 Live from Las Vegas. It's theCUBE, covering ServiceNow Knowledge 2018. Brought to you by ServiceNow. Welcome back to theCUBE's live coverage of ServiceNow Knowledge 18, hashtag no18. I'm your host, Rebecca Knight, along with Dave Vellante. We are joined by Gemma Kyle. She is the head of management assurance at MLC. She's straight from Sydney, so welcome Gemma. Thank you, thank you very much. Let's start off by having you tell our viewers a little bit about MLC. Sure, so MLC is a life insurance company. It's interestingly Australia's oldest and newest life insurance company. We were recently sold by National Australia Bank to Nippon Life, a Japanese life insurance company. And we are now, thanks to the investment of capital from Nippon into MLC life insurance, Australia's newest standalone life insurance company. So we come as a 130 year old company with 1.4 million customers, but also we're investing in new technology, new infrastructure, new processes, new business operations. So insurance is one of those industries that hasn't been radically disrupted. And I wonder what the conversation is like internally. Is there complacency? Not in our industry, not in my lifetime. I'll be retired by then. Or is there paranoia? Yeah, it's a great question. Look, it hasn't been disrupted, but it will be. I can't talk for the American market, but certainly in the Australian market, we have 17 players right now, and we know that they're going to consolidate down to eight or nine. And we want to be one of those eight or nine. The disruption is going to come from the fact that previously there had been complacency. Customers had not been communicated with, invariably because their life insurance sits within a broader wealth management product called superannuation. Now, what's happening is customers are becoming more informed, more demanding, and want access to more flexible and innovative products that can follow them through their life cycles of marriage and children and mortgage. And we really need to be on the front foot to offer the right kind of products and life insurance products to meet our customer's need. So superannuation was not a term that I was familiar with, and I know we go too deep into it, but it's basically Australia's version of Social Security, except you can see your money, you can invest, you have control over where it goes, and it's yours. That's correct. It's not just some black hole. Yeah, that's correct. Okay, nice. Yeah. I was just thinking about, when you were talking about how customers are starting to demand more, so when you think about digital transformation, is that what's leading the charge, would you say? Absolutely, absolutely. Now, when we talk about digital transformation, it's really about breaking down the silos that previously existed within companies, and it's not just life insurance companies, it's all types of financial services. So previously, we would have the actuaries who do the pricing of our products, and the advisors who sell our products were the gods of the insurance industry. Now, when we look towards digital transformation, it becomes technology, it becomes process, and it becomes risk management and control that are in the ascendancy. And this is really critical because customers are looking to self-serve. They want to make their own choices, and so that's where we need to meet them, and so we need to break down the traditional barriers between the silos and have a single platform that we can use the data analytics to better serve our customers. So the advisors are getting disrupted by the whole self-service trend. The actuaries, are we getting robo-actuaries now with machines? Well, I don't see why not. Hey, the data's there. Yeah, absolutely. We are actually required under regulation to have a chief actuary, and that absolutely makes sense. But what we're starting to have now is automatic underwriting engines. So previously, you would apply for an insurance policy and the underwriter would come in, who has an actuarial background, and they'd price the risk you present to the business. These days, we have sufficient data that as soon as you put your information into the system, we can automatically approve a policy for you. But that automated underwriting, and it's an example of the type of disruption we're starting to see. But humans are still the last mile, if necessary. Is that right? Absolutely, absolutely. You know, advisors are important because they help our customers understand their financial need. And advisors are very strongly regulated within the Australian market. They're required to be, to have a qualification. And we've recently seen changes to our legislation around the requirement to evidence that they're treating customers honestly, efficiently, and fairly, and selling them products that they need, not that they have been encouraged to sell by another supplier. What's your biggest challenge? Top three. Yeah, yeah, top three. Look, without a doubt, it's cultural change. Cultural change. By cultural change, I mean, you know, the behaviors and the beliefs that surround not just internally how we manage risk and compliance, but also externally around how customers perceive the insurance industry. We definitely suffer from a lack of trust. Now, the disruption that we're facing is that customers are saying, hey, we don't trust you. And it's not well founded. It actually doesn't bear out in the data in terms of how we pay our claims and how we service our customers. But there's certainly an image problem there. So we think we need to service, we think we need to address this cultural issue from the inside out. We need to fix ourselves and make sure that we can, with integrity, defend the decisions we make around how we service our customers. And then in turn, have customers really trust us, see what we do, trust us by how we behave, not just what we say. When you're talking about the behaviors, changing the behaviors, how is security risk compliance? How is that all perceived within your company? Yeah, yeah. Well, like I said, the actuaries are king. They have sophisticated data models through which they can price policies. And where we've traditionally been with risk and compliance is very much in a qualitative space around actions that are undertaken or sensors that things aren't working as well as what they should do. What we've started to do, and this service now has been absolutely critical to this journey, we're starting to shift the conversation away from risk and compliance and towards business process and control. We're shifting the conversation away from a focus on risk exposures or the things that you must do and