Project Description

Century-old Insurance Company Automates 100% of RCM with Onspring

A Regulatory Compliance Management Case Study

Gore Mutual Logo

OVERVIEW

Before Canada was even a nation, its preeminent property & casualty insurance company was up and running. Though proud of its legacy, in 2022 Gore Mutual Insurance Company knew it had to modernize its regulatory compliance management for the future—stat. With guidance from Tutela Solutions, this nearly 200-year-old business satisfied OSFI regulatory requirements and established holistic, enterprise compliance in a matter of months by creating unique automations in Onspring.

Profile

Company:
Gore Mutual Insurance

Industry:
Auto Insurance, Finance, Financial Services, Health Care, Life Insurance

Solutions:
Audit & Assurance
Contract Management
Controls & Compliance
Risk Management
Third-party / Vendor Risk

100%

automated RCM processes

25%

reduction in workload

For privacy reasons Vimeo needs your permission to be loaded.
I Accept

Challenge

As a federally regulated financial institution, the Office of the Superintendent of Financial Institutions (OSFI) expects Gore Mutual to implement a risk-based regulatory compliance management (RCM) program, focused on three core components:

  • Governance (program design)
  • Program Delivery (requirements identification, control design & implementation)
  • Program Assurance (control testing at both the business unit and compliance levels)
Gore Mutual RCM System - Governance, Delivery, Assurance

Since an effective regulatory compliance management (RCM) program requires whole-enterprise engagement, Gore Mutual was tasked with fostering meaningful relationships across more than 12 business units—ranging from finance to underwriting, human resources to technology, marketing to claims—all of which were required to comply with a varying number of legal and regulatory requirements. To add another layer of complexity, some of those requirements were in the process of being heavily scrutinized by Canadian regulators.

“We had spreadsheets for spreadsheets. It was very difficult to pull everything together into one picture because we had to look into six different spaces. We needed to operationalize.”

Sandra Malcolm Gore Mutual

Director, Compliance
Gore Mutual Insurance Company

While developing these relationships at the best of times can be challenging (since compliance functions are often seen as an organizational burden rather than innovation and value-add partner), the compliance team also knew that all of these business units were keenly focused on their own ambitious roadmaps that stretched resources to modernize their individual functions in accordance with the overall company transformation goals.

The team also recognized that their regulatory compliance management program was not only the cyclical nature (in that our federal regulator expects property and casualty insurance companies to undertake this cycle at least annually) but also the program’s core components mandated a significant level of effort from Business Unit Compliance Officers (BUCOs), including:

  • Requirement Identification – Identifying the regulatory and legal requirements applicable to their business unit, which vary across 13 provincial jurisdictions and require consideration given our ambition to become a national insurer.
  • Operational Controls – Identifying, designing, and implementing operational controls within their business unit that are responsive to the relevant regulatory requirements, plus evaluating their design. Testing the operational effectiveness of their identified and implemented operational controls.
Gore Mutual Regulatory Compliance Management Cycle

Given that their regulatory compliance management (RCM) program at the time of refresh consisted of more than 330 unique regulatory requirements and 294 compliance controls spanning more than 12 business units, Gore Mutual needed to embrace the challenge of making their RCM program not only accessible but efficient for their business partners. They looked to the Onspring platform as the key to their success.

Pain Points
  • Mandated OSFI program expectations

  • Evolving regulations & requirements

  • Missing visibility into current status of BU compliance

  • Significant level of effort for requirements identification

  • Time-intensive, cyclical evaluation of 330 unique regulatory requirements, 294 compliance controls spanning more than 12 business units

Solution

It became clear to the Gore Mutual team that they had two great opportunities to catapult efficiency and streamline a tedious process.

First, they wanted users to focus on unmet regulatory requirements assigned to their business unit. The team needed a way to visibly account for individual regulations and automatically notify BUCOs.

Regulatory Compliance Management Gore Mutual Solution 1

Second, they needed a way to inform the frequency of compliance control testing by the results of annual compliance risk assessment. For example, a high-risk control must be tested at a minimum of every 6 months, but ideally it would be tested quarterly.

