This article is an extract from The Insurance and Reinsurance Law Review - Edition 11. Click here for the full guide.

I Introduction

The rapid development of converging technologies is bringing about fundamental changes to the insurance industry. In the long term, organisations that are slow to embrace these new technologies will struggle to compete and to retain their place in the market.

In the insurance sector, the use of technology to innovate or disrupt is known as 'insurtech'. This is an elastic term that takes in the use of new technologies by both start-ups and incumbent insurance companies to transform access to and analysis of data, build new products, drive customer engagement and squeeze inefficiencies from the current insurance model. Technologies such as telematics, the internet of things, including smart home technologies, aerial imagery and drone technologies are giving insurers new ways to access data while developments in artificial intelligence (AI), machine learning and natural language processing are enabling insurers to process, analyse and gain insights from these large data sources. Associated technologies such as chatbots, robotic process automation and gamification are being deployed to reach new customers and enhance consumer experience. Many insurtech projects are exploring the use of blockchain and distributed ledger technology to disrupt the value chain, enable new applications and improve efficiency in the insurance sector.

These innovations initially impacted the consumer market and the markets servicing small and medium-sized enterprises but as the technology beds down, it is expanding into more complex risks.

Indeed, in 2020, we saw the first algorithmically driven Lloyd's syndicate, Ki, which began writing business in January 2021. This is a trend that we expect to continue in the coming years, not least as a reflection of the drive to reduce costs.

The discussion that follows provides an overview of the current and future use of insurtech and also seeks to highlight some of the commercial, legal and even philosophical issues that its use will raise.

II Insurance underwriting

Insurtech is deployed in two principal areas of the underwriting process: the gathering and analysis of data to create personalised policies, and the elimination of repetitive tasks and unnecessary delays. Essentially, this involves the combination of highly specific source data from the potential insured and broader big data, with the application of algorithms to the material to provide a fast but targeted risk analysis. The real-time analysis of data obtained in this way also allows more opportunity for insurers to cross-sell and upsell targeted products to customers. In particular, the introduction of robotic process automation (RPA) means that underwriting decisions can be made and policy documentation issued much more quickly than in the past. This is achieved by using the RPA and chatbots to interrogate the insured in respect of key variables, to process that information and take the necessary underwriting decisions. There is a similar process in connection with the purchase of motor or home insurance; the difference here is that the process can be entirely automated by using RPA, and the analysis of big data provides a far more accurate and sensitive basis for setting premiums for particular risks on the basis of the information provided by the insured.

III Usage-based insurance

One of the major innovations that insurtech has introduced is usage-based insurance (UBI), which is used to develop more personalised insurance products. Personalisation is achieved by the use of algorithms to analyse the insured's own data together with external information from a broad range of sources to generate a bespoke risk score. This process is intended to significantly improve the relevance of the insurance to the buyer, as well as the underwriter's ability to assess risk. It is interesting to note that the various lockdown measures imposed by the UK government during 2020 and 2021 have led to an increased interest in the purchase of UBI.

Pay-as-you-drive insurance is at the forefront of this process and there are a number of examples in the market. This insurance is usually priced on the basis of a fixed cost for the car's stationary risk, such as fire and theft, and a flexible element that is based on the number of miles driven each month. Mileage information is collected through the use of telematics. Initially this involved a 'black box' in the car to relay information to the insurer in real time; more recently, however, smartphone apps or preinstalled devises have been used to collect data. Drivers can also see the cost of their insurance as it is incurred.

The use of telematics enables insurance to be tailored not only by reference to how far an insured drives but also by reference to how the insured drives. This will involve the use of telematics to monitor variables such as the speed at which a vehicle is driven on different kinds of road, whether the driver brakes or accelerates sharply, whether the driver take rests on long drives and where and when the car is driven and how often the driver uses his or her phone while driving. This information is transmitted from the car to the insurer. It is then compared with data from others to set a premium. Clearly this involves the collection and analysis of personal data from a large group of individuals to see, for example, where the accident hotspots may be and what times of day and days of the year are the most dangerous. There are obvious data protection issues that arise from this but also, perhaps, wider issues relating to privacy and consumers' caution and concern about the amount of their data held by distant corporations.

UBI is clearly also applicable to the commercial environment; for example, it may be used to achieve a more accurate picture of where particular ships navigate and how much time is spent at sea. It will also enable insurers to keep track of particular cargos with black boxes attached to shipping containers to measure location, distance travelled, method of storage and speed.

The application of UBI to life and health insurance is also being actively explored. For example, the insured's success in achieving quotas on Fitbits and other similar devices can be monitored. The use of AI technology can also improve the accuracy of data used to underwrite insurance by providing information about how much we actually drink, smoke and exercise as opposed to what we say we do.

