JASMA

Why resolutions matter in insurance (yes, really)

Insurance runs on trusttrust that the policy will respond, that the claim will be handled fairly, and that customers won’t need
an advanced degree in policy language to understand what they bought. When trust dips, retention suffers, complaints rise,
and regulators pay closer attention. Meanwhile, loss costs don’t wait patiently for your modernization roadmap to catch up.

The good news: insurers have powerful levers. Small changes to communication, security hygiene, model governance, and risk mitigation
can create outsized improvements in customer satisfaction and operational performance. The trick is choosing resolutions that are
concrete enough to executethen actually executing them past February.

Resolution #1: Make insurance feel easier than ordering takeout

Customers don’t wake up hoping to interact with their insurer. They interact because something went wrongan accident, a leak,
a stolen catalytic converter, a hospital bill that looks like it was priced by a roulette wheel. The job isn’t to “delight” them.
The job is to reduce stress and restore normal life.

What “game-changing” looks like

• Proactive claim updates: clear milestones, realistic timelines, and a simple “what happens next” message after each step.
• Plain-English coverage explanations: not just the denial/approval, but the whywithout legalese cosplay.
• Omnichannel that’s actually connected: if a customer starts online, the phone rep shouldn’t ask them to repeat everything.
• Human help on demand: automation should shorten time-to-help, not create a chatbot maze.

Specific examples insurers can implement this quarter

• “Two taps” claim status: a claim timeline page with dates, next actions, and document needs. No login gymnastics.
• Appointment windows that respect reality: give customers choice (even if limited), then confirm via text/email with a calendar link.
• Policyholder-friendly summaries: a one-page “What this policy does” overview for key coverages (auto, homeowners, renters),
  updated at renewal and easy to find.

A quiet truth in insurance: people can forgive a lot if they feel informed and treated fairly. They forgive much less when the
process feels like it’s designed to wear them down. Make it easy, and you’ll reduce inbound calls, rework, and escalationswhile
improving sentiment. Everyone wins, including your call center’s collective blood pressure.

Resolution #2: Run cybersecurity like it’s a balance sheet issuebecause it is

Insurers are data-rich by nature: identity details, health information, financial information, claim files, repair estimates,
photos, and sometimes enough personal information to accidentally qualify as someone’s long-lost relative.
That makes insurance a high-value target. And because the industry relies heavily on third-party vendors (claims platforms, analytics,
call centers, cloud services), security is only as strong as the least-controlled link in the chain.

What “game-changing” looks like

• A modern security framework: align programs to a recognized standard and measure progress like any other enterprise risk.
• Board-level visibility: cybersecurity becomes a recurring agenda item with metrics, not a once-a-year panic slide.
• Vendor controls with teeth: third-party risk management that goes beyond questionnaires and into verification.

How to make this resolution real (not just a poster in the SOC)

1. Adopt a clear operating model: define who owns identity and access, incident response, data governance, and vendor security.
2. Prioritize “boring” controls: MFA everywhere, least-privilege access, patch discipline, encryption for sensitive data, immutable backups.
   These aren’t glamorous, but neither is rebuilding your network under a ransom deadline.
3. Practice incident response: tabletop exercises that include claims operations, communications, legal/compliance, and vendor partners.
   A breach is not the moment to learn who has the authority to shut down a system.

The industry is already moving in this directionregulators increasingly expect formal information security programs, risk assessments,
and timely notifications. Treat cybersecurity as a core business competency, not an IT accessory. It’s the difference between “we had an event”
and “we had an event and it didn’t become a headline.”

Resolution #3: Use AI, but don’t let it become a black box that shrugs at regulators

AI is already embedded in insurance workflowsmarketing, underwriting triage, fraud flags, claims routing, document classification,
customer service, and more. Used well, it can reduce cycle time and improve accuracy. Used poorly, it can create unfair outcomes,
increase complaints, and trigger regulatory attention that makes everyone’s year… less festive.

What “game-changing” looks like

• Model governance: a clear inventory of AI/algorithmic models, what they do, who owns them, and how they’re monitored.
• Fairness testing: systematic checks for proxy discrimination and disparate impact where applicable.
• Explainability: the ability to provide meaningful reasons for outcomes, especially when decisions affect consumers.
• Human oversight: not as a formality, but as a designed control for high-impact decisions.

