InsurTech: where are we now?

Accelerated use of technology in the insurance sector is having both a disruptive and transformative impact on areas including product development, distribution, modelling, underwriting and claims and administration practice. The result is a new industry, known as InsurTech. But while the insurance market looks to technology for greater efficiency, regulators are beginning to raise concerns about managing potential risks. We explore the key trends in InsurTech and potential legal and regulatory issues that accompany them.

InsurTech, which describes the use of technology in insurance transactions and processes, is now an industry sector in itself. The insurance sector's use of technologies has accelerated to improve traditional insurance processes and models.

InsurTech is having a both disruptive and transformative effect on the retail and commercial parts of the insurance industry. It is leading to radical change in product development, distribution, modelling, underwriting and claims and administration practices. Its effects are multifaceted and have the potential to improve the way the market operates, but also result in outcomes that are of a concern to regulators.

Awareness, mitigation and management of the risks associated with the use of InsurTech are vital in a sector undergoing such rapid change. The purpose of this article is to give an overview of the main trends in InsurTech and to consider the potential legal and regulatory issues that accompany them.

The disruptive impact of low cost base, customer facing FinTech companies has gathered significant momentum in the last few years. Although the insurance market has always been an innovative one, the proliferation of InsurTech companies has lagged slightly behind the changes in the wider financial services sector.

The reasons for this lag include the following:

• To bring a new product to market, start-up customer-facing product distributers are typically reliant on incumbent insurers' licences to issue policies and their balance sheets.
• The comparatively more complex and heavily regulated nature of insurance products when compared to other financial services products.
• The barriers to entry for start-up companies that result from the capital and ongoing prudential and supervisory requirements in the insurance industry.
• Established insurers are hampered by legacy systems and the investment cost that replacing such systems would involve.

InsurTech's gathering momentum in recent times reflects a gradual industry-wide shift from a “product-centric” to a “customer-centric” model. This is driven by changing consumer expectations, and concurrent market and regulatory conditions, in tandem with technological advancement.

The industry's acceptance that it must adapt to these new technologies has significantly accelerated developments in the last 12 months. Unfavourable macroeconomic factors, harsher regulatory capital requirements and a soft market inundated with excess capital has led insurers to look to InsurTech to allow them to price more competitively and reduce administration costs.

The potential opportunities afforded by InsurTech have triggered a significant growth in investment in businesses operating in this sphere. In 2015, investment activity in InsurTech technology and services surged to US$2.6 billion, up from US$800 million in 2014. In the first quarter of 2016 alone, 45 deals attracted over US$650 million.

This article is divided into four distinct sections to examine the latest InsurTech developments and the potential legal and regulatory issues arising from them. We consider:

• Products. Smart devices and sensors (such as telematics) and the internet of things (IoT) are being used to launch new products that offer cost savings to consumers and lower risks for underwriters. Mobile technology is allowing products with peer-to-peer (P2P) features and pay-as-you-go (PAYG) insurance. These products are designed to allow the millennial generation to access insurance cover they actually want.
• Distribution. The wider use of technology is having a disintermediating effect, cutting out “the middle man” and creating a more direct relationship between insurers and customers. This has allowed the market to develop and price products at a level more closely aligned to the demands of customers. New distribution platforms are being launched that are wholly automated and self-directional. Digital distribution models are advancing beyond the price comparison website model to encompass the sharing economy, P2P features, artificial intelligence (AI), robo-advice, machine learning and advanced robotic process automation (RPA). These features give customers greater control over what products they can purchase and on what terms, often without human intervention, usually all through their mobile phone.
• Underwriting. “Big Data” and data analytics, sometimes in conjunction with technology-based products, are being used to inform increasingly precise and segmented underwriting decisions, including pricing and risk assessment. This is allowing some start-up insurers to offer cover to individuals on better terms than would have been possible without this data, and in some cases, who would not have been able to purchase cover without it.
• Administration and claims. Blockchain and distributed ledger technologies (DLT) are being used at the proof of concept stage (sometimes in conjunction with smart contracts), and have clear potential application in data sharing, know your customer (KYC), anti-money laundering (AML) and fraud prevention, claims processing and general insurance record keeping. Claims processes are being automated and advanced by AI devices such as fraud software.

