Our South African short-term insurance industry is facing many challenges, including a stagnant economy that has suppressed the demand for insurance products, a weak rand that is driving up costs and perhaps more importantly new regulations like the Protection of Personal Information Act, the so-called POPI Act. According to Old Mutual Insure Head of Regulatory Risk & Compliance, Mohammed Patel, the insurance industry is not yet ready for the implementation of POPI and need to find creative ways to enable all role-players, especially intermediaries to prepare.
POPI is expected to affect the entire insurance industry, especially brokers, as the main repositories of most customer information. While certain sections of POPI have already started, the majority of POPI (especially the sections that create compliance requirements) will only start on a later date to be announced by the President.
Strong reliance on brokers
Mohammed explains: “As an industry, I don’t believe that we are all ready for the changes that POPI will bring. One has to remember that our insurance industry have direct and intermediated offerings. When following an intermediated model, there is a strong reliance on intermediaries as third parties to process data and herein lies the possible weaknesses.”
Therefore, Old Mutual Insure has a Third Party Management Framework, which assists intermediaries to understand the requirements and to provide tools that will help meet these requirements.
Insurers rely on intermediaries to ensure the integrity and protection of mutual customer information, and on procurement partners to deliver services on their behalf. This necessitates the exchange of information.
Patel added: “We have to ready ourselves as an industry for the benefit of our customers throughout the value chain of the insurance lifecycle.”
According to Patel, the length of time it has taken government to approve and implement POPI in full has directly affected the industry’s state of readiness.
He explained: “I don’t think the industry has taken POPI seriously enough. This is most likely due to the amount of time it has taken to approve the regulations and appoint the Information Protection Regulator.
Patel understands that, for most intermediaries, it is easy to feel overwhelmed regarding the full implementation of POPI. He urges intermediaries to remember that the general principles around the compliance of POPI are not different from principles that would ordinarily guide good business behaviour and to connect with M&F to benefit from the Third Party Management Framework.
He concluded: “If you’re a business guided by ethical decision making in providing your customers with services that they need, then POPI will be easy to comply with. I suggest that you use the services of someone who will be able to understand your business processes in terms of what needs to be demonstrated for POPI compliance, and help you understand what needs to be done to comply if there are any gaps.”