United States: A Look At The Impact And Insurance Regulatory Challenges Of InsurTech Innovations, AI, Machine Learning, Blockchain, And Smart Contracts

Hogan Lovells counsel Robert Fettman discusses the challenges and opportunities that InsurTech innovations and technologies like blockchain, distributed ledger technology (DLT), and smart contracts present to the U.S. insurance industry.

What are some of the potential insurance regulatory issues implicated generally by InsurTech? 

Fettman: The last several years have seen a new crop of digital products and services enter the lexicon of the insurance industry such as: usage-based insurance, peer-to-peer insurance, machine learning, robo-advisory, and the emerging phenomenon known as the Internet of Things, to name just a few. InsurTech has permeated virtually every aspect of insurance, from customer service, products, underwriting, and pricing, to marketing and distribution.

On the marketing and distribution front, the InsurTech industry has been grappling with questions like: do digital marketing and advertising activities trigger insurance producer licensing requirements, does the provision of value added services to insureds or potential insureds implicate states' anti-rebating laws, and how can an entity be compensated for insurance referrals without being subject to insurance regulation? We have seen companies offering a digital platform allowing developers and businesses to integrate insurance services directly into their websites or apps (so-called Application Programming Interfaces, or APIs) having to navigate these issues following several high-profile regulatory actions. 

According to a 2018 survey by IBM, more than 50 percent of InsurTechs use AI and machine learning. The ability of AI and machine learning to analyze data at a very granular level has regulators concerned about various consumer protection issues such as data privacy, fairness, discrimination, and cybersecurity. For one thing, algorithms may use geographical data or other individual attributes, creating outcomes that implicitly correlate with sensitive characteristics such as race, religion, gender, etc., which insurance laws generally prohibit in the sale of insurance. In addition, while deployment of machine learning to price risk could help insurers reduce the degree of moral hazard and adverse selection inherent in selling insurance broadly, regulators worry that the increased tailoring of risk and issuance of highly customizable policies reflecting the unique characteristics of each insured could undermine the risk pooling function of insurance and lead to large groups of people or risks becoming uninsurable in the private insurance marketplace. 

InsurTech firms getting involved in underwriting and pricing must appreciate the insurance regulatory landscape governing product development or risk potentially running afoul of various insurance regulations. A company that has a model that impacts rate filings, for example, may be acting as an advisory or rating organization and may require licensure under state insurance laws. And even where state law is unclear whether licensing requirements extend to such firms, we have seen regulators insist on some degree of oversight or review of third-party data providers and telematics as a condition to approving the utilizing insurer's policy rate filings. 

Regulators are also now scrutinizing anti-competitive issues with vendors supplying similar data and models to multiple insurers as well as whether the use of nontraditional data sources may be a proxy for prohibited discriminatory factors in the sale of insurance. New York, for example, recently issued guidance to life insurers regarding the use of unconventional sources of external data, citing the duel risk of unlawful discrimination and a lack of data transparency. At the same time, the National Association of Insurance Commissioners (NAIC) is working on developing best practices for regulators reviewing insurance company filings containing predictive models, with the current draft setting out 16 best practices and 92 pieces of information a regulator should be scrutinizing.

As computing power grows exponentially, it has opened the insurance actuarial modeling world to new and sophisticated forms of data collection and analysis, including data mining, statistical modeling, and machine learning. These evolving techniques have made it increasingly challenging for insurance regulators to evaluate filed rating plans that incorporate complex predictive models. To address this issue, insurance regulators, through the NAIC, are considering various methods of field testing such technologies in a controlled environment similar to the "sandbox" concept adopted in the UK and other countries. Several U.S. states, including Connecticut, Arizona, and a handful of others, have indicated they believe their insurance laws contain sufficient flexibility to permit the issuance of regulatory variances and waivers (e.g., no-action letters) to InsurTech firms seeking to test new products without fear of regulatory action, and have encouraged firms to come talk to them. In our experience, InsurTech firms that partner with receptive insurance regulators early in the developmental stage of their products or services are the ones most likely to find success in the highly regulated marketplace of insurance. 

