Docstoc

underwriting

Document Sample
underwriting Powered By Docstoc
					           Enhancing Workflow Automation in Insurance Underwriting Processes
                             with Web Services and Alerts


           Raymond C.M. Lee, Kai Pan Mark, and Dickson K.W. Chiu, Senior Member, IEEE
                          Department of Computing, The Hong Kong Polytechnic University

            email: 04739356g@polyu.edu.hk, csmarkkp@comp.polyu.edu.hk, dicksonchiu@ieee.org




                     Abstract                                       Although life insurance business can generate financial
                                                                benefits to the insurance company, the company still needs
    Underwriting is one of the important processes in in-       to bear financial responsibility to pay the insured under
surance operations. The applicant's information, including      some agreed conditions, e.g., the insured dies during a
various kinds of medical information, must be evaluated         specified period. The insurance will face the consequence
before the insurance company can decide to accept the           of financial loss if the company accepts prospective clients,
application. These activities are usually supported by pro-     who present extremely high risks and when some of these
cess automation facility. However, the support of excep-        insured persons die soon after policy issuance. High quali-
tion handling mechanism and the monitoring of turna-            ty processes are necessary to assess the degree of risks
round time in those process automation solutions are usu-       associated with each application of life insurance. Under-
ally inadequate. This results in a low efficiency of the un-    writing (which is also known as “new business”) is a pro-
derwriting operations or even loss of business opportuni-       cess of assessing and classifying the degree of risk repre-
ties. To address the problem, this paper presents an Alert-     sented by a prospective client and making a decision to
enhanced Underwriting System (AUS), which handles the           accept or decline the insured.
exception events and monitors the turnaround time with              The world of electronic collaboration is developing
the concept of alerts. We further illustrate how Web ser-       rapidly, introducing new technology and new ways of col-
vices facilitate workflow integration and process commu-        laboration. The success of collaboration often depends on
nications.                                                      the ability of a corporation not only to make sure that their
                                                                applications are dynamic, but also to maintain a high de-
1. Introduction                                                 gree of interoperability with collaboration partners.
                                                                    In this paper, we present an Alert-enhanced Underwrit-
                                                                ing System (AUS) as a collaboration platform for stream-
    Life insurance provides protection against the econom-
                                                                lining the workflow of insurance underwriting processes.
ic loss caused by the death of the person whose life is in-
                                                                AUS makes use of an Event-Condition-Action (ECA) col-
sured [1]. Because of its popularity, it is a business where
                                                                laboration model [13] to manage event handling, process
many insurance companies allocate many resources in
                                                                integration, and alert/exception management for the pro-
order to gain more market share. A life insurance policy
                                                                cess flow of the underwriting operations.
defines the terms and conditions for the prospective client,
                                                                    The rest of the paper is organized as follows. Section 2
particularly the situations under which the insurance com-
                                                                discusses some related work and background requirements.
pany promises to pay a benefit upon death [2]. Since life
                                                                Section 3 describes system design and implementation for
insurance products can provide a stable “cash inflow” for
                                                                our AUS. Section 4 concludes our paper with our continue
an insurance company, there is a trend that insurance
                                                                research work that look forwards to possible enhance-
companies market various life products, such as invest-
                                                                ments.
ment-linked life products, savings life products and critical
illness protection, in order to attract more customers with
different needs.
2. Background and Related Work
                                                                                                                    Figure 1 illustrates a typical underwriting process,
    Electronic Data Interchange (EDI) essentially defined                                                        which usually consists of the following four key activities:
the technology of electronic collaboration in the past.                                                             A.    Performing field underwriting,
However, EDI is an expensive solution, due to its high
cost of network infrastructure and system integration. In                                                             B.   Reviewing the application for insurance,
addition, security issues of EDI also limited corporations
from directly accessing the computing resources of its
                                                                                                                      C.   Gathering additional information to make a
trading partners, which used "firewall-unfriendly" proto-
cols. Therefore, developers start to find other technologies                                                               sound decision, and
which have a low cost, flexible software solution that al-
lows corporations to build new applications in response to                                                            D.   Making an underwriting decision on the case [3]
changing business needs while adhering to a defined elec-
tronic business standard [10].
    Recently, numerous vendors have offered solutions to
support both XML (eXtensible Markup Language) and                                                                    However, before a new case is sent to an underwriter
EDI formats for collaboration. One of the solutions is the                                                       for processing, there are other activities involved:
transformation of information between companies: XML-                                                            1. Packing application forms and other documents from
to-EDI. Transformation is critical to an "edge" integration                                                           the agent
strategy that brings together B2B collaboration and enter-
prise application at the boundary of an enterprise in order                                                      2.   Initial premium payment through the cashier entry
to enable the back-end connectivity and workflow re-
                                                                                                                      system
quired to support a complete business process [11].
    In the XML world, e-Business XML (ebXML) [12] is
a modular suite of specifications which are initiatively                                                         3.   Data entry of new application in a branch or zone
designed for electronic interoperability. The strength of                                                             office
the ebXML architecture is that it provides a framework for
electronic business collaboration. The architecture enables                                                      4.   Scanning documents into images for workflow pro-
businesses to work together to specify business process,                                                              cessing
discover one another, negotiate collaboration agreements,
and execute business processes. However, although                                                                5.   Quality Check (QC) and Indexing on the scanned doc-
ebXML implementations are already being announced, the
                                                                                                                      uments
rate of deployment of ebXML is not quickly accelerated.
Many companies are taking a "wait-and-see" approach
until ebXML becomes a mainstream in the market.                                                                  6.   Release of the validated and scanned documents
                                                                                                                      images into workflow engine for further processing
2.1. Key Processes and Integration