Integrated Control Mapping Dashboard

Tackling the regulatory requirement identification process first, Gore Mutual dove into Onspring’s out-of-the-box compliance solution to relate regulatory requirements to controls.

Next, the team needed to create an alert to notify business units of their new and/or unmet regulatory requirements.

Enlisting the help of Tutela Solutions, Gore Mutual created a report and a corresponding dashboard to alert BUCOs to new and/or unmet regulatory requirements assigned to their business unit, which also seamlessly enabled the identification and documentation of a responsive control.

This automated process connected three applications:

  1. Regulation Information stores the specific regulations Gore Mutual is striving to satisfy.
  2. Organizations is where each of the Business Units are documented such as Claims, Marketing, Underwriting, etc.
  3. Controls houses the specific steps to adhere to the regulation documented per Business Unit.

To ensure all regulatory requirements assigned to Organizations were fulfilled by a corresponding Control, Gore Mutual created a Control Mapping dashboard with several reports utilizing formulas to detect any gaps.

Compliance Team View of Key Metric Dashboard

When gaps are identified, Organizations can update an existing Control or create a new Control to ensure alignment. This convenient visibility ensures Business Units have Controls documented for the Regulations they are required to meet—and Corporate Compliance has transparent status information.

Start Tour

Compliance Management in Onspring

See how automation can save 25% of your time when managing regulatory compliance.

Start Tour
Risk-based Compliance Control Testing

Gore Mutual knew that in order to meet regulatory expectations, all control testing needed to be risk-based and provide critical insights into the effectiveness of their RCM Program without overburdening business partners.

They began once again with Onspring’s out-of-the-box solutions to operationalize the risk assessment process by mapping to the Risk Register app easily enough. Then they customized the solution even further. In partnership with Tutela Solutions, Gore Mutual configured the entire process to inform the business unit control operation testing based on a frequency guided by the inherent risk assessment from the control’s underlying business process.

Risk-based Control Testing Frequency Matrix

Now, their automated regulatory compliance management program contemplates an Annual Compliance Risk Assessment, wherein each business unit considers the levels of inherent and residual risk of non-compliance within their core business unit processes.

Result: Automation in Onspring Accelerates Gore Mutual Compliance Vision

80%

RCM processes transformed with automation

0 min

Wait to view program monitoring & value-add contributions

25%

Workload reduced & burdensome processes eliminated

“When we started our journey to modernize Gore Mutual’s compliance function, we recognized and reveled in the opportunity to transform within a broader organizational transformation,” said Sonya Stark, Chief Compliance Officer for Gore Mutual.

Onspring’s innovative platform quickly delivered an automated regulatory compliance management solution that supported their team’s goal to be a data-driven, efficiently automated, value-add partner for the overall business.

Massive Efficiencies

The most critical need for Gore Mutual was to leverage a platform that could automate their entire RCM program their way and fast. In just a matter of months with Onspring, they completely automated 80% of the RCM program’s components, with the remaining 20% slated for later in the year. This has eliminated manual, burdensome processes for BUCOs, such as navigating endless spreadsheets, and has reduced their administrative workload by an estimated 25%.

Flexibility that Integrates the Enterprise

In their quest for Onspring, Gore Mutual found several solutions that were either too specialized, too slow or too rigid. Since implementation, they’ve greatly enhanced the visibility of their RCM program monitoring and reporting, with real-time insights and trending dashboards. This allows compliance to be seen in a new light, one that enables timely and value-add organizational contributions.

“Now we have our enterprise risk management team, our procurement team, internal audit, third-party vendor management and more coming into Onspring,” reiterates Sandra Malcolm, Director of Compliance. “Together, we leverage internal reporting and data sharing among all of us without the previous lag time and email chaos. It’s an amazing improvement.”

Want to explore more?

  • What is Governance, Risk and Compliance (GRC)? cover

What is Governance, Risk and Compliance (GRC)?

December 9, 2024|

Governance, Risk, and Compliance (GRC) is your all-in-one practice for operating your business safely and efficiently. Learn how integrated GRC can streamline operations, mitigate risks and ensure you stay compliant.