The Biggest Threat to Life and Annuity Issuers Is Not the DOL Fiduciary Rule

A cyber lock
This is the latest in a series of columns about annuities and retirement planning.

Recent ransomware attacks show that passwords and Social Security numbers have stopped working as secure methods of authentication. Life, health and annuity issuers are, obviously, deeply concerned but seem to lack the right, extreme level of panic.

While the widely discussed Labor Department fiduciary definition could affect how life insurers agents and advisors get paid, how much they get paid and how easily they can work with low-asset clients, the identity verification problem could affect any effort by life insurers or intermediaries to do business with clients — at all.

How can insurers or intermediaries do business with consumers, especially online, if current and prospective customers have no good way to prove that they are who they say they are?

This should be the year when U.S. life and annuity issuers sponsor the biggest booth at every identity verification technology conference, pay for the best banquet and send so many attendees that conferencegoers have to bribe the pass checkers to get into the breakout sessions.

The list of upcoming U.S. identity technology conferences includes The Identity Engine, Identity Week America,Authenticate 2024, the Internet Identity Workshop and the Gartner Identity & Access Management Summit.

At The Identity Engine, for example, the companies sending attendees to the conference will include Aflac, Equitable, MetLife, Nationwide, Sammons, Securian, The Standard, TIAA, Unum, USAA and Venable, along with industry tech services providers, such as Datos and LexisNexis Risk Solutions.

It’s great that those companies are sending attendees to the event. But, as far as I can tell, those companies aren’t event sponsors. They don’t seem to be sponsoring the breakout sessions. They don’t seem to be sponsoring the meals.

See also  The Case for Putting a Bonus Into a 401(k)

This list raises questions such as:

Why isn’t every life and annuity issuer on the conference attendee list?

Why aren’t any life and annuity issuers in the Strategic Partner sponsor category?

Why aren’t life and annuity issuers at the top of a list of organizations begging every scientist, mathematician and science fiction writer on Earth to brainstorm ideas for new tools we can use to show who we are?

Why is it possible for a computer scientist to go into a building at Cal Tech, MIT, Stanford or the international equivalents without hordes of financial services industry representatives throwing flowers at them and pleading with them to think of something?

At this point, the identity theft crisis appears to be turning into a life-or-death issue for the financial services sector. If the customers lose their ability to show who they are, how can financial services companies insure them or manage their assets?

The Cl0P hacker gang attack on the MOVEit file transfer system, which hit in May 2023 and may have affected more than 85 million people around the world, once seemed like a big life and annuity sector identity theft incident, because it hit a company that helped insurers and retirement benefits administrators determine whether people were alive. The information stolen included many people’s Social Security numbers.

Then, the Russia-based hacking gang known both as ALPHV and as BlackCat hit UnitedHealth Group’s Change Healthcare medical billing business.