I Introduction

The rapid development of artificial intelligence (AI) is bringing about fundamental changes to the insurance industry. In the long term, organisations that are slow to embrace this new technology will struggle to compete and to retain their place in the market.

In the insurance sector, the use of AI is known as 'insurtech'. This is an elastic term that includes the use of complex algorithms to analyse data and associated technologies such as chatbots, robotics, telematics and gamification. Blockchain may also be included in this definition.

These innovations are impacting the consumer market and the markets servicing small and medium-sized enterprises, and it seems inevitable that as the technology beds down, it will expand into more complex risks.

The discussion that follows provides an overview of the current and future use of insurtech and also seeks to highlight some of the commercial, legal and even philosophical issues that its use will raise.

II Insurance underwriting

Insurtech is deployed in two principal areas of the underwriting process: the gathering and analysis of data to create personalised policies, and the elimination of repetitive tasks and unnecessary delays. Essentially, this involves the combination of highly specific source data from the potential insured and broader big data, with the application of algorithms to the material to provide a fast but targeted risk analysis.

III Usage-based insurance

One of the major innovations that insurtech has introduced is usage-based insurance (UBI), which is used to develop more personalised insurance products. Personalisation is achieved by the use of algorithms to analyse the insured's own data together with external information from a broad range of sources to generate a bespoke risk score. This process is intended to significantly improve the relevance of the insurance to the buyer, as well as the underwriter's ability to assess risk.

Pay-as-you-drive insurance is at the forefront of this process and there are a number of examples in the market. This insurance is priced on the basis of a fixed cost for the car's stationary risk, such as fire and theft, and a flexible element that is based on the number of miles driven each month. Mileage information is collected through the use of telematics, which involves a 'black box' in the car to relay information to the insurer in real time. Drivers can also see the cost of their insurance as it is incurred.

More particularly, however, insurance can be tailored not only by reference to how far an insured drives but also by reference to how the insured drives. This will involve the use of telematics to monitor variables such as the speed at which a vehicle is driven on different kinds of road, whether the driver brakes or accelerates sharply, whether the driver take rests on long drives, and where and when the car is driven. This information is transmitted from the black box in the car to the insurer. It is then compared with data from others to set a premium. Clearly this involves the collection and analysis of personal data from a large group of individuals to see, for example, where the accident hotspots may be and what times of day and days of the year are the most dangerous. There are obvious data protection issues that arise from this but also, perhaps, wider issues relating to privacy and consumer caution, and concern about the amount of their data held by distant corporations.

UBI is clearly also applicable to the commercial environment; for example, it may be used to achieve a more accurate picture of where particular ships navigate and how much time is spent at sea. It will also enable insurers to keep track of particular cargos with black boxes attached to shipping containers to measure location, distance travelled, method of storage and speed.

The application of UBI to life and health insurance is also being actively explored. For example, the insured's success in achieving quotas on Fitbits and other similar devices can be monitored. The use of AI technology can also improve the accuracy of data used to underwrite insurance by providing information about how much we actually drink, smoke and exercise as opposed to what we say we do.

In a similar vein, insurers are using gamification to enhance these processes. Gamification, as the name suggests, involves the inclusion of some gaming experiences into the insurer–client relationship, for example by encouraging the insured to achieve health targets in relation to exercise (among other things) in order to strengthen the relationship between insurer and insured, and introduce risk management elements. These techniques also increase the insurer's ability to give insureds the kinds of insurance products that they want.

While initiatives of this nature will benefit the healthy insured, there is a danger that the use of this personal source data may result in less affordable insurance for less healthy insureds. This in turn may lead to regulatory challenges in relation to potential discrimination. Particular regulatory issues may also arise in connection with the use of sensitive personal information (called 'special data' in the General Data Protection Regulation (GDPR), which has been supplement and tailored for the United Kingdom by the Data Protection Act 2018).

