In what many consider a banner year for fintech megadeals, insurtech has begun to take center stage. In early August 2019, Roper Technologies agreed to acquire life insurance software solutions provider iPipeline for $1.6 billion. A few weeks later, Prudential Financial announced its acquisition of Assurance IQ for $2.35 billion. Meanwhile, global fundraising for insurtech companies in the first half of 2019 was nearly $3 billion, according to the insurance news site PropertyCasualty360. Insurtech appears ready for the spotlight.

The sale of Assurance IQ represents one of the fastest multibillion-dollar tech exits in history. Its story may be a unique one — the company never received venture capital and relatively quickly found a home for future growth within a Fortune 50 insurer — but it contains an important takeaway. Insurers are, and will continue to be, on the lookout for technological solutions that will allow them to attract and improve the experiences of their customers while streamlining their internal processes in order to drive profitability, making insurtech a likely focus for these companies.

Insurtech encompasses a broad range of software and web developers and tech platforms, many holding potentially transformational products but not all of which are ready to be acquired by a Fortune 50 company. In order to reach the next level of their development, many insurtech companies will need the focused leadership and support of strong outside investors and financial sponsors. That leadership will not necessarily come from insurance experts.

In order to reach the next level of their development, many insurtech companies will need the focused leadership and support of strong outside investors and financial sponsors.

Private equity investors without long-term experience in the insurance sector have the potential to locate — and create — significant value through investments in insurtech.

Navigating the Regulatory Environment

Every investment requires an understanding of how a company’s business model fits within a specific regulatory environment. In the case of insurance and insurtech in the United States, this means navigating the twisting landscape of state-based insurance regulation, including changes on the horizon due to technological innovation. The National Association of Insurance Commissioners (NAIC) — the U.S. standard-setting and regulatory support organization created and governed by the chief insurance regulators from all 50 states — has held regular meetings of its Innovation and Technology (EX) Task Force (and its Big Data (EX) Working Group) since 2017 to examine developments and consider appropriate regulatory updates. Initiatives and guidance that develop from these meetings will have significant impacts on insurtech companies, including those that see opportunities in big data, artificial intelligence and blockchain.

While many insurtech companies are led by individuals with significant experience in the insurance industry, many more have founders with tech backgrounds and new ideas for how to disrupt the insurance industry. Therefore, an important initial question for an investor may be, “Will a business model survive potential regulatory scrutiny today and in the future?” For example, Lemonade — one of the early insurtech success stories — introduced in 2017 a web application programming interface (API) allowing other businesses to integrate its insurance-purchasing platform into their websites. The news prompted informal questions (by tweet) from the head of the NAIC as to whether the API complied with applicable laws and regulations relating to insurance brokers. While Lemonade, in an article in Insurance Journal, responded with confidence that its API did not conflict with any licensing or other requirements, the same may not be true of all early-stage companies. Investors should confirm that the proper legal due diligence has been done regarding a company’s current and future business model, and that questions from regulators will not catch a company by surprise.

Insurtech companies also will likely be directly (or indirectly, through contractual obligations to customers) subject to cybersecurity and data privacy laws and regulations both within and outside the U.S. Therefore, understanding a company’s cybersecurity infrastructure and compliance procedures will be critical for potential investors.

Finally, investors outside the U.S. should consider the potential implications of reviews on insurtech investments by the Committee on Foreign Investment in the United States, including whether a target company handles sensitive data regarding U.S. consumers.

Investments and the Spectrum of Insurance Regulatory Scrutiny

Investors often fear the seemingly daunting regulatory scrutiny that may go hand in hand with an investment in insurance. For example, private equity sponsors that make controlling investments in insurance companies may, depending on specific state practices, need to disclose the identity of limited partners as well as significant personal and financial information regarding fund principals.

However, the regulatory burden may be lighter for insurtech investments than anticipated. Consider these three scenarios:

  • Investments in insurtech companies that are solely software companies or technology platforms will typically not require any approvals of or notices to insurance regulators;
  • Investments in insurtech companies that act as brokers, managing general agents or managing general underwriters in some states require pre- or post-investment notices to regulators but will not typically require the type of disclosure regarding investors that would be required in a “Form A” filing (explained in more detail below); and
  • Investments — including indirect ones — in insurtech companies that actually write insurance coverage (e.g., Lemonade, Root and Metromile) could trigger approval requirements from the insurance regulator in the company’s state of domicile if the investment results in a person acquiring “control” for regulatory purposes, which is typically presumed by any investment representing the direct or indirect power to vote 10% or more of the voting securities of the insurance company.

An investor is required to make a Form A filing only under the third scenario. Form A is an application to acquire control of an insurance company that is filed with, and requires approval by, the insurance regulator of the state where the insurance company is domiciled. When considering the approval of such an application, a regulator will generally weigh such factors as the financial strength of the proposed acquirer, the integrity and management of the acquirer’s board of directors and executive officers, the acquirer’s plans for the future operations of the domestic insurer, and any anti-competitive results that may arise from the consummation of the acquisition of control. As noted above, investors have many opportunities to access the insurance industry that do not require the additional hurdle of the Form A approval process.

Form A

The Form A process can appear daunting, but it can be fairly characterized as the process of responding to a simple set of questions from insurance regulators that take the form of “who,” “what” and “where.” For most investors, these inquiries are not disruptive to operations or overbearing in terms of required disclosure.

Who. Given the regulatory definition of “control,” insurance regulators could seek information on “who” the ultimate controlling person of an investor is. For a public company, this may be the investor’s board of directors or a controlling stockholder. For a private equity fund, this may be its fund principals or, in rare circumstances, its limited partners — if such partners possess special governance rights. Entities that are deemed to be control persons typically must be included as part of a filing and provide information regarding their individual officers and directors. These individuals, as well as natural persons who are controlling persons, will need to undergo background checks and potentially submit fingerprints as part of Form A applications. If such persons are themselves control persons, they also must disclose personal financial information to regulators. Most of this information can be submitted on a confidential basis and will not become publicly available.

What. Insurance regulators also will seek to understand “what” an acquiring person of an insurance company hopes to achieve through an investment. Among other factors, insurance regulators will examine:

  • whether the financial condition of any acquiring person might jeopardize the financial stability of the insurer being acquired or prejudice the interest of its policyholders; and
  • the fairness, reasonableness and public interest of any plans or proposals that the acquiring person has for an insurer, its assets, its business or corporate structure, or its management.

For most investments, these questions will have easy answers. In fact, many investments may contemplate a continuation of “business as usual,” presenting regulators with few, if any, material operational or structural changes that need to be considered.

Where. Regulators also will care about “where” funds for an investment will be sourced. New or additional sources of equity (such as co-investors) may lead to questions regarding potential control persons. Debt financing may prompt regulators to ask how an investor plans to fund interest payments and whether insurance company securities may be used as loan collateral.

While the Form A process can appear to be a lot of work for an investor that is new to the insurance sector, it need not be. If the right insurtech opportunity is one that requires investment in an insurance company, the Form A process can be managed through planning and transparency.

Getting Started

Given the broad scope of businesses that are insurtech companies, investors should seek legal advice in the early stages of their investment process to identify key issues and regulatory considerations.