Email Contact Phone Company Visit Website

London, UK Office Head Office

Sceptre House, 76- 78 Red Lion Street,


020 7832 0807


Yasmin Chaudhary
[email protected]
Back to all Cognito announcements

Compliance Assurance Corporation Survey Reveals Insurers’ Processes for Regulatory Change Management Are Lacking

Compliance Assurance Corporation (CAC), a leading provider of regulatory compliance solutions for the insurance industry, today released the results of its regulatory change management survey. The poll was conducted during “Managing the Hydra of Regulatory Change,” the first installment of CAC’s Compliance 2.0 webinar series. Compliance 2.0 is defined by a set of programs, tools and organizational behaviors that enable compliance professionals to expose their function as a strategic, vital asset in their organization’s growth equation and be recognized for the value they deliver.

Responses from nearly 50 compliance executives working in the U.S. insurance space revealed that the majority of current organizational processes for managing regulatory change are falling short. Attendees were asked to classify their organizations’ processes against the five-level ‘Regulatory Change Management Maturity Model’ of governance, risk management and compliance (GRC) analyst firm GRC 20/20 Research. Including the levels of ad hoc, fragmented, managed, integrated and intelligent, the model is a framework to measure the maturity of an organization’s process for managing regulatory change in the context of a dynamic and shifting regulatory environment.

Twenty-eight percent of respondents identified their processes as being aligned on the fragmented level of the scale, which is characterized by a lack of consistent structure, lack of institutionalized processes for sharing regulatory information and disjointed use of technology. Limited oversight and accountability is also typical of firms taking a fragmented approach to managing regulatory change.

Respondents (35%) most commonly classified their regulatory change management approach as managed, the mid-range of the maturity model. Marked by at least some usage of technology to manage process and provide accountability, inconsistencies still remain at this level as well. Lacking the integration of technology and content, a managed approach delivers some visibility into regulatory change across the business, but reporting tends to not go beyond the department level.

According to Jerry Shafran, CEO of CAC, “With insurers dealing with over 3,500 state-based regulatory changes in a given year, constant change is the norm in today’s regulatory environment and one of the most pressing concerns for CCOs, CEOs and their organizations. Even without considering the likelihood of responders over-assessing their organizations’ capabilities, these findings are worrisome. The insurance sector is rapidly becoming a technology business. To retain a competitive edge, insurers must seek new innovative ways to grow revenues, manage costs and mitigate risks.”

Only 10% of respondents self-identified their processes as intelligent, the model’s most advanced rating, which features business-process automation that enables full oversight and seamless management of regulatory change. The same percentage classified their organization’s practices as ad hoc – the lowest level of the regulatory change management maturity model categorized by the lacking of a defined regulatory taxonomy and low to no use of technology. 17% selected integrated, the second highest level noted for common technology architecture enabling consistent management of regulatory change.

Mr. Shafran continues, “To reduce risk and remain competitive, insurance organizations are wise to evolve their execution of regulatory change management to a more effective and efficient process, one that is scalable and consistently meets the demands of business and regulatory environments. Process and technology innovation can drive efficiency while delivering tangible benefits to the business and more open engagement between compliance and the organization’s business owners.”