Business
Insurtech for the Actuarial Profession: Powering Up Through the Cloud
Source: Finance Derivative
Authored by John Bowers, Actuarial Product Director, RNA Analytics
Actuarial modelling has gone through a series of notable phases throughout its history, defined for the most part by the technology platforms underpinning it at the time. Today, as insurers look for greater accuracy, flexibility and speed from their digital tools and ecosystems, the actuarial profession is once again being redefined, arguably fundamentally, by cloud computing.
Cloud-based services currently encompass software-as-a-service (SaaS), infrastructure-as-a-service (IaaS), and platform-as-a-service (PaaS). The majority of general business software in use today is delivered via the SaaS model, allowing end users to focus on their core activities whilst systems and updates are taken care of centrally. For actuaries, this heralds great change, whether they are working in the health, life, or property and casualty segments.
With the days of manual spreadsheets and complex legacy systems behind them, actuaries are already beginning to leverage new datapoints in ever more powerful ways – from exploiting data, artificial intelligence and machine learning for greater accuracy in reserving, ratemaking, pricing and capital modelling; to interrogating new input and statistics to help tackle changing dynamics in life and pensions; and better understand emerging risks such as ESG and even AI itself.
Drivers of innovation
As the Institute and Faculty of Actuaries points out in its presentation at the most recent GIRO Conference in November 2022, a number of internal, external and industry-specific drivers lie behind the current phase of actuarial modernisation. Internally, benefits include actionable insights, more efficient processes and enhanced controls; whilst externally, the scalable nature of cloud computing provides the advanced analytical team with greater access to data and analytics, where, and when they want. Today’s pay-as-you-go approach to cloud services means clients can easily scale resources when needed, and scale back down when not in use, with pricing that flexes accordingly.
Flexibility and cost savings aside, cloud is becoming critical to enabling the level of compute power that is needed to fully understand and make use of new and incredibly large datasets; and to remain competitive in the digital era. This shift paves the way for a level of innovation that the insurance industry has until now not fully leveraged – and, far from the notion that machines might replace people in their day-to-day roles, it’s a shift that promises to supercharge the value of the actuarial function and secure its worth and contribution a long way into the future. In order to make the most of the shift to the cloud, actuaries will necessarily need to continually invest in and hone their technology skills, such that they may keep pace with change, and they are able to retain both their attractiveness to prospective employers, and take advantage of the many benefits that the cloud can bring. By accessing software from the cloud, actuaries can also overcome the version control issues that arise when multiple versions of the software may be in use across the organisation – each with variations in underlying algorithms or sampling methodologies. The cloud is increasingly home to a growing number of APIs, supporting smoother connectivity, and thus enriching policyholder information with external data sets, in a secure fashion.
We are working in an era in which speed in a digital tool is no longer merely a ‘nice to have’, with expectations high and rising. The pressure to do more with less further builds the case for cloud deployments. In addition to faster and more advanced analytics, the cloud offers actuaries greater opportunities to benefit from collaboration through centralised processes. And, whilst an initial investment must be made, cost savings and benefits manifest quickly – something that all insurers are looking for in an era of tight margins; making informed decisions quickly makes both operational and strategic sense amid a highly competitive landscape, and against a challenging economic backdrop.
Regulatory demands
A cloud-first strategy is particularly well suited to larger companies looking to devise tailored approaches to resource ownership, and apportion – and monitor – visibility of those resources across the group’s subsidiaries. Meanwhile, smaller companies benefit from the scalability that cloud services offer.
Easily configurable, cloud solutions offer a level of functionality that meets the entire spectrum of actuarial workflow requirements, whilst providing oversight and control over user roles and permissions to help insurers meet the progressively complex demands of multiple regulatory and legislative requirements.
Solutions are being developed to respond to a raft of accounting, solvency and capital adequacy rules introduced across the global insurance industry in recent years – from Solvency II to IFRS 17, and ICS to the China Risk-Oriented Solvency System. The strength of these new software propositions lies in their ability to produce highly advanced reports, with visually impactful, custom dashboards featuring charts that are both informative and user-friendly.
