If insurance regulation must keep pace with technology change, as Nickel said, then what would prevent insurance regulators from investing in new technology to manage the vast amounts of data from the industry, consumers, and other stakeholders, and thus enhance their ability to meet the objectives of solvency and market regulation? The survey found that the top challenge to adopting technology in insurance departments was budget constraints (see figure 4).

The NAIC reports that in 2018, insurance department budgets are expected to total more than $1.4 billion, with those in California ($202 million) and New York ($151 million) having the largest expenditures.⁶ However, until recently, insurance department budgets were dropping as a percentage of the revenue states collect from the insurance industry. The recent high was in 2008, when budgets were 8.26 percent of revenue. That dropped steadily and was at 5.97 percent in 2014. There has been a climb since then, with budgets reaching 6.12 percent of revenue in 2016,⁷ still well below the 2008 high. The NAIC anticipates that budget levels will rise 0.8 percent year over year in 2018.⁸

Interestingly, a sizable number of regulators who responded to our survey (42 percent) expected little or no change to their insurance department’s technology budget over the next three to five years. About one-third expected the budget to rise, and only 3 percent anticipated a reduced budget in that time frame (see figure 5).

While at first glance these projected tech budget growth numbers might indicate a lack of resources, such an inference may be misleading. As with many organizations in the private sector, regulators typically seek to invest in areas that may improve performance and thus lower or eliminate the net costs of such investments. Spending levels could be largely based on the expected return on investment, and regulators could be tasked with reducing future spending through efficiencies gained.

It is noteworthy that legacy systems can serve as both challenge and driver for insurance departments seeking to implement new technologies. As the information ecosystem advances, the need for connectivity and adaptability increases. But as the more basic technology issues are handled, such as replacing legacy systems, regulators are likely to further optimize their technology use. This may involve automating processes and adopting other advanced technologies to improve the speed and quality of regulatory oversight.

A more difficult test may be the availability of talent, as 40 percent of respondents listed this factor as a major challenge. In a recent Deloitte survey, 35 percent of the “cognitive-aware leaders within cognitive-active companies” listed “people with expertise” as a key challenge in the adoption of cognitive and artificial intelligence technologies—in line with this survey’s findings.⁹ The vast majority of these early adapters were from private-sector employers, which may have more ability to attract talent through compensation or flexible work arrangements, and should serve as “a bellwether group from which others can learn and observe.”¹⁰

So insurance regulators may be heartened to learn that their difficulty attracting or retaining talent does not seem significantly greater than what private-sector leaders are experiencing. Regulators can also emulate these leaders’ leading practices, particularly regarding training: 70 percent of respondents in the private-sector study were training employees to develop cognitive technologies, 64 percent were training employees to work alongside such systems, and 95 percent already had or were planning to create training programs to help employees deal with technology-based changes in their jobs.¹¹

In a whitepaper about the impact of fintech on the insurance industry, the International Association of Insurance Supervisors appeared to support this direction: “Supervisors will need to examine if their supervisory tools and IT infrastructures need to be improved, since technological innovation also offers opportunities for supervisors to automate certain supervisory processes and compliance requirements. Additionally, supervisors’ staff may need new technical skills to understand in-depth innovations and identify risks associated. In this sense, there is a need for supervisors to attract and retain talent with this skill set.”¹²

Leveraging technology for oversight

Why do regulators see technology as a key factor in improving compliance? How can it be most effectively deployed to bolster current oversight efforts? To shed some light on these critical issues, we asked regulators how they use technology tools now and how they expect to make use of them in the future. Figure 6 shows how technology is leveraged today and figure 7 shows what regulators expect to happen going forward.

Strikingly, there seems to be very little reliance on technology use to ensure market conduct (25 percent said either not at all or just somewhat); review pricing algorithms and models (30 percent); provide information and education to consumers or to respond to consumer complaints (for both, 21 percent said either not at all or somewhat); investigate noncompliance and data manipulation (22 percent said somewhat or not at all); and analyze claim settlements (42 percent said either not at all or somewhat).

These areas fall generally under the umbrella of market conduct, and the numbers suggest that there could be significant room for improvement through the use of advanced technologies. The results may also reflect greater difficulty in quantifying consumer dissatisfaction, or simply that regulators historically have been more reactive (responding to consumer complaints) or used less timely measures (periodic examinations) to uncover suspicious behavior. New tools, such as social-media sensing and analytics, could help regulators discover previously unidentified concerns.

As shown in figure 7, regulators do expect to ramp up technology use in market conduct areas such as investigating noncompliance and data manipulation and ensuring market conduct. This indicates that as more sophisticated tools become available—such as RPA enabling continuous monitoring of the full population instead of random sampling—regulators may be willing to accept and use them to meet overall department goals.