Internet of things (IoT) and smart devices

Broadly, IoT refers to the network or system of interconnected computing devices, machines, sensors, people and organisations; “things” that interact with one another without human agency and are capable of collecting, storing and transmitting to intermediaries and insurers vast quantities of data, like how a policyholder drives their car, cares for their health or manages their home. IoT devices include:

• Telematic (sometimes described as “black-box”) sensors installed in personal and commercial vehicles, which capture information such as routes, distances travelled and speeds, as well as vehicle performance, maintenance issues and crash data. There has been a steady rise in the number of well-known UK motor insurers offering telematic sensors alongside their motor policies and using “apps” to record driving habits.
• Location-based sensors fitted in factories, warehouses, offices and homes, including smart thermostats, security alarms and cameras and other similar sensors, which detect motion, sound, temperature, humidity and water, and measure energy use. These devices monitor and help prevent what would otherwise be an indemnifiable loss. Some of these IoT devices purport to improve responsiveness to emergencies such as fire, flooding or theft.
• Wearable or personal devices (often referred to as “fit tech”) such at FitBits and Apple watches, which monitor heart rate, steps, food consumption and calorie intake, weight loss and other health-related metrics. These devices communicate data to insurers for ongoing risk profiling. Many health insurance firms operating in this space offer a reduced premium to reward and promote healthier lifestyles. A few insurers have even started to offer discounts for policyholders to purchase the devices.

The objective, unfiltered and real-time risk data (including Big Data) generated from these devices enable insurers to construct an individual profile of a policyholder's characteristics and habits, and the risks associated with their behaviour. Insurers effectively “trade” this form of “connected coverage” and “data” by offering reduced premiums in exchange for more data, and developing products more attuned to the risk profile of the insured, incentivising those who are higher risk to alter their behaviours in order to reduce it.

At the moment, the trade is seen as being in favour of the policyholder as the increased information is offered to the insurer in exchange for a reduced premium, which would otherwise be unavailable to the customer; in some cases, it is the only way a customer can obtain coverage at all. The benefits therefore largely outweigh the privacy concerns of those purchasing the product. Consumer sentiment indicates, however, that a line will be crossed if this correlation reverses and in the future insurers ask for the data as standard and any customers not providing it are required to pay a higher premium than that offered to those who do.

Concerns regarding data privacy, discrimination laws, whether customers are treated fairly and whether customers' behaviour is being changed as a result of these products are relevant concerns as IoT and smart device-related products proliferate. The design of these products is inextricably linked to the underwriting and claims processes sitting behind them and the potential legal and regulatory implications arising out of the use of Big Data.

Pay-as-you-go (PAYG) and microinsurance

PAYG and microinsurance offer rapidly underwritten financial protection against specific risks over a relatively short period of time. Start-ups offering these products are beginning to emerge in the US and are often backed (through capacity arrangements or direct investment) by established insurers and reinsurers.

PAYG and microinsurance products are designed largely to cover renters' insurance, laptops, mobile phones, sporting and musical equipment through a mobile platform. The mobile phone apps through which these products are sold typically allow the user to upload and see the respective insurance values of various items, offer various insurance pricing and protection models, and allow the insurance to be turned on or off at any time.

These products are aimed particularly at millennials. The proposition assumes that this generation of customers may prefer to rent rather than own assets, might consider a risk is only worth covering for a specific period or purpose (for example, a weekend away) and generally want instant access through their mobile phone.

Typically, the claims process for these products will be (near) fully automated and customers will be able to make a simple claim over their mobile phone in minutes through an automated “chat-bot” process, with the claims cash being paid almost instantly straight to their bank account.

Peer-to-peer or P2P models

P2P digital platforms aim to reduce the cost of insurance by sharing insurance needs (commonly motor, home and mobile phone) within a self-selected group of consumers. The group, not the insurer, selects its members, with the result that pooled risk groups usually comprise family members or friends, or both, enabling the cohort to co-manage its own pool of money and claims through relationship influence.

An example of a P2P structure is where the premium for a group is calculated on the basis of the standard underwriting criteria on an individual basis. It is then aggregated and put towards the group's insurance fees and the group underwriting pool. Claims are paid out from the pool throughout the year, with the group's insurance fees providing a buffer, should the pool run out of funds. Excess claims money is distributed back to group members at the end of the year in the absence of claims or rolled over to the next year's pool. If claims exceed the pool monies, the excess is picked up by the insurer sitting behind the arrangement.

The P2P structure is beneficial to insurers as it incentivises good behaviour on the part of the insureds and reduces the risk of fraudulent and low level claims, as the pool's premium reduction is linked to group members not making a claim.