onto the cost-benefit analysis of control investment options. And that allows our executive and our board to start to use data and analytics to drive decision-making around where we need to focus our efforts. So you're turning all this kind of back-office risk-oriented stuff into a value proposition for the organization. How can you talk a little bit more on how service now participates in that process? Sure. The ultimately, the value proposition, it is about behaviors, but the value proposition is all around being able to defend the decisions that you make, being able to demonstrate with data and analytics, and being able to put a quantified amount of money on the bottom line around what's the value to actually changing our behaviors or changing the way we manage your process. Service now is obviously critical to that because they have this amazing performance analytics engine that enables us to draw data out of the system as it relates to business process, as it relates to operational loss events, as it relates to customer complaints, as it relates to asset management, and integrate it to tell a story of where we're most exposed to loss today and potential loss tomorrow. It's a very powerful tool that even our, even our surprisingly CEO, not only does he now use his app that we've created for him, but he personally calls people in the office to say, hey, I see you've got an overdue action here, what are you doing about it? Now, I know, nobody wants that call. Nobody wants that call, and so consequently, we've got this incredible tone from the top that reinforces how important it is to pay attention to your controls, to your obligations, to genuinely own them, and that's where you start to see the cultural change. You don't do business in Europe, do you? No. Is there a GDPR equivalent in Australia if you're familiar with GDPR? No, sorry. Okay, so it's all about privacy. So the GDPR, the fines going to affect this month, it doesn't affect you because you're not doing business in Europe, but is there something similar in Australia where if a customer says, I want to know what data you have on me, or I want you to delete that data, you have to prove that, it's quite onerous, but is there anything similar? Absolutely, absolutely. So we've actually got two things. First of all, we do have the Privacy Act, and under the Privacy Act, that's been in place for quite some time, all individuals, whether you're an employee, or a customer, you have access to your data, and you also have the right to be taken off lists and call trees and the like. The government's just recently introduced CPS 147, which is a prudential standard around data breaches. Now previously, if there was a breach of data, so say for example, we accidentally send a letter to the wrong customer, and in that letter it has personal details about somebody's medical history. Now previously, that was not okay from a privacy perspective, but it wasn't notifiable to the regulator. With CPS 147, we now have a notifiable data breach system, it's just come in place, and we have to notify the regulator when we breach somebody's privacy, somebody's data, and we could be subject to fines. And does the ServiceNow platform play a role in that, in terms of just tracking the notification, or compliance, or? Absolutely, absolutely. When the change in legislation was introduced, we simply added literally another little tick box into our operational loss event module to say, is this a data breach? And just simply by doing that, now when you log a loss event, and you tick that little box, we can see from across the company, where are our data breaches happening? And is there a cluster? Is there something here that's telling us that we've got a systemic problem that we need to fix? As soon as it came in, we're automatically reporting on it. One of the things we're hearing is that there's so much great customer learning that takes place at Knowledge. Are you finding that? Are you talking with a lot of customers and about how you use the platform as a success? Absolutely, I mean, this is a really exciting conference. I'm really having such a good time, it's sort of overcoming my jet lag. It is very exciting. In Australia, we've already started some groups, so we work with other myself and my systems manager, Greg Dominish. The two of us tend to go to a lot of companies to talk about our experiences with the implementation of ServiceNow, what worked well, what didn't work well, and what we would do better, because we want to create a community of practice. We want to lift the practice of risk management above where it currently sits. And so walking around here, so many networking events, and this hall in particular is wonderful. So yeah, it's talking to lots of other customers. They're just sharing, you know, sharing innovations. It's very exciting here. How long, when did you go live with ServiceNow? Okay, so we went live, let's see, probably in, the first GRC module went live in June 2017. We then had another iteration in September 2017. So we've basically spread it out to make sure the next modules were looking to introduce a business continuity management. Each time we follow the same, we use the PPM tool that ServiceNow provides to actually implement the modules, but then we have a process that we follow ourselves in terms of putting in the data, cleaning it, categorizing it, making sure we've got the analytics right, and then we step to the next module. So we're just, interestingly enough, cultural change doesn't happen once you've implemented the system. Cultural change starts at the very point where you recognize there's an opportunity to do better. So as we implement each module, we're also maturing our practices, and we're also changing the culture of how the business approaches risk and compliance. And what's your relationship with IT and all of this? How does that all work? Look, it's very close. It's part of the transformation journey that those silos still exist, and they exist because we all create our own languages for understanding our world and how we engage with the business. Now, it's about breaking down those barriers, so we work very closely with them on security management, on business continuity management, and on incident management. And we're going through, we're going through the process now of aligning our language so that once we have that shared language, we have the shared data, and we can really become quite powerful. Well, Gemma, thanks so much for coming on theCUBE. It's been a really fun conversation. Thank you very much. It's been nice to hear. I'm Rebecca Knight for Dave Vellante. We will have more from Sir...