In general, regulators seem to understand the utility of these tools even if they are not all available to them right now. For example, regarding the use of advanced or predictive analytics, 83 percent of regulators think that analytics could be used to identify noncompliance, while almost 80 percent feel the same way about market conduct oversight. Around 80 percent also mentioned monitoring insurer solvency and reviewing pricing models. Indeed, only one category received a tepid response: less than one-half of regulators thought that advanced or predictive analytics would be helpful for licensing agents and insurers (see figure 8).

A related issue is the current level of technology used to review pricing algorithms and models. As insurers look to expand the data they use to price risks, using algorithms and models is becoming increasingly important. However, resources to analyze and monitor this use may not have kept pace. Most state regulators have indicated they understand the role of pricing algorithms, complex models, and various forms of big data, and are working with the NAIC to find ways to augment the resources available to them.

In contrast, most regulators’ current technology use for solvency-related topics such as auditing insurer financials or monitoring solvency is already significant, which may be because it is easier to analyze quantifiable and mostly formatted financial data. In the near future, regulators also plan to increase technology usage in areas such as consumer education and response, and reducing the time and effort for financial filings.

One data point stands out: When asked to look ahead to the next three to five years, not one regulator believed that technology usage in any of these areas would be either significantly less or somewhat less than today. The most common response in all areas was that technology usage would be somewhat greater going forward.

Taken together, these findings indicate that regulators plan to expand technology usage in the solvency-related areas where such use is already common, as well as significantly increase technology use for market conduct purposes.

Attitudes toward insurers using advanced technologies

Both insurers and regulators may be expected to embrace technology for their own purposes. As shown in figure 3, more than one-half of the regulators surveyed felt that insurers’ use of technology could be a motivation for using the same technology to regulate them.

Some consumer advocates and regulators have expressed unease about the possible perils of insurers using advanced technologies. One of their chief concerns is microsegmentation, which may affect the law of big numbers that underpins insurance theory. The apparently impartial choices made by an algorithm may also lead to a “big brother” type of technological gatekeeping that excludes or acts adversely toward particular groups—if, for example, the input is based on nonrepresentative or historically biased data sets.

In our survey, nearly every regulator expressed some anxiety about the possible impact of advanced technology use on personal lines policies for individual consumers, with 55 percent saying they were very concerned (see figure 9). In contrast, however, commercial policies, which affect a market comprising more sophisticated business insurance buyers, drew major concern from only 29 percent of regulators, with 14 percent expressing no concern at all.

Market conduct and consumer protection were the primary focuses of regulator disquiet. Data privacy generated the biggest worry, with every regulator surveyed expressing apprehensiveness, and 86 percent saying they were very concerned. About one-half of the respondents also expressed unease about using data without a customer’s consent for claim settlement. Nearly two-thirds were very concerned about unfair pricing models. If there is a silver lining, it is that only 29 percent of regulators were very concerned about the risk of inadequate coverage.

Yet despite possible drawbacks, on balance regulators see advantages for consumers from insurers’ increased use of technology (see figure 10), with only 5 percent seeing it as a possible negative overall. Focusing solely on the personal lines segment of the market, two-thirds of regulators think consumers could have better product choices and customer service (see figure 11), thanks to technology advancements.

Regulators here may be anticipating that the increased use of technology by consumers could help level the playing field by making information more easily accessible to consumers, thus increasing consumers’ ability to comparison shop for coverage. Another possibility is that regulators may believe their own increased use of technology will help improve consumer outcomes.

Overall, insurers would also benefit from technology gains, regulators indicated, with 76 percent citing increased operational effectiveness and 71 percent expecting increased efficiency for the overall market as likely results.

Regulators indicated that with these new technologies, safeguarding the best interests of consumers would likely require more regulatory scrutiny. Almost 48 percent felt that there would be more need for regulatory oversight, while fewer than 5 percent felt that the need would decline. Areas for increased scrutiny in a more digitized market may include data security (76 percent) and fair market conduct (52 percent).

The commercial side may draw less attention in the future, with regulators essentially split on the need for more regulatory scrutiny (see figure 12). While regulators see increased data security issues in this market as well, fewer expressed concerns than in the personal lines consumer market.

Most regulators saw the benefits of increased operational effectiveness and faster, more customized products for the commercial marketplace as well, although just over one-half expressed concern about possible negative effects on smaller, less sophisticated businesses.

What’s next? Regulators weigh in

As we saw in figures 10 and 12, regulators expect a greater need for regulatory oversight overall, and in figure 13, we see areas where the level of oversight over insurers’ use of technology is widely expected to be greater.

Indeed, 95 percent of respondents said they expect increased levels of scrutiny over insurer use of technology for pricing, underwriting, and claims settlement, and 19 percent of regulators thought they would exercise significantly more oversight of both pricing and underwriting technology use—the highest projections in this category.

