Insurance regulators in an era of advanced technologies Challenges and opportunities in oversight
As more and more insurance companies embrace the latest technologies, such as advanced and predictive analytics and robotic process automation, a growing number of regulators are doing the same. How may these developments alter how regulators provide oversight and, ultimately, protect consumers?
As the industry transforms, so should its regulators
Subscribe to receive Financial Services related content
No longer in their infancy, advanced technologies are becoming marketplace realities across industries. Within the US insurance industry, more and more tools are now being tested and implemented across business lines, with the promise of much more to come over the next few years.
At the National Association of Insurance Commissioners’ (NAIC) fall 2017 meeting, Ted Nickel, the Wisconsin insurance commissioner and then-president of the NAIC, spoke of an insurance industry transformation “fueled by rapid developments in technology.” He added, “Insurance regulation must keep pace with these pressures. History is littered with the remnants of companies and organizations failing to keep pace with change.”1
Since the first state insurance commissioner was appointed in New Hampshire in 1851, the primary responsibility of US insurance regulators has been—and continues to be—consumer protection. “The fundamental reason for government regulation of insurance is to protect American consumers,” states the NAIC.2
What has changed are the tools regulators use to accomplish this goal. In a time of rapidly increasing technology adoption, a growing number of regulators are likely to use the latest technology to enable the kind of deep, broad, and real-time oversight of the insurance market that could not have been dreamt of even a decade or two ago.
So how will these developments alter the work of insurance regulators? Regulators could follow the lead of other financial oversight leaders, such as the current Securities and Exchange Commission (SEC) Chair Jay Clayton, who said, “Technology is not just the province of those we regulate. The SEC has the capability to develop and utilize it, too. We apply sophisticated analytic strategies to detect companies and individuals engaging in suspicious behavior. We are adapting machine learning and artificial intelligence to new functions, such as analyzing regulatory filings.”3
As insurers embrace the use of advanced and predictive analytics, robotic process automation (RPA), and cognitive technologies, regulators reportedly plan to innovate and incorporate newly available tech tools into their expanding regulatory arsenal. Indeed, the Insurance Regulator Technology Adoption Survey (see sidebar, “About the survey”), launched by the Deloitte Center for Financial Services, found that state insurance regulators expect their use of technology to increase, both to improve oversight of the market as well as to respond to market changes in an increasingly digital, tech-driven industry.
By increasing technology use, regulators may gain a more complete and granular view of the market and its constituent products and companies than ever before. Regulators could look at the entire market activity for a product type and compare the performance of a particular product of that type across various parameters, such as demographics, lapse rate, loss ratio, or geography. Real-time monitoring would replace the retroactive nature of current insurance regulation; sensing technologies, predictive analytics, and other tools could enable rapid regulatory action, even before a concern would otherwise become noticeable.
How insurers respond in turn may well be crucial to their success in tomorrow’s marketplace. To meet the challenges brought about by regulators’ use of new technology, they may decide to use technologies such as speech recognition, RPA, natural language processing/generation (NLP/G), deep learning, and machine learning. In response, insurance company compliance departments would need to continue to be diligent and attentive.
In this paper, we will examine regulators’ attitudes toward and concerns about new technologies, and briefly discuss the implications for insurance companies as they seek to reduce cost, enhance efficiency, and, ultimately, establish more robust compliance programs that withstand regulators’ evolving expectations from the use of these technologies.
About the survey
The Insurance Regulator Technology Adoption Survey was conducted in late August/early September 2017 by the Deloitte Center for Financial Services. All 56 member jurisdictions of the NAIC were invited to participate in the online survey. Respondents to the survey represented 28 member jurisdictions of the NAIC. With two respondents each from six of those jurisdictions, we had a total of 34 responses. As not all survey questions were mandatory, the sample size may vary by question. Responses are reported only in aggregate. As all responses have been rounded to the nearest percent, they may not total 100 percent.
Respondents, for the most part, represented senior staff and leadership within the insurance departments of regulatory agencies, with 98 percent of respondents self-identifying in various leadership roles (see figure 1).