Although P2P reflects a modern extension of the historic origins of the Lloyd's market and the fundamental mutuality of loss-sharing, P2Ps are not akin to mutuals and the models in the market at the moment do not involve peers actively underwriting the insurance risks of the others in their group.

Other P2P models in financial markets, for example in lending, actually involve one customer “taking a risk” on another customer in exchange for a return. In insurance, however, the regulatory and capital requirements and governance structures that a mutual P2P model would require to operate as a regulated insurer may explain why to date P2P insurance has not caught on in the same way it has in retail lending. Insurers may also be wary of underwriting P2P pools that are too small due to concerns regarding the volatility of the pooled risk.

Artificial intelligence (AI), machine learning and robotic process automation (RPA)

The traditional insurance distribution system has gradually developed over the centuries into one where product sales are largely agency driven and the broker-insurer relationship is the predominant distribution model for the majority of lines.

The proliferation of technological innovation means that primary insurers are able to more efficiently and effectively source insurance and underwrite directly with customers, lessening the dependence on intermediaries; a so-called “disintermediating” effect.

One such advancement has been in the area of AI. AI is the operational processing and analysis of consumer data by sophisticated intelligent automation systems that, together with a series of algorithms, can emulate human behaviour and reconstruct human thought processes and intelligence. In other words, AI systems can carry out the work that previously required human intelligence.

AI can be applied across the insurance value chain, particularly in the areas of distribution and claims administration, where defined (and often time-consuming) processes, procedures and actions are commonplace.

A recent UK based start-up has created an automated insurance bot that seeks to entirely replace the human component of selling certain lines of insurance. Its mobile chat app, similar to WhatsApp, uses a robo-adviser to ask simple questions about a policyholder's insurance needs before offering a product, representing a novel distribution channel for insurance.

Advances in AI could also, over time, affect life insurance, where the tasks of sourcing and constructing life insurance portfolios and monitoring policies are all capable of automation. The need for other professionals, who are often involved in complex life insurance arrangements (such as lawyers and accountants) could be diminished by AI, leading to cost savings that could be passed onto policyholders.

The key short-term effect of increasing automation in insurance distribution is likely to be a decrease in brokerage commission rates across the market as the need for sophisticated broker advice diminishes. In the longer term, there is potential for increasingly sophisticated intelligent automation systems to eradicate the intermediary-based structure altogether through the use of the automated insurance agents (known as chatbots), which are becoming widespread within administration and claims processes, as explained further in Administration and claims below.

Big Data in the underwriting process

A feature of InsurTech led underwriting is the paradigm shift from protection of risk to prevention of risk.

The traditional underwriting model is based on a combination of policyholder responses to proposal forms, historical claims data and risk studies; data that is used by actuaries to predict consumer behaviour and identify patterns in claims losses.

Within the underwriting context specifically, InsurTech seeks to alter traditional models by exploiting the connectivity facilitated by the IoT and the vast amounts of Big Data it unleashes. The majority of products using IoT based smart devices described in Internet of things (IoT) and smart devices above, for example, are designed to reduce the risk of claims (or at least the amount) on policies either by passively controlling customer behaviour or through mitigating losses that may occur.

The aggregation of large amounts of data derived from a variety of exploitable data sources (including IoT devices and social media), is increasingly being applied in the underwriting process to not only analyse, but also predict, consumer behaviour. This enables insurers to assess risk more precisely, price policies better, reduce losses and estimate necessary reserves accordingly.

While customers may be intrinsically drawn to the prospect of reduced premiums, InsurTech raises a number of legal and regulatory concerns, particularly within the underwriting process. The most palpable (and controversial) use of Big Data is in the calculation of premiums and the possibility it may lead to consumers being unable to obtain or afford insurance (so-called “uninsurables”), which has drawn increased interest by the regulators, as described further in Big Data: regulatory concerns and FCA approach below.

Big Data: regulatory concerns and FCA approach

The most obvious and wide-reaching legal implications for InsurTech relate to the assemblage and use of Big Data.

Much of the Big Data being gathered by the IoT constitutes “personal data” under the Data Protection Act 1998 (DPA). As data processors under the DPA, insurers must take care in how they obtain the data and be transparent about how the data will be used. Use of Big Data will also become subject to a stricter regime on implementation of the EU General Data Protection Regulation ((EU) 2016/679) (GDPR). The GDPR sets out requirements for explicit, informed consent on the part of the individual to the use and processing of their personal data and imposes obligations on companies harvesting data, including from digital sources, like the IoT.

