The process and performance of verifying and improving insurance coverage for third parties differ greatly. In fact, 75% of the third parties fail to meet insurance requirements. Moreover, analysis from McKinsey found the following trends within the insurance industry;
So, how can we change all of the above? By focusing on user-centric communication, which according to the Cambridge Dictionary, is a design approach that considers the way people will use products and systems, and how they will use them:
In this case, this involves establishing a user-centric verification framework that specifies clearly what is expected, as well as what is required. Third-party vendors need to understand these steps in order to reach the approval stage as quickly as possible.
While this may seem like a massive undertaking, it’s essential if you want to improve insurance verification. And, using the following tips can help you get started without feeling overwhelmed.
“A failure to design and implement an explicit third-party risk management framework may obscure potential gaps and overlaps between existing policies and procedures,” write Alexandra Mabey and Daniel Kaposztas for McKinsey & Company. “Conversely, a clear framework ensures a balance between risk and commercial factors, increasing the effectiveness of risk management.”
They advise that organizations should focus on three key areas:
After developing your third-party risk management framework you should make sure that your insurance requirements for onboarding third-party vendors should be the right size.
The right balance needs to be struck between adequate coverage and the ability to demonstrate compliance when crafting third-party insurance requirements that encompass not only legal and insurance requirements but also business operations. Many risk managers or GRC program operators strive to achieve 100% compliance with third-party insurance requirements. However, if actual results fall closer to 25%, then there should be a resizing of requirements to right-size them.
In order to identify their highest-risk partners and coverages, companies should first assess their portfolio of partners and coverages, then review any rules or coverage amounts that typically result in an exception request, as these are good indicators of where partner insurance verification gets “stuck”.
Communication of both process and expectations is critical to ensure that third-party vendors receive and understand a company’s insurance verification requests. But, it is often quite challenging to do so effectively. It’s also difficult to maintain lists of individuals and to update their contact details.
When companies have achievable insurance requirements but still don’t see an increase in compliance rates, it’s usually because of ineffective and/or inconsistent communication for the requests for COIs. In addition to being important for compliance reasons, it assures vendors that the company uses the COI verification program – they won’t use the COI verification program as a one-time request and then stop contacting if they don’t hear back.
Verifying insurance requires the involvement of an insurance broker. The insurance department interprets a business’ needs, then reacquaints itself with the policies placed for vendors, and creates a Certificate of Insurance demonstrating that the vendor’s policies meet those needs.
It is usually straightforward to verify coverage types like general liability and property damage, but it can be challenging to verify more obscure coverage types like product liability and employee dishonesty. Coverage can be modified by endorsements or exclusions.
In the case of complicated language, an insurance professional, risk manager, and/or lawyer are often needed to interpret the text. Third-party vendors may encounter challenges in creating a COI that sufficiently demonstrates their compliance with these considerations.
If you treat brokers and agents like partners, you will be able to easily onboard them and get them verified much faster. Among the successful tactics for this can be: direct communication with brokers, time-saving programs, like TrustLayer, for combining efforts across multiple insurers, and continuous integration to keep brokers (and agents) informed and involved.
Automation tools can help firms organize data more effectively, identify failures and breaks, analyze trends and patterns, and help them implement consistent and efficient work routines, state Mabey and Kaposztas. Examples include:
COIs and other vendor requirements such as contracts and W9s using AI and RPA technologies.
Third-party risk management must be improved by the industry as a whole, as well as by individual firms. Ideally, industry standards and best practices should be agreed upon. An agreement with a third party benefits both sides when there are clearly defined requirements and limitations, such as access to data, reporting measures, and contract terms, the authors add.
Also, firms should examine their data management and cybersecurity processes, which are rightly attracting significant attention after numerous cyberattacks. The standards should be met by (re)insurers and investment firms in order to protect customers, themselves as well as regulators.