            Branch/Zone Offices                                                 Head Office
                                           Policy Dispatch                                                           In the traditional way of performing the activities 1 to
                                                                                                                 5 without any automation processes, it incurs high cost in
          Docs
                                                                                                                 human resource, storage cost, and paper work, together
                                                                                 Print Server
                                                                                                                 with a high turnaround time. That means it causes the un-
  Agent          Cashier      Data Entry                                                Approved
                                                                                         Cases
                                                                                                                 derwriter to spend a long time to handle a new application.
                                                                                                                 This affects the insurance company’s reputation and may
                                                                           Import                                further induces financial losses or even legal penalties.
                                           Transfer Module                      Workflow Engine                      With the advent of information technology, most of the
                 Scanning   Index & QC
                                                             File Server
                                                                                            Case
                                                                                         Assignment
                                                                                                                 above activities are linked together to streamline the work-
                                                                                                                 flow for processing a new business, starting from receiv-
                                                                                                                 ing documents from an agent, ending at the underwriter
                                                                                                                 getting the case from workflow system and issuing new
                                                                 Workstations    Workstations     Workstations
             warehouse
                                                                                                                 policy if approved.
                                                                                                                     Some benefits accrued to the business for automating
                                                                                                                 the entire underwriting processes:
Figure 1. A typical underwriting process
   Improvement of the service quality (such as turna-
    round time)
                                                                                                                     Issue
                                                                                                                                                                                Issue Policy
                                                                                                                    Pending
                                                                                                                    Records

   Reduce of the risk of losing submitted documents                                                                                     Premium        Underwriters
                                                                                                                                         Payment
    during delivery                                                   Agent               Submit
                                                                                        Docs/Payment      Cashier
                                                                                                                                                                                           Decline
                                                                                                                                                                                          Application
                                                                                                                             filing
                                                                                                                           application



                                                                                     Check
    Transfer of applications to the next step of the pro-                          Missing Docs
                                                                                                                                                                             Assign jobs to
                                                                                                  Data Entry                                                                 work queues
                                                                                                                          Input
    cess immediately                                                                                                    Application
                                                                                                                                            Scanning Officer


                                                                                                                                                                   Check


                                                                                                                          Scan
    Better control of risk management such that some                                                                    document
                                                                                                                       into system
                                                                                                                                                                  scanned
                                                                                                                                                                image quality


    cases (i.e., excess of coverage limit) can only be ap-                                                                                    Index Officer
                                                                                                                                                                                    Workflow Engine
                                                                                                                          Index                                     Check index
    proved by senior underwriters                                        Check Batch                                    document
                                                                                                                         images
                                                                                                                                                                     accuracy
                                                                          Problems
                                                                                                    Approve
                                                                                                    document                                   QC Officer
                                                                                                   images for
                                                                                                     upload
                                                                                                                                                                             Import data and
                                                                                                                             Upload data
                                                                                                                                                                              images into
                                                                                                                            and images to
                                                                                                                                                                             workflow engine
    The key integration of the processes between the                            Transfer Module                              file server


agents and the underwriters are as follows.                         MIS Staff                          Verify Upload
                                                                                                                                                     Import Robot


