The Life Brokerage Technology Committee (formerly NAILBA Technology) was a gathering of industry technology leaders and experience to discuss and report on standards and trends. The group was represented by Broker General Agencies, Carriers, Medical Information providers, and Solution Vendors. Workflows were documented, data sets were negotiated, and appetite to change was measured. In short, the day’s discussions produced new solutions and road maps that materialized some years later. The committee’s work over the last 2 decades did bear fruit and greatly impacted cycle time, accuracy (IGO), underwriting, digitalization to big data while the cost savings were taken over by rising compliance cost.
Then COVID-19 hit us out of left field, a new virus to all of us requiring “overnight” to work from home, wear mask and quarantine. Thankfully, the current maturity of our available technology made it possible. The pandemic forced change also in the Life Insurance process as well. In 2016, 45% of BGA’s new business submissions were E-Apps (full) which in October 2020 jumped to 75%. In 2016 the number one E-App obstacle to adoption was “Agent Training”. It took a pandemic to create change and even other lines of businesses (i.e., Annuity, LTC, Final Expense, Group, Disability) grew from nowhere to 20%.
LBTC conducted a 2020 survey that was different from the previous 8 years of surveys. The new qualitative paradigm focused on areas of the workflow process to automate and standardize whereas the previous surveys focus quantitatively on tools and vendors. The Paperclip survey adhered to the old survey scheme because many people would use its results to help justify partnering on projects and whom to spend resources on. Experience shows you want to engage with market leaders whereby the desired change being introduced would reach the largest audience possible. In a review of the LBTC 2020 Survey, the takeaways were exchange standards, automated underwriting, commission standards, and E-Policy Delivery.
The leader by request remains “Data Exchange Standards” with the specific mention to Application Program Interface (API) and the second was Automated Underwriting (AU). These two items are joined at the hip and to get an effective AU, you will need the appropriate data. ACORD messaging as the standard for many years became problematic because of the different needs it had to address for data exchange, hence why virtually everyone had their flavors of ACORD standards. This is now changing to a less structured format, to a simpler JSON (paired values) model while relying on a common data dictionary. The next question becomes creating the data dictionary, LBTC, or the vendor community, the LBTC is the best venue to construct the data dictionary terms and to manage the terms. The Data Dictionary though should support custom terms as needed.
Next is actual integration from the source data container (E-App, AMS, Paper App) to the receiving partner’s data container, SaaS to SaaS. So, let us start with the design question of “Point to Point” or a “Centralized Hub Model”. Well, the Centralized Hub Model is the most efficient choice based on our 22 years of experience exchanging over 70 million documents just last year among 1,400 Points of Presence (PoP). Today, data integration is dominated by point-to-point vendor SaaS PoP. One would think it should be a one to many, but every customer needs a change because they do things differently, ACORD’s challenge. Whoever brings the solution to market, it should be “Data Dictionary” based and the community (LBTC) should police it, as we did with document exchange (can anyone say doctypes…).
2020 Paperclip Survey as mentioned above maintained the vendor questions so the reader can see what their peers are doing with their technology resources. We see from our customers a continued trend to move from on-premises to vendor SaaS solutions. The driving forces are work from home, compliance, and technology staffing cost. The buyer’s top requirements are compliance and integrations with other vendors. Larger offices (> 100 users) want Cloud (Azure, AWS, IBM, etc.) deployments because cybersecurity depth will only be accomplished in the Cloud.
The below results reflect vendors that singularly or collectively obtained more than 65 percent market share. The complete report can be downloaded from Paperclip’s web site. The survey request was sent to over 5,000 people, 249 started the survey, and 39 participates completed it, dominated by BGA distributors (33). The responding BGAs reported they process 150 to 300 Life and Annuity applications a month. These BGAs process 80 percent of their business between 6 to 10 carriers. BGAs found very important to them was “Ease of doing business with”, “Product pricing” and “Relationship with the underwriter” in keeping their business. An Agent is producing about 50 to 150 applications annually and the age of these producers is 40 to 60 years old.
BGAs use social media to attract agents and to keep current producers informed. The primary services are LinkedIn (87%), Facebook (56%), and Twitter (41%). Fifty-Six percent advertise on these social services while only 38% prospect.
The following solution categories and vendors again represent the market share leaders, but each category is being challenged by new vendors that have a strong mobile offering. As noted above, the age of producers is just now including millennials and that group will gravitate to mobile selling tools. The most requested mobile applications are Quotes, Illustrations, and Pending case status.
Customer relationship management (CRM) is the solution that manages your clients’ relationships and interactions with prospects. There were 8 different vendors lead by SmartOffice and None, 25% of respondents do not use CRM tools. I expect a significant change here with mobile adoption.
Agency Management Systems (AMS) market leaders remain iPipeline’s Agency Integrator and Ebix’s SmartOffice. Only 15% of BGAs open access of their AMS to producers. BGA’s would open more if “Pending case status” was better. Fifty percent of BGAs use Carrier web sites instead of accepting the AMS data feeds. The lack of timely and accurate data is the objection and remains the BGA’s top five LBTC request list. Quote Engine had 14 vendors listed with the market share belonging to iPipeline’s LifePipe and Ebix’s VitalSales Suite.
