by Jon-Paul Hale
While signature-less processes have been a thing for one or two providers, we now have around half that will process policy changes without the need for signatures in some shape or form.
Before everyone piles in, I do appreciate I'm probably pissing into a tropical cyclone on this one.
Some things I don't have an issue with; changes to contact details and declines of CPI increases (before renewal), which make sense.
However, the rest of your policy admin as a FAP; it's questionable activity.
One of the most significant issues I have observed from complaints and issues over the last 25 years is the lack of clarity on what has been decided and what has been done, where a signature has been the key to proof in either direction.
Sure, tech has added email and email trails to the mix, but like scanned and emailed signatures, email isn't the bastion of security everyone thinks.
I've said previously that we need to get this signature bit sorted.
Wet signatures scanned and emailed haven't been secure for three decades; I've seen many examples of it not being secure over the years.
When it comes to trusting email, we have one profound assumption that is problematic: the person sending the email is the sole person with access to that email account.
Without two-factor authentication checks, we have no proof that the person behind the email is the person we believe them to be. It could be an unauthorised partner, another family member, or someone completely fraudulent.
The issue here isn't about when things are going well; it's about when they don't, and that should concern FAPs the most.
I know Resolution Life has some real challenges with this in their policy administration. Cases where related family members are attempting to withdraw funds from older people's WOL/Endowment plans without the policy owner knowing.
I've had a case where digital signature fraud, not using external signing services, has resulted in an insurer paying a life claim twice.
The issue here for FAPs sits around vulnerable clients.
For most of these, the insurer is too far removed to judge veracity, and advisers don't always know either.
Some will say, 'Where are the examples?' I've mentioned a couple.
To the point, providers are not looking for these issues. Thus, their data doesn't reflect what we, as advisers, see in the real world.
Not to mention, as advisers, if you're not looking for it or aware of the issues, you won't see them either.
Others, why is this a FAP problem?
It is a FAP problem where the FAP's people pass on communications and instructions that are compromised.
The insurers appear quite happy to accept the risk; they have deep pockets and can blame the FAP for allowing it.
Where does that leave the FAP and the unwitting adviser? Not indemnified by the insurer as a starting point!
Issues of lost benefits and redirected claims are the significant concerns.
Is the actual incidence rate low? Yeah, probably. However, we lack scope and data on the exact impact of this because no one is looking or collecting the data.
As they said about Covid, you don't have it if you don't test for it. Same thing with this.
I have examples of it being an issue, but I also can't quantify the industry risk.
A few examples of client situations of concern for FAPs:
Essentially, they are vulnerable clients, but the run-of-the-mill couple is also part of the risk issue here, as they typically lack the technical understanding of the issues. Frankly, most advisers don't understand this issue either!
I've lost track of the number of clients that have tried to sign for their partner before Covid. Post-Covid, with email, it's likely worse!
I haven't accepted them knowingly, but by the number that have tried it also suggests if I haven't witnessed it, it still possibly slipped through. This is a very significant concern.
You can say, well, he/she knows and allows it, so why is it our problem? Because it's a form of fraud, and any professional should never accept it.
This brings me back to 2FA digital signing systems should be the preferred approach to signatures by FAPs.
Three things FAPs should be doing right now around email address security:
At the end of the day, the risk here isn't likely to be hackers; they prefer access to cash in the form of bank accounts and credit cards, not life insurance policies.
The premise of the work advisers do is to ensure that financial support and wishes of the life assured are provided for when they cannot.
Why are we allowing changes to these plans with weakened controls when the client is likely in their most vulnerable position possible?
People in the vulnerable positions I've outlined typically do not want their policies changed, so why are we allowing potential bad actors (family members) to make changes?
I'm pretty sure it's for the convenience of the masses, not in a challenging or vulnerable position, forgetting why we are here in the first place.
Also, keep in mind that vulnerable and deceased clients typically don't complain; they're too busy focused on the life they have, or they're dead.
This means insurers will point to the non-existent issues I've discussed.
Don't be a FAP that takes the easy route; if you're genuinely here to make a difference and serve your clients, not protecting them at their most vulnerable should not be your standard operating process.
| « Service levels and transfer of workloads | Modern-Day demands of income protection » |
Special Offers
No comments yet
Sign In to add your comment
© Copyright 1997-2025 Tarawera Publishing Ltd. All Rights Reserved