    Images and Data Transfer Process – This activity is                                                  Batch



an automated process and does not involve any manual
operation unless the sub-system is down or errors / incon-
sistency occurred during the transfer. The purpose of this
process is to transfer the scanned images and indexed data        Figure 2. Use Case diagram for the underwriting work-
from a branch or zone office to the central office for im-        flow processes
porting into the workflow system. If the network linkage
between a branch or zone office and the central office is a           Agent – He/she is an authorized representative to sell
private connection (i.e., leased line), the operation is just a   insurance products on behalf of an insurance company.
simple transfer of document images into the file server in        The agents have the responsibilities to perform a simple
the central office with an XML file including all the in-         check first by gathering initial information about prospec-
dexed data. If the network connection between both sides          tive clients and screening applications who have requested
is public (i.e., the Internet) and it is not a Virtual Private    coverage [4]. They have to gather required documents
Network (VPN) connection, then the interactions require           (such as health certificate) from the prospective client in
other security measures as described in later sections.           order to speed up the underwriting process. Email access
    Import Robot and Workflow Engine – They are lo-               or Internet portal are the prompt means for agents to
cated at the central office of an insurance company. The          communicate with an insurance company.
engine waits for the image files and XML data to be up-               Cashier Entry – For a new application of life insur-
loaded from the branch or zone office and verify the XML          ance, the prospect client is required to pay the initial pre-
data integrity with the appropriate XML Schema. The im-           mium in the form of cash or check. The amount of premi-
ported document images and indexed data are installed             um is also dependent on the payment mode of the pro-
into the existing workflow routing engine for case assign-        posed policy. The agent has to submit the initial premium
ment to appropriate underwriters for further case approval.       with the application. The cashier entry will collect the
                                                                  initial premium and put a premium receipt record in a
2.2. Requirements Overview of Stakeholders                        “Premium Collection System.” The Cashier Entry also
    In automated underwriting processes architecture, a           files the application forms and documents for data entry.
workflow engine (e.g., eistream [9]) is deployed at the               Data Entry – A user in branch/zone office enters the
central office. This engine can efficiently route job as-         information recorded on the application form, such as the
signments to appropriate underwriters. The processing             policy owner information, proposed insured information
performed with the workflow engine is usually referred to         or medical information, etc., into the underwriting front-
as post-processing of the workflow. There are many pre-           end input system.
processing activities, which must be completed before                 Scanning Officer – When a scanning officer receives
those new insurance applications can be imported into the         the documents, including application form, from an agent,
workflow engine for further underwriting. Figure 2 depicts        he/she will try to sort and classify the documents into dif-
a use case diagram of the underwriting process. The key           ferent document types (such as health certificates, identity
stakeholders involved are discussed as follows.                   proofs), and then scan them into images for auditable
backup as well as indexing and quality check (QC). The          system can change the application status (if it has been
application form is scanned just for auditable backup be-       imported into workflow engine) into pending status and no
cause the data has already been entered.                        more human resource will be wasted on this application.
    Index and QC Officer – After the submitted docu-            The application will ultimately be cancelled after the can-
ments have been scanned into images, the index and QC           cellation form is scanned and imported into the workflow
officers (it may involve two individuals) will try to index     system. The AMS can therefore make sure that the case is
the fields on several regions of a scanned image and save       closed within a reasonable time limit.
the indexed data into the database, so that the indexed data        Cashier Entry – An alert can be generated when the
can be adhered with the corresponding images and import-        agent submits an initial premium payment for the new
ed into the workflow system. If the index officer discovers     applicant but only part of initial premium has been settled.
that the image quality of scanned document is not good,         The alert can notify the central office underwriter to solve
the document must be rescanned until the image quality of       the application case if the case has been pended for the
the document is acceptable for indexing.                        reason of insufficient premium.
    Underwriter – An underwriter is assigned with a case            Scanning Officer – Exceptions can be generated if the
(new or pending case) by the workflow engine. The un-           agent submits unknown type of documents or forms. If the
derwriter carries out an assessment process by considering      workflow automation system does not know how to han-
the submitted documentations, medical information, other        dle the unknown type documents or forms, then “unknown
personal factors like age, driving history, tobacco use,        document” alert can notify the corresponding agent about
career nature, and financial factors of the potential client,   this issue and urge him/her to fix this within a certain pe-
etc. Then, the underwriter will determine whether the ap-       riod.
plication is approved, pended for additional proofs or doc-         Index and QC Officer – A “Document Rescan” alert
umentation, counter-offered to the applicant, or rejected.      can be generated to the scanning officer if the index of-
                                                                ficer finds the document image quality is too poor to be
2.3. Alert and Exception Handling                               indexed. A QC officer can also generate a “Reindex” alert
                                                                if he/she found that an index officer did not correctly in-
    Although most of the activities starting from submit-       dex the fields on document images. QC officer can also
ting documents in branch or zone office to the back-end         trigger “Document Rescan” alert if he/she found the quali-
underwriting processes are automated, there are still many      ty of document image is unacceptable even the index of-
events, both business-oriented and technology-oriented,         ficer has accepted the quality of document image.
must be handled in order to streamline and speed up the             Underwriter – An “Insufficient Initial Premium” alert
entire underwriting process.                                    can be generated so that the agent can be notified that the
    Exceptions are events that can drive not only reactions     initial premium must be settled before the policy can be
performed by business parties [6], but also information         issued even all the underwriting checks are passed for the
exchanged within an organization, across physical bound-        case. This situation may occur when the client paid the
aries (e.g., departments located in different geographical      initial premium with check but the check could not be
areas) or within (e.g., underwriting department and print-      cleared.
ing service department located in the same building) indi-
vidual organizational boundary. In order to handle the              On the other hand, exceptions and alerts can be gener-
exceptions and monitor the exception handling process,          ated by automated processes, such as the following:
(especially those important and / or with urgency require-          Images and Data Transfer Process – A “Transfer”
ments), Chiu et al. [6] proposed the use of alerts to model     exception can be triggered if the transfer process of imag-
and implement this. The key differences between alerts          es and XML data to the central office file server is not
and exceptions are that alerts represents messages sent to a    completed or failed/aborted at some points (because of the
target, usually with time and urgency constraints, and that     stability of network connection). An alert can then notify
alerts are monitored and tracked. That means, to handle an      the MIS staff in the branch or zone office to investigate
exception, an Alert Management System (AMS) sends an            the root cause of transfer failure and resume the transfer
alert message to a handler (human or system) and keeps          process as soon as possible. An alert can be triggered after
track of the process until the handling job is finished.        the transfer process of the branch or zone office is com-
    In this application, the main objective of applying         pleted successfully, so that the import robot resided on the
alerts is the concern about the turnaround time in the in-      workflow engine can start the data verification process and
surance application process. Some key exceptions and            import the images and data into workflow system. This
alerts generated by the main stakeholders are listed as fol-    helps to shorten the total time for processing of new appli-
lows.                                                           cations and monitor pending cases.
    Agent – Cancellation of an insurance application can            Import Robot and Workflow Engine – A “Data In-
trigger an alert to the central office so that the workflow     consistency” alert is sent to the agent if the import robot
                                           Agent                        MIS Staff