Document Management with 8 vendors maintains Paperclip’s Virtual Client Folder as the market leader. Interesting here is 13% of respondents report “None”. I hope this means they paper-out and store paper. If this means images on a local hard drive, it would be considered today as gross neglect. BGAs preferred method of submission to carriers and receipt from medical service providers is “Secure email” and “Imaging vendor”; at 0%, looks like the FAX machine and FTP servers are finished. Secure email delivery was led by Paperclip’s eM4 and TLS direct connect. Twelve percent reported “None” which opens their email traffic to the world, not a good thing.
Electronic Application (E-App) with 6 vendors noted is led by iPipeline’s iGO. The next group combined representing 30% were Applicint, Ebix’s LifeSpeed, and PORCH. Twenty percent selected “None” with only one write-in for “Homegrown”. E-App electronic signature most used was DocuSign followed by Click Wrap (10%). Deeper in the survey, Customer’s (41%) would prefer a simple “Click & Close” solution. Drop Ticket options support 9 solutions with “Carrier’s Direct Link” and ApplicInt holding the market share. Agents that will take a paper application and then rekey it into an E-App was 25% and BGA that keyed from paper was 36%. This tells us that 61% of new business is from distribution via E-App and 39% is still paper.
Electronic Licensing & Contracting (E Con) only had 2 vendors with the leading market share held by SureLC followed by None (18%). Electronic Policy Delivery (E-Policy) is owned by Carrier provided solutions. The major reason is risk tolerance, each carrier wants it done their way. BGAs would like to see that change but I think this falls into that untouchable events like Check21, 1035s, “carrier-controlled process”. The leading E-Policy E-Sign vendor is DocuSign.
Compliance was something new added to the survey. Since compliance continues to demand more resources, we wanted to see how those surveyed viewed compliance. Many misconceptions on responsibility for unauthorized use of confidential information. The truth is, “you can outsource your technology but not your responsibility”. Managing third party confidential is a two-sided sword that cuts both ways. Access to secure data starts with the User placing confidential data into the solution, which creates a liability for the vendor.
When asked, where do you maintain client confidential data, 28% – In house, 44% – Vendor, and 33% – Both. This means the majority of BGAs continue to maintain shadow files, most likely in digital format. Here is where we start judging neglect versus gross neglect. If you conducted the best practices of oversite required by federal and state authorities’ laws, regulations, and rules, loss of data at worst could be found neglectful. If you ignore or partially approached cybersecurity and conduct, you most definitely would be considered gross negligence and most likely fined.
Compliance “Best Practices” starts with documenting how you control confidential information. Areas to address typically fall into these categories: Security, Availability, Processing Integrity, Confidentiality, and Privacy. These policy documents serve as the basis for training your staff on how to manage the personal data customers have trusted you with. Once you have policies and procedures you must maintain these documents to reflect the change that naturally occurs as a business scales both up and out.
Annually these processes are evaluated and tested by an approved auditing firm called Service Organization Controls Audits (SOC Audits) and because you manage medical information, HIPAA Audit as well. As part of the SOC Audits, you need to provide evidence of third-party penetration testing of your internal/external network assets where confidential data exist. The 2020 Survey reveals that 25% conduct SOC Audits, 43% HIPAA, and 8% PEN Testing. A positive trend is the adoption of Multi-Factor Authentication (MFA / 2FA) at 72% and Single Sign-On (SSO) at 59%. BGAs need to become more aggressive with cybersecurity and compliance.
Since most solutions are outsourced to vendors, the good news is that you can get major SOC & HIPAA carveouts by leveraging the vendors’ compliance documentation (i.e., SOC2T2, HIPAA, PEN, etc.), this helps to keep your audit simple. Some simple suggestions, your Clean Desk policies should band the keeping of shadow files and all employees should execute a privacy agreement that identifies your documented policies. Training and infrastructure maintenance should be continuous so start a business objective to get audited, everyone starts with a SOC2 Type 1 and ask your auditor if they would combine it with HIPAA because the auditing controls are very similar, great time and cost saver.
To improve cybersecurity, I would recommend we move to a 10-character minimum password scheme. Today according to many experts, it takes 5 hours to crack an 8 character all lowercase password while it takes 4 months to crack a 10 character all lowercase password. Very strong passwords at 8 characters can take a couple of years to crack and the Vendor community follows the strong password requirements. The truth is hackers are not trying to hack your password when it’s proven to be easier with Phishing, password sharing, a poor system design that leaves passwords stored on-site in text files, databases, browsers, and the actual code or email with no encryption.
Overall, the survey was good with positive trends to eliminating paper and touchpoints to process business. E-App for Term and other Simplified Issue products has strong adoption, Agent self-service portals have come online, Automatic Underwriting is rolling out quickly, and “I’ve got a guy” quoting is seeing investment from BGA IMOs and carriers. Vendors have new challenges too, integration. The world of cybersecurity and compliance is making it harder to align with vendor partners that have a mature cybersecurity regiment. The risk of integration is in competition with Users’ ease of use. For example, if you’re downstream of an SSO integration, how can I document that SSO complied with MFA, how can I document my TLS connect did connect securely, how did the Agent manage the information they electronically captured and sent to me, what are their safeguards. Distribution is making the change and the industry is prepared.