Practical guardrails insurers can adopt

1. Write an “AI use policy” in plain English: what’s allowed, what’s restricted, and what requires enhanced review (e.g., eligibility,
   pricing, claim settlement).
2. Separate “assistive” from “decisive” systems: tools that summarize notes or route claims are different from tools that determine rates
   or deny claims.
3. Implement ongoing monitoring: models drift. Data changes. Behavior changes. Keep watch like you would for loss ratio changes.
4. Document, document, document: the fastest way to lose a regulatory conversation is to say, “We don’t know why it did that.”

A useful mindset: AI should make the business more accountable, not less. If a model influences a consumer outcome, insurers should be able to
explain the logic at an appropriate level, demonstrate testing, and show active controls. That’s not anti-innovationit’s the price of
scaling innovation without stepping on a compliance rake.

Resolution #4: Stop treating climate and catastrophe risk like “seasonal” problems

Wildfire, wind, hail, flood, deep freezecatastrophe risk has become a year-round portfolio reality. At the same time, rebuilding costs and
litigation pressures have made loss severity harder to manage. The result: affordability concerns, coverage gaps, market stress, and
policyholders feeling like the “fine print” is doing more work than the policy.

What “game-changing” looks like

• Resilience incentives: reward mitigation and hardening, not just after-the-fact repairs.
• Better risk communication: help customers understand risk and prevention in ways they’ll actually use.
• Smarter product design: explore endorsements, parametric triggers where appropriate, and more flexible coverage structures.
• Operational readiness: surge capacity planning, vendor contracts that scale, and pre-positioned claims workflows for CAT events.

Examples that turn “climate readiness” into action

• Mitigation discounts and endorsements: partner with resilience programs that promote stronger roofs, sealed decks,
  and better construction standards. Incentives can shift behavior faster than a brochure ever will.
• Pre-loss outreach: weather-triggered messaging that reminds customers about prevention steps and what documentation to gather
  before the storm hits.
• CAT claims playbooks: pre-approved communication templates, triage rules, remote inspection options, and clear escalation paths.

This isn’t just about pricing models (though those matter). It’s about building a loop where insurers help reduce loss frequency and severity
through prevention and resilience. The industry can either be a payer of losses or a partner in reducing them. The second option is the one
with a future.

Resolution #5: Hunt fraud without treating honest customers like suspects

Fraud is a tax on everyone. It inflates premiums, clogs claim operations, and erodes trust. The challenge is that aggressive fraud controls can
also create friction for legitimate policyholdersespecially when “fraud prevention” becomes code for “make it harder until people give up.”

What “game-changing” looks like

• Smarter detection: analytics that focus investigative effort where it’s most likely to pay off.
• Better collaboration: sharing intelligence across carriers, SIUs, and industry groups to spot patterns earlier.
• Customer-respectful controls: verification that’s fast and transparent for honest customers.

Concrete moves insurers can make

1. Invest in “explainable” fraud scoring: investigators should know why a claim is flaggedso they can act quickly and fairly.
2. Target organized schemes: staged accidents, inflated contractor networks, serial claimants, and coordinated medical billing abuses
   generally yield higher ROI than squeezing one-off edge cases.
3. Design low-friction verification: modern identity verification and document collection can be quick if thoughtfully built.
   Tell customers what you’re checking and why.

Done right, anti-fraud programs reduce losses and protect honest policyholderswithout turning the claims process into a suspicion simulator.
The goal is precision, not paranoia.

A simple 30-day starter plan (so this doesn’t become “New Year’s resolutions, 2026 edition”)

Week 1: Pick metrics and owners

• Customer: claim update cadence (e.g., “no claim goes 5 business days without a proactive touch”).
• Cyber: MFA coverage, patch SLA compliance, vendor criticality tiering.
• AI: model inventory completion percentage; high-impact model review cadence.
• Climate/CAT: update the CAT playbook; vendor surge contracts reviewed.
• Fraud: referral quality and investigation cycle time.

Week 2: Fix one high-friction moment in claims

Choose a pain point customers complain about (document uploads, status visibility, scheduling, or unclear settlement explanations) and redesign it
with the explicit goal of reducing stress and repeat contacts.

