Each year, thousands of regulatory changes are made that could materially affect the insurance industry, and the number is rising. In any given year, more than 40,000 regulations—including legislative bills, administrative rules, bulletins, advisories, alerts, directives, and interpretive guidance—must be vetted to determine if they affect the business of insurance. According to RegEd’s internal research, there were about 2,400 new or revised state regulations enacted or adopted that directly affected the insurance industry in 2013. In 2019, there were about 3,600, an increase of 53%. As the number escalates, new regulations themselves are becoming more complex, especially around risk management, corporate governance, cyber-security, and privacy, with wider-ranging effects that reach further across geographies, business lines, products, and processes.

Managing the regulatory change process can be complicated and time consuming. Simply to identify a new regulation is a monumental task, to say nothing of methodically analyzing each one to determine how—and whether—it could affect an insurance company’s sales operations, actuarial procedures, product features, financial obligations, or any number of other areas of the business. When a new regulation does affect the organization, an organization must take steps to bring itself into compliance. Finally, a company must demonstrate compliance to regulators.

A Repeatable Closed-Loop Process

If an organization has implemented an established and repeatable closed-loop process to manage regulatory change, it can avoid missing key regulations, determine how new regulations affect the organization with more precision, take measures to bring itself into compliance more efficiently, and demonstrate proof of compliance with comprehensive documentation and reporting. There are five steps: Be aware of new regulations; determine relevance to your organization; identify areas of ownership and translate changes into business requirements; execute, monitor, and validate a workflow plan to bring the company into compliance; and demonstrate compliance to regulators and internal stakeholders.



By Merlinda Johnson, Director of Insurance Regulatory Compliance at RegEd, Inc.

More Resources