050: Reg Tech: If You Don’t Like the Cost of Compliance, Try Non-Compliance!

Steve Glisky:

Welcome to the paperless productivity podcast. Where we have experts give you the insights, know-how and resources to help you transform your workplace from paper to digital, while making your work life better at the same time.

Toni Smith:

Thanks for joining us today. My name is Toni Smith, and I’m going to be your host. Today we’re going to talk about Reg Tech, which is an abbreviation for regulatory technology. We’ll discuss what it is, why it’s important, and then we’re going to dive into some of the unique Reg Tech features of On Base, which can be used to help your organization achieve compliance easier. I have two special guests with me from Hyland today. The first one is Jeff Heigert. He’s the Senior Customer Advisor for insurance. Jeff, do you want to tell us a little bit about yourself?

Jeff Heigert:

Sure, Toni. Again, thanks for me having me on. I always look forward to doing podcasts with Image Soft. Yeah, Jeff Heigert, Senior Customer Advisor for the insurance vertical here at Hyland. I have been in the insurance space for pretty much all my career as an adult, 25 plus years of experience, in pretty much all lines of business.

Jeff Heigert:

My role at Hyland really is to provide the industry expert, or industry subject matter expertise to our sales organization, our product development team, our professional services, and really any aspect of Hyland and our partners that are creating solutions and solving problems in the insurance space. So looking forward to the conversation on Reg Tech, it’s a hot topic and hopefully add some value to your customers.

Toni Smith:

Thank you. Then the second guest we have is Chad Kerns. He’s the Product Manager for Financial Services and Insurance. Chad, you want to tell us a little bit about yourself?

Chad Kerns:

Sure. Thank you. As Jeff said, glad to be here today on the podcast. I’m the Product Manager for financial services and insurance at Hyland. I have the product strategy, product direction, which projects we go do, as it relates to both financial services and insurance. I’ve spent the majority of my career on the financial services side. I team up with Jeff quite frequently on the insurance side, as we work through which solutions to take to market, which products need feature function enhancement, and those types of things. So once again, looking forward to today’s podcast.

Toni Smith:

Awesome. Well welcome, Jeff and Chad. Let’s just get started. Jeff, maybe you could get the ball rolling and start the conversation by explaining what Reg Tech is and why it’s such a hot topic today and why we’re hearing it every time we talk to insurance companies?

Jeff Heigert:

Sure. Well, as you alluded in the introduction, Reg Tech is short for regulatory technology. So Reg Tech is really any technology that is applied to assist in the management of regulatory or processes that are governed by some sort of regulatory agency. It crosses a lot of different industries and verticals and business processes. I think we’ll talk a little bit here in just a few minutes. Generally speaking, that’s what Reg Tech is. It’s using technology to solve the challenges associated with managing compliance and managing regulatory issues and regulatory challenges. It has really become an important thing, not just recently, but over years.

Jeff Heigert:

There was a paper that came out by FIS. It was put out in 2019 that talks about over 750 regulatory bodies across the globe. Then they produce over 2,500 rule books related to compliance. If you do some quick math, that estimates to around 200 daily regulatory alerts that are published around the world, and companies are just spending millions, if not billions of dollars every year to manage that compliance and to keep up with it and to make sure that they’re meeting the regulatory obligations.

Jeff Heigert:

Ernst & Young actually estimated that financial services institutions dedicate around 4% of their annual revenue to comply with regulations. It’s a very costly endeavor, but at the same time, someone once said, if you don’t like the cost of compliance, try non-compliance. That’s really what’s driving and influencing the Reg Tech industry today, is the cost of non-compliance is far outweighing the cost of implementing technology and processes and procedures that help ensure compliance.

Toni Smith:

Awesome. Can you tell us what kinds of industries and what business processes can benefit from looking at maybe a Reg Tech solution?

Jeff Heigert:

Sure. Reg Tech admittedly got its start in the financial services space. That was banking institutions, wealth management firms, organizations that were dealing with the exchange of money or, a lot of individuals, financial information, and so there was a lot of regulations around how those transactions were conducted. And as those companies got benefits from solving those challenges with technology, other industries started looking at it. That’s where life and annuity, insurance companies, property and casualty insurance companies, non-traditional financial services companies like companies that focus on loans and mortgages and really many other industries outside of the financial sector.