What are some of the regulatory issues that might arise from the use of blockchain technology in insurance?

Fettman: Blockchain, as a form of distributed ledger technology, provides multiple parties with access to the same information at the same time and allows for the transfer of information, and possibly assets, among the participants. Many see tremendous potential for this technology in the insurance industry. Although for now, people see the greatest value in its ability to bring efficiencies and cost savings to existing processes in the industry — rather than seeing it as a disruptive force in the development and distribution of insurance products. 

Use cases of blockchain adoption by the insurance industry are still very much in the exploratory stage. A logical starting point for insurance companies looking to leverage the benefits of blockchain is the efficiencies that the technology could deliver to the oftentimes consuming and costly methodologies associated with data management and claims administration. The opportunity for insurers to streamline such internal processes is highly attractive to the industry.

However, there are a number of features inherent to blockchain that may be inconsistent with, or at best, ambiguous under, current state insurance laws. In many cases, these laws were written decades ago, before the advent of most of today's technologies. 

As with any new mode of data storage, regulators want to ensure that policy information and personal customer data residing on a blockchain complies with existing privacy and data protection regulations. State insurance laws generally require an insurer's books and records to be maintained in the particular state and be available to the regulator for inspection and audit. Can these requirements be satisfied by providing regulators with a node on the blockchain? Time will tell, but discussions with regulators have been encouraging.

What is the potential for smart contracts in the insurance industry?

Fettman: A smart contract is essentially software that checks for specified transactions in the network and automatically executes certain actions conditional on certain prespecified conditions being met.

Smart contracts offer great promise to the insurance industry. For insureds it could remove the pain points in navigating the frequently time consuming claims filing process, while insurers see the potential for significant saving in claims handling expenses. A good example of smart contracts' potential is a relatively new product designed as a fully automated flight delay insurance policy that runs on a blockchain. It allows customers to receive a payout as soon as they arrive at their destination following a delay that exceeds a certain length of time. The process is fully automated, with a smart contract deciding whether customers are eligible for indemnification.

Some in the industry believe insurers may ultimately be able to charge a premium for smart contract policies over comparable coverages utilizing traditional paper due to the claims-free, guaranteed-payout features embedded in smart contracts, to which insureds may ascribe added value. Furthermore, as smart contracts and blockchain technology reduce administrative and claims handling costs, insurers may begin offering previously financially unviable products such as microinsurance.

What are some of the challenges with existing insurance regulation as it relates to smart contracts?

Fettman: The self-executing nature of smart contracts could face various regulatory hurdles under existing insurance laws. For example, state laws prescribing claims handling procedures could be implicated where an insured asserts that a claim denial was inappropriate or where there is a bug in the smart contract that causes the contract to fail to perform as intended.

The immutable and irreversible nature of smart contracts could also pose a challenge in the context of an insurance delinquency proceeding, where for example, a court-appointed administrator may seek to cut off or delay future claims payments or seek to recoup previous improper payments.

Another area of insurance regulation that could be impacted by smart contracts is reserving methodologies prescribed by state insurance laws, which may need to be tweaked to accommodate automated claim payments, particularly if funds are to be escrowed, such as for certain parametric smart contracts.

Lastly, there may be a question as to whether certain smart contracts with insurance-like features are in fact actually "insurance" contracts as defined under (and hence subject to) state insurance laws. New York, for example, issued an insurance department opinion that certain weather derivatives do not constitute insurance contracts under the New York insurance law because the terms of the instrument in question did not provide that, in addition to or as part of the triggering event, payment to the purchaser was dependent upon that party suffering a loss, i.e., the issuer was obligated to pay the purchaser whether or not the purchaser actually suffered a loss. As neither the amount of the payment nor the trigger itself bore a relationship to the purchaser's loss, the New York department determined that the instrument was not an insurance contract.

For now, utilization of smart contracts and blockchain technology in insurance is limited, but look for regulators to seriously consider the issues described above as their uses expand.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.