                                 Desktop                      Mobile                PDA            Clients



                                                                                                                                               Firewall
                     Branch /
                      Zone                                                XSLT Processor Agent
                                                                                                               SMS/Email
                     Offices                                                                                    Adaptor               Head
                                                                                                                                      Office
       Cashier/
    Scan Officer/
                                                                              MSMQ
    Index Officer/                                                                                            MSMQ
                      Cashier      SOAP                                      Message
      QC Officer                                                                                             Message
                       Entry


                                                   Web Services Agent     MSMQ                                 MSMQ
                                                                                                                                                          ECA rules
                                   SOAP                                  Message    Message Server            Message           Alert
                     Scanning                                                                                                                         Event Repository
                                                                                       (MSMQ)                                Management
                      System                                                                                                                        Event Subscribers List
                                                                                                                               System
                                                                                                                                                      Business Entities
                                                                                                               MSMQ
                                                                                                              Message
                                   SOAP
                      Index &
                                                                                       Existing Enterprise Systems and Workflow Engine
                        QC
                                                                                      Data and                                      Printing            Other
                                                                                                              Underwriting
                                                                                    Image Import                                    System            Enterprise
                                                                                                                System
                      Transfer                                                         Robot                                        Servers            Systems
                                   SOAP
                      Module

                                 Firewall

 Figure 3. System Architecture for AUS

checks that the XML data uploaded from the branch or                                                  quests more additional documents from him in case the
zone office contains inconsistency after validating with                                              agent does not contact him. This also reduces the chance
XML schema. This alert urges the agent to repeat or fix                                               of giving a negative image to the potential customers of
the images and data upload process.                                                                   poor services.
    Workflow Engine - An “Application Pending” alert is
triggered to the agent who submitted an application for                                               3. System Design and Implementation
his/her client when the underwriter changes the new appli-
cation status to “pending” because additional documenta-                                                  In this section, we present the system design and im-
tion is required. This alert urges the agent to contact its                                           plementation for our AUS, which includes the system ar-
customer for the relevant documents before he receives an                                             chitecture, various system components, Web services se-
official “document request” letter from the insurance                                                 curity, and an example scenario.
company, as applicants may need time to present docu-
ments, like health certificates or financial statements is-                                           3.1. System Architecture
sued by banks.
                                                                                                          Figure 3 shows the overall system architecture for our
2.4. Relationship management requirements                                                             AUS. We add on top of the existing enterprise information
                                                                                                      systems four main components in the backend AUS: Web
    Alerts and exceptions are not only dedicated to han-                                              Services Agent, Message Server, Alert Management Sys-
dling abnormal or unexpected events. These can be used to                                             tem (AMS), and Event-Condition-Action (ECA) rules
enhance the relationship between insurance company and                                                database that defines the actions to be triggered under
potential customers (B2C). For example:                                                               some predefined conditions. We discuss the functionalities
    Applicants can be notified by email with the progress                                             of these components in the following subsections.
of its life insurance application. On the other hand, the                                                 One of the main problems in the current process auto-
agent can contact his applicants promptly after he receives                                           mation is the effectiveness of communication among dif-
an acknowledgement email. Reminder alerts can be sent to                                              ferent stakeholders and systems involved in the entire pro-
the agent in the form of SMS to remind him/her to contact                                             cess of underwriting. Based on the above discussions, we
his/her applicant to collect required additional documents                                            design an AUS based on exceptions and alerts as the uni-
to process a “pending” application. This helps reduce the                                             fying communication platform within the entire underwrit-
risk of insurance application being cancelled after an ap-                                            ing processes. On this platform, we choose to use Web
