We have started taking steps to accommodate the requirements in the Personal Data Protection Bill: Ameet Das, Ageas Federal Life Insurance
With a Data Protection Authority being setup, the company expects a number of regulatory compliance requirements & reporting to be put in place. With the existing setup, Ageas Federal Life Insurance expects to be able to manage the proposed compliance requirements immediately
Ageas Federal Life Insurance is currently running a major digitally enabled business transformation programme. EC speaks with Ameet Das, Chief Technology Officer, Ageas Federal Life Insurance
Edited Excerpts :
How are you looking forward to the Personal Data Protection Bill and the impact? Are you in any way whatsoever preparing for the supposed changes, so that you can effect the changes in the bill faster?
We, as an organisation, are aligned to the philosophy behind the Personal Data Protection Bill (PDP). Customer Data is at the forefront of our business. We have always been very stringent in terms of managing any customer data, with a strong InfoSec policy in place. We have already started working on implementing security safeguards including data encryption, whenever there is a transfer of data involved, to ensure that there is no misuse. The processes are also built in to ensure that there is customer consent involved wherever any information is sought.
With a Data Protection Authority being setup, we would expect a number of regulatory compliance requirements & reporting to be put in place. With our existing setup, we expect to be able to manage the proposed compliance requirements immediately.
While most of our applications are currently deployed on premise, we have also started taking measured steps towards adopting cloud for some of our applications. As a first step, we have moved our mail platform to the cloud. These deployments would align with all the regulatory framework required for cloud computing in India, including having data hosted in India.
We have a robust InfoSec policy in place, which ensures vulnerability assessment is carried out for all applications, particularly the ones that manage sensitive customer data. Controls and security measures are put in place on the basis of these VAPT observations. We also have a grievance redressal mechanism in place to address any grievances from the customer.
Which are some of the major regulatory and systemic developments in the last couple of years that have impacted the insurance industry and as a result how Digital and technology runs the business functions?
Data governance has become an important aspect while moving towards digitization. The applications as well as IT infrastructure governance mechanisms have gained significance with the regulator introducing significant guidelines and control requirements. With the pandemic impacting the mode of carrying out business, the regulator has laid out stringent norms and practises to ensure security of applications and infrastructure against any external cyber-attacks or malware. VAPT of all applications and IT infrastructure are required to be carried out twice a year, ensuring there is no lapse in terms of data as well as application security.
With AI/ML making significant progress in terms of usage within the insurance industry, data has started playing a much more significant role for business. The AI/ML models leverage the cloud infrastructure much better than on-premise infrastructure. Insurance companies have also started investing more time & effort in digital sources of business, moving slowly from the traditional modes. A lot of new solutions are based on SaaS models, with the applications being hosted on cloud with pay-per-use options. This has also shifted the paradigm in terms of how insurance companies have started looking at newer applications & investments. Companies have already initiated the process of identifying and moving non-critical applications to the cloud, to leverage the cloud infrastructure. The process of shifting even critical applications managing customer data to the cloud may also get more acceptance in the near future.
Your majority shareholder, Ageas is a Belgian company. What are the kind of suggestions you get from your Belgian counterpart in terms of tech and digital adoption?
Ageas supports us in decision-making whenever we seek such help. They have a regional set-up at Hong Kong for Asia-specific queries and a dedicated Group IT team at Brussels to support group companies across the globe. The biggest advantage of using the Ageas knowledge base is that it includes international experiences from which we can pick and choose what is most relevant for our organisation. Further, they have group level tie-ups with large partners. Various group companies can reach out to the Group IT team to benefit from the terms and conditions negotiated at a group level. Our most recent experience was the migration of our email platform to cloud where we benefited from such a tie-up at the Group level.
The Ageas team is part of the Governance Committee for the IT & Digital function and helps guide us through our roadmap.
As far as the Life and the overall insurance Industry is concerned, what’s on the mind of the top management and how do you always keep your priorities in tandem to what their expectations are from your office?
The IT and Digital team at AFLI uses four parameters to evaluate any new project – Business Enhancement, Better Efficiency, Better Customer Experience, and Regulatory requirement. Further, we believe that buy-in from the end users is one of the most important parameters to ensure adoption of projects and initiatives that we implement. Given the money and time, projects are not very difficult to implement. However, adoption is the most critical measure of success and is dependent on user buy-in. If the user is not interested, there is no point in wasting time and money.
The team also works as a facilitator to inform the top management about the latest technology and digital enhancements in the industry, so that an informed decision can be made about whether to implement the same or not.
If you have an interesting article / experience / case study to share, please get in touch with us at [email protected]