Some definitions to start
The INSquary internet platform is available to subscribers who can have the profile of a “delegator” (such as an insurance company), or of a”delegatee“. The delegation may relate to activities (distribution, claims management, …) provided by subscribers who may have different statuses (registered broker, management delegatee, …). The subscriber can be “active“, when subscribing himself, or “passive“, when he benefits from the subscription contracted by an active subscriber. For example, an insurer takes out an (active) subscription and asks its (passive) delegatee partners to answer the questionnaires. Or, an (active) delegatee subscribes and gives access to his file to a (passive) insurance partner.
Relations between a delegator and a delegate can be formalized by one or more conventions.
The platform includes different levels of questionnaires:
- the identity questionnaire collects information regarding the identity and the general activity of the delegatee;
- the questionnaire on the convention collects information related to the bilateral relationship between the delegator and the delegatee;
- the compliance questionnaire comes from our library of about 250 questions. Each question in the compliance questionnaire has certain characteristics that make it possible to filter them, according to the responses provided by the Delegate to a pre-questionnaire:
- the domain (theme) of the question (General, Specialized Regulations, Management, Distribution, Information Systems, Internal Control);
- the nature of the delegated activities;
- the type of branches (P & C, Health, Life Insurance…);
- criticality: the questionnaire includes a “core” of about 50 “critical” questions (to be permanently filled in) and a series of complementary questions (which can be the subject of periodic campaigns, or at least to complete the “core” once its compliance is established).
The answer is usually yes or no. In some cases, an additional answer in the form of free text is possible. For some questions, a supporting document is expected that the delegate is invited to upload in a secure and confidential area on our site. The conformity of this document is the sole responsibility of the delegatee. All answers and attached documents constitute the delegatee’s file. Answers and documents have a valid start date and end date, most often corresponding to the current year. For issues identified as having an impact on compliance, a compliance score is assigned to the response function. Compliance scores are averaged across domains and subdomains.
The main features, then
- The new subscriber requests the creation of an account. “Passive” accounts are not subject to payment by the subscriber. “Active” accounts refer to a tariff formula.
- Subscribers with an “active” delegatee profile (without a delegator profile) pay online.
- The subscriber connects with an identifier and a password.
- The administrator creates the rights of the users.
- The “active” delegator can invite its delegatees to join the platforme through a “passive” subscription.
Management of the conventions
- The delegatee provides information on the agreement(s) that binds him to the delegator. This information is the subject of a compliance questionnaire, the answers of which are not accessible to the parties concerned.
Management of relations between the delegator and the delegatee
- A tab provides the history of the relationship between delegator and delegate.
- A degree of vigilance is assigned to the delegatee, fed either by the delegator on a case by case basis, or by the system according to certain criteria configurable by the delegator.
- The delegator can create subsets of delegatees with consistent characteristics to run a campaign: The system sends an email to the list of delegatees to ask them to answer a set of questions. The report of the campaign can feed into the report of internal control: number of delegatees controlled, volume of business, compliance rate …
Managing a delegator
- The “active” delegatee can invite a delegator with whom he is in contact and give him access to his file.
- Before the compliance questionnaire, a pre-questionnaire allows the user to filter the questions according to different criteria.
- After filtering, the delegatee has the opportunity to answer questions. A color code is used to identify questions based on whether the response is compliant, non-compliant, not answered, or expired.
- The delegatee can consult his compliance note by filtering the questions. The authorized delegator too.
Consultation of answers
- The delegator authorized to consult the file of the delegatee accesses the answers (to the different questionnaires: identity, convention, compliance) and to the justifying documents. He has the possibility to validate the answers and the documents (this validation is its own, it is not shared with the other delegatees).
- An authorized delegator may: download a file containing all the answers to the questionnaire (for retreatment and comparison purposes) formulated by one or more delegatee(s); download all or part of the documents that have been uploaded by one or more delegatee(s).
- The delegatee has the same possibility concerning the elements of his own file.
- Based on the findings of non-compliance, the system proposes to the delegatee an action plan that is completed and managed by the delegatee.
- Dashboards make it possible to visualize the situation of the subscriber with regard to the different services of the platform. In particular, they allow the delegatees to have an overview of the different types of delegatee, depending on the “gross” compliance score or the delegatee’s own vigilance indicator, with a view to facilitating decision-making adapted to the different levels of risks.
And a little technique to finish
INSquary is an application provided in “SaaS” (“Software As A Service”) mode: it is made available to users who have subscribed to the platform. Access is allowed via a simple internet connection, with any browser.
The necessary infrastructure (internet servers and database) is hosted by the provider OVH, on dedicated physical machines. The response times are optimal regardless of the situation and the number of users connected.
All servers are doubled to ensure continuity of service in case of failure of one of them. The database is replicated in real time to a backup database.
Security and confidentiality are ensured (encryption of client / server connections – HTTPS-, application authentication by role, fine access rights on access to GED documents, regular backup of the database and files, …).