The need to calculate and maintain precise and up-to-date mathematical reserves, to model different scenarios and assess the associated risks has led to a sharp uptick in investment in cloud-enabled infrastructure and advanced data analytics, as having the right data management framework and cloud strategy in place has become a top priority. According to a report published at the end of 2022 by Accenture, 60% of equity analysts say that cloud is one of the most important cost transformation levers for insurers today, whilst just 20% said it was a priority some 5 to 10 years ago.
It is our view that the transformation that cloud is generating today is one that is not only redefining the way the actuarial function operates, but also the value it can create for the successful insurer of tomorrow.
You may like
Business
The Power of Purpose in the Financial Services Industry
Source: Finance Derivative
Becky Willan, CEO and Co-Founder of Given
The Challenge
Banks and businesses in the financial services industry are coming under greater scrutiny for not only how they invest their money but, increasingly, who they invest it with.
In June, Barclays came under attack – quite literally, with 20 branches vandalised across the UK – over accusations of links to defence companies supplying Israel. This led to the suspension of their sponsorship of all Live Nation music festivals, and prompted the bank’s chief executive, CS Venkatakrishnan, to write an opinion piece in the Guardian about what he called “a campaign of disinformation against Barclays”.
Lloyds Banking Group is another high profile example after its AGM was disrupted by pro-Palestinian and climate activists in May. Two years ago the bank committed to end direct funding of new oil and gas exploration projects, but for some this does not go far enough, with the protesters demanding Lloyds divest from all fossil fuel and arms companies.
This comes amid growing concerns about the lack of sufficient capital to fund the transition from “grey to green”. As we have seen, financing projects from oil and gas companies, even if there’s a clear decarbonisation agenda, now comes with increasing reputational risk for banks. And yet we can’t achieve a low carbon economy without system-wide transformation.
The banking industry operates in a challenging space when it comes to navigating purpose, but do these institutions deserve the level of criticism we’re seeing in the media?
What we do know is that businesses operating in the sector need to have more clarity and focus around what their purpose is.
Our recent Purpose Gap Report revealed that over a quarter of respondents in the financial services industry (26%) are actively thinking about leaving their current job role due to their company’s failure to deliver on corporate purpose promises. This compares to a 13% average across all sectors looked at in the report. At twice the rate of dissatisfied employees, financial services appears to be lagging behind other industries.
Additionally, over half (56%) of consumers say it is important to them that their bank acts sustainably and/or ethically. It is therefore essential for businesses in the financial services industry to consider carefully their purpose and corporate values and ensure they align with the causes their stakeholders are passionate about.
Making this change, while important to the longevity of the institution, can be complicated to implement and investment decisions are not always clear-cut.
According to the same report, additional blockers cited by those in finance wishing to make positive change were among the following:
- It is too costly
- There is a lack of understanding across the business around potential positive impact
- It is not a business priority
- There is an overall lack of commitment from leadership
- There is a lack of integration of purpose within employees’ roles
A year on from the fallout of the Coutts / Nigel Farage scandal, which saw Dame Alison Rose step down from her position as NatWest’s chief executive, some are fearful of the risks associated with moving away from business as usual.
Widely reported at the time was Coutt’s internal memo that the Reform UK MP’s views were “at odds with our position as an inclusive organisation.” Whether this was about principles, or politics, the scandal brought purpose into the spotlight.
Missteps can happen in any walk of business, but we need to remember that purpose is about good business and strategic focus, not taking a moral high ground.
Adopting a purpose-driven business approach is also not in lieu of profitability – indeed it is essential. Profit without purpose is meaningless and purpose without profit is unsustainable.
The significance of profitability with purpose
The business case for purpose is now truly evident. Financial services organisations that contribute positively to a sustainable and inclusive future are simultaneously driving their own success.