plication has been pending for some time. This is because                                             Services with SOAP protocol for the communication and
the customer may not know that insurance company re-                                                  Message Server (such as Microsoft MSMQ [8]) for the
underlying message (exceptions and alerts) processing.          Request SOAP Message
The reasons why we choose Web services with SOAP
                                                                <?xml version="1.0"?>
protocol in our platform are as follows:                        <soap:Envelope
 Web services can be invoked over the Internet or              xmlns:soap="http://www.w3.org/2001/12/soap-envelope"
                                                                soap:encodingStyle="http://www.w3.org/2001/12/soap-encoding">
    intranet, within or outside the firewall. For example,
                                                                <soap:Body xmlns:m="http://www.insurance123.com/imaging">
    some processes like document scanning or image in-            <m:System SYSID="TRANSFER_MODULE" FUNCID="UPLOAD">
    dexing may be located in the central office or out-             <m:TotalCases>100</m:TotalCases>
                                                                    <m:Policy>
    sourced to other service providers.                               <m:PolicyNo>B100000101</m:PolicyNo>
                                                                          <m:DocumentID DocID="F10001">
                                                                          <m:ImageFilename>B100000101_1.TIF</m:ImageFilename>
   Less development time is required to deploy Web                       <m:ImagePages>4</m:ImagePages>
                                                                          <m:IndexField FieldID="OWNER">JOHN LEE</m:IndexField>
    service features from existing application, especially                <m:IndexField FieldID="INSURED">MARY CHAN</m:IndexField>
                                                                          <m:SignatureFilename>B100000101_SIG.TIF</m:SignatureFilename>
    with the tools and libraries provided.                                </m:DocumentID>
                                                                    </m:Policy>
                                                                    <m:Policy>
   It supports synchronous (RPC) and asynchronous                   .......
                                                                    </m:Policy>
    messaging.                                                    </m:System>
                                                                </soap:Body>
   SOAP has been implemented on many different                 </soap:Envelope>

    hardware and software platforms.
                                                               Figure 4. Request SOAP Message
   SOAP can be protected under the Web Service secu-
    rity [7] standard.
                                                                Response SOAP message

                                                                <?xml version="1.0"?>
                                                                <soap:Envelope
3.2. Web Services Agent                                         xmlns:soap="http://www.w3.org/2001/12/soap-envelope"
                                                                soap:encodingStyle="http://www.w3.org/2001/12/soap-encoding">
    In our system, Web services technology is chosen to         <soap:Body xmlns:m="http://www.insurance123.com/imaging">
support the communication between the AUS backend                 <m:System SYSID="AUS" FUNCID="EXCEPTION"
                                                                               SOURCE_SYSID="TRANSFER_MODULE">
systems and other front-end, sub-systems in branches and            <m:ErrorCode>9001</m:ErrorCode>
zone offices, as well as external agents and clients. The           <m:ErrorMsg>Upload Batch 10A was rejected because the missing files
                                                                        found in the following policy images. Please upload the batch again.
Web Services Agent transforms the incoming messages,                <m:/ErrorMsg>
which are in the form of XML data embedded in SOAP                  <m:ErrorMsg>B100000101_1.TIF was missing in file server.<m:/ErrorMsg>
(Simple Object Access Protocol) [14], into native message           ......
                                                                  </m:System>
formats that can be sent into the queues of the central mes-    </soap:Body>
sage server. The Web Services Agent also transforms the
alerts and exceptions from the form of native message          Figure 5. Response SOAP Message
format into the XML/SOAP format and uses HTTP proto-
col to send the XML message to the branch/zone offices
systems through respective Web services.                       3.3. Message Server
    A sample SOAP messages from a client system is
shown in Figure 4. This message describes the indexed
                                                                   The message server comprises of application queues
data and images to be uploaded to the file server in the
                                                               and system queues and the server manages the received
insurance headquarter after scanning operations have been
                                                               data (i.e., incoming XML/SOAP messages, internal
performed on the submitted documents in branch and zone
                                                               MSMQ messages from other enterprise systems, and alert
offices. Figure 5 shows a response message from the AUS
                                                               messages from the AMS and routes the messages to the
that describes an alert from the Transfer Module in a
                                                               target (subscribed) parties. For example, when the Trans-
branch or zone office and notifies the MIS staff to handle
                                                               fer Module sends a Web service message to the AUS, the
the exception.
                                                               message is put into two waiting queues: one for the Import
                                                               Robot and another for the AMS (so that the AMS can
                                                               monitor the progress of the Import Robot). When the Im-
                                                               port Robot has verified the integrity of uploaded data and
                                                               images, it sends a message to inform the AMS of job
                                                               completion, or a “Data Inconsistency” alert in case of data
inconsistency. These messages triggers events so that the                            Scan Station generates XML data for upload process
AMS issues new alert/exception messages upon on the
                                                                        Start
conditions in the event repository database to related par-
                                                                                      Upload XML data and Image files into File Server
ties for further actions (as discussed in Section 2.3)
based on the ECA rules defined by the administrators.
    The reasons why we choose the Message Server as a                                  Generate SOAP Message to Web Service Agent

