2025 SOFE Career Development Seminar session insights 

This session, presented by insurance specialists John Romano and Jessie Adamson, focused on understanding and managing the risks posed by non-insurer entities within the insurance ecosystem, with an emphasis on compliance, regulatory requirements and solvency implications. Some main takeaways include:  

The importance of understanding the different roles of non-insurer entities:  

• Producers: Primary responsibilities are to sell, solicit or negotiate insurance 
• Reinsurance intermediaries: Facilitate the placement and negotiation of reinsurance contracts between ceding insurers and reinsurers 
• Claims adjusters: Investigate, evaluate and settle insurance claims 
• Managing general agents (MGAs): Handle underwriting, binding claims, marketing and premium collection on behalf of insurers 
• Third party administrators (TPAs): Manage administrative tasks such as claims processing and eligibility 
• Pharmacy benefit managers (PBMs): Manage prescription drug benefits, contracts, pricing, rebates and claim processing 

Licensing, filing and compliance requirements differ by entity and by state. Written contracts with defined scope, metrics, audit rights and termination clauses are critical, and regular reviews/monitoring are recommended. 

Best practices when working with non-insurer entities include installing a centralized tracking system focused on the verification of licensure, internal controls for detecting red flags and monitoring key process indicators (KPIs), board/executive oversight and enhanced reviews for high-risk or previously sanctioned vendors. 

The effective management of non-insurer entities requires robust compliance, diligent oversight and a keen understanding of their potential to impact an insurer’s financial stability and regulatory standing. 

This session brought together insurance specialists Russ Sommers, Dennis Schaefer and Ayo Ogunwale to explore the growing complexities of data governance in the age of AI, regulatory scrutiny and digital transformation. Some main takeaways include: 

The foundation for the implementation of effective artificial intelligence is to have an effective data governance program to ensure that AI tools are consistently fed high integrity data, easily ingestible data for use by AI tools and applications. 

 Data governance refers to the set of guidelines, policies and frameworks ensuring the responsible ingestion, treatment, transfer, storage and destruction of data, including the following: 

• Governance resources 
• Governance documents 
• Data lifecycle management 
• Information security risk management 
• Master data management 
• Reporting and data analytics 
• Third party data usage 
• Audit and review processes 

Robust data governance is not just an exercise in meeting or facilitating regulatory requirements, but a program designed to enable innovation, trust in business processes and a facilitator of long-term business value.  

 By aligning with a robust framework, clearly defining roles/responsibilities, implementing comprehensive policies and an evolving culture of accountability, organizations can confidently navigate the waves of evolving regulatory expectations and harness the full potential of their data and AI investments. 

Our article, Unlocking the value of your insurance organization’s data, features more information on this subject. 

Presented by Baker Tilly insurance specialists Clarissa Crisp and Jessie Adamson, this session aimed to equip attendees with a nuanced understanding of reinsurance management, regulatory perspectives, risk mitigation strategies and the evolving challenges within the reinsurance landscape.  

• At its core, reinsurance is “insurance or insurers,” allowing organizations to share, transfer and diversify risks beyond what their own balance sheet could sustain. 
• As the insurance industry grapples with unprecedented events – ranging from climate disasters to cyber threats – solvency and stability have never been more critical, emphasizing the importance of reinsurance. It functions as a shield against unexpected losses and a stabilizer for market cycles. 
• Reinsurance adequacy depends on appropriate structure and alignment with the insurer’s risk profile. 
• Treaties must transfer real risk with clear terms, limits and stress-tested triggers. 
• Effective programs diversify exposure across lines, geographies and event types. 
• Counterparty strength and concentration directly impact risk mitigation. 
• Ongoing monitoring and stress testing are key to maintaining adequacy over time. 

Reinsurance is an indispensable tool that insurers can use for ensuring solvency, stability and resilience. If you have any questions about the information provided above or want to discuss this topic further, reach out to our team. 

In this session, insurance specialists John Romano, Russ Sommers and Dennis Schaefer brought together their industry experience and insight to guide attendees through the latest developments and leading practices in AI governance. As insurance organizations navigate the rising tide of AI adoption, they must also manage a complex web of emerging regulations, risks and governance expectations. 

AI encompasses a range of capabilities that allow machines to mimic human cognitive functions like learning and problem-solving. Machine learning (ML) – a subfield of AI – enables computers to learn from data and make predictions or decisions with minimal human intervention. Other data subfields include: 

• Natural language processing (NLP): Understand and generate human language 
• Computer vision: Interpret visual information 
• Smart robots and virtual agents: Automate complex tasks and customer interactions 
• Generative AI: Creates new content, such as text or images, by learning from existing data  

AI offers transformative benefits across many business functions by automating routine tasks, shortening development cycles and delivering faster return on investment (ROI), enhancing responsiveness and personalization in customer interactions and more.