While initiatives of this nature will benefit the healthy insured, there is a danger that the use of this personal source data may result in less affordable insurance for less healthy insureds. This in turn may lead to regulatory challenges in relation to potential discrimination. Particular regulatory issues may also arise in connection with the use of sensitive personal information (called 'special data' in the General Data Protection Regulation (GDPR), which has been supplemented and tailored for the United Kingdom by the Data Protection Act 2018).

IV The internet of things

The increasing use of the internet of things (IoT) by the insurance industry not only increases the underwriters' ability to provide personalised products to an insured but is also subtly changing the nature of the relationship between insured and insurer. For example, the use of location-based sensors, such as smart thermostats and geographical information systems, which relay information to insurers in real time, not only facilitate more accurate underwriting but can also play a part in risk management. Thus, devices monitoring the insured's water usage can respond to any unexpected increase to warn of leakages.

In a similar vein, insurers are using gamification to change insureds' behaviour and attitude to risk. Gamification, as the name suggests, involves the inclusion of some gaming experiences into the insurer–client relationship by, for example, encouraging the insured to achieve targets in relation to exercise in the context of health insurance or by congratulating the insured on improved driving and the successful completing of a road journey.

V Blockchain and the verification of data

Many commercial transactions require the existence of relevant insurance contracts to be verified. For example, the sale of goods and their transhipment overseas involves a significant amount of paperwork, including commercial invoices and bills of lading, which provide the basis upon which the insurer will issue a policy of insurance to the shipper and its banker. Blockchain will allow all the parties to the transaction to view and verify the paperwork in real time, thus significantly speeding up the shipping process by removing the requirement for the physical transfer of documents between banks.

Similarly, worldwide insurance for a multinational corporation will involve locations and assets around the world. The underwriting process for this insurance involves collecting and verifying a range of data, such as asset values and loss histories, and the making of that data available to different interests. This can be a lengthy process but the use of blockchain technology can significantly simplify and speed up the process, while at the same time providing the necessary degree of transparency and reliability.

This use of blockchain to verify the existence of insurance can have other applications too, for example by providing a platform to streamline the process by which a company can verify that a contractor has the insurance it claims to possess.

More recently, blockchain is being used to enable insured and insurer to have the benefit of real-time access to the same verified data in the context of dynamic marine insurance risk where ship operators want to access and/or vary insurance coverage quickly to respond to changing environments.

VI Claims handling

As well as introducing fundamental changes to the underwriting process, insurtech is having a significant impact on the speed and manner in which insurers can process claims. Indeed, one new tech-driven company promises to process home insurance claims in seconds and pay them in minutes. Meanwhile, on the commercial front, new technology will assist in prediction-of-loss development and the speedy assessment and settlement of claims arising from hurricanes and other natural catastrophes. While these speeds are clearly not appropriate to many classes of claim, insurers that do not take steps to incorporate insurtech into their claims-handling process, for example in the management of administrative tasks, will become increasingly unattractive to buyers. Similarly, RPA is ideally suited to some kinds of parametric insurance including travel cancellation and life policies.

Detecting fraudulent claims is a major issue for insurers. Recent figures from the Association of British Insurers show that approximately 107,000 fraudulent claims with a value of approximately £1.2 billion were detected in the United Kingdom alone in 2019. It is no surprise, therefore, that insurers are developing algorithms that use big data and machine learning to identify the markers of a fraudulent claim. Claims are then tested against these markers by the AI so that suspicious activity can be subjected to closer examination.

At present, these tools are being developed principally with the resolution of high-volume low-value insurance claims in mind, as it is easier to develop statistical models and predictive AI for this type of business. Nonetheless, predictive modelling is also expected to have an application for high-value complex claims.

VII Potential problems

The growing use of AI is not without its pitfalls for buyers and sellers of cover as well as for brokers and other intermediaries.

i The insurer

For the insurer, the huge volume of often sensitive personal data required to maximise the benefits of AI requires very careful handling. Failure to safeguard this material, or to obtain the necessary consent for its use, can expose the insurer to severe financial penalties (up to 4 per cent of its annual turnover under the GDPR). Perhaps more importantly, however, the loss or abuse of this data is likely to have a devastating impact on the insurer's reputation and commercial position. In addition, information of this kind is particularly attractive to cyber criminals and, at a time when even sophisticated operators are vulnerable to attack, managing this risk will require constant vigilance from the insurer and its service providers.