A report by Deloitte last year found that most consumers agreed that a business’s commitment to sustainability affects their level of trust in the company. The study also suggests around a quarter of shoppers are willing to pay more for products that are more sustainable or committed to more ethical practices.
With investors, customers, and wider society increasingly demanding ethical, sustainable and positive actions from businesses, purpose-driven companies not only attract a wider, more impact-conscious group of stakeholders, but also see improved performance and greater resilience.
An Interbrand study found that purposeful brands, set on improving our quality of life, outperform the stock market by 120%.
Additionally, purpose-led brands attract and retain the best and most passionate employees, with EY reporting 84% of staff found it important to work for an organisation that positively impacts society.
A better way to bank
Nationwide is an example of a financial services model flourishing while helping change the world for the better. The building society has experienced year-on-year growth in the number of current accounts held since 2011, with a market share of 10.4% last year.
Boasting over 17 million customers, and a balance sheet of £272 billion, the institution celebrated its £2 billion profits earlier this year by offering a £100 profit share to each of its members under the Fairer Share initiative.
Additionally, the institution also donates 1% of pre-tax profits to charity, as part of its Fairer Futures initiative – a project developed alongside us at Given.
Led by its social purpose, Nationwide donates to partners working to combat homelessness; families living in poverty; and those suffering with dementia. Last year alone, charitable donations came to £15.5 million.
Asking the right questions
In the highly regulated financial services sector, boards of directors play a critical role in ensuring compliance with environmental, social, and governance (ESG) standards.
This extends beyond simple financial oversight to include the integration of ESG principles into the company’s goals and risk management frameworks, along with promoting ethical conduct and sustainability practices.
Board members will not find their questions answered by an aspirational turn of phrase about an organisation’s role in the world. Instead, purpose must be understood as a complete management strategy that is embedded into every part of an organisation. The right questions go beyond the ‘why’ to consider the ‘what’ and the ‘how’ too.
Businesses must create a space for learning, reflection and the idea that they can do better. Most boards regularly evaluate their effectiveness in governing a business. Not many look at this through the lens of purpose.
An annual “purpose stock-take” could ultimately be a valuable exercise ensuring that purpose really is embedded into the company culture and governance structure. It could involve asking the following five big questions:
- Are we satisfied with how much of our balance sheet is aligned with our purpose today?
- What are the biggest opportunities our purpose could unlock for our business?
- Would our different stakeholders recognise our purpose as more than simply words on a page?
- Are we clear on our “red lines” – the purpose promises we won’t break in pursuit of profit?
- When was the last time we challenged a decision on the grounds of our purpose?
Final Thoughts
Financial institutions are now being scrutinised more than ever, but there is more than just reputational risk at stake. There is one final question those in the sector should ask themselves: what risks are we exposed to by not clearly defining and living our purpose?
The repercussions here could be incredibly damaging to the overall health of a business: falling foul of regulation; reduced employee morale and productivity; lack of consumer and investor trust; lack of long-term growth and resilience.
This can be avoided if businesses take the time to define and embed their purpose and values, using them as a management approach to profitably solve problems of people and the planet.
Adopting a purpose-driven approach is a strategy that may seem daunting at first, but asking the right questions and implementing an open and collaborative approach is a step in the right direction.
Business
Why financial institutions must prioritise contact data quality if serious about fraud prevention
Source: Finance Derivative
By Barley Laing, the UK Managing Director at Melissa
According to Nasdaq’s 2024 Global Financial Crime Report $3.1 trillion of illicit funds flowed through the global financial system in 2023.
As a result, it’s not surprising that most in financial services are investing heavily in advanced ID verification technology to protect themselves from fraud and meet Know Your Customer (KYC) and Anti-Money Laundering (AML) regulatory standards.
However, to bolster their ID verification efforts they need to do more, and the best way is by improving customer contact data quality from the outset.
Why is contact data quality so important?