core component in managing data communication are as
follows:
 Most of the message servers support Web service                        Import Robot verifies the data and images          AMS captures event
     functionality.
                                                                              Generate Verification event

   Message servers support guaranteed message deliv-
    ery.
                                                                                        AMS analyzes and generate response message

   Asynchronous message communication as well as
    publish-and-subscribe can be supported.
                                                                  Web Servies Agent transfers the message into SOAP message         Generate SMS/Email


3.4. Alert Management System (AMS)
                                                                             Send SOAP Message to Scan Station            Send SMS/Email to Scan Officer/MIS Staff

    The main role of the AMS is to manage the alerts. It
also captures the events and exceptions (i.e., MSMQ na-
tive message format) submitted by other parties. Alerts are
                                                                                               Upload XML data and image again
generated based on the ECA rules specified in database to
the appropriate parties. It further transforms the alerts into
a MSMQ message and put it on the waiting queue for Web           Figure 6. Activity flow between Transfer Module and
Services Agent for the delivery. Further details of the          Import Module
mechanism of the AMS, including descriptions of the
ECA rules, can be found in our earlier paper [6]. We apply
the same AMS module except that we include a message             3.6. Web Service Security
server component to further increase the messaging relia-
bility.                                                              Web services integrate applications inside and outside
                                                                 the organization. However, distributed computing always
3.5. Example Scenario                                            has a challenging set of security issues. Identities and mes-
                                                                 sages are two of the greatest security challenges brought
    In this subsection, we use a scenario to illustrate the      on by Web services. Web services transport potential un-
system flow in our AUS. Figure 6 depicts the process flow        known entities into your organization and messages are
for this scenario. First, a Scan Station prepares a XML          transported from one place to another place through an
data file which contains the policy number and other in-         unsecured channel, the Internet. Therefore, actions must
dexed data for the scanned documents. When the XML               be taken to safeguard the information exchanged among
file is ready, the Transfer Module uploads the XML file          the authenticated parties. XML Encryption and XML Sig-
and document image files into the central file server. Upon      nature are used to address the protection of sensitive data
completion, the Transfer Module generates a SOAP mes-            and the identification of identity of data sender respective-
sage, which details the uploaded data to Web Services            ly [15]. Figure 7 shows an unprotected SOAP message
Agent in order to notify the Import Robot to verify the          that contains payment information for an insurance policy.
integrity of uploaded data and images.                           Figure 8 shows how encrypted messages and signature are
    After the verification, the Import Robot generates the       put in a SOAP envelop.
verification result event and the AMS captures the “data
uploaded” event from the Transfer Module together with
the event generated by the Import Robot, and returns the
appropriate events back to the Scan Station and Scan Of-
ficer based on ECA rules processing.
                                                                                     The <EncryptedData> element block contains the en-
<soap:Envelope soap:xmlsn="http://www.w3.org/2002/12/soap-envelope">
                                                                                 crypted form of payment information. The <Signature>
 <soap:Header>
 ...                                                                             element contains the XML signature for payment data. In
 </soap:Header>                                                                  general, a shared key must be provided so that receiver of
 <soap:Body>                                                                     the messages can decrypt the protected data. However, it
 ...                                                                             is a bad idea to include the key in the SOAP message (i.e.,
   <x:Policy PolicyNo="B100000200" x:xmlns="http://www.insurance.com/payment">
                                                                                 the <KeyInfo> element block) because unauthorized par-
     <x:Payment Type="CreditCard">
       <x:CreditCard Type="Visa">                                                ties could just get the key and decrypt the protected data.
        <x:CardNumber>4404119200931293</CardNumber>                              AgreementMethod is a protocol for safely communicating
        <x:ExperationDate>200710</ExperationDate>                                a secret key. This key agreement protocol, like the SSL
        <x:PaymentMode>ANNUAL</x:PaymentMode>                                    secret key agreement protocol, is used to generate the en-
        <x:Amount>1200.00</x:Amount>
                                                                                 cryption key along with the key material necessary to re-
        <x:Currency>HKD</x:Currency>
       </x:CreditCard>                                                           peat the encryption key generation on the recipient’s side
     </x:Payment>                                                                [15].
   </x:Policy>
   ...
 </soap:Body>
                                                                                 4. Discussion and Summary