Jeff Heigert:

Any process that has a regulatory element to it, such as how long you have the process or document or execute a transaction. How long you keep documents. How you manage and store people’s data and their information. Especially in the financial services space, there’s elements around being able to know your customer, right. Knowing where the money is coming from when they invest in a particular insurance product or policy. A lot of anti-money laundering and suitability reviews. There’s just all kinds of situations inside of the financial services space, but even outside of financial services, like I said, any process that is managing an individual or a customer’s documents, data and information, there are usually regulatory statements and regulations around how that information is used and shared and kept, and ultimately discarded. That’s where Reg Tech comes in, is solving those types of challenges.

Toni Smith:

Got it. So you already hinted or given us some of the benefits, but can you just summarize the key benefits for insurance companies and how they’re achieving that by implementing a Reg Tech solution?

Jeff Heigert:

Sure. Well, I mean first and foremost, but the benefit is greatly reducing the risk of non-compliance. That’s the forefront of why companies are looking at Reg Tech solutions. But really those stem from a few different, they manifest themselves in a few different ways, right? One is reducing the costs and expenses associated with maintaining compliance. That’s resource allocation, that’s time and energy of double checking work and all the added expenses of just making sure that your processes are executed and within compliance of the regulatory requirement. There’s one benefit, right?

Jeff Heigert:

Being able to take your resources and allow them to work on other functions or other aspects of your process that are maybe more customer friendly or more customer facing. Taking some of the workers that might be doing more manual tasks around making sure things are compliant, being able to reallocate them to doing things that are focused more on customer satisfaction, or customer interaction, customer engagement.

Jeff Heigert:

There’s also the opportunity to reallocate some of your capital resources. The money that you might’ve been spending on compliance related items, right. If you’re able to streamline and automate some of that through Reg Tech, then maybe those capital resources can be reallocated to other projects and other initiatives that might’ve been put on hold in order to accomplish some of the compliance related things. It’s not a secret that finding the right talent, right? Insurance companies are looking for individuals who not only know compliance and know regulations of their industry, but also know the insurance space. That could be a difficult resource to find.

Jeff Heigert:

Using technology to manage some of those things can help resolve a lot of recruiting and talent gaps that organizations may face. All of those are just kind of ways where companies can get some benefits, but ultimately it’s really around just how can we help customers reduce the risk of being non-compliant?

Toni Smith:

Well, those are definitely some great benefits that I’m sure every insurance company could, I hate to say benefit, but benefits from, so, thanks. Thanks for covering those for us. Would you have any examples or customer stories that you could share that would hit home to some of these people?

Jeff Heigert:

Yeah. I can probably share some anecdotal stories. I know when COVID first started at the beginning of the year and the pandemic was restarting and businesses were starting to lock down, people were working from home, the interest rates really plummeted. We have a number of customers that are in the mortgage space. As a result of that, the amount of individuals who were looking to refinance their home and take advantage of the low interest rates really skyrocketed. So we had customers that really needed help with ‘how do we manage the compliance’ and all the regulations around the mortgage process or a loan origination process. That was one aspect where we were able to provide some help to our customers.

Jeff Heigert:

We’ve had insurance organizations that similarly are using some of our technology to better manage new applications or claims, right? So when those things are submitted, there are very state specific regulations around how long they have to acknowledge receipt of an application, or have a claim, how many days or weeks they have to respond to it. The language they can use when asking medical questions and things of that nature. So we’ve got insurance companies that use some of our out of the box capabilities, as well as some of our more advanced solutions to help manage the submission of a new application, or taking a first notice of loss and applying some logic to make sure that those things are processed in compliance.

Jeff Heigert:

I think Chad will take some time to dive a little bit deeper into some of the capabilities and features and functionality that we have from the Hyland side, but those are just a couple that come to mind.

Toni Smith:

Good. Those were a good couple to share with us. Thank you. Jeff, what kind of Reg Tech solutions does Hyland offer? Can you summarize that for us?

