Andy Wood (Wilton Re), Dan Simpson (Trustmark), Eric Bulis (SBLI USA), Larry Fortin (Millers Mutual Group), Mark Berthiaume (Chubb), Pete Moreau (Amica), Piyush Singh (Great American Insurance Company), Reuben Broadfoot (LifeMap), Sal Abano (Tower Insurance), Stuart Tainsky (PURE), and Tim Billow (ING) spent time carefully reviewing more than 40 submissions to make their selections.

    The nominees for each category are:

    Practice

    • Erie overhauled IT cost reporting by using PPM application to track all costs across 13 discreet portfolios.
    • CAMICO initiated the Open Innovation Program to allow employees to submit, vote, and support ideas to leverage employee creativity.
    • Allstate Financial established an enterprise-wide test environment which uses one algorithm to scrub data across applications.

    Quick Hit

    • Great American created customer mobile apps to deliver self-service functionality.
    • Oregon Mutual deployed an iPad and cloud-based agency relationship management tool.
    • Zurich allows program administrators to upload commercial specialty business in real time from their agency systems.

    Transformation

    • American Safety undertook an initiative to consolidate all underwriting units across the company into a single system.
    • A large multiline P/C insurer undertook a three year project to replace legacy policy administration systems with a modern configurable system.
    • Capitol replaced multiple legacy surety systems with a single modern platform and enabled online self-service for agents.

    Expansion

    • Cincinnati Financial transformed how independent agents process business using ACORD XML Standards and real time from agency systems.
    • Patriot National created a web-based, real time rating and quoting portal capable of quoting companies in all states.
    • Allstate Financial enabled producers and customers to legally bind an electronic signature to a life insurance application via Internet.
    • PEMCO created SmartSearch, allowing CSRs to find customers without exact spelling or policy number, and The Hub, which offers a consolidated customer overview.

    The full council is voting now, and the winners will be announced at our Event on Tuesday, October 30th in NYC.

    Novarica Research Council Impact Awards 2012

    Here’s an overview of our Impact Awards program. Deadline for information submission is June 30. Download the submission form here.


    Novarica Research Council Impact Awards Information

    The awards will be judged by all 300 members of the council, making them the largest peer-jury awarded recognition in the industry.

    Nominees from for the award will be selected from a collection of case studies that we’re currently working on by a nominating committee of Research Council members, including Andy Wood (Wilton Re), Dan Simpson (Trustmark), Eric Bulis (SBLI USA), Larry Fortin (Millers Mutual Group), Mark Berthiaume (Chubb), Pete Moreau (Amica), Piyush Singh (Great American Insurance Company), Reuben Broadfoot (LifeMap), Sal Abano (Tower Insurance), Stuart Tainsky (PURE), and Tim Billow (ING).

    CIO Council Meeting Report Published and New Impact Awards Announced

    Matthew Josefowicz

    More than 50 insurer CIOs gathered at the latest meeting of the Novarica Insurance Technology Research Council meeting last week in Providence, RI.Today, we’ve published a report that includes the materials presented at the meeting, plus summaries of the discussions. Current clients and council members can download the report for free. Non-member insurer CIOs are welcome to apply for membership here.

    We’ve gotten great feedback from the meeting, including the following attendee quotes:

    It gave me the opportunity to hear what others are doing, get some valuable lessons learned and gave me a second wind to continue to work through the relationship building process and governance issues. Well done!

    The quality of the discussion and the thoughtfulness of both the attendees and presenters was high. The length of the meeting was just right. I liked having a chance to talk informally with people at the dinner the night before as well.

    The Novarica Council event is the only place where the door is shut and CIOs from around the industry speak openly and honestly about how to solve real world problems…without being pitched hard by sales folks.

    Novarica Research Council Impact Awards

    Also, at the meeting, we unveiled our new Novarica Research Council Impact Awards, which will be judged by all 300 members of the council, making them the largest peer-jury awarded recognition in the industry.

    Nominees from for the award will be selected from a collection of case studies that we’re currently working on by a nominating committee of Research Council members, including Andy Wood (Wilton Re), Dan Simpson (Trustmark), Eric Bulis (SBLI USA), Larry Fortin (Millers Mutual Group), Mark Berthiaume (Chubb), Pete Moreau (Amica), Piyush Singh (Great American Insurance Company), Reuben Broadfoot (LifeMap), Sal Abano (Tower Insurance), Stuart Tainsky (PURE), and Tim Billow (ING). For more on the case studies and awards, click here.

     

    Business and Technology Trends in Personal Lines

    Karlyn Carnahan


    I published a new report today, Business and Technology Trends: Personal Lines, looking at recent technology initiatives by personal lines insurers and highlights top issues for this year.

    With a continuing soft market, and very competitive conditions creating profitability pressures, personal lines carriers are focusing on growth strategies, expense reduction, and improving underwriting results. Top initiatives for personal lines carriers include business intelligence, policy admin systems replacement, claims systems replacement, and portal functionality for both agents and insurers. The report includes 30 examples from personal lines insurers.

    Case Study: Core Systems Transformation at Great American

    Great American’s core systems transformation is a multi-year re-architecting of core enterprise systems serving multiple P&C operating units to bring together best-of-breed components into a service-oriented environment.

    The effort is transforming not just the technology environment, but the firm’s business processing capabilities, training requirements, and attitude towards the value of IT for a specialty lines carrier.

    This case study, written in close consultation with Great American, provides an in-depth look at the in-progress initiative, the challenges faced and overcome, the effects, and the best practices that other insurers should note in planning their own significant IT efforts.”

    This is the inaugural report in a series of case studies of successful transformative technology initiatives by insurers. The outline of the report follows Novarica’s 4 Ps Strategic Framework, which stands for “Pressures, Principles, Projects, and Programs.”

    • Pressures: What are the business pressures facing Company across all areas?
    • Principles: What are Company’s IT principles?
    • Projects: What projects will Company prioritize in the next 2-3 years? How do these projects address the pressures and follow the principles?
    • Programs: What projects will Company organize into larger programs in the next 2-3 years, and how will these be managed?

    The 15-page report is available at www.novarica.com/case_study_GAIC.