Big Data in the underwriting process
A feature of InsurTech led underwriting is the paradigm shift from protection of risk to prevention of risk.
The traditional underwriting model is based on a combination of policyholder responses to proposal forms, historical claims data and risk studies; data that is used by actuaries to predict consumer behaviour and identify patterns in claims losses.
Within the underwriting context specifically, InsurTech seeks to alter traditional models by exploiting the connectivity facilitated by the IoT and the vast amounts of Big Data it unleashes. The majority of products using IoT based smart devices described in Internet of things (IoT) and smart devices above, for example, are designed to reduce the risk of claims (or at least the amount) on policies either by passively controlling customer behaviour or through mitigating losses that may occur.
The aggregation of large amounts of data derived from a variety of exploitable data sources (including IoT devices and social media), is increasingly being applied in the underwriting process to not only analyse, but also predict, consumer behaviour. This enables insurers to assess risk more precisely, price policies better, reduce losses and estimate necessary reserves accordingly.
While customers may be intrinsically drawn to the prospect of reduced premiums, InsurTech raises a number of legal and regulatory concerns, particularly within the underwriting process. The most palpable (and controversial) use of Big Data is in the calculation of premiums and the possibility it may lead to consumers being unable to obtain or afford insurance (so-called “uninsurables”), which has drawn increased interest by the regulators, as described further in Big Data: regulatory concerns and FCA approach below.
Big Data: regulatory concerns and FCA approach
The most obvious and wide-reaching legal implications for InsurTech relate to the assemblage and use of Big Data.
Much of the Big Data being gathered by the IoT constitutes “personal data” under the Data Protection Act 1998 (DPA). As data processors under the DPA, insurers must take care in how they obtain the data and be transparent about how the data will be used. Use of Big Data will also become subject to a stricter regime on implementation of the EU General Data Protection Regulation ((EU) 2016/679) (GDPR). The GDPR sets out requirements for explicit, informed consent on the part of the individual to the use and processing of their personal data and imposes obligations on companies harvesting data, including from digital sources, like the IoT.
In addition to data protection law, the insurance sector is also subject to specific financial services regulation. The use of Big Data by insurers (as well as other financial services firms) has drawn scrutiny from the FCA, which has been keen to understand how the increasing availability of such data about customer behaviour may be used by insurers in calculating the premium or when deciding whether to underwrite the risk at all.
In November 2015, the FCA launched a Call for Inputs (CfI) on the use of Big Data in the retail general insurance sector, focusing on private motor and home (buildings and contents) insurance. A feedback statement detailing the regulator's findings (FS16/5) was published on 21 September 2016.
The FCA found that the use of Big Data produced a broad range of benefits both for the consumer and the insurer. The benefits include encouraging innovation in insurance products, reducing form filing, streamlining sales and claims processes and allowing consumers to adapt their behavior to reduce risks and cost. However, the FCA did identify two areas of material concern.
The first area was risk segmentation. Big Data potentially increases risk segmentation. This means that underwriting is being done increasingly on the basis of ever smaller or more segmented pools of risk or categories of insureds as underwriting models become more predictive and sophisticated. Of particular concern to the FCA is the possibility that high-risk consumers may be unable to obtain or afford insurance as a result of this risk segmentation. These high-risk consumers are referred to as the uninsurables.
In its analysis of the current market position, the FCA concluded that, at present, such a consumer determinant had not yet materialised in the general insurance motor and home sectors it looked at. However, it expressed concern that high-risk consumers could be excluded in the future as the use of Big Data becomes more widespread. The FCA warned that it will remain alert to the possibility of such exclusion and would support government intervention, if required.
The second area of concern was pricing practices. The FCA shared concerns raised by stakeholders in the CfI, in particular that insurers may use Big Data to charge certain customers higher premiums that do not reflect their actual risk profile or the cost of providing the insurance (for example, simply because those customers are more willing or able to pay more). While the FCA acknowledged that Big Data does not in itself cause price discrimination or optimisation, it is attuned to the possibility of firms developing such pricing practices in the future, as more data becomes available and analytical tools become more sophisticated. The FCA committed to further investigating pricing practices in the general insurance sector by analysing a limited number of firms on the potential effects of Big Data usage.
Big Data: insurer's knowledge and insured's duty of disclosure
The transmission of Big Data raises questions in the context of pre-contractual disclosure, where the insured is obliged under the Insurance Act 2015 (Act) to make a fair presentation of the risk.
Under the Act, the insured is not required to disclose any matter that is within the knowledge of the insurer; what the insurer already knows, ought to know, or is presumed to know. Big Data transmitted to insurers potentially constitutes information that is within the knowledge of the insurer. This interaction between Big Data and “knowledge” under the Act could lead to uncertainty (and disputes) as to the extent of the insurer's knowledge and arguments as to whether the policyholder has complied with their duty before entering into the insurance contract.
There is also concern within the industry that online insurance sales sites gathering Big Data may not be asking the right questions in the pre-contractual stages of the underwriting process. Given that the insured's duty to disclose information exists primarily prior to entering into the contract, such a “passive” approach to data following implementation of the Act could have a direct impact on the insurer's ability to defend a claim on the basis of a breach of the duty of good faith.