Putting PoPI in Context
The Protection of Personal Information (PoPI) Act primarily governs the way personal information is collected, retained, used, disseminated, and deleted. There is little doubt that PoPI compliance will be a major challenge for South African insurers, who will have to change the way they store, handle, process, and report on breaches of their customers’ personal information. PoPI compliance involves capturing the minimum required personal information, ensuring its accuracy and security, and removing information that is no longer required.
Post-PoPI Insurance Challenges
The potential of large nes and resultant bad publicity for those who are non-compliant with PoPI could badly damage insurers’ reputation and share price. However, complying with PoPI is dif cult given the complex spaghetti of administrative, customer, and data systems, not to mention manual processes, that many large-scale insurers possess. Remeber that most customers’ personal information is stored in policy administration systems and many insurers have multiple instances of such systems. Challenges include:
- The Multiple Legacy System Headache – many older systems don’t have a ‘delete client data button’, and either special routines will have to be built, or a manual approach taken.
- The Regulatory Paradox – PoPI requires insurers to reduce the volume of personal information they hold and retain,but regulators are generally requiring insurers to retain more customer data, to identify anti-money laundering, fraud, terrorist funds (FICA), etc.
- Dif culty of Tracking Third Parties – insurers who offer customers access to their data via self-service capabilities and give third parties access must be able to track whenever and wherever personal data has been accessed, no matter the channel.
Challenges Create Opportunities
Despite the headaches that PoPI will undoubtedly create, there are some potential bene ts. Many insurers have a signi cant number of long-term policy holders who have been largely forgotten, especially considering insurers’ low customer-touch levels. PoPI might be the mandatory nudge that gives insurers the opportunity to re-establish communication and start to build a meaningful customer relationship. Insurers can also leverage their renewed connection to sell innovative services, creating new revenue opportunities. After all, it’s a much bigger investment to gain a new customer than it is to expand a relationship with an existing one.
Powering Past PoPI
Insurers will have to adapt their core administrative and CRM systems and processes for PoPI compliance in one of two ways. The rst approach is for insurers to use in-house or outsourced IT professionals to adapt their current core and data systems for compliance. This is not necessarily a quick x and could easily cost major insurers millions, with no guarantee of success.
An alternative approach is to take the same budget required for an in-house solution and invest in a new, modern core system(s), pre-designed to comply with PoPI requirements and integrated with a PoPI digital platform. In addition to automated compliance capabilities, this approach offers enriched functionality that can enhance an insurer’s business model by touching almost every aspect of the business. With customers demanding a vastly improved user experience, this may be the only option for some insurers.
To achieve this, insurers require a digital platform coupled and pre-integrated with a modern policy administration system (PAS). Such a combination could not only reduce long-term costs, but also provide a platform to introduce new innovative products and services.
For additional information, please check out our white paper, PoPI Challenges and Solutions for South African Insurers,
or schedule a meeting with Sapiens.