From our experience the quality of contact data is key to the effectiveness of ID processes, influencing everything from end-to-end fraud prevention to delivering simple ID checks; meaning more advanced and costly techniques, like biometrics and liveness authentication, may not be necessary.
When a customer’s contact information, such as name, address, email and phone number are accurate the verification process becomes more reliable. With this data ID verification technology can confidently cross-reference the provided information against official databases or other authoritative sources without discrepancies that could lead to false positives or negatives.
A big issue is that fraudsters often exploit inaccuracies in contact data to create false identities and manipulate existing ones. By maintaining clean and accurate contact data ID verification systems can more effectively detect suspicious activity and prevent fraud. For example, discrepancies in a user’s phone or email, or an address linked to multiple identities, could serve as a red flag for additional scrutiny. This basic capability is more important than ever as identity fraud becomes increasingly sophisticated.
Address verification is the foundation of contact data quality
Address verification – having a consistently accurate, standardised address – is usually recognised as the cornerstone of contact data quality. Once you have access to up-to-date customer addresses it makes it much easier to match and verify identities across multiple sources.
Therefore, verifying the accuracy and legitimacy of an individual’s address should be the first step in any identity related process, with any discrepancies between a claimed address and official records highlighting a potential fraudster.
By catching these inconsistencies early ID verification technology can help mitigate risks, ensuring only legitimate users are granted access to services, protecting both their business and customers from fraud.
Address verification also plays an important role in regulatory compliance, by ensuring that the address information provided meets KYC and AML regulatory standards.
Phone and email verification
As I’ve already touched on it’s not all about having an accurate address, the role of phone and email verification is also vital as part of a comprehensive ID verification process, and therefore in preventing fraud. Particularly when it comes to helping organisations to identify and mitigate possible fraudulent activity early on. Verifying all three contact channels together contributes to enhanced security by filtering out fake or high-risk contact information, improving the accuracy of the ID verification process.
Email verification involves analysing various factors such as the age and history of the email address, the domain and syntax, and whether the email is temporary. After all, new and poorly formatted email addresses are often tell-tale signs of fraudsters. Furthermore, the association of a single email with multiple accounts could highlight criminal activity. It’s only by checking if an email address exists and works, then examining those elements I’ve already mentioned, that organisations can identify possible high-risk indicators.
Phone verification is equally important in fraud detection. By verifying the type and carrier of the phone number, organisations can identify high risk numbers, such as those associated with VoIP services, which are commonly used in fraudulent activities.
Checking the validity, activity and geolocation of a phone number also ensures it’s not only functional, but consistent with the user’s claimed location. And like with email, a single phone number linked to multiple accounts can indicate fraudulent behaviour.
Deliver contact data accuracy with autocomplete / lookup tools
The best way to obtain accurate customer contact data is to use autocomplete or lookup services.
With an address autocomplete tool it’s possible to deliver accurate address data in real-time by providing a properly formatted, correct address at the onboarding stage, when the user starts to input theirs. Tools such as these are very important because around 20 per cent of addresses entered online contain errors; these include spelling mistakes, wrong house numbers, and incorrect postcodes, as well as incorrect email addresses and phone numbers, typically due to errors when typing contact information. Another benefit of the service is the number of keystrokes required when entering an address is cut by up to 81 per cent. This speeds up the onboarding process and improves the whole experience.
Similar technology can be used to deliver first point of contact verification across email and phone, so these important contact datasets can also be verified in real-time.
In summary
The success of ID verification technology, and therefore fraud prevention, hinges on the accuracy and quality of customer contact data. Having such data not only enhances fraud detection, but improves the user experience and operational efficiency. Financial institutions must make sure that data verification tools are used across address, email and phone, alongside their ID verification technology.
Business
Fortifying Email Security Beyond Microsoft
By Oliver Paterson, Director of Product Management, VIPRE Security Group
Most organisations today are Microsoft software houses. Microsoft 365 is the go-to productivity suite, offering comprehensive tools, flexible licensing, and built-in security features. Employees live and breathe in Outlook, and so many different technologies seamlessly integrate with this indispensable communication tool to deliver productivity gains to business professionals.
