There is scarcely a reader who does not recognize that insurance companies, among others, are under intense scrutiny these days from a financial, operational and compliance perspective. Against this backdrop, compliance has emerged as one of the most important areas of risk that an organization faces. In fact, it is safe to say that compliance risk, together with reputational risk, has surpassed more traditional risk areas such as credit, market and financial risk to compete with operational risk at the top of the corporate agenda.
Compliance risks include the risk of legal and regulatory sanctions against the firm and personnel, material financial loss, loss of reputation, and actual loss of the franchise--potential losses that are incalculable. It isn't enough to merely keep track of changes in the law. To protect and enhance corporate value and reputation, companies must continually and systematically gauge the legal and ethical environment in which they operate.
To their credit, insurers have made significant strides in recent years in strengthening the role and structure of the compliance function, viewing it less as an internal watchdog and more as an enabler and catalyst for value creation within the organization. The creation of board-level compliance committees has added clout to the ability of insurers to police themselves.
More than 20 Standard & Poor's 500 companies, mainly in the fields of health care and financial services, have board committees primarily focused on compliance and legal issues. This has been a response to aggressive regulators, as well as class-action litigation and damaging court judgments. The new scrutiny requires attention to more robust compliance standards.
Significant challenges remain, however, if insurers are to realize the full benefit of improved compliance and the ability to avoid trouble. Many organizations have been frustrated by a lack of clear-cut regulatory standards for compliance. Still others believe that company management and boards have been forced to focus on regulatory compliance to the point that it might undermine their performance, innovation and flexibility.
Both the insurance industry and regulators need to take a step back and look at what each can do to foster an environment of cooperation. They need to strike partnerships to achieve not only compliance with the law, but to instill a culture of compliance and organizational integrity based on a set of guiding compliance principles, as well as the companies' own ethical values and aspirations. A values-based culture, where striving for ethical compliance becomes second nature, means moving beyond the minimum standard of legal compliance.
In the 2003 public-policy study, "The Path to Reform--The Evolution of Market Conduct Surveillance Regulation," prepared for the Insurance Legislators Foundation of the National Conference of Insurance Legislators, my colleagues and I recommended that compliance be viewed at a higher level.
Market conduct surveillance should have as its goal an environment that results in ethical behavior and a culture and philosophy reinforced by standards, systems and controls that seek to achieve not only compliance with law, but fair treatment of policyholders.
Toward this end, regulators need to adopt a regulatory approach that places emphasis on the responsibility of senior management to run their business effectively and in a way that does not harm consumers. Regulators also need to provide best-practices guidance on what a model compliance structure looks like and work to promote a compliance environment at insurance companies.
In this environment, the regulatory framework would need to recognize self-policing and self-reporting, and evaluate companies' efforts when determining a response to wrongdoing. Yet today, insurance companies continue to fear that self-assessment can be used against them by regulators and consumers. With assurances that compliance issues are kept confidential, regulators can promote the attitude that it is the companies' responsibility to find and correct violations, rather than waiting for regulators to do so.
Regulators can also help companies to stay compliant by creating a framework whereby companies will be given guidance when laws or regulations are changed. This exchange will help insurers to understand what new or altered regulation means for their companies and how to react to remain compliant. With this risk-based approach to regulation, firms are encouraged to reduce their regulatory burden by taking action to embed compliance within their organization, not simply working to avoid regulatory detection or scrutiny.
Insurers can foster this environment of cooperation by adopting a sophisticated approach to compliance and the necessary internal controls. Compliance needs to be viewed as the glue that links key functional areas when responding to regulatory requirements. The compliance officer is not viewed as an obstacle, but an enabler to getting business done in the right way, not unlike the way many financial services companies view the chief risk officer.
LAW AND ETHICS CLASH
While there is no question that companies need a sound strategy for legal compliance, it is dangerous to regard legal compliance as an adequate means for addressing the range of ethical issues that emerge every day. Often, lawful conduct can be ethically problematic.
One need only look at the recent contingent-commission controversy faced by insurance brokers to understand that adhering to the law is not always sufficient. Contingent commissions were arguably not illegal, but insufficient disclosure to buyers brought the marketplace conduct into question.
External expectations shifted as to how compliance should be focused within the operations of an insurance intermediary. The New York Attorney General believed that brokers should be behaving differently, and regulators agreed almost without exception. Millions of dollars in penalties were paid, share prices suffered and significant legal costs resulted for all involved. An ethically based approach to compliance might have prevented this.
Policyholders and the industry itself have a great deal of good to gain by adopting an ethics-based approach to compliance that combines a concern for the law with emphasis on managerial and supervisory responsibility for ethical behavior.
Ethically driven compliance is broader and deeper and based on the concept of self-governance in accordance with organizations' chosen guiding values.
These ethical values enable responsible conduct, shape the design of organizational processes, guide the decision-making of groups and individuals, shape the organizational search for opportunities and serve as a unifying force and common frame of reference across the enterprise. Ethically driven compliance is driven not solely by corporate legal counsel, but by managers across all levels and across all functions within the organization. Ethically driven compliance relies upon the powerful desire of individuals and the organization alike to do the right thing.
By carefully thinking though their unique issues--culture, history, management approach, regulatory requirements--companies are able to better develop their own framework for doing the right thing and establishing a corporate culture and the guiding principles to support it. It is safe to say that success may require certain key elements:
Ethical standards, guiding principles and expectations are clearly communicated from the top of companies down to all levels of employees and built on company core values and obligations. Employees understand their practical importance and take them seriously. Management and staff alike are able to think more clearly about the ethical problems they face in conducting their daily business. Of course, these guiding principles are no substitute for individual responsibility and accountability to exercise good judgment and to obtain guidance on proper business conduct.
Corporate management and boards visibly and authentically demonstrate and adhere to their own commitment to ethical behavior and standards each and every day. They are willing to take action when ethical lapses occur and are also willing to take a careful eye to their own decisions. They are powerful forces in maintaining and establishing an ethical tone and effective corporate governance. Meaningful oversight demands engaged and attentive monitoring and assessment of compliance activities. By identifying pressure points and preventing small problems from spreading, they send a powerful message to company stakeholders that they are focused on their responsibilities.
Ethics and compliance are a part of the daily lives of employees, as well as training and educational efforts. Training initiatives go well beyond perfunctory lectures about legal requirements and include well-conceived, real-life situations and interactive discussions.
Ethical values are integrated into the broader critical activities and decision-making process. By making integrity, ethics and compliance a part of development plans, goal-setting, compensation, performance measurement and career advancement, companies effectively communicate that doing the right thing is rewarded.
Organizational structures and systems support company guiding principles and values. Systems that provide accurate and timely information and reporting relationships that provide effective checks and balances all contribute to the ability of companies to continually monitor and assess ethical policies and procedures. As business practices evolve over the years, so do the expectations and requirements of internal and external stakeholders.
Ethical standards extend beyond company walls. Business dealings with vendors, consultants, customers, contractors or any third party reflect ethical standards, too.
In today's business climate, reputation is perhaps the most important business attribute companies can possess. A well-deserved reputation for integrity and ethical values can take years to build and can be destroyed in moments, sometimes based on mere perceptions.
Ultimately, creating an environment that encourages ethical conduct and doing what is right, whether or not there are clear legal restrictions or guidance, is perhaps the best way to discourage misconduct and to take compliance to a higher level.
LYNNE PRESCOTT HEPLER
is a director in the Financial Insurance & Claims Services practice of Navigant Consulting's Chicago office.
February 1, 2006
Copyright 2006© LRP Publications