Week 3: Run one tabletop exercise

Pick either a cyber incident or a CAT event and simulate the first 72 hours. Most organizations discover gaps in authority, messaging,
and vendor coordination. Better to discover them in a room with coffee than in the middle of a crisis.

Week 4: Publish an internal “promise” and track it

Write a one-page commitment that says, “This is how we’ll communicate during claims,” “This is how we’ll govern AI,” and “This is how we’ll handle
incidents.” Then track performance monthly. What gets measured gets maintained.

Conclusion: If the industry keeps these resolutions, customers will notice

The insurance industry doesn’t need resolutions that sound good on a keynote slide. It needs resolutions that show up in the day-to-day:
clearer claim updates, stronger cyber hygiene, responsible AI, real climate readiness, and fraud controls that protect honest people.

The best part? These aren’t “moonshot” goals. They’re operational commitments. And when insurers keep them, the payoff is real:
fewer complaints, faster claim cycles, lower operational friction, better risk control, and stronger trustthe most valuable asset in insurance
that doesn’t appear on a balance sheet.

Experiences from the field : what these resolutions look like up close

Here’s what’s interesting about “industry resolutions”: they sound abstract until you watch how a small process tweak changes an entire claims day.
I’ve seen teams go from constant escalations to calm, predictable workflows simply by committing to one thingproactive communication.
One carrier piloted a rule that every open auto claim gets a short status update at least once a week (even if the update is “we’re waiting on X”).
That single habit reduced inbound “what’s happening?” calls, which gave adjusters more time to actually adjust claims, which sped up settlements,
which lowered customer frustration. The funny part? The company didn’t buy a fancy tool first. They built the discipline, then automated the reminder later.

Cybersecurity improvements can feel similarly “unsexy” until you see how close most organizations are to chaos. In one tabletop exercise,
an insurer realized that their vendor onboarding process collected security questionnaires but didn’t verify key controls like MFA enforcement or
backup practices. The resolution became simple: tier vendors by risk, require proof of critical controls for Tier 1, and conduct periodic access reviews.
Six months later, the same team caught a misconfigured third-party account with overly broad permissions before it became an incident.
Nobody threw a party. But they also didn’t throw money at a breach response firm, so let’s call that a quiet win.

Responsible AI governance shows up in surprisingly human moments. Picture an underwriter looking at an “external data” score that suggests an applicant
is higher risk. The model might be directionally useful, but if no one can explain what drove it, it’s operationally dangerous. I’ve watched
cross-functional teams (legal, compliance, data science, underwriting) build a simple playbook: which models can influence pricing or eligibility,
what documentation is required, and what testing must be performed to detect unfairly discriminatory outcomes. At first, people groan because it feels
like paperwork. Then they realize it’s also a shield: when leadership or regulators ask, “How do you know this is fair?” the team can answer
confidentlywith evidence, not vibes.

Climate readiness, meanwhile, looks less like a debate and more like logistics. During a storm event, the difference between a smooth response and a
messy one often comes down to pre-arranged vendor capacity, clear triage rules, and digital inspection options. I’ve seen CAT teams pre-stage
communications and deploy proactive messages that tell policyholders how to document damage safely, what to expect next, and how to access temporary
living expense guidance. That sounds basic, but it reduces confusion when customers are stressed and time is tight.
Some insurers also started leaning into mitigation incentivesoffering discounts or add-on endorsements that help homeowners upgrade roofs or improve
resilience when repairs are already happening. Instead of paying for the same type of damage every few years, they nudge customers toward upgrades that
reduce repeat losses. It’s not magic. It’s economicswith a hard hat.

Finally, fraud prevention is most effective when it’s precise. One SIU team I observed shifted away from “flag everything that looks odd” to a tighter
approach: target organized rings, focus on repeatable patterns, and use explainable indicators that investigators can act on quickly. The resolution was
“treat honest customers like honest customers,” which led to streamlined verification for low-risk claims and faster, deeper investigation for the
claims that truly warranted scrutiny. The result wasn’t just loss savings; it was a better customer experience for the vast majority who are simply
trying to get their lives back to normal.

If you zoom out, these experiences share a theme: the best resolutions don’t require a personality change. They require operational couragechoosing a
measurable commitment, staffing it properly, and sticking with it after the confetti is gone.