Case Study

NAIC MAR Compliance Solution for a Health Insurance Provider

The Client: Leading Provider of Health Insurance in the US

Leading provider of health insurance in the US. The Insurance company is a leading provider of health insurance to large companies, small businesses, families and individuals in a US state.



As a leading health insurance provider, the client has a responsibility to conduct business with high ethical standards in compliance with regulations such as Medicare and Medicaid Compliance, Market Conduct Examinations, NAIC Model Audit Rule (NAIC MAR), Code of Conduct, OIG Corporate Integrity Agreements (CIA), HIPAA and Quality Accreditations . Uncompromising integrity to build trusted relationships with members and the communities it serves is of utmost importance to the client. Compliance with all relevant regulations is mandatory for the client to maintain its leadership in corporate governance standards and ethics.

With the US healthcare system undergoing a transition, several health insurance providers are advancing their Governance, Risk and Compliance (GRC) programs to manage their risk, streamline internal audits and ensure compliance with multiple regulatory requirements and corporate policies. Several health plans, including some of the largest fellow affiliates of the client, recently selected MetricStream to respond to rapidly changing regulatory environment.

Model Audit Rule (MAR) is the regulation on solvency and corporate governance developed by the National Association of Insurance Commissioners (NAIC). The regulation has come into effect for fiscal year 2010 for insurance companies, captive insurance companies, non-profit insurers and health plans. The focus of NAIC MAR has been to maintain consumer protection and the strength and solvency of the insurance industry.


With the impending effect of NAIC MAR, the client realized the cumbersome and unreliable nature of its risk assessment and reporting process. This acted as a key driver for the client to choose a solution that would go a long way in successful management of its future compliance requirements. To the client, this meant strong corporate governance in the areas of auditor independence, corporate governance and internal control over financial reporting.

The client needed to replace the existing free-form, manual processes with an integrated workflow-based risk and compliance management system. The client’s key criteria for the ideal solution included effective usability and ease of deployment. After weighing all options available in the market, the client selected MetricStream Compliance Management software solution.

MetricStream Enterprise GRC Platform: The solution suite delivers a powerful combination of process automation, best-practices workflows, data integration, reporting, analytics and regulatory content. It provides a common framework and an integrated approach to manage all compliance requirements faced by the client. It enables a consistent compliance and controls processes across the enterprise, eliminating any deviations and errors as well as redundant activities. Streamlined processes allow the client to take direct responsibility for managing controls while auditors can focus on key compliance risks and project oversight.

Risk Management: MetricStream deployed an integrated and flexible risk management framework for documenting and assessing risks, defining controls, managing audits, identifying issues and implementing recommendations and remediation plans. The risk management solution includes powerful tools for risk analysis and for monitoring such as configurable risk calculators and risk heat maps. Embedded content about risk management best practices helps the client define the scope of processes and sub-processes for which risk management needs to be performed and guides the development of control and test libraries.

Implementation Approach: The implementation was carried out in a phased manner. With the objective to support the client’s urgent compliance obligations, the project followed aggressive timelines throughout. Leveraging the product’s rich, out-of-the box functionality and AppStudio for obtaining configurations based on customer requirements, the MetricStream team successfully completed the implementation, data migration and hardware provisioning in just five weeks.

Why the Company Selected MetricStream?

In its endeavor to brace itself for the forthcoming NAIC Model Audit Rule (MAR) compliance and resolve the issue of cumbersome manual reporting processes, the client examined several providers of compliance solutions.

On scrutinizing diverse solutions available in the market, the client zeroed in on MetricStream’s GRC solution.

The client recognized that MetricStream offers a comprehensive GRC solution that addresses a wide range of regulations to reduce the overall cost of compliance management. The team found the MetricStream solution easy to deploy, user-effective, configurable, scalable and secure.


Increasing regulatory demands: With increasing regulatory demands from government for health insurers, the client recognized the need for a sound GRC technology architecture for sustaining compliance, preventing fraud and managing a wide array of risks.

Managing diversified risks: Financial health of the client depends on several areas of risks such as investments, policy and claim reserves, premiums, payment of benefits, reinsurance, operating expenses and taxes. The client has control mechanisms to manage such risks. However, most risks and controls were not sufficiently documented and were not assessed periodically in a systematic manner.

NAIC MAR Compliance Requirements: With the immediate goal of NAIC MAR compliance, the client needed to define responsibilities and document its financial risks and controls in a formal structure for monitoring and reporting purposes.

As the focus on accountability became stronger, the client needed to place even greater emphasis on the interests of the policyholders, shareholders and employees. This required integrated and enterprise-wide architecture for GRC for meticulous risk tracking and reporting.

As the business complexity increased, risk and compliance executives in the client sought better visibility and quick access to information which was difficult to collect, monitor and communicate. The senior management of the client needed to mandate the certification of the effectiveness of internal control over financial reporting (ICFR), periodically.

Automation: For Enterprise Risk Management (ERM) and compliance activities, the client was using free-form manual, paper-based processes and basic tools such as spreadsheets and e-mails. Automation of these manual processes for effective control assessment and report creation was another challenge the client was faced with.

Absence of a single system of records for consolidating compliance processes and risk data was resulting in poor risk assessment and reporting.

The client decided to invest in technology and implement MetricStream’s Enterprise GRC Platform to strengthen its ERM and compliance activities.

Customer Quote

"We were seeking an integrated workflow-based system to manage our risk management and compliance activities in a collaborative manner. We chose MetricStream primarily because of usability and ease of deployment.

"With MetricStream's role-based views that offer insights into core GRC processes and key metrics, real-time dashboards and reports, we can now track the status and trends relating to key risk and compliance programs more effectively," says the spokesperson of the client.


  • Assured compliance with NAIC MAR:
    With real-time tracking and monitoring, the solution has helped the client to recognize and focus on diverse areas that need attention based on their status of compliance with NAIC guidelines. The solution has assisted the client in documenting, tracking and reporting NAIC Model Audit Rule (MAR) compliance initiatives at all organizational levels.
  • Readiness for future compliance requirements:
    By analyzing trends and risks based on frequency of occurrence, identifying high-risk areas quickly, documenting the scope of controls in a structured manner, identifying and testing controls, the client can now continuously monitor and improve the control environment and support the changing regulatory requirements.
  • Visibility and corrective action planning:
    Ongoing structured reporting and communication with the senior management, along with the automation of compliance management processes, has gained the staff, senior managers and the board of directors of the client a clear visibility into the client’s risk and compliance activities. Using the MetricStream solution, the client has been fulfilling insurance regulatory compliance requirements and implementing effective strategies with reliable control systems and corrective action activities successfully.
  • Cost saving:
    By standardizing the compliance management processes, MetricStream has put into effect a consistency across the organization and has eradicated manual checks at multiple levels saving the client considerable costs.

Ready to get started?

Speak to our experts Let’s talk