Almost one-half of the respondents held executive leadership positions; legal and product regulation roles were the next highest represented areas (see figure 2).
Insurance departments regulated an average of 107 domestic insurers and 1,283 per jurisdiction in the United States in 2016. There are almost 6,000 domestic insurers operating in the United States. Nearly 2.2 million individuals and 231,258 entities are licensed as resident producers.4
Insurance regulators’ purpose has not changed; they remain primarily concerned with solvency, market conduct, and consumer protection. As the NAIC puts it, “The public wants two things from insurance regulators: They want solvent insurers who are financially able to make good on the promises they have made and they want insurers to treat policyholders and claimants fairly. All regulatory functions will fall under either solvency regulation or market regulation to meet these two objectives.”5
US state insurance regulators already collect a significant amount of financial information from the industry and seem to be increasing the amount and timeliness of market conduct data they receive, adding to data-management requirements.
What is changing are the methods some regulators use to do their jobs most effectively. Many regulators are now implementing new technologies in their insurance departments, mainly to automate manual processes and replace or integrate legacy systems. The high percentage of respondents citing legacy systems as a driver (69 percent) may indicate that regulators still need to modernize current systems before they can consider adopting more advanced technology uses.
Consistent with that, most respondents see changing regulatory demands and insurers’ increased use of technology as well as the need to reduce operational cost as among the reasons for implementing new technologies (see figure 3). A notable plurality considered improving the speed and quality of regulatory oversight as a main driver.
If insurance regulation must keep pace with technology change, as Nickel said, then what would prevent insurance regulators from investing in new technology to manage the vast amounts of data from the industry, consumers, and other stakeholders, and thus enhance their ability to meet the objectives of solvency and market regulation? The survey found that the top challenge to adopting technology in insurance departments was budget constraints (see figure 4).
The NAIC reports that in 2018, insurance department budgets are expected to total more than $1.4 billion, with those in California ($202 million) and New York ($151 million) having the largest expenditures.6 However, until recently, insurance department budgets were dropping as a percentage of the revenue states collect from the insurance industry. The recent high was in 2008, when budgets were 8.26 percent of revenue. That dropped steadily and was at 5.97 percent in 2014. There has been a climb since then, with budgets reaching 6.12 percent of revenue in 2016,7 still well below the 2008 high. The NAIC anticipates that budget levels will rise 0.8 percent year over year in 2018.8
Interestingly, a sizable number of regulators who responded to our survey (42 percent) expected little or no change to their insurance department’s technology budget over the next three to five years. About one-third expected the budget to rise, and only 3 percent anticipated a reduced budget in that time frame (see figure 5).
While at first glance these projected tech budget growth numbers might indicate a lack of resources, such an inference may be misleading. As with many organizations in the private sector, regulators typically seek to invest in areas that may improve performance and thus lower or eliminate the net costs of such investments. Spending levels could be largely based on the expected return on investment, and regulators could be tasked with reducing future spending through efficiencies gained.
It is noteworthy that legacy systems can serve as both challenge and driver for insurance departments seeking to implement new technologies. As the information ecosystem advances, the need for connectivity and adaptability increases. But as the more basic technology issues are handled, such as replacing legacy systems, regulators are likely to further optimize their technology use. This may involve automating processes and adopting other advanced technologies to improve the speed and quality of regulatory oversight.