However, email-borne cyber threats continue to surge. Malware delivered via email is exponentially increasing. .eml attachments, which often get overlooked in phishing emails, are growing. Cybercriminals are resorting to email scams, alongside phishing emails, and with the arrival of generative AI technologies, users are increasingly finding it challenging to spot these “expertly” written, persuasive emails too.
The reason for this growth in email-led attacks? Cybercriminals are exploiting the ubiquity of Microsoft – and indeed our trust in the software. It is no wonder that today Microsoft is the most spoofed URL.
Microsoft, a software powerhouse, but not an email specialist
Microsoft is undeniably a technology powerhouse, but its primary focus or specialty isn’t email security. Historically centered on infrastructure, operating systems, and cloud services, email security is a small part of its vast ecosystem. For example, while the company offers features like SafeLinks and SafeAttachments to protect against phishing scams, these are often limited to the priciest licenses. As a result, many organisations aren’t able to benefit from the depth of functionality that is needed for robust email protection.
The shortcomings of Microsoft’s security tiers
Microsoft offers a range of security packages for its Microsoft 365 and Office 365 suites, from E1 and E3 to the premium E5. While this tiered approach allows organisations to tailor licenses to employee roles, it also introduces vulnerabilities. Higher-tier subscriptions like E5 provide advanced security, but they’re costly. Lower-tier licenses often lack critical protections against impersonation and zero-day threats—gaps that cybercriminals eagerly exploit.
Furthermore, Microsoft’s user caps (e.g., 300 users on Business Premium) sometimes can lead organisations to make risky compromises in pursuit of cost savings. This mix-and-match strategy can result in blind spots, as lower-tier subscriptions typically lack advanced threat visibility tools, hampering investigation and response times.
Configuration conundrums
The Microsoft security portal, while comprehensive, is also complex. Take Link Protection (aka Microsoft SafeLinks) as an example. This feature needs enabling in multiple locations, and with Microsoft’s routine updates, these settings can be moved, altered, or even disabled by default. Such inadvertent misconfigurations not only pose security risks but also burden IT teams with constant vigilance and reconfiguration.
Static intelligence versus real-time threats
Microsoft’s reliance on third-party security feeds means its threat intelligence is often outdated. The company’s vast and complex platform requires time-consuming updates, and with email security being just one part of its portfolio, critical updates may not always be prioritised. A delay of even a day or two is all a zero-day attack needs to succeed.
A layered approach to email security
So what can organisations do? In an era where a single email can cripple a business, firms need to bolster Microsoft 365’s standard security. By understanding its limitations and layering on specialised protection, organisations can fortify their email defenses, with additional, advanced security capabilities, without breaking the bank. Due to the relentless onslaught of threat actors, such caution is essential.
Capabilities such as Link Isolation and Sandboxing are vital today to protect against zero-day threats. Link Isolation renders malicious URLs harmless, while Sandboxing automatically isolates suspicious files in a virtual environment for safe analysis. These methods provide real-time monitoring and intelligence, enabling proactive defense.
No matter how advanced technology gets, it alone can’t solve everything. User awareness is key, and “in-the-moment” training trumps the typical periodic sessions for cybersecurity education. When users are immediately informed why an email or attachment was blocked, along with the telltale signs of malice, the lesson is more likely to stick.
Many organisations, and especially the smaller and growing firms, can’t afford top-tier Microsoft licenses for all employees or indeed maintain in-house IT teams to address the gaps in security capabilities. Partnering with third-party security services providers across different aspects of the function is a viable option as no single software or platform can provide all the security techniques and capabilities. This approach is not only more cost-effective but also provides the technological expertise needed for protection in today’s rapidly evolving threat landscape. Reducing reliance on a single security provider is an astute approach to minimising business risk.