Jeff Heigert:

Well, I think I’ll let Chad maybe dive into that. We have, what we call out of the box capabilities. So these are just what I would consider, configuration options that are inside of the On Base platform that allow customers to configure their system in a compliant manner. We also have some other solutions that are add on packages or add on modules that are optional for customers to purchase if they have a specific need for it. Chad, why don’t you walk us through maybe some examples of each of those two different types of Reg Tech solutions, Hyland offers.

Chad Kerns:

Sure, I’ll mention a few. I think to Jeff’s point, what I’m going to talk about initially here, I’ll give you just a few examples of what I would call really just good old Hyland’s capabilities that probably have never really been viewed as compliance and/or regulatory or Reg Tech. Some of them have been around for a while.

Chad Kerns:

I’m going to mention one to start with. It’s a little bit new and, and I’m talking about multi-factor authentication. A lot of people are probably familiar with multi-factor authentication from the standpoint of when you log into your online banking system, quite frequently they ask for a second piece of authentication besides just your user code. That’s really what we’re talking about here, but it’s something that can now be implemented as part of our identity management system. That’s something relatively new, but it’s another way to just make data more secure, access to that data more secure for your internal employees.

Chad Kerns:

Another one that I think has been around a pretty long time from an On Base perspective, but probably hasn’t been viewed in the Reg Tech light, if you will, would be document and disk group encryption. Document encryption is really the ability to encrypt what most people refer to as data in transit. As documents are archived, as documents are retrieved or searched for, the data that’s going with those and the message itself gets encrypted so that people can’t access that message. Then there’s the disk group encryption, which is really what most people refer to as data at rest. So that’s the ability to encrypt disk groups. Again it’s just making it much more difficult for anyone to access data and information that they really shouldn’t have access to.

Chad Kerns:

A couple others that are pretty simple, but they’re really effective in terms of what they do, that’s what we call document redaction. That’s the ability to black out certain aspects of a given document so that they can’t be seen. You may have an individual that needs to see a particular document, but you don’t really want that employee necessarily to see the applicant’s social security number, or the customer’s social security number. On those particular documents you can redact or black out that social security number, so it’s not visible to the employee, but the employee still has the ability to see the form or the document which they need or may need for their job.

Chad Kerns:

There’s also online viewing identity protection, which is very similar to the redaction, but it’s the ability to black out certain aspects. For instance, if someone was in their application online and pulled up a check, you could black out the name and address, R T (Routing and Transit) number and account number so that you protect that customer from the good old, look over your shoulder and get information that you shouldn’t while they’re looking at that in any public location. So again, a very simple way to protect that customer data. Then lastly, I’m sure a lot of you probably use security keywords. Just another way to lock down or limit access to particular documents and keep that information out of the wrong people’s hands. I think most of those, actually, all of those probably fall into digital identity from a Reg Tech bucket perspective, and really the ability to protect that digital identity, whether that be customer data within the organization or for employees.

Chad Kerns:

So those are the ones I would call, that Jeff referred to as configurable, I call, good old on base functionality. There are some other actual solutions. They would be what I would call add on modules if you will, which are also very Reg Tech appropriate. Probably weren’t viewed that way in some cases when that particular solution was built, but really does apply. One of those is, I would like to say formerly known as DKT, it’s still not document knowledge transfer, but I like to refer to it as policy and procedure acknowledgement. I do that on purpose because in the Reg Tech space, that’s a category where they’re looking at document compliance and the ability to monitor and acknowledge policies and really it does a fantastic job of that. It allows you to configure groups of people to see specific documents. It allows you to push those policies and procedures out to either individuals or those groups that you set up. It also does allow you to set up timeframes for review and acknowledgement, and then notifications when the employee doesn’t get it done on time, or doesn’t acknowledge that they’ve read that policy.

Chad Kerns:

It’s very easy for management to see that they need to follow up with this set of employee. So it really does a good job of that policy and procedure management, and of course we track all of that within the database, so that information is also available from that aspect.

Chad Kerns:

The other one that we recently focused upon, and this one’s probably one that would fall into the ‘everybody kind of realizes it’s a compliance thing, as long as it’s been out there’, but that’s our document retention module. The document retention itself has been around obviously for quite some time. That’s our ability to really just to delete documents, or remove those, destroy them, digitally destroy them on the timeframe that they should be destroyed. Whether that’s an account change form, whether that’s a claim form, whatever type of document it is, you can set those rules and apply them and that document gets deleted.