Common insurance industry applications for AI include process mining, predictive maintenance, supply chain optimization, marketing analytics, hyper-personalization, sales chatbots, fraud detection and digital assistants.

The regulatory landscape for AI is dynamic, with several jurisdictions advancing new standards and laws. In the United States, the NIST AI Risk Management Framework focuses on trustworthiness, responsible development and lifecycle risk management.

For insurers, harnessing AI’s potential while maintaining compliance requires a strategic blend of robust governance, proactive risk management and a commitment to fairness, transparency and innovation.

You can find the latest updates on artificial intelligence and beyond on our website. Visit it here. 

This session was hosted by insurance specialist Jessie Adamson, who provided attendees with the insights needed to confront the evolving landscape of government health programs. Some important takeaways to keep in mind: 

• Medicare and Medicaid represent over $2.2 trillion in spending and impact nearly 1 in 5 Americans – posing evolving risks for regulators. 
• Risk adjustment data validation (RADV) audits are expanding, with the Centers for Medicare & Medicaid Services (CMS) applying extrapolation methods that significantly increase the financial exposure tied to unsupported risk scores. 
• Medicaid redetermination and churn are creating volatility in enrollment and capitation revenue, exposing insurers to receivable and forecasting risk. 
• STAR Ratings and Healthcare Effectiveness Data and Information Set (HEDIS) performance are not just quality metrics; they drive major bonus payments and influence plan growth and surplus stability. 
• Vendor oversight remains a critical weak point, especially where delegated entities handle claims, encounter data or coding functions. 
• Overstated receivables and delayed settlements can distort surplus, and examiners should focus on aging reports, accrual assumptions and dispute histories. 
• New federal legislation, including the One Big Beautiful Bill Act (OBBBA) adds enrollment risk through Medicaid work requirements that may accelerate membership loss and revenue correction. 

This session aimed to illuminate the complexities and critical importance of SOC reports in today’s risk management landscape. The presenters – insurance specialists Russ Sommers, Dennis Schaefer and Jessie Adamson – shared their insights, emphasizing actionable strategies and common pitfalls in SOC report review, particularly as they relate to third party risk management (TPRM) in the insurance industry. 

Vendor risk management encompasses all activities related to managing the risks presented by third-party service providers. This process includes planning, due diligence, contract negotiations, ongoing monitoring and eventual termination of vendor relationships.

SOC report review best practices include:

• Reconciliation of contracted services to the scope of the report 
• Involving the right stakeholders (business process, information technology/security and risk management) 
• Gaining an understanding of the auditor’s opinion and management’s assertion 
• Gaining comfort over subservice organization controls and how fourth-party risk may impact them 
• Mapping company controls that satisfy complementary user entity control considerations 
• Assessing the impact of control failures and/or qualifications in SOC report opinions 
• The need to review these reports timely and to evaluate the period covered in the report to assess the level of reliance to be placed on them 
• Memorializing documentation to evidence the review procedures performed and by whom 

Using structured review templates (rather than just checklists) is encouraged to ensure a consistent, guided approach. Templates prompt scope analysis, complimentary user entity controls (CUEC) consideration and clear preparer/reviewer responsibilities. They serve as valuable artifacts for auditors and examiners.

By understanding report types, leveraging best practices and avoiding common mistakes, risk managers, auditors and compliance professionals can substantially enhance their oversight and protection against vendor-related risks.

More information on SOC reporting can be found here.  

Presented by seasoned insurance industry specialists John Romano, Maanik Gupta and Clarissa Crisp, this session took participants on a metaphorical journey through the challenges and triumphs of financial examinations. Some important items to note: 

Exam preparation is an important component for a successful financial examination. Don’t underestimate the importance of:

• Understanding the NAIC Financial Condition Examiners Handbook (FCEH) 
• Following the rules outlined to ensure compliance and consistency 
• Adopting a risk-focused examination (RFE) approach to identify and tackle the biggest risks 
• Assessing materiality and risk to avoid wasted effort on insignificant areas 
• Scoping the examination effectively, planning for big risks rather than chasing minor issues 
• Gathering relevant company information to read the “risk weather report” 
• Identifying big waves such as reserves, reinsurance and governance risks 
• Setting clear boundaries to keep the exam within its defined “surf zone” 
• Establishing communication buoys with management and internally within the exam team 

Early warning signals, proactive communication and maintaining synchronization within the team are vital components of the exam preparation phase.

During exam planning, identifying high-risk areas using company information and governance insights is a critical practice. DO NOT start testing immediately, focus only on prior results or skip materiality assessments.

Maintain healthy skepticism regarding management representations and look for unusual transactions and governance issues and keep your judgment sharp to anticipate emerging risks.