NAIC MAR Compliance Solutions
Case Study - MetricStream offers a comprehensive GRC solution that addresses a wide range of health care regulations to reduce the overall cost of compliance management.
Published on: Mar 3, 2016
Transcripts - NAIC MAR Compliance Solutions
CASE STUDYMetricStream NAIC MAR COMPLIANCE SOLUTION FOR A HEALTH INSURANCE PROVIDER Customer The Insurance company is a leading provider of health insurance to large companies, small business- es, families and individuals in a US state. Overview As a leading health insurance provider, the client has a responsibility to conduct business with high ethical standards in compliance with regulations such as Medicare and Medicaid Compliance, Market Conduct Examinations, NAIC Model Audit Rule (NAIC MAR), Code of Conduct, OIG Corporate Integrity Agreements (CIA), HIPAA and Quality Accreditations . Uncompromising integrity to build trusted relationships with members and the communities it serves is of utmost importance to the client. Com-Customer pliance with all relevant regulations is mandatory for the client to maintain its leadership in corporateLEADING PROVIDER OF HEALTH INSURANCE governance standards and ethics.IN THE US With the US healthcare system undergoing a transition, several health insurance providers are advancing their Governance, Risk and Compliance (GRC) programs to manage their risk, streamlineBenefits internal audits and ensure compliance with multiple regulatory requirements and corporate policies. Several health plans, including some of the largest fellow affiliates of the client, recently selectedThe benefits the client derived after implementing MetricStream to respond to rapidly changing regulatory environment.MetricStream Compliance Management softwaresolution are manifold: Model Audit Rule (MAR) is the regulation on solvency and corporate governance developed by the National Association of Insurance Commissioners (NAIC). The regulation has come into effect forAssured compliance with NAIC MAR - With real- fiscal year 2010 for insurance companies, captive insurance companies, non-profit insurers andtime tracking and monitoring, the solution has helped health plans. The focus of NAIC MAR has been to maintain consumer protection and the strength andthe client to recognize and focus on diverse areas that solvency of the insurance industry.need attention based on their status of compliancewith NAIC guidelines. The solution has assisted theclient in documenting, tracking and reporting NAIC ChallengeModel Audit Rule (MAR) compliance initiatives at allorganizational levels. Increasing regulatory demands: With increasing regulatory demands from government for health insurers, the client recognized the need for a sound GRC technology architecture for sustaining compli-Readiness for future compliance requirements ance, preventing fraud and managing a wide array of risks.- By analyzing trends and risks based on frequencyof occurrence, identifying high-risk areas quickly, Managing diversified risks: Financial health of the client depends on several areas of risks suchdocumenting the scope of controls in a structured as investments, policy and claim reserves, premiums, payment of benefits, reinsurance, operatingmanner, identifying and testing controls, the client expenses and taxes. The client has control mechanisms to manage such risks. However, most riskscan now continuously monitor and improve the con-trol environment and support the changing regulatory and controls were not sufficiently documented and were not assessed periodically in a systematicrequirements. manner.Visibility and corrective action planning - Ongoing NAIC MAR Compliance Requirements: With the immediate goal of NAIC MAR compliance, the cli-structured reporting and communication with the ent needed to define responsibilities and document its financial risks and controls in a formal structuresenior management, along with the automation of for monitoring and reporting purposes.compliance management processes, has gained thestaff, senior managers and the board of directors ofthe client a clear visibility into the client’s risk and As the focus on accountability became stronger, the client needed to place even greater emphasis oncompliance activities. the interests of the policyholders, shareholders and employees. This required integrated and enter- prise-wide architecture for GRC for meticulous risk tracking and reporting.Using the MetricStream solution, the client has beenfulfilling insurance regulatory compliance require- As the business complexity increased, risk and compliance executives in the client sought better vis-ments and implementing effective strategies with reli- ibility and quick access to information which was difficult to collect, monitor and communicate. Theable control systems and corrective action activities senior management of the client needed to mandate the certification of the effectiveness of internalsuccessfully. control over financial reporting (ICFR), periodically.Cost saving - By standardizing the compliancemanagement processes, MetricStream has put into Automation: For Enterprise Risk Management (ERM) and compliance activities, the client was usingeffect a consistency across the organization and has free-form manual, paper-based processes and basic tools such as spreadsheets and e-mails. Automa-eradicated manual checks at multiple levels saving tion of these manual processes for effective control assessment and report creation was anotherthe client considerable costs. challenge the client was faced with. Absence of a single system of records for consolidating compliance processes and risk data was resulting in poor risk assessment and reporting. The client decided to invest in technology and implement MetricStream’s Enterprise GRC Platform to strengthen its ERM and compliance activities.
MetricStream SolutionWhy MetricStream With the impending effect of NAIC MAR, the client realized the cumbersome and unreliable nature of its risk assessment and reporting process. This acted as a key driver for the client to choose aIn its endeavor to brace itself for the forthcoming solution that would go a long way in successful management of its future compliance requirements.NAIC Model Audit Rule (MAR) compliance and To the client, this meant strong corporate governance in the areas of auditor independence, corporateresolve the issue of cumbersome manual reportingprocesses, the client examined several providers of governance and internal control over financial reporting.compliance solutions. The client needed to replace the existing free-form, manual processes with an integrated workflow- based risk and compliance management system. The client’s key criteria for the ideal solutionOn scrutinizing diverse solutions available in the included effective usability and ease of deployment. After weighing all options available in the market,market, the client zeroed in on MetricStream’s GRC the client selected MetricStream Compliance Management software solution.solution.The client recognized that MetricStream offers a com-prehensive GRC solution that addresses a wide range “With MetricStream’s role-based views that offer insights into core GRC processes and keyof regulations to reduce the overall cost of compli- metrics, real-time dashboards and reports, we can now track the status and trends relatingance management. The team found the MetricStream to key risk and compliance programs more effectively,” says the spokesperson of the client.solution easy to deploy, user-effective, configurable,scalable and secure. MetricStream Enterprise GRC Platform: The solution suite delivers a powerful combination of process automation, best-practices workflows, data integration, reporting, analytics and regulatory content. It provides a common framework and an integrated approach to manage all compliance requirements faced by the client. It enables a consistent compliance and controls processes across the enterprise, eliminating any deviations and errors as well as redundant activities. Streamlined processes allow the client to take direct responsibility for managing controls while auditors can focus on key compliance risks and project oversight. Risk Management: MetricStream deployed an integrated and flexible risk management framework for documenting and assessing risks, defining controls, managing audits, identifying issues and imple- menting recommendations and remediation plans. The risk management solution includes powerful tools for risk analysis and for monitoring such as configurable risk calculators and risk heat maps. Em- bedded content about risk management best practices helps the client define the scope of processes and sub-processes for which risk management needs to be performed and guides the development of control and test libraries. Implementation Approach: The implementation was carried out in a phased manner. With the objec- tive to support the client’s urgent compliance obligations, the project followed aggressive timelines throughout. Leveraging the product’s rich, out-of-the box functionality and application studio for obtaining configurations based on customer requirements, the MetricStream team successfully com- pleted the implementation, data migration and hardware provisioning in just five weeks.For more information, visitwww.metricstream.comCopyright 2011. All Rights Reserved.