You might be asking yourself, “why should I spend time on compliance for my practice”? Well, we know that compliance tends to get a bad rap because it is often associated with laws, regulations, enforcement actions, and penalties for those who do not follow the rules. It also takes valuable time, effort, and resources from people who would much rather focus on other areas of their business.
Insurance compliance is not just a necessary evil, it is good for business. Understanding your unique risks and implementing systems to mitigate them can pay off handsomely. Ignoring compliance, on the other hand, is a gamble you may not be able to afford.
We want to make it easy for you to get started, and to make compliance less confusing – or scary. We recommend you start with a Compliance Self-Assessment. This will allow you to evaluate your business in the comfort of your own office, confidentially.
What is a Compliance Self-Assessment?
A compliance self-assessment involves reviewing and identifying your own compliance risk. It can be very detailed and include all areas of the business or it can be a high-level assessment using a checklist.
Why Conduct a Compliance Self-Assessment?
Failure to address the risks presented by non-compliance with laws and regulations can have serious consequences to your business. Some examples of these consequences include the loss of your insurance license, fines, loss of insurance carrier appointments, commission chargebacks, and reputational damage that causes the loss of existing and future clients.
In fact, one of the biggest compliance risks for producers is dismissing compliance risk. Consider the following:
- Evolving Regulatory Landscape: The regulatory landscape is constantly evolving, and it can be challenging to stay current with all the new requirements. Faced with this challenge, some producers choose to stop trying to keep up with all the new laws and regulations and lack awareness regarding what is required. This approach puts the entire business at unnecessary risk. Regulators are inclined to respond more harshly to producers who have not even attempted to comply with applicable laws and regulations. Further, insurance carriers must evaluate the risk presented by their distribution partners and are more likely to take negative action against those who present a higher degree of risk.
- Good Intentions Aren’t Enough: Individuals with a lot of experience in our industry may be overconfident in their ability to address compliance risk. Compliance with regulatory requirements involves more than just trying to do the right thing or putting the consumer first. Unfortunately, there are often specific actions that are required and they often are not intuitive. Experience and good intentions are not the same as achieving compliance.
- Delayed Compliance is Non-Compliance: Some people understand regulatory requirements but have chosen not to comply or may be putting it off and have not taken any action yet. If a producer understands the requirements but has not followed through and taken steps to comply, regulators are likely to see that as willfully choosing not to comply. As you can imagine, that is not likely to lead to a good outcome for the producer.
Risks to Review during a Compliance Self-Assessment
Every producer’s business is different, and the corresponding risks vary accordingly. However, some areas present a higher degree of risk in nearly all businesses and are worthy of inclusion in any self-assessment. Let’s look at four of the top risks to include in your compliance self-assesment: advertising, sales practices, data security, and regulatory updates.
- Advertising: One of the most common ways that a producer comes under the scrutiny of a regulator is through their advertising (sometimes in the form of a complaint from a competing producer). Seminars, radio shows, websites, social media, direct mail, books, sales literature, sales software, illustrations, charts, graphs, handouts, and similar materials are all considered advertising under state and federal regulations. It is therefore subject to complex and numerous advertising regulations.Advertising regulations are not intuitive. They are nuanced and often complicated. While you may believe your advertising is fine and you are acting with the best of intentions, unless you are an expert in advertising laws, you are taking a big risk. Your advertising either works for you – by supporting complete, clear, and accurate information – or it works against you, essentially creating written documentation that can be used against you during a complaint, litigation or regulatory enforcement action. Remember: regulators are people, too, and they listen to radio shows, receive seminar invitations, and experience all of the other types of advertising created by producers. In addition, your competitors are a common source of advertising complaints. Once an investigation begins, other aspects of a producer’s business (sales practices, data security/privacy, etc.) can be included in the investigation.
- Sales Practices: Sales practices encompass a wide swath of activities and can be a regulatory minefield. A few examples of how sales activities can come under fire for regulatory compliance:
- Do your gifts or client appreciation events violate rebating laws?
- Do your sales presentations include misrepresentations?
- Are you providing investment advice that requires you to be properly registered with the state securities department or the SEC?
These are only a few of the sales practices that should be assessed to help ensure that you are not inadvertently violating laws and regulations.
States are also rapidly adopting the NAIC’s updated suitability model regulation that includes a “best interest” requirement and many new obligations. The SEC’s Regulation Best Interest is in place and the DOL has finalized a new investment advice rule that affects rollovers. Sales practices must evolve as new regulations become effective and a self-assessment should include a review of all sales practices. Review your obligations as a producer and download DMI and Summit’s Compliance’s Best Interest Rule Guide.
- Data Security: One of the largest risks for a producer is a data breach or the loss of clients’ non-public information (NPI). The unauthorized exposure of client data could have regulatory, legal, and reputational implications resulting in the loss of existing and future clients, along with the loss of insurance carrier appointments.Our reliance on technology and the greater receipt, transmission, and storage of NPI through digital means continues to increase for all of us along with the corresponding potential for a data breach. Assessing the measures your business has in place to prevent a data breach should be included in a self-assessment.
- Regulatory updates: The regulatory environment is constantly changing, and new requirements can be burdensome. Ignorance will not be a valid excuse for regulators, so it is vital that producers have a trustworthy source for updates, training, and guidance.A self-assessment should include a review of how you are receiving regulatory updates and the quality and practicality of the guidance and training that you receive from those sources.
Tips on how to Conduct a Compliance Self-Assessment
- Start with your largest risks: You may wish to identify the largest risks for your business and start with those rather than become overwhelmed with all the risks and not do anything. Doing something is better than doing nothing. Also keep in mind that if, for example, you are the only person in your practice, your office is in your home, you do no advertising, and you only use paper applications and files, your self-assessment will be quite different from a practice that has several licensed producers, a team of support staff, uses advertising extensively, and leverages a lot of technology.
- Work with a checklist: A good place to start may be with a short checklist. It will provide you with a starting point and you can expand the scope as you assess and mitigate the risks on the checklist. Summit Compliance Group, LLC offers a simple checklist for free.
- Take your time: Do a thorough assessment. Some producers are tempted to assume that they are doing things “the right way” and may not analyze risks properly. They only go through the motions in an attempt to get through the process quickly. This can create a sense of false confidence and potentially be disastrous for a business.
- Don’t do it alone: Take advantage of the resources you have available. DMI is here to assist you with all aspects of your business, including assessing compliance risk. We want you to be successful and to be the one to decide when to leave the industry (retire) versus having an event or third party (regulator) make the decision for you. DMI also has access to compliance experts who can assist you.
DMI and our compliance partner, Summit Compliance Group have a wealth of resources for our partner agents and advisors to support your compliance. Download Summit Compliance’s Regulatory Self Assessment today to get started.