</soap:Envelope>                                                                      Process automation by integrating existing enterprise
                                                                                 information systems with workflow software has proved
Figure 7. Unprotected SOAP Message
                                                                                 to increase the staff productivity, thus turns out to generate
                                                                                 more business values in terms of more revenue and less
<soap:Envelope soap:xmlsn="http://www.w3.org/2002/12/soap-envelope"              expenditure. However, if the process flow within a busi-
 xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"                                  ness workflow from one step to next step is not smoothly
 xmlns:xsig="http://www.w3.org/2000/09/xmldsig#"
 xmlns:wsse="http://schemas.xmlsoap.org/ws/2002/04/secext">
                                                                                 executed (e.g., failure of transferring complete XML data
 <soap:Header>                                                                   to workflow engine and servers but no further “resend”
   <wsse:Security>                                                               action is done), then the next step may not be able to pro-
     <xenc:ReferenceList>                                                        ceed until the problem is detected and fixed. This kind of
        <xenc:DataReference URI="#PaymentID"/>                                   situations significantly wastes human resource and time
     </xenc:ReferenceList>
                                                                                 and should are not expected to occur in automated pro-
   </wsse:Security> ...
 </soap:Header>                                                                  cesses. Therefore, by integrating the AUS with the exist-
 <soap:Body>                                                                     ing workflow infra-structures can bring the workflow au-
 ...                                                                             tomation into full play because the errors or unexpected
 <xenc:EncryptedData Id="PaymentID">                                             events can be detected and relevant parties or processes
   <xenc:EncryptionMethod                                                        are notified with alerts to rectify the problems. The follow-
     Algorithm= "http://www.w3.org/2001/04/xmlenc#tripledes-cbc"
   <xsig:KeyInfo>
                                                                                 ing tangible benefits can be achieved with the AUS, main-
     …..                                                                         ly through the enhanced monitoring and tracking through
   </xsig:KeyInfo>                                                               the AMS with a service-oriented architecture.
   <xenc:CipherData>                                                                  For example, the turnaround time taken to rescan doc-
     <xenc:CipherValue>...</CipherValue>                                         uments, which have been identified as poorly scanned, is
   </xenc:CipherData>
                                                                                 shortened. If the scanning officer is not notified properly,
 </xenc:EncryptedData>
 <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">                          the poorly scanned document will probably be rescanned
   <SignedInfo>                                                                  after the scanning officer triggers to print out a report on
       .......                                                                   listing those document rescan requests, thus resulting in
   </SignedInfo>                                                                 longer processing time in some cases. This benefit is also
   <SignatureValue>                                                              applicable to the process of “Document Reindex” for the
           Y4MhHzBYz+CBdAz1LhAFjy6QxQoKJoA7l2eG45QV0hDIJrmXwLEG
   </SignatureValue>
                                                                                 index officers.
   <KeyInfo>                                                                          Moreover, the AUS helps maintain data integrity in
       .....                                                                     uploading data into the centralized file server. If the XML
   </KeyInfo>                                                                    data is inconsistent and the import robot still proceeds to
 </Signature>                                                                    import the inconsistent data into workflow engine, it will
   ...
                                                                                 result in unexpected or serious consequences. The conse-
 </soap:Body>
</soap:Envelope>                                                                 quences may be a delay in processing applications or even
                                                                                 a wrongly underwritten insurance application that could
                                                                                 put financial risk to insurance company.
Figure 8. Encrypted SOAP Message
                                                                Order Received



                      Check                             Req
            Enquiry             Prepare      Send                  Send          Prepare   Deliver &   Payment
  Begin    Received
                      System                            Extra                                                     End
                               Quotation    Quotation   Info     Extra Info      Service    Install    Received
                      Config

                                                                   Request
Sell Integrated System                                              Extra
                                                                    Info