In addition to data protection law, the insurance sector is also subject to specific financial services regulation. The use of Big Data by insurers (as well as other financial services firms) has drawn scrutiny from the FCA, which has been keen to understand how the increasing availability of such data about customer behaviour may be used by insurers in calculating the premium or when deciding whether to underwrite the risk at all.

In November 2015, the FCA launched a Call for Inputs (CfI) on the use of Big Data in the retail general insurance sector, focusing on private motor and home (buildings and contents) insurance. A feedback statement detailing the regulator's findings (FS16/5) was published on 21 September 2016.

The FCA found that the use of Big Data produced a broad range of benefits both for the consumer and the insurer. The benefits include encouraging innovation in insurance products, reducing form filing, streamlining sales and claims processes and allowing consumers to adapt their behavior to reduce risks and cost. However, the FCA did identify two areas of material concern.

The first area was risk segmentation. Big Data potentially increases risk segmentation. This means that underwriting is being done increasingly on the basis of ever smaller or more segmented pools of risk or categories of insureds as underwriting models become more predictive and sophisticated. Of particular concern to the FCA is the possibility that high-risk consumers may be unable to obtain or afford insurance as a result of this risk segmentation. These high-risk consumers are referred to as the uninsurables.

In its analysis of the current market position, the FCA concluded that, at present, such a consumer determinant had not yet materialised in the general insurance motor and home sectors it looked at. However, it expressed concern that high-risk consumers could be excluded in the future as the use of Big Data becomes more widespread. The FCA warned that it will remain alert to the possibility of such exclusion and would support government intervention, if required.

The second area of concern was pricing practices. The FCA shared concerns raised by stakeholders in the CfI, in particular that insurers may use Big Data to charge certain customers higher premiums that do not reflect their actual risk profile or the cost of providing the insurance (for example, simply because those customers are more willing or able to pay more). While the FCA acknowledged that Big Data does not in itself cause price discrimination or optimisation, it is attuned to the possibility of firms developing such pricing practices in the future, as more data becomes available and analytical tools become more sophisticated. The FCA committed to further investigating pricing practices in the general insurance sector by analysing a limited number of firms on the potential effects of Big Data usage.

Big Data: insurer's knowledge and insured's duty of disclosure

The transmission of Big Data raises questions in the context of pre-contractual disclosure, where the insured is obliged under the Insurance Act 2015 (Act) to make a fair presentation of the risk.

Under the Act, the insured is not required to disclose any matter that is within the knowledge of the insurer; what the insurer already knows, ought to know, or is presumed to know. Big Data transmitted to insurers potentially constitutes information that is within the knowledge of the insurer. This interaction between Big Data and “knowledge” under the Act could lead to uncertainty (and disputes) as to the extent of the insurer's knowledge and arguments as to whether the policyholder has complied with their duty before entering into the insurance contract.

There is also concern within the industry that online insurance sales sites gathering Big Data may not be asking the right questions in the pre-contractual stages of the underwriting process. Given that the insured's duty to disclose information exists primarily prior to entering into the contract, such a “passive” approach to data following implementation of the Act could have a direct impact on the insurer's ability to defend a claim on the basis of a breach of the duty of good faith.

Artificial intelligence (AI), machine learning and robotic process automation (RPA)

The abundance of new products, improved capability of IoT devices, innovative distribution platforms and increased gathering and application of Big Data has directed insurers towards operating models that streamline their administration and claims processes.

With this in mind, AI, machine learning and RPA (including chatbots) are increasingly being deployed to aid customer service enquiries, claims administration, payment of claims, fraud detection, profit and loss analysis and behavioural analysis.

AI's most tangible impact to date has been in the areas of policy monitoring and claims processing, which are gradually becoming subject to intelligent automation to improve efficiency and produce cost-savings, consequently lowering premiums.

Also known as “robo-advisers”, chatbots are designed to simulate an intelligent conversation and replace humans in various insurance processes. Chatbots are already being used throughout the mobile banking sector, where basic AI programmes interact with and assist human customers.

Chatbots are given human-like names, making them more personal, and engage in natural conversation with the customer. They answer basic queries relating to the policy, such as coverage details, payments due and renewals, and provide contextual information on products and services. A growing number of large insurers are exploring how the use of chatbots might improve efficiency in administrative processes, particularly in the claims process.

