“The cloud continues to play a significant role for us in our API journey and we leverage multiple services available on both the AWS and Microsoft Azure platforms. A few of the services that we have leveraged include speech, computer vision, and geolocation to name a few. At the same time, based on our experience of enabling different distribution channels, we have built an API platform that helps us plugin with different distribution partners for enabling policy purchase, servicing and claims across the insurance lifecycle,” Girish Nayak, Chief – Technology, Customer Service, and Operations, ICICI Lombard General Insurance told ETCIO.
Prioritising API development
Today, the insurance company issues 97% of its policies electronically through a multi-channel distribution of dealer tie-ups, agents, brokers as well as new-age FinTech firms. Integrations with partners such as Paytm, PhonePe, Practo, etc. The API integration benefits in faster claim authentication and executes hassle-free processing.
“We use various services from Microsoft on the cloud including speech-based services to help us in increasing the compliance and productivity of our call center agents. Our various AI and ML algorithms including our break-in AI and health cashless authorization algorithms have been built in the cloud and integrate directly with our existing applications through APIs and services,” Nayak highlighted.
According to Nayak, prioritisation of applications and services continues to be the basis of the needs of the customer and the channel partner to service customers. His team has developed API 2.0 platform specifically to allow born-in-cloud digital companies to partner with on insurance products. This greatly expands their distribution capabilities, and Nayak is about to launch newer APIs which are aimed at corporate clients.
“Newer services continue to be built that help in customer servicing at the time of the claim or even at the contact center. The ever-changing needs of consumers remain the fulcrum for developing newer applications and services,” Nayak added.
Tracking API development and life cycle
API integration like any other software development requires close tracking and must benefit the business in terms of productivity and efficiency. For example, one of the major matrices that get tracked is the proportion of business that gets done digitally. Each business integration that the organisation undertakes has business parameters attached to it. In addition to that, there are operational parameters that get tracked too.
“We track the delta in turnaround time for the issuance of a policy before and after the development, the manual time saving, and finally, how much incremental business a new solution like this brings is driven by the voice of the customer,” Nayak said.
Over the last several years, Nayak and his team have moved to an agile methodology for software development, and that helps them in ensuring the ability to move to smaller release cycles as compared to the traditional software development lifecycle. This lean method of development, testing, and deployment helps the team in creating quick incremental deliveries and in improving applications quickly based on instant feedback received through the partners and business teams. Daily huddle calls and periodic scrum reviews are the keys to track the progress of such initiatives.
Challenges of API development
Like any other software development, API development and rollout have their own set of challenges. One of the most important challenges is to ensure security and encryption. A robust security framework and periodic security audits of applications are a must in ensuring that not only endpoints of applications are tracked but also there is a sufficient level of encryption and account-level security that is maintained. Detection of vulnerabilities and plugging them is an ongoing affair and needs to be monitored regularly. Data protection is a critical aspect of security that we pay close attention to.
According to Nayak, one of the key aspects, where organisations make mistakes, involves the estimation of volumes for integration. Since a lot of the APIs are built keeping the number of users in mind, it becomes extremely important to also estimate user-based rate limits to ensure scalability.
“User-based rate limits also help in tracking the number of calls per user and outliers are identified as a part of the security evaluation. Close interactions with partners and business teams during development ensure that such challenges are limited. Similarly, constant monitoring of services including throughput, latency, CPU and memory usage is a must to ensure that the APIs are functioning as per expectations,” Nayak highlighted.
Developing a cyber-secure environment for development
Nayak and his team have established comprehensive policies and guidelines in place to ensure a secure computing environment.
“We have a strong information security team in place that monitors software controls regularly to ensure compliance. Periodic security audits of applications and their endpoints are conducted to detect vulnerabilities as well as plug them. We have a risk management framework that gets reviewed and updated periodically by the senior leadership team,” Nayak emphasised.
The insurance company has moved from longer development times to smaller work cycles based on agile methodologies that the organisation has adopted.
As stated by Nayak, deployment cycle times are typically weekly and fortnightly and rely on lean development and testing cycles.
“Daily huddles and scrum reviews help in ensuring that deployments are on track and are delivering the expected value. API governance and dashboards help us in overall API management to ensure that each of the applications is secure and are delivering the value that they have been built for. While we have done significant development of our API platform, we continue to look at moving towards an enterprise-scale API gateway that will help us address the areas of security, management, and agility that will help us in the long run,” Nayak concluded.