| European
Solvency II Directive |
Requires insurance companies to: “…have in place internal controls that are adequate for the nature and scale of the business.” and: “…identify and assess the nature and the significance of the risks they face… manage these risks to provide reasonable assurance of maintaining the undertaking’s overall financial soundness”. |
Data collection
Analysis
Monitoring or tracking solutions
Risk identification applications Storage
Backup
Disaster Recovery
Data Mining
Business Intelligence |
Operational
Moving into implementation and IT
solutions demand. |
| EU
Data Protection Directive – 95/46/EC |
This directive covers the use of data held on private individuals within the EU. It mandates that data must be handled fairly and openly, limited to the purpose for which it was gathered, stored securely and limited in its distribution. Individuals have rights to access and redress for any inaccuracies.
This act is augmented by two other acts specific to the telecommunications and electronic communications sectors which look at the automatic gathering of data and its uses.
US companies can comply through the US “Safe Harbor”
scheme. |
Security
Database
Content Management
Storage
Backup
Disaster Recovery
CRM Systems
Document Management |
Operational
Operating and IT solutions emerging. |
| EU Electronic Data
Directive |
Requires Member states to allow filing of company records electronically. Additionally requires certain company particulars (e.g. registered address, registration number) to be all company documents, including electronic submissions, and on company websites. |
Updates to accounting packages, Data Storage and Data Management. |
Operational
IT systems being implemented. |
|
EU Working Time Directive |
EU legislation designed to prevent damage to the health of workers through working excessive hours. Effects all companies of all sizes, requires various collection of data. |
Data Storage
Data Management
CRM
Various Applications |
Operational
In operation and IT systems in procurement, usually adapting ERP HR system. |
| EU Audit
Directive |
A new Directive on statutory audit in the EU. Objectives are to ensure that investors and other interested parties can rely fully on the accuracy of audited accounts and to enhance the EU's protection against the type of scandals that recently occurred in companies such as Parmalat and Ahold. |
Information lifecycle management (ILM)
Storage
Archive
Disaster Recovery
Email Management
Email Content Audit
Database
Data Mining Tools
Risk Assessment and Management Tools
Point Solutions |
Deadline
Review under way. |
|
PCI
[Payment Card Industry] Data Security
Standard |
The PCI Data Security Standard is a set of comprehensive requirements for enhancing payment account data security. It was developed by the founding payment brands of the PCI Security Standards Council, including Visa, MasterCard, American Express, Discover Financial Services and JCB, to help facilitate the broad adoption of consistent data security measures on a global basis. |
The PCI DSS includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. This comprehensive standard is intended to help organisations proactively protect customer account data. |
Operational
Adopted and
IT infrastructure solutions being implemented. |
| Data
Protection Act |
Affects all companies, which must comply with the 8 enforceable principles of good practise in management of personal data. Takes precedence over FoI Act. |
Security
Data Management
CRM
Workflow
Document Management Systems |
Operational
Operational and demand for IT solutions as part of an integrated |
|
Financial Groups Directive (FGD) |
Financial Services Authority (FSA) aimed at “financial conglomerate” companies. The objective of the directive is to ensure the capital adequacy of such groups that straddle insurance, banking and investment. |
Data collection
Analysis
Monitoring or tracking solutions
Risk identification applications
Storage
Backup
Disaster recovery
Data mining
Business intelligence |
Operational
Operational and IT solutions review for integrated implementation with other compelling risk and compliance demands. |
| Depolarisation Instrument 2004 CP166 |
Removes the polarisation between ‘independent’ and ‘tied’ agents selling life and pensions insurance in the UK. This opens up possibilities for suppliers of these products to access new routes to market. |
Specialist
software aimed at Life and Pensions
sales and marketing; networking
hardware; possible in-store hardware for
retailers, networking systems. |
Operational
Reviewing implementation
deadlines. |
| The
Companies (Audit, Investigations and
Community Enterprise) Act |
The Act is designed to improve the reliability of financial reporting and reinforce auditor independence and auditor regulations. Includes the need to ensure disclosure of all relevant information to auditors, increased inspection with more detailed reports. |
Storage
Disaster Recovery
Database
Changes to accounting packages / software systems
Report Generators |
Operational |
|
Sarbanes-Oxley Act (SOX) |
Act (part of 2002, Sarbanes-Oxley Act) which
mandates that all auditing firms retain
records relevant to audits and reviews
also has significant implications on
companies’ IT resources. |
Document
Retention Systems
Email Management Systems
Content Management Storage Solutions |
Operational
SOX 404 deadline for non-accelerated filers and foreign private issuers in 2007 opening IT solutions for automated reporting including US owned off-shore corporations. |
ISO 20000
IT Service Management Standard |
ISO 20000 comprises two parts: ISO 20000-1 is the 'Specification for Service Management, and ISO 20000-2 is the 'Code of practice for Service Management'.
Together, these form a top-down framework to define the features of service management processes that are essential for the delivery of high quality services.
ISO 20,0000 allows IT organizations to formally certify their IT services, using ITIL [Information Technology Infrastructure Library] global best practice for IT service delivery. |
Security Management
Storage Management
Business Application Management
Server, Network & Device Management |
Operational
Rapidly adopted as the international standard for IT Service Management based upon ITIL based upon substantial TCO reduction as business case. |
|
ISO 27001
Information Security Standard |
ISO 27001 is the formal standard against which organizations may seek independent certification of their Information Security Management Systems to reduce businesses’ information security vulnerability. |
ERP solutions
IT Security Applications and services |
Operational
Rapidly being adopted worldwide as the
standard for business’ information
security. |
|
IAS (International Accounting Standards) |
International standards on accounting and the regulation of financial result calculation. Designed to improve transparency and represent a step towards a common global accounting standard. |
Enterprise
integration systems
Data gathering systems. |
Operational
The legislation will require significant
investment in appropriate systems to
facilitate internal reporting and data
gathering. |
|
International Association of Insurance Supervisors (IAIS)
– Draft Standard on disclosures
concerning investment performance and
risks |
Covers the scope of disclosures on financial performance and risk that insurers need to make on a timely basis, Works in concert with IASB rules where these are implemented in-country. |
Risk
analysis and monitoring
Database
Data monitoring
Communications
Specialist applications |
Potential
Reviewing implementation deadlines. |
|
Sandler
Review |
The review covers life insurance savings, pensions and investment funds, with the objective is to improve the efficiency of investment decision making and improve consumer returns by encouraging policy changes with the complete value chain including providers, intermediaries and links to consumers. |
Improved
integration of IT infrastructure in
support of lower operating costs and
improved service level to consumers |
Operational
Operational and IT solutions review for integrated implementation with other compelling risk and compliance demands. |