Just as significantly, it will be important to manage the machine learning aspect of both underwriting and claims handling to avoid discrimination on the grounds of race, gender or location. For example, AI deployed in the underwriting process may note that males are more likely to have a motor accident than females. If the AI starts to adjust premiums taking this information into account, there is a clear risk that it will place the insurer in danger of breaching anti-discrimination laws. This is a complex issue and discrimination is not always obvious – for example, discriminating on the basis of an insured's address can be a proxy for discrimination on the grounds of ethnicity and it has even been suggested that discrimination on the basis of the insured's email address has taken place.

A recent focus paper by the EU's Fundamental Rights Agency (FRA) draws attention to the fact that when algorithms are used in decision-making there is a potential for beach of the principle of non-discrimination contrary to Article 21 of the EU's Charter of Fundamental Rights. The FRA recommends, among other things, that potential biases and abuses created by the algorithm should be recognised, that the quality of data should be checked and that the way in which the algorithm was built should be capable of explanation.

ii The insured

While AI should provide the insured with quicker and more focused insurance cover, it does not come without its pitfalls. In particular, the use of AI will make it much easier for insurers to identify sub-prime risks and there is clearly a danger of anti-selection or 'writing down', which will make it much harder for insureds with particular or unusual characteristics to obtain cover. Ultimately, this may require regulatory change to address. Many insureds will also feel uncomfortable about granting insurers access to their lives through the installation of IoT monitoring or UBI devices. In part for this reason, insurers are likely to emphasise the risk management aspect of these technologies.

iii The intermediaries

One of the perceived advantages of AI is that it will create more direct contact between the insured and the insurer, enabling the insurer to broaden its offering to the insured and to respond more precisely to the insured's needs. Similarly, existing distribution networks will be bypassed to remove unnecessary frictional cost from the insurance-buying process. Disrupter insurers rely on smartphone apps to sell to their customers and even provide apps that enable third parties easily to sell the disrupter's insurance products. This will mean that, like insurers, brokers and other intermediaries will find their business model under attack. While in the short term this may be an issue principally in the mass market, it is inevitable that it will also find a role in commercial placements. This development, along with greater scrutiny of the role of intermediaries from regulators, threatens to create a perfect storm, which will require intermediaries, like insurers, to adapt to survive.

iv New liability challenges

The use of AI raises a number of legal issues in relation to the management of data and the elimination of bias or risk proxies from an AI underwriting process. The wider use of AI in society, however, also means that the nature of some established risks and liabilities is changing.

In order properly to underwrite the policies that they issue, as well as to enable them to resolve claims and analyse their own exposure, insurers will need to understand not only where the liability rests for damage caused by an insured's malfunctioning AI, but also who is liable for damage caused by the decisions taken by AI. In cases in which errors by the developer or manufacturer of the AI result in the AI malfunctioning, issues of liability would appear at first sight to be relatively straightforward. As the decisions taken by AI systems become further removed from direct programming and increasingly based on machine learning principles, however, it may be difficult to identify the precise cause of a particular AI decision or the source of any damage. A system that learns from information it receives from the world can operate independently from its operator and in a way that its designers did not or could not have anticipated. Who will be liable if the actions of AI are inexplicable or cannot be traced back to human error?

The European Union has begun to address this issue through the European Parliament's resolution and recommendations to the Commission contained in the Civil Law Rules of Robotics passed in February 2017. This document invites the Commission to consider two approaches to liability: strict or risk-based. The latter would focus on 'the person who is able . . . to minimise risks and deal with negative impacts'. It also considers the possibility of a compulsory insurance scheme that would take into account 'all potential responsibilities in the chain [of causation]'. These recommendations are now under consideration by the European Commission.

Meanwhile, in the United Kingdom, the Automated & Electric Vehicles Act 2018 provides that insurers must pay on a strict liability basis if an insured vehicle causes injury while driving itself. It will then be for the insurers to pursue any subrogated claim against, for example, the entity responsible for the loss. In that regard, the Law Commissions of England and Wales and of Scotland have published their proposals on legal liability surrounding the use of driverless cars.2 In essence, the Commissions' recommendation is that the vehicle manufacturer should be liable for any accident or offence arising directly from the driving task.

VIII Summary

Insurtech is set to revolutionise all aspects of insurance from underwriting to claims handling to dispute resolution and distribution. This process is already underway, but its full extent is difficult to predict. Traditional insurance models face fundamental challenges, but at least the early indications are that they are beginning to recognise and respond to those challenges. Insurers that do not engage with this new technology will, however, face the risk of being left behind in a rapidly changing market.

One remaining obstacle to the exploitation of insurtech is uncertainty over the legal and regulatory framework in which it operates. While governments have taken some initial steps to address these issues, it is far from clear where that particular journey will end.