Fraud detection software has been used to monitor voice calls for signs of fraud-related stress for some time. The use of AI can also enable earlier and more effective detection of fraudulent claims, as they are capable of discerning human emotions by monitoring facial expressions and natural language.

The effects of AI will be felt in society. Greater automation and advanced AI will inevitably impact the workforce, meaning issues such as redundancies will need to be considered. Additionally, thought will need to be given to customer engagement issues; there are certain interactions that may be more appropriately dealt with by way of human conversation, where a degree of empathy is required.

Blockchain and smart contract technology

Interest in blockchain technology has grown significantly over the past year across financial services, though it remains largely in the experimental phase within insurance. Both InsurTech firms and established insurers are beginning to find applications for distributed ledgers, blockchains and smart contracts in the underwriting and claims system, representing a radical departure from traditional insurance contracting and administration models.

A blockchain is derived from the technology underpinning the Bitcoin cryptocurrency. In simple terms, a blockchain is in effect a database that records each transaction in a “block”. Typically, each block contains a hash that is unique to, and references, the previous block in the “chain”. If any data in any block in the chain are later altered, this is immediately apparent to all participants of that blockchain, as that block's hash (and that of any subsequent block) will no longer correspond to the later block's record of that hash. The result is an indelible record that removes the need for a central authority or third party.

Blockchain technologies are known as “distributed ledgers” as they operate on a distributed basis. The record or ledger of all transactions is replicated in full on each participant's computer. They are highly transparent, because each participant has a complete, traceable record of every transaction recorded on the blockchain.

Automated claims payment processes powered by smart contract and blockchain technologies could result in policyholders being paid more quickly and reduce claims administration costs, the risk of fraudulent claims and administrative costs for the insurer. There is also the potential for policy adjustments to be automated.

As well as easing claims administration congestion, blockchains could aid general insurance record keeping by supporting an automated “bordereau” reporting system, with accessible and continuously validated policy and claims data available throughout the policy lifecycle.

Simultaneously recording policyholder and claims details in verified blockchains could also reduce the risk of fraudulent claims, and mitigate the risk of an insurer being unwittingly used as a means to launder money, both at the back end in terms of claims payments, but also at the front end by establishing robust KYC protocols.

Blockchains also hold the ability to share and exploit Big Data to provide more granular risk-analysis.

There is a proliferation both in the UK and internationally of ideas and concepts within InsurTech that will fundamentally change the market in the next few years. These innovations have the potential to change the way the insurance industry works and alter the relationships between customers and insurers, resulting in insurance products that are more closely aligned to individual preferences and priced more appropriately to the risk. The use of AI and robo advice technology in new digital platforms will be particularly transformative in changing the way customers purchase insurance, and could result in the disintermediation of certain parts of the market.

As insurers seek out these opportunities to lower their cost base, they are leveraging the expertise of start-ups by building strategic corporate partnerships. This has been a consistent trend over the past 18 months, in which over 100 insurance start-ups have launched (with well-known insurers often providing investment). Investment by established players will also directly impact insurance M&A activity in the sector.

Each aspect of InsurTech raises its own legal considerations and regulatory concerns. As insurers continue to develop and launch InsurTech initiatives, it is possible that the Association of British Insurers (ABI) may intervene by publishing industry-specific codes of practice to give insurers guidance. This may be helpful if the industry is to self-regulate and address FCA concerns regarding risk segmentation and uninsurables, and avoid the government imposing its own legislative solutions.

So far, the FCA has indicated its support of the innovative products and services coming to the market as a result of the InsurTech boom and new business models being applied. To this end, the FCA has created a “regulatory sandbox”. This sandbox gives InsurTech start-ups a “safe space” to prove their business plans without immediately incurring all the costs and regulatory consequences of engaging in regulated activities. It is part of a wider FCA initiative launched in 2014, known as Project Innovate, which helps innovators navigate the multiple layers of financial services regulation and aims to promote competition in the interest of customers.

Historically, technological innovation in regulated environments outruns the ability of regulators to keep pace with developments. This “regulatory drag” has in the past resulted in issues for the industry when the regulator has eventually understood what the market is doing. Businesses proposing to use InsurTech technologies in contexts that could have a detrimental impact on customers or conflict with a firm's regulatory responsibilities would therefore be well advised to obtain a regulatory and legal assessment for any deployment that is likely to pass the proof-of-concept phase.

Reproduced from Practical Law with the permission of the publishers. For further information visit www.practicallaw.com or call 020 7542 6664.