Interestingly, 33 percent of regulators thought that the level of oversight regarding the use of technology in marketing activities would be similar to today’s level, and 29 percent believed that the level of oversight of technology use in customer service activities would remain steady. These numbers may look low only when compared with regulatory plans for increased scrutiny in the other areas mentioned. Given that 62 percent of respondents expect increased scrutiny over technology used in marketing and 72 percent project a similar increase for technology used for customer service, insurers may expect a more intense gaze from regulators.

A vast majority of regulators (81 percent) thought it either likely or very likely that enhanced data reporting requirements would be required and 86 percent expect more pricing and underwriting model approval requirements. Another 81 percent thought there would be increased customer notification requirements, and 71 percent thought it likely or very likely that regulators would require approvals for automated financial planning algorithms (see figure 14).

Based on these responses, regulators seem unlikely to give insurers the benefit of the doubt regarding new technology uses, so insurers would need to display greater transparency in their relationships with both customers and regulators.

However, regulators may need to make some adjustments as well. “Technology is revolutionizing the industry. . . . It's become a real balancing act for regulators. We don't want to stifle innovation. . . . We're ready and willing to have products tested (in Connecticut) to provide a regulatory sandbox . . . subject to the appropriate consumer safeguards,” Connecticut Insurance Commissioner Katharine Wade told an insurance gathering in November 2017.¹³

The idea of a regulatory sandbox in which insurers can safely innovate while consumers are fully protected is one that has sparked widespread interest outside the United States,¹⁴ with 16 of 44 fintech hubs surveyed worldwide in early 2017 either having set up or committing to set up regulatory sandboxes.¹⁵ Within the United States, however, it may only now be gaining traction for fintech firms.¹⁶

Our survey seemed to show some signs that regulators are not fully embracing the sandbox concept yet (see figure 15). While most agree that engaging with different stakeholders—insurtech start-ups, insurers, consumer protection groups, and other regulators—to pursue innovation would be a positive step, more than 4 in 10 only somewhat agree. So if sandboxes are to be a useful tool, state insurance regulatory leaders may need to educate their colleagues on their potential.

Getting there from here

This survey revealed that regulators’ embrace of new technology tools to increase and improve industry oversight is likely a matter of when, not if.

Insurance carriers should be prepared to face the following challenges simultaneously: Regulators will likely maintain high expectations regarding compliance; regulator capabilities could increase with new technology adoption; and company boards and investors will probably continue to pressurize insurers to strengthen compliance and implement risk management programs more quickly and efficiently, but at a lower cost.

These challenges may seem obvious, but could also be potentially severe. They should be met, or, to repeat the words of Nickel, “History is littered with the remnants of companies and organizations failing to keep pace with change.”¹⁷ As we have seen in the recent past, industries unprepared for technology-enabled change have often experienced disruption or even extinction. In a regulated industry like insurance, supervisors bear a fair share of responsibility for ensuring a level playing field while maintaining an openness to innovation.

The similarly regulated taxi industry may provide an object lesson of what can happen when regulators do not respond quickly enough to a rapidly changing market. In 2014, New York City taxi medallions were worth $1.4 million. However, after the introduction of unregulated or lightly regulated ridesharing and app-based hailing services, their value has deteriorated. In August 2017, 21 medallions were sold for between $150,000 and $450,000 each.¹⁸

If budgets remain the primary constraint, regulators could focus on informing the public and state legislators who fund their departments about how these technology tools are essential to maintaining the mostly exemplary track record of US insurance regulation—and, more broadly, to the continued health of the US insurance industry.

Regulators could also facilitate innovation in other developing areas, such as third-party risk. Many insurers are likely to have a large dependency on third parties for the deployment of some of the new technologies. Regulators can help insurers develop ways to carefully manage third-party risk by, for example, helping them develop formal contingency plans.

Similarly, given the across-the-board concern most regulators expressed regarding data privacy and security, regulators may help address the issue by encouraging insurers to develop innovative, alternative ways to authenticate and protect consumers, perhaps through biometrics or some new identification tool.

Given that emerging technologies will likely accelerate and the available expertise in specific areas such as blockchain or cryptocurrency will probably be in high demand, regulators may need to innovate internally and perhaps dramatically to attract the necessary talent. For regulators, embracing that tech-enabled vision of tomorrow may lead to a stronger industry bolstered by even greater consumer confidence.

Insurers, too, should consider their place in the new reality. Imagine a future in which regulators do not just have data on every single insurance transaction, but also the ability to act upon that information. Here, regulators could be alerted to any deviation from the norm; be it sales or surrender of a particular product, payout patterns that differ from the median, or a geographic deviation in sales patterns, insurers may find themselves the focus of a market conduct review. In the age of social media, this type of scrutiny could cause quick reputational damage and have more lasting effects.

The probable changes in insurance regulation due to regulatory adoption of advanced technologies could be so quantitatively different as to be qualitatively new. In any case, insurers are likely to be facing not only new regulations over their existing and emerging operations, but new types of oversight, thanks to the technology tools at a regulator’s disposal. Preparing today for that tomorrow may not be just prudent, but necessary.