Chad Kerns:

There’s also the ability to apply exceptions to that. So if it would happen to be that you’re in the middle of some sort of a subpoena process or something and that document was set up to be deleted, you can put an exception on it until you’re finished with that process. It won’t get deleted automated at that point, when you remove the exception and basically say, I’m done with the process, then it will allow those to be deleted. So litigation, legal holds, subpoenas audits, those types of things, it just has the ability built into it to handle those types of exceptions. The challenge, I’ll be honest, the challenge and what we heard from customers around document retention was figuring out the rules. You need to understand and then set the rules around document retention and when those documents can be deleted in order to be in compliance. That was really the challenge, is to figure that out.

Chad Kerns:

We’ve actually added a component to the solution and we now call that entire solution governance rules as a service, or as we like to refer to it as GRAS. Really what governance rules of a service does is solve the issue of the rules around documents. We actually partnered with a company called Iron Mountain and they have a product on their side called policy center. What policy center is, is really behind the scenes, it’s an army of lawyers that figure out all the rules and they figure them out for virtually any kind of document. I think their jurisdictions, as they’re referred to, would be 160 countries across the globe. They’re in virtually every industry, but they figure out those rules and then those rules get put into Iron Mountain policy center. What we have done, is build a connector to policy center. We basically go out, pull the rules out of policy center and put them into retention and automate that entire process, then retention does what it’s good, which is just digitally destroy the document.

Chad Kerns:

That’s a relatively new solution. It really went to market late last year, but I think it’s a really good example of Reg Tech and taking advantage of technology, as well as ensuring I’m not out of compliance. What’s putting more risk on the institution around having documents that you shouldn’t have.

Chad Kerns:

Then the last one I’ll I’ll discuss is what we call document tracking. Document tracking is really the ability to configure any kind of required sets of documents on whatever type of transaction. So you think about maybe it’s new business underwriting, maybe it’s a death, could be a mortgage loan. I mean, really you can configure any set of documents that you need and then document tracking does a real-time tracking of those documents as they come into the system. It just automatically goes out there and looks and says, do I have these, do I have these, do I have them all? And it’ll also then notify your staff if you’re missing documents. So whether that could be delivery receipts, maybe it’s a W2, maybe it’s a tax form, whatever happens to be in that configured group of documents, if they’re not there, document tracking will notify somebody.

Chad Kerns:

It also has the ability, as part of that process, that if you would have to have an exception where maybe I don’t require a specific document for a particular customer, for whatever reason, you can mark that, as well as, you can add individual ad hoc documents that I may need in a given situation. So very flexible, does a really good job of tracking everything. It doesn’t really stop with the initial, ‘do I have all the documents I’m supposed to have’? It really manages the life cycle. What I mean by that is, if you have recurring documents, that could be a financial statement as an example. Next year, I need to refresh that. Well, we keep track of that. We notify you when that financial statement is coming due, which allows you to then reach out to the customer and get the updated documents.

Chad Kerns:

It really does give you the ability to manage that whole life cycle. I think it’s another good example of a solution. That’s a work view, workflow based solution. Some of you may already have those tools. So it’s going to be a really easy learning process to use it. But I think it’s another example of using existing Hyland technology to focus on regulations and compliance.

Toni Smith:

This has been great. This is our final question for today’s podcast. I just love how you showed how you can leverage existing technology they already own today and can make it work and help with some of their RegTech solutions. Jeff and Chad, I wanted to thank you for joining me today and sharing your experience and expertise. It’s been a great discussion.   And for our listeners, I want to say we appreciate you for downloading the podcast and thank you. And make it a great day! 

Steve Glisky:

Thanks again for joining us on this podcast. To learn more about Image Soft, please visit imagesoftinc.com that’s ImageSoftI-N-C.com. If you haven’t already done so, be sure to subscribe to Paperless Productivity, where we tackle some of the biggest paper-based pain points facing organizations today. We’ll see you next time.