More Compliance Q&A on Insurance Claims Management

Posted by DIMONT on August 1, 2016 at 9:30 AM

hazard insurance check.pngInsurance claims management is definitely one area in which servicers can benefit from the experience of the right third party partner. We wrote about this in a recent white paper we published where our compliance experts provided a complete rationale for this approach. There are simply too many compliance risks that servicers must overcome, causing company risk if they perform this work on their own.

In our paper, we covered claims for flood insurance, auto insurance and more. That paper is available now on our website. We welcome you to download it to find out more about why outsourcing insurance claims management can limit your compliance risk. After posting the paper, we received some excellent questions from readers. We addressed some of these questions in a recent post and will address the remainder of them here.

Q: Do you have specific procedures in place to ensure compliance with privacy laws/regulation requirements related to maintaining security, confidentiality and protection of customer information (e.g., Gramm-Leach-Bliley Act related activities)?

A: Absolutely. Consumer data security is vitally important. It’s actually covered in its own component of the SSA16 audit, but, to ensure complete compliance, we also pay for a separate, third party audit to be performed in this area. We perform penetration tests on public facing websites and then conduct separate internal and external network security assessments to ensure that DIMONT maintains the most secure profile for protecting customer and client data. Anything less would suggest that your partner is not serious enough about this critical issue.

Q: Do you offer formal privacy awareness training for employees, contractors and third-party users to ensure confidentiality and privacy of scoped data?

A: Yes, and this is the other side of the data security coin. We conduct annual information security awareness  and privacy training programs, geared toward making sure employees understand the importance of data security.  We cover both the technical and the human aspects of security, such as social engineering and phishing, in order to be successful.

Q: Do you have controls in place to ensure compliance with legislative and regulatory requirements in each applicable jurisdiction, including dedicated staff engaged in regulatory compliance/regulatory compliance monitoring?

A: Yes, and this is no small task. There are multiple, overlapping jurisdictions that impact the work we do and we are tasked with tracking these rules and any changes to them on behalf of our clients. We have an entire section of our policy manual dedicated to this, which we share with clients and prospects.

Q: Are there any state/province specific regulations related to the products/services you provide (e.g., California Data Privacy)? If yes, please describe.

A: Definitely. Each state has its own regulatory agencies, such as the department of insurance, and they each have their own rules and regulations for conducting business in their states. The differences can be dramatic. For instance, some states require the use of a public adjuster, others require a practicing lawyer, some require neither but mandate that the repairs and claims filed are not from the same vendor. Knowing the requirements for each state is a critical first step in the claims process and we have made it a crucial part of our business to know them.

Q: Are you required to maintain special licenses, bonds, certifications or credentials related to the insurance services you will provide to us?

A: Yes. This goes back to the state-specific rules and the requirements of our various clients. We are generally tasked with maintaining bonds as well as providing additional licensing in certain jurisdictions. For details about the requirements in your own state, reach out to us for more information.

We’re very proud of the fact that for the past seven years, DIMONT has received consecutive SSAE 16 certifications without any exceptions. In addition, the 2015 examination determined that DIMONT continues to meet or exceed SSAE 16 control objectives such as control environment, risk assessment, monitoring, computer operations, data center operations, access/security, systems development and systems maintenance, as well as the entire insurance claims process.

To have your own questions about insurance claims processing answered, reach out to us. Download a copy of our recent white paper and feel free to call us any time.

Topics: Compliance