              On the other hand, more attributes canAssemble
                               Begin
                                             Order
                                            Missing
                                                          be added to InstallReferences   Test
                                                                                                           End
                                                          generated to Software
          measure staff performance. Since the alerts System
                                             Parts
                                                                                         System

          officers and agents are monitored by the AMS, the time             [1] Miriam Orsina, Gene Stone, “Insurance Company Opera-
          spent           Prepare Service
     System on handling the exceptions and alerts can be calcu-                   tions” (2nd Ed), pp.3, LOMA, 1999
     Integrator
          lated based on the time recorded in database. For example,
          if a scanning officer receives a “document rescan” alert,
                                            Update
                                                                             [2] Harriett E. Jones, Dani L. Long, "Principles of Insurance:
                                                                                  Life, Health and Annuities" (2nd Ed), pp. 8, LOMA, 1999
                              Begin                        End
                                            Catalog
          then he must rescan the requested documents and relevant
                            the “document update time.” The perfor-
          records withinReceive Part Info Updates
          mance is logged into database and reports for staff can            [3] Jane Lightcap Brown, Kristen L. Falk, "Insurance Admin-
          include this kind of attributes to measure the staff perfor-            istration", (2nd Ed), pp. 22, LOMA, 2002
          mance. So, the workload on investigating problems related
          to the entire operation flow can be reduced as detailed            [4] Jane Lightcap Brown, Kristen L. Falk, "Insurance Admin-
          information about the problems can be found from the                    istration", (2nd Ed), pp. 67, LOMA, 2002
          exceptions and alerts well managed by the AMS of the
          AUS.                                                               [5] Miriam Orsina, Gene Stone, “Insurance Company Opera-
              In addition, the following intangible benefit can be                tions” (2nd Ed), pp.243, LOMA, 1999
          achieved with the AUS. Customer satisfaction can be im-
          proved. The document processing and flow are smoothly              [6] D.K.W. Chiu, Benny Kwok, Ray Wong, E. Kafeza, and
          controlled and executed. This can shorten the entire pro-               S.C. Cheung, “Alert Driven E-Services Management,”
          cessing time for new case applications and thus result in               HICSS37, IEEE Computer Society press, CDROM, 10 pag-
          issuing and sending policy to policy owner within a short-              es, Jan 2004 (Best Paper Award, Decision Technologies
          er period of time. This can enhance the insurance compa-                track).
          ny’s professional image as well because the short pro-
          cessing time of new insurance application can impress its          [7] OASIS, Web Services Security Core Specification 1.1,
          customers and improve the customers’ confidence in in-                  http://www.oasis-
          surance company. This might led to more business oppor-                 open.org/committees/tc_home.php?wg_abbrev=wss, 2004
          tunities in the future.
              This paper has presented an overview of underwriting           [8] Microsoft Message Queuing MSMQ,
          process in an insurance company and the automated facili-               http://www.microsoft.com/windowsserver2003/techn
          ties incorporated into the underwriting process to drive the            ologies/msmq/default.mspx
          entire underwriting. A Web-service based alert-enhanced
          underwriting system has been presented in this paper to            [9] Global 360, http://www.global360.com
          overcome most of the existing problems of the underwrit-
          ing process workflow implementation. We expect this                [10] Dynamic e-business using Web service workflow,
          approach is suitable to other business processes that in-               http://searchwebservices.techtarget.com
          volve human approval together with the need for maintain-
          ing documents for auditing and legal purposes, such as             [11] EDI and XML Solutions - iWay Software,
          loan and credit card approval.                                          http://www.iwaysoftware.com/products/edi.html
              After finishing the AUS platform prototype, we shall
          then proceed to study the benefits of adopting the platform        [12] ebXML - Enabling a global electronic market,
          in existing workflow infra-structures in the insurance                  http://www.ebxml.org
          company’s perspective through questionnaires to collect
          user feedback. Although the proposed platform obviously            [13] D.K.W. Chiu, S.C. Cheung, E. Kafeza, and H.F. Leung, “A
          facilitates the handling of most problems or events in the              Three-Tier View Methodology for adapting M-services,”
          process flow of underwriting, there are still some unex-                IEEE TSMC, Part A, 33(6):725-741, Nov 2003.
          pected events that are hardly to be detected or tracked.
          Further studies should be carried out on this topic. Future        [14] SOAP (Simple Object Access Protocol),
          works include the extension of AUS platform to support                  http://www.w3.org/TR/SOAP
          artificial intelligence in handling the exception events as
          well as agent-based assistance to internal staff and external      [15] Jothy Rosenberg, David L. Remy, “Securing Web Services
          users. We are also interested in empirical measurements of              with WS-Security”, pp 222-230, SAMS, 2004
          the improvement of staff performance and customer satis-
          faction.

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:56
posted:4/25/2012
language:English
pages:9