A key focus of the Open Banking initiative is the use of technology to put consumers in control of their data, making it easier for them to move, manage, and make more of their money. In the insurance sector it is easy to draw many parallels.  Like banks, many traditional insurers have extensive legacy systems, which can make digital transformation challenging, and hold or have access to vast data sets that they are only just beginning to take advantage of.

With Open Banking, the consumer, engaging via an app or website, chooses whether or not to give that app or website permission to access data that is already held by another.  If they change their mind, the app or website should make it easy for them to withdraw their consent.

The evidence to date is that consumers are already taking up Open Banking products and services.  We are seeing many regulated apps and service providers bringing innovative financial products and services to the market.  That in turn is sparking a new conversation - can Open Banking become a blueprint for the wider digital economy?

In its recent interim report General insurance pricing practices the FCA identified a number of concerns about the state of the sector and whether pricing practices were supporting effective competition and leading to good consumer outcomes. 

The sector is ripe for, and already beginning to, change.  Big tech companies, insurtechs and firms are increasingly using technologies such as AI (machine learning) and increasingly rich data sets to generate smart data.  This enables them to empower customers through targeted engagement tools, providing greater transparency and enabling customers to make better comparisons – not just on price but also on service and coverage scope and specifications – thereby improving real choice. 

The likely knock-on effects of providing customers with a hyper personalised comparison, based on the data they are prepared to share, are generally considered to be positive from the regulator’s and consumer’s perspective:

  • increased competition – both by virtue of new entrants and incumbent firms innovating and adapting;
  • more and better comparisons;
  • easier and more switching;
  • increased choice and diversity of products, improved usability and convenience; and
  • better financial inclusion.

There is also the opportunity for insurance products and services to play an increasing part in wider digital ecosystems and platforms (where consumers will have access to products and services offered by multiple suppliers); and to improve customer engagement and experiences, and tailoring of products, through the sharing of data with data trusts and/or with other service providers – from banks and utilities through to the big tech players.

There are risks.  How secure is this data in the cloud?  Will we see a small number of big tech service providers becoming dominant in the market and thereby raising questions of concentration risk? What are the operational risks associated with a heavy reliance on a raft of operational, ICT, outsourcing and regulatory change third party suppliers for the delivery of some or all of these services, and how can they be mitigated? As evidenced by the European Banking Authority’s recently updated guidelines on outsourcingthe House of Commons Treasury Committee report into IT failures in the financial services sector and the Prudential Regulatory Authority’s consultation paper on outsourcing and third party risk management, modernising the regulatory framework on outsourcing (including cloud and technology use generally) and third party risk management is an area of increasing scrutiny and concern for regulators.  We will look at management of operational risk in more detail in our forthcoming article on “Operational Resilience to Recovery and Resolution”.

There are also many broader, more human concerns.  Will the data be used by the provider as fuel to power their products and services?  How will the concepts of privacy and security by design, and data/AI ethics be built into these new business models, and how will this be regulated? The General Data Protection Regulation, Data Protection Act and Information Commissioner’s data sharing code of practice and guidance on big data, AI and machine learning already provide a measure of control.  But regulators and the public are becoming increasingly concerned about the combination and use of large data sets from a competition and ethics perspective.

As insurers get access to more and more data, and AI technologies, profiling and automated decision making become more sophisticated, there is a danger that they will be able to price the risk that individuals and their circumstances pose so accurately that some become uninsurable at an economic price, potentially leading to financial exclusion. 

Against this backdrop it seems inevitable that we will see significant further regulation and regulatory guidance in this space in the months and years to come.