A more difficult test may be the availability of talent, as 40 percent of respondents listed this factor as a major challenge. In a recent Deloitte survey, 35 percent of the “cognitive-aware leaders within cognitive-active companies” listed “people with expertise” as a key challenge in the adoption of cognitive and artificial intelligence technologies—in line with this survey’s findings.9 The vast majority of these early adapters were from private-sector employers, which may have more ability to attract talent through compensation or flexible work arrangements, and should serve as “a bellwether group from which others can learn and observe.”10
So insurance regulators may be heartened to learn that their difficulty attracting or retaining talent does not seem significantly greater than what private-sector leaders are experiencing. Regulators can also emulate these leaders’ leading practices, particularly regarding training: 70 percent of respondents in the private-sector study were training employees to develop cognitive technologies, 64 percent were training employees to work alongside such systems, and 95 percent already had or were planning to create training programs to help employees deal with technology-based changes in their jobs.11
In a whitepaper about the impact of fintech on the insurance industry, the International Association of Insurance Supervisors appeared to support this direction: “Supervisors will need to examine if their supervisory tools and IT infrastructures need to be improved, since technological innovation also offers opportunities for supervisors to automate certain supervisory processes and compliance requirements. Additionally, supervisors’ staff may need new technical skills to understand in-depth innovations and identify risks associated. In this sense, there is a need for supervisors to attract and retain talent with this skill set.”12
Why do regulators see technology as a key factor in improving compliance? How can it be most effectively deployed to bolster current oversight efforts? To shed some light on these critical issues, we asked regulators how they use technology tools now and how they expect to make use of them in the future. Figure 6 shows how technology is leveraged today and figure 7 shows what regulators expect to happen going forward.
Strikingly, there seems to be very little reliance on technology use to ensure market conduct (25 percent said either not at all or just somewhat); review pricing algorithms and models (30 percent); provide information and education to consumers or to respond to consumer complaints (for both, 21 percent said either not at all or somewhat); investigate noncompliance and data manipulation (22 percent said somewhat or not at all); and analyze claim settlements (42 percent said either not at all or somewhat).
These areas fall generally under the umbrella of market conduct, and the numbers suggest that there could be significant room for improvement through the use of advanced technologies. The results may also reflect greater difficulty in quantifying consumer dissatisfaction, or simply that regulators historically have been more reactive (responding to consumer complaints) or used less timely measures (periodic examinations) to uncover suspicious behavior. New tools, such as social-media sensing and analytics, could help regulators discover previously unidentified concerns.
As shown in figure 7, regulators do expect to ramp up technology use in market conduct areas such as investigating noncompliance and data manipulation and ensuring market conduct. This indicates that as more sophisticated tools become available—such as RPA enabling continuous monitoring of the full population instead of random sampling—regulators may be willing to accept and use them to meet overall department goals.
In general, regulators seem to understand the utility of these tools even if they are not all available to them right now. For example, regarding the use of advanced or predictive analytics, 83 percent of regulators think that analytics could be used to identify noncompliance, while almost 80 percent feel the same way about market conduct oversight. Around 80 percent also mentioned monitoring insurer solvency and reviewing pricing models. Indeed, only one category received a tepid response: less than one-half of regulators thought that advanced or predictive analytics would be helpful for licensing agents and insurers (see figure 8).
A related issue is the current level of technology used to review pricing algorithms and models. As insurers look to expand the data they use to price risks, using algorithms and models is becoming increasingly important. However, resources to analyze and monitor this use may not have kept pace. Most state regulators have indicated they understand the role of pricing algorithms, complex models, and various forms of big data, and are working with the NAIC to find ways to augment the resources available to them.
In contrast, most regulators’ current technology use for solvency-related topics such as auditing insurer financials or monitoring solvency is already significant, which may be because it is easier to analyze quantifiable and mostly formatted financial data. In the near future, regulators also plan to increase technology usage in areas such as consumer education and response, and reducing the time and effort for financial filings.
One data point stands out: When asked to look ahead to the next three to five years, not one regulator believed that technology usage in any of these areas would be either significantly less or somewhat less than today. The most common response in all areas was that technology usage would be somewhat greater going forward.
Taken together, these findings indicate that regulators plan to expand technology usage in the solvency-related areas where such use is already common, as well as significantly increase technology use for market conduct purposes.
Both insurers and regulators may be expected to embrace technology for their own purposes. As shown in figure 3, more than one-half of the regulators surveyed felt that insurers’ use of technology could be a motivation for using the same technology to regulate them.
