Sandy Kemsley's Blog - In financial services, process rules content
Sandy Kemsley

In financial services, process rules content

By Sandy Kemsley

Read Time: 5 Minutes

I came into the process automation industry by way of content-driven workflow: the scanning of a paper document – such as an application form – triggered a workflow that was focused on manual data entry of the information on this document into a transaction processing system. I became more interested in how to design and optimize the process side of things, but never lost sight of the fact that unstructured content (documents, emails, media) is an integral part of many processes. What became increasingly apparent is that in order to have properly-governed content-rich processes, process must control access to content, in addition to whatever controls are in place in the content management systems themselves.

This is especially true of complex customer-facing processes such as insurance underwriting and claims, where the underlying purpose of the process is to collect sufficient information in order to make a decision (whether or not to insure, or whether to pay a claim) and set a value associated with that decision (the premium or claim amount). Some of that information comes in the form of data, captured from the customer in a web form or manually entered from their submitted application, but some will be unstructured content: property evaluations, photos, proof of income, medical reports, and more. This content may need to be accessed by anyone involved in the process, including the underwriter, claims manager, other internal workers, third parties, and even the customer themselves.

However, you can’t just give all of these people open access to the content: there must be limits set on who can see what content, and at what point in the process. This is where process and rules come into play, plus some clever handling of the content itself.

First of all, there’s the question of whether someone should be able to see a piece of content at all: this is usually based on their role and the particular task that they are performing within the process, but may also be filtered by the specific case or customer. For example, a junior underwriter may be able to see all content related to all of their customer cases and also access similar cases for context, but must be prevented from accessing content related to high-profile customers such as politicians or their own company executives. A third party, such as a property evaluator, may require access to some of the content in order to determine the scope of their evaluation, but only for the cases assigned to them. And the customer should be able to see the documents that they submitted as well as some of the underwriter’s work in progress, although not anything that would violate company confidentiality or that of other customers.

Next, there’s the question of whether someone should be able to see all of the information within a particular piece of content. This is especially true of content such as application forms, which may contain private customer information such as banking details. Even if someone has access to the content based on their role in the process, some part of the content may need to be redacted to ensure customer privacy.

A good content management system will apply both access control and redaction based on the specific user, but that misses two key things: first of all, the same user may take on different roles in the context of different processes, and thereby require different types of access. Secondly, most companies don’t keep all of their information in a good content management system: instead, it’s spread across an ad hoc collection of content management systems (some of them dating back decades) and network file shares. Internal employees have too much access, and can directly access any content that is available on their internal network. External third parties and customers aren’t given enough access, since they can’t see any of the internally-stored content even if they need it for their own work.

Sandy Kemsley's blog - In financial services, process rules content

The solution is to allow processes to rule access to content, with content privacy controls designed into processes. This provides an extra layer of role-based governance above what is present in the underlying content management systems. Instead of process participants swiveling over to a content management application to look up related documents, the process would provide them with direct links to the documents that they need and to which they have access, and specify any required redaction to be done by the document viewer app. Since the content access is controlled by the current role and task in the process, this can be used by external as well as internal participants, although there are a few technical hurdles to overcome in staging documents for external access.

If you’re reading the previous paragraph and scratching your head, saying to yourself “well, of course it should be done that way”, you’re right: it should be done that way. And in many companies and industries, it is done that way. However, there are a lot of laggards where it’s more often like what I described previously: a somewhat disorganized collection of content related to and created by processes, stored on multiple internal systems, with little or no internal access control, and no external access. In fact, I would say that in every insurance and financial operation that I’ve visited as a consultant, I’ve seen some variation of this lack of content governance, and the very real impacts on operational performance as well as privacy concerns. This is definitely a situation where process can come to the rescue for getting control over access to unstructured content.

Follow Sandy on her personal blog Column 2.

Blog Articles

Sandy Kemsley

View all

All Blog Articles

Read our experts’ blog

View all

Learn how it works

Request Demo

Confirm your budget

Request Pricing

Discuss your project

Request Meeting