Introduction
We set out below an overview of the developments we are seeing in InsurTech in Singapore and Hong Kong, and how the regulatory frameworks are developing to support this innovation.
Singapore
Tech collaboration, blockchain and AI
Singapore has one of the region’s largest concentrations of InsurTech startups with over 80 companies registered on the Singapore FinTech Association’s InsurTech directory.1 What differentiates Singapore from many other countries in the region, is that two-thirds of the population are already insured.2 This means that while other jurisdictions in the region may be using InsurTech to reach new customers, the industry in Singapore is primarily focused on improving and streamlining existing services and products.
Singapore is a lively hub for AI and big data innovation and these technologies lend themselves to service improvements by creating hyper-personalised services – for example, some insurers are cross-referencing call center recordings with chatbot data to gain new insight into customer sentiment and agent service quality3.
Regulatory environment
Another factor which is assisting InsurTech innovation to thrive in Singapore is the regulatory environment, which is supportive of InsurTech innovation and adoption. In a 2019 speech by the Monetary Authority of Singapore’s (MAS) Board Member and then-Minister of Education Ong Ye Kung, Minister Ong recognized that InsurTech collaborations have taken off in Singapore and stated that the MAS will continue to encourage and foster such partnerships. Some initiatives in Singapore include:
- The MAS’s FinTech regulatory sandbox launched in 2016. The sandbox enables companies to experiment with innovative financial products and services in a live environment but within a well-defined space and duration, with certain safeguards in place. Certain regulatory requirements which the companies may otherwise be subject to are relaxed for a defined period. Several InsurTech companies have taken advantage of access to the regulatory sandbox including PolicyPal, which leverages blockchain technology to work with insurance partners in the Southeast Asia region. PolicyPal was one of the first companies to participate in the MAS regulatory sandbox. In addition, Inzsure, which offers on-demand corporate insurance solutions spent time in the MAS regulatory sandbox and exited on October 31, 2019. In August 2019, MAS launched Sandbox Express, a faster option for activities where the risks are low and well-understood by the market, and can be reasonably managed within pre-defined parameters. Market testing in Sandbox Express can commence within 21 days of applying to MAS.
- The Singapore Fintech Association InsurTech Sub-Committee (the Sub-Committee), was formed to promote the adoption of technology and new digital business models as well as to foster collaboration between start-ups, ecosystem participants and regulators.4 The Sub-Committee represents the interests of the InsurTech ecosystem in Singapore and helps to represent Singapore on the global stage5.
- The recently launched Global-Asia Insurance Partnership in Singapore, a new tripartite partnership between the global insurance industry, regulators and academia, aims to enable insurers and academics to work with public policy makers to create innovative insurance solutions.
Data protection considerations
The nature of InsurTech generally involves the handling of large quantities of sensitive personal data including health and financial data of individuals. While the Singapore Personal Data Protection Act 2012 (PDPA) does not specifically regulate “sensitive” personal data, it is clear from guidance issued by the Singapore Personal Data Protection Commission (PDPC) and from PDPC enforcement decisions, that sensitive personal data such as health and financial data should be subject to a higher standard of protection compared to other types of personal data.
A key aspect of ensuring a higher standard of protection for sensitive types of personal data is implementing privacy by design – this is the approach where data protection measures are considered and built into IT systems as they are being built. While implementing privacy by design principles in not mandated by the PDPA, it is recommended by the PDPC and the PDPC has issued a Guide to Data Protection by Design for ICT Systems which aims to assist companies that wish to apply privacy by design when designing and building IT systems.
Another privacy consideration relevant to InsurTech that relies on IOT is the repurposing of data. Data cross-matching and big data analytics mean that data collected by an IOT device could be used for secondary purposes beyond the scope of the original purpose for which the data was collected. Consistent with Singapore’s drive to foster innovation, we are shortly anticipating amendments to the PDPA (via the Personal Data Protection (Amendment) Bill) to come into effect which will permit the use of data for secondary business innovation purposes without individual consent, subject to certain safeguards.
Hong Kong
Tech collaboration, blockchain and AI
Similarly to Singapore, in Hong Kong and China new technologies like artificial intelligence and big data are being used to distribute traditional products, upgrade existing products to provide more customized services, and to process claims more efficiently. Increasingly, traditional insurers are outsourcing non-core operating processes to InsurTech companies to improve services.
Regulatory environment
Fast Track authorisation
The Hong Kong Insurance Authority has been supportive of the development of InsurTech in Hong Kong through its Fast Track authorisation scheme. The Fast Track scheme expedites applications for authorisation to carry on insurance business in or from Hong Kong using solely digital distribution channels through the creation of a dedicated authorisation queue. Since launching in September 2017 a number of virtual insurers have been granted authorisation by utilising the Fast Track scheme.
Data protection considerations
Due to the sensitivity and extensiveness of data (like health data and living habits) accessed by InsurTech, InsurTech raises privacy and data security concerns. The Hong Kong Personal Data (Privacy) Ordinance (PDPO) provides protection to the handling of personal data by insurers. Some data considerations under the PDPO are:
- Excessive collection of data – insurers should ensure that the data collected is adequate but not excessive. While it may be beneficial for the insurers to collect more detailed data about the customers, insurers should limit their collection to what is relevant and related to the specific purpose (e.g. for formulation of insurance policies, for investigation of a claim, or for underwriting), rather than collecting massive amounts of customer data for no immediate purpose – simply in the hope that they will be useful in the future.
- Adequate data security – insurers should implement security safeguards and measures to protect customers’ personal data held by them. Sensitive data collected by InsurTech (e.g. wearable monitoring device that collect health data) is very susceptible to exploitation/hacking. Insurers will need to provide their customers with confidence that enhanced levels of security are built into the processes.
- Restrictions on matching procedure – a “matching procedure” may not be carried out unless the data subjects’ prescribed consent or the Privacy Commissioner’s consent has been obtained. A data matching procedure is a process by which personal data collected for one purpose is compared electronically with personal data collected for other purposes with the aim of taking adverse action against the data subjects concerned. With the development of InsurTech and the increased level of automation in processing policy applications and/or classifying claims, insurers should be aware of the requirements around matching procedure and build in necessary precautions into its processes to ensure that customers are treated fairly.
Conclusion
The adoption of InsurTech solutions within the existing regulatory framework is not without regulatory challenges for both InsurTechs and insurers. InsurTechs need to be mindful of how their activities fit within the existing regulatory framework and whether their activities may trigger a licensing requirement. Similarly, insurers need to be cognizant of their relevant regulator’s applicable outsourcing requirements when entering into tech collaborations and partnerships with third party service providers as they may amount to outsourcing, resulting in regulatory approval or notification and various risk management requirements.
The COVID-19 pandemic has also highlighted the importance of managing future risks in Asia and around the world, and motivated companies and governments to seek better insurance. Looking ahead, insurance firms should pursue technology in more advanced ways. With the use of AI, IOT and blockchain, particular risk events can be tracked more efficiently and the path to pay-outs for claims smoothed if certain pre-defined conditions occur. These advancements would further bolster Asia’s already growing InsurTech market.
This article was originally published in Insurance Day on December 1, 2020.