Some consumer advocates and regulators have expressed unease about the possible perils of insurers using advanced technologies. One of their chief concerns is microsegmentation, which may affect the law of big numbers that underpins insurance theory. The apparently impartial choices made by an algorithm may also lead to a “big brother” type of technological gatekeeping that excludes or acts adversely toward particular groups—if, for example, the input is based on nonrepresentative or historically biased data sets.
In our survey, nearly every regulator expressed some anxiety about the possible impact of advanced technology use on personal lines policies for individual consumers, with 55 percent saying they were very concerned (see figure 9). In contrast, however, commercial policies, which affect a market comprising more sophisticated business insurance buyers, drew major concern from only 29 percent of regulators, with 14 percent expressing no concern at all.
Market conduct and consumer protection were the primary focuses of regulator disquiet. Data privacy generated the biggest worry, with every regulator surveyed expressing apprehensiveness, and 86 percent saying they were very concerned. About one-half of the respondents also expressed unease about using data without a customer’s consent for claim settlement. Nearly two-thirds were very concerned about unfair pricing models. If there is a silver lining, it is that only 29 percent of regulators were very concerned about the risk of inadequate coverage.
Yet despite possible drawbacks, on balance regulators see advantages for consumers from insurers’ increased use of technology (see figure 10), with only 5 percent seeing it as a possible negative overall. Focusing solely on the personal lines segment of the market, two-thirds of regulators think consumers could have better product choices and customer service (see figure 11), thanks to technology advancements.
Regulators here may be anticipating that the increased use of technology by consumers could help level the playing field by making information more easily accessible to consumers, thus increasing consumers’ ability to comparison shop for coverage. Another possibility is that regulators may believe their own increased use of technology will help improve consumer outcomes.
Overall, insurers would also benefit from technology gains, regulators indicated, with 76 percent citing increased operational effectiveness and 71 percent expecting increased efficiency for the overall market as likely results.
Regulators indicated that with these new technologies, safeguarding the best interests of consumers would likely require more regulatory scrutiny. Almost 48 percent felt that there would be more need for regulatory oversight, while fewer than 5 percent felt that the need would decline. Areas for increased scrutiny in a more digitized market may include data security (76 percent) and fair market conduct (52 percent).
The commercial side may draw less attention in the future, with regulators essentially split on the need for more regulatory scrutiny (see figure 12). While regulators see increased data security issues in this market as well, fewer expressed concerns than in the personal lines consumer market.
Most regulators saw the benefits of increased operational effectiveness and faster, more customized products for the commercial marketplace as well, although just over one-half expressed concern about possible negative effects on smaller, less sophisticated businesses.
As we saw in figures 10 and 12, regulators expect a greater need for regulatory oversight overall, and in figure 13, we see areas where the level of oversight over insurers’ use of technology is widely expected to be greater.
Indeed, 95 percent of respondents said they expect increased levels of scrutiny over insurer use of technology for pricing, underwriting, and claims settlement, and 19 percent of regulators thought they would exercise significantly more oversight of both pricing and underwriting technology use—the highest projections in this category.
Interestingly, 33 percent of regulators thought that the level of oversight regarding the use of technology in marketing activities would be similar to today’s level, and 29 percent believed that the level of oversight of technology use in customer service activities would remain steady. These numbers may look low only when compared with regulatory plans for increased scrutiny in the other areas mentioned. Given that 62 percent of respondents expect increased scrutiny over technology used in marketing and 72 percent project a similar increase for technology used for customer service, insurers may expect a more intense gaze from regulators.
A vast majority of regulators (81 percent) thought it either likely or very likely that enhanced data reporting requirements would be required and 86 percent expect more pricing and underwriting model approval requirements. Another 81 percent thought there would be increased customer notification requirements, and 71 percent thought it likely or very likely that regulators would require approvals for automated financial planning algorithms (see figure 14).
Based on these responses, regulators seem unlikely to give insurers the benefit of the doubt regarding new technology uses, so insurers would need to display greater transparency in their relationships with both customers and regulators.
