The (re)insurance industry, as with many industries, is transforming its digital presence. This has been fuelled by three key factors:
- Technological developments broadly have facilitated a move away from more traditional processes which would have been the ‘norm’ in the industry.
- These technological developments have created efficiencies which would otherwise not exist.
- Consumer behaviour is trending towards an expectation that (re)insurers will embrace digitalisation.
These factors have contributed to enhanced digitalisation for (re)insurers and intermediaries and led to bodies such as the European Insurance and Occupational Pensions Authority (EIOPA) seeking input from industry operators as to the risks and opportunities which will be presented as a result of enhanced digitalisation.
EIOPA have produced a discussion paper (available online) which considers the impact of digitalisation in the (re)insurance sector. In their paper, EIOPA suggest that digitalisation will result in many (re)insurers and intermediaries outsourcing aspects of their operation to third parties. Of course, outsourcing is not a novel concept in the industry, and indeed the Central Bank of Ireland (CBI) are comfortable with the concept. However, complexity arises in the context of (re)insurers / intermediaries relying on third party technology providers to carry out functions to such an extent that the nucleus of certain operational risks shifts to the third party.
(Re)Insurers / intermediaries will have to work with third-party IT providers to ensure that the risks are appropriately overseen and safeguarded against by the (re)insurer / intermediary. Such firms will also need to be able to demonstrate their compliance with their respective regulatory obligations. Technology firms (be they FinTech, InsurTech or BigTech) are (for the most part) unlikely to be authorised entities for the purpose of Solvency II or the Insurance Distribution Directive – thus (re)insurers/intermediaries will need to be mindful that the nucleus of the operations cannot transfer out of the authorised entity entirely or the CBI will likely be stepping in.
What the sector is seeing, is a more complex value chain, i.e. insurance products are being tied into other products and offered digitally. This may make it harder for (re)insurers to maintain effective oversight and control. This third party ‘bundling’ of products, also raises the question, ‘has the regulatory perimeter been breached?‘.
The increased digitalisation (resulting in bundling or third-party sellers) further disconnects the consumer from the insurer. With this increasingly distant consumer-insurer relationship becoming the new norm, insurers will be required to implement data privacy protocols that are adequate to protect the consumer.
One of the key risks arises due to the change in the underwriting process. Full digitalisation and automation of insurance policies could result in the incidental outsourcing of the risk assessment process. Insurers will have to be aware of, and implement processes to respond to, any potential unauthorised outsourcing of this process. Whether the product is offered directly, or through a third-party app, (re)insurers must be sure to maintain effective control and oversight of the risk assessment process.
EIOPA have recommended that supervisors put proportionate action in place in order to gain insight into parties involved in the value chain as it increases. It has further been suggested that Solvency II reporting may not be appropriate in this regard and as such (re)insurers may have to engage with the CBI to ensure that the necessary oversight is maintained.
Data protection risks
Historically, insurers would gather information from insureds through questionnaires containing targeted questions. With the proliferation of technology, insurance companies are gathering far more granular and up-to-date detail in relation to insured parties. By way of example, an emerging trend in the health insurance industry is the collection of data using ‘wearable technology’. This technology then feeds back to insurers who now have both the benefit and the burden of holding far more data than would previously have been the case with traditional health insurance.
While the “pros” are obvious for the industry, there are also several challenges for insurers in this regard, namely:
- How do they ensure the information is stored safely?
- They must ensure that permission to store customers’ data is obtained.
- They must find ways to use this information to create value for customers.
- They must ensure compliance with Data Retention policies and cleansing data from their systems.
(Re)Insurers / intermediaries must ensure that, in this new age of digitalisation, they have up-to-date data privacy procedures in place to effectively identify, respond to and report any breaches which occur. Furthermore, firms will need to invest valuable resources in data cleansing (which is time consuming and costly). Multi-national (re)insurance groups are working in a world of diverging regulatory regimes (e.g. GDPR in the EEA, CCPA in California or Australian Privacy Act and Privacy Principles).
While more personalised insurance policies will likely become the new norm, insurers still need to ensure that their operations are conducted in line with established regulatory principles.
The EU Packaged Retail and Insurance-based Investment Products (PRIIPs) Regulation provides that insurers are obligated to provide their insureds with standardised policy documentation and information. In an increasingly personalised environment, the key information provided to insureds must remain comparable and this will be a challenge that insurers/intermediaries will have to overcome.
The European Communities (Distance Marketing of Consumer Financial Services) Regulations sets out prohibitions regarding unsolicited communications. Insurers / intermediaries will have to ensure that, although collecting an increasingly large amount of personalised data, it is not permissible to use this data to target insureds with new products no matter how applicable the product may be to them. Breach of this obligation is a criminal offence.
It is important to remember that (re)insurers should not be afraid of digitalisation.
In Part 2 of our Digitalisation in the (Re)Insurance Industry we will next consider some of the key opportunities emerging in the industry, click here to read Part 2.
Contributed by James Grogan