Despite pandemic fatigue, no lockdown for Compliance in sight in the group risk industry
It’s been a challenge all round to remain resilient and keep the lights burning when the global insurance industry continues to be brought to its knees by an unrelenting pandemic, bringing waves of unprecedented risk events. We continue to be vulnerable more than ever before due to loss of life, dents in profits, cybercrime, fraud and security breaches, vaccination wars, logistical and operational challenges, service level impacts, exhaustion and burnout, fear-mongering, socio-political uprising and looting, unusual weather events, climate change and the list goes on.
Despite experiencing these loss events that have and continue to disrupt the flow of daily business operations for most organisations, compliance risk management at Sanlam continues to take centre stage despite organisational challenges. There has been no better time to have the foundation & principles of any business tested, while scrutinizing the true value of compliance risk management.
Sanlam’s focus remains on delivering on the promises to our clients and treating them fairly, while key regulations drive our compliance behaviour; this compliance could not have been achieved without the commitment from all role-players including policyholders (funds and employers) and intermediaries:
So let us pause for a moment and recap on how we have fared this year.
- POPIA
POPIA remains our flagship compliance achievement this year. As you may be aware the 1st of July 2021 was the deadline for public and private bodies to ensure compliance with the Protection of Personal Information Act 4 of 2013 (“POPIA”).
In view of these regulatory requirements, we have updated all policyholder group policies with the necessary provisions to ensure compliance with data privacy obligations – each policyholder received a formal endorsement to their policy with a very clear position on our approach to POPIA, what is expected from our clients as regards their role, obligations and commitments, and confirming how we will manage the sharing of client data.
We regard ourselves as a joint responsible party together with our policyholders and as such can confirm that we have implemented appropriate technical and organisational information security measures to keep the personal information of our clients secure, accurate, current, and complete.
- FICA
As the Financial Intelligence Centre Act (”FICA”) requires financial institutions, such as Sanlam, to establish and verify clients’ identities to combat money laundering and the financing of terrorism, no business relationships may be entered, or transactions concluded with clients or persons who are anonymous or unidentified as we need to ensure we are not doing business with scammers or fraudsters
In order to align with FICA obligations as an accountable institution, an external provider conducted and end-to-end review of our party due diligence processes by scrutinising our customer files for the purposes of assessing the level of party due diligence and customer screening we conduct at onboarding and throughout the lifecycle of the client relationship.
- TCF
Treating Customers Fairly (TCF) standards continue to keep us on our toes.
From a customer service perspective we are, more than ever, aware that clients form opinions of an insurer every time they deal with one, and particularly when things go wrong. Trust is sacrificed every time claims are not timeously processed, or poor service is rendered. One of the ways to resolve this is by listening to members and keeping all parties informed when resolving a matter, thereby committing to treating our consumers fairly and restoring trust.
We’ve implemented a number of measures to manage the high claims volumes as a result of the pandemic as unfortunately we are not always able to meet our standard turn-around times (for payment pre-Covid) on some of our claims.
- Insurance Act 18 of 2017
The Prudential Authority confirmed to the industry that employer discretion in the determination of beneficiaries under group insurance policies is no longer allowed in terms of the Insurance Act. To achieve regulatory compliance, we are currently issuing endorsements to the affected policyholders (employers) to amend these provisions by 31 December 2021. We are allowing the affected policyholders a reasonable period to educate their employees on the requirement for valid beneficiary nomination forms and to put the necessary processes in place to obtain, annually update and store employees’ nomination forms.
We will continue to provide assistance to policyholders in communicating and educating members on the requirement for valid nomination forms, where possible.
- Policyholder Protection Rules
PPR 11- 31 days notification rule
Our PPR initiatives to comply with the 31-days notification rule has gained much traction and shown a marked decrease in potential compliance breaches as the year draws to a close. These include providing the policy to the policyholder before the deadline as well as following up within 5 days of sending the policies to intermediaries. Our intermediary agreements have also been updated to set out the obligation of the intermediary to provide the policy within 31 days of the commencement date of the policy and we will manage expectations and intermediary obligations in terms of the agreement.
We thus will continue to rely on our intermediaries to provide assurance to policyholders (employers, members, funds), together with Sanlam, and for them to render/perform intermediary services relating to our products honourably, professionally, with due skill, care and diligence and with regard to the fair treatment of policyholders.
PPR 11-Communications/Disclosure management
Operational compliance processes with policyholders, Front Offices and Retirement Fund Administrators (RFA’s) with regard to communication/disclosure (as required by PPR), has proven to be complex and challenging due to the varying network of relationships with industry stakeholders playing a multitude of legal roles. We are currently rolling out SLA’s to existing and new clients, with the purpose to:
- Set out responsibilities around the administration/servicing of policies in order to record each party’s service obligations arising from the provisions of the agreement we have entered into with them; and
- Ensure appropriate communication to members in terms of compliance with PPR legislation.
PPR 13 –Member data requirements
We continue to drive urgent initiatives to source member contact details from policyholders. We rely heavily on our stakeholders to provide the assurance to members that they need not be unwilling to provide their details to Sanlam, as our intention is only use the information to meet our regulatory obligations including treating customers fairly.
PPR20- Terminations Management
Sanlam engages regularly with the Regulatory Authorities to enhance the streamlining of the terminations process (when a policyholder terminates risk cover with us). We are particularly reliant on our policyholders to inform us timeously if they wish to terminate risk cover with us and to provide us with the evidence that all members have been notified timeously. The Regulatory Authorities obliges Sanlam to submit this notification of proof to them so that they can ensure that members are not unfairly disadvantaged.
The above examples are but a few of the initiatives where we have made strides with compliance obligations in a tough insurance environment. Despite the ongoing pandemic onslaught, no lockdown for Compliance is in sight. Now more than ever, role-players must collaborate and engage more robustly with each other in this industry – to keep our collective heads above water, it’s a must! At the same time, we must applaud ourselves for how far we have come in terms of adapting and embracing change. We have achieved much and we continue to progress.