However, regulators may need to make some adjustments as well. “Technology is revolutionizing the industry. . . . It's become a real balancing act for regulators. We don't want to stifle innovation. . . . We're ready and willing to have products tested (in Connecticut) to provide a regulatory sandbox . . . subject to the appropriate consumer safeguards,” Connecticut Insurance Commissioner Katharine Wade told an insurance gathering in November 2017.13
The idea of a regulatory sandbox in which insurers can safely innovate while consumers are fully protected is one that has sparked widespread interest outside the United States,14 with 16 of 44 fintech hubs surveyed worldwide in early 2017 either having set up or committing to set up regulatory sandboxes.15 Within the United States, however, it may only now be gaining traction for fintech firms.16
Our survey seemed to show some signs that regulators are not fully embracing the sandbox concept yet (see figure 15). While most agree that engaging with different stakeholders—insurtech start-ups, insurers, consumer protection groups, and other regulators—to pursue innovation would be a positive step, more than 4 in 10 only somewhat agree. So if sandboxes are to be a useful tool, state insurance regulatory leaders may need to educate their colleagues on their potential.
Getting there from here
This survey revealed that regulators’ embrace of new technology tools to increase and improve industry oversight is likely a matter of when, not if.
Insurance carriers should be prepared to face the following challenges simultaneously: Regulators will likely maintain high expectations regarding compliance; regulator capabilities could increase with new technology adoption; and company boards and investors will probably continue to pressurize insurers to strengthen compliance and implement risk management programs more quickly and efficiently, but at a lower cost.
These challenges may seem obvious, but could also be potentially severe. They should be met, or, to repeat the words of Nickel, “History is littered with the remnants of companies and organizations failing to keep pace with change.”17 As we have seen in the recent past, industries unprepared for technology-enabled change have often experienced disruption or even extinction. In a regulated industry like insurance, supervisors bear a fair share of responsibility for ensuring a level playing field while maintaining an openness to innovation.
The similarly regulated taxi industry may provide an object lesson of what can happen when regulators do not respond quickly enough to a rapidly changing market. In 2014, New York City taxi medallions were worth $1.4 million. However, after the introduction of unregulated or lightly regulated ridesharing and app-based hailing services, their value has deteriorated. In August 2017, 21 medallions were sold for between $150,000 and $450,000 each.18
If budgets remain the primary constraint, regulators could focus on informing the public and state legislators who fund their departments about how these technology tools are essential to maintaining the mostly exemplary track record of US insurance regulation—and, more broadly, to the continued health of the US insurance industry.
Regulators could also facilitate innovation in other developing areas, such as third-party risk. Many insurers are likely to have a large dependency on third parties for the deployment of some of the new technologies. Regulators can help insurers develop ways to carefully manage third-party risk by, for example, helping them develop formal contingency plans.
Similarly, given the across-the-board concern most regulators expressed regarding data privacy and security, regulators may help address the issue by encouraging insurers to develop innovative, alternative ways to authenticate and protect consumers, perhaps through biometrics or some new identification tool.
Given that emerging technologies will likely accelerate and the available expertise in specific areas such as blockchain or cryptocurrency will probably be in high demand, regulators may need to innovate internally and perhaps dramatically to attract the necessary talent. For regulators, embracing that tech-enabled vision of tomorrow may lead to a stronger industry bolstered by even greater consumer confidence.
Insurers, too, should consider their place in the new reality. Imagine a future in which regulators do not just have data on every single insurance transaction, but also the ability to act upon that information. Here, regulators could be alerted to any deviation from the norm; be it sales or surrender of a particular product, payout patterns that differ from the median, or a geographic deviation in sales patterns, insurers may find themselves the focus of a market conduct review. In the age of social media, this type of scrutiny could cause quick reputational damage and have more lasting effects.
The probable changes in insurance regulation due to regulatory adoption of advanced technologies could be so quantitatively different as to be qualitatively new. In any case, insurers are likely to be facing not only new regulations over their existing and emerging operations, but new types of oversight, thanks to the technology tools at a regulator’s disposal. Preparing today for that tomorrow may not be just prudent, but necessary.