IV Robotic process automation

The introduction of robotic process automation (RPO) means that underwriting decisions can be made and policy documentation issued much more quickly than in the past. This is achieved by using the RPO and chatbots to interrogate the insured in respect of key variables, to process that information and take the necessary underwriting decisions. There is a similar process in connection with the purchase of motor or home insurance; the difference here is that the process can be entirely automated by using RPO, and the analysis of big data provides a far more accurate and sensitive basis for setting premium for particular risks on the basis of the information provided by the insured.

Initiatives of this nature will become increasingly common as the full impact of the internet of things is realised. We can expect to see increasing use of location-based sensors, such as smart thermostats and geographical information systems relaying information to insurers in real time to facilitate more accurate underwriting.

V Blockchain and the verification of data

Many commercial transactions require the existence of relevant insurance contracts to be verified. For example, the sale of goods and their transhipment overseas involves a significant amount of paper work, including commercial invoices and bills of lading, which provide the basis upon which the insurer will issue a policy of insurance to the shipper and its banker. Blockchain will allow all of the parties to the transaction to view and verify the paperwork in real time, thus significantly speeding up the shipping process by removing the requirement for the physical transfer of documents between banks.

Similarly, worldwide insurance for a multinational corporation will involve locations and assets around the world. The underwriting process for this insurance involves collecting and verifying a range of data, such as asset values and loss histories, and the making of that data available to different interests. This can be a lengthy process but the use of blockchain technology can significantly simplify and speed up the process, while at the same time providing the necessary degree of transparency and reliability.

This use of blockchain to verify the existence of insurance can have other applications too, for example by providing a platform to streamline the process by which a company can verify that a contractor has the insurance it claims to possess.

VI Claims handling

As well as introducing fundamental changes to the underwriting process, insurtech is having a significant impact on the speed and manner in which insurers can process claims. Indeed, one new tech-driven company promises to process home insurance claims in seconds and pay them in minutes. While these speeds are clearly not appropriate to many classes of claim, insurers that do not take steps to incorporate insurtech into their claims-handling process, for example in the management of administrative tasks, will become increasingly unattractive to buyers.

Detecting fraudulent claims is a major issue for insurers. Recent figures from the Association of British Insurers show that approximately 113,000 fraudulent claims with a value of approximately £1.3 billion were detected in the United Kingdom alone in 2017. It is no surprise, therefore, that insurers are developing algorithms that use big data and machine learning to identify the markers of a fraudulent claim. Claims are then tested against these markers by the AI so that suspicious activity can be subjected to closer examination.

At present, these tools are being developed principally with the resolution of high-volume low-value insurance claims in mind, as it is easier to develop statistical models and predictive AI for this type of business. Nonetheless, predictive modelling is also expected to have an application for high-value complex claims.

VII Potential problems

The growing use of AI is not without its pitfalls for buyers and sellers of cover as well as for brokers and other intermediaries.

i The insurer

For the insurer, the huge volume of often sensitive personal data required to maximise the benefits of AI requires very careful handling. Failure to safeguard this material, or to obtain the necessary consent for its use, can expose the insurer to severe financial penalties (up to 4 per cent of its annual turnover under the GDPR). Perhaps more importantly, however, the loss or abuse of this data is likely to have a devastating impact on the insurer's reputation and commercial position. In addition, information of this kind is particularly attractive to cyber criminals and, at a time when even sophisticated operators are vulnerable to attack, managing this risk will require constant vigilance from the insurer and its service providers.

Just as significantly, it will be important to manage the machine learning aspect of both underwriting and claims handling to avoid discrimination on the grounds of race, gender or location. For example, AI deployed in the underwriting process may note that males are more likely to have a motor accident than females. If the AI starts to adjust premiums taking this information into account, there is a clear risk that it will place the insurer in danger of breaching anti-discrimination laws, such as the EU Gender Directive. This is a complex issue and discrimination is not always obvious – for example, discriminating on the basis of an insured's address can be a proxy for discrimination on the grounds of ethnicity and it has even been suggested that discrimination on the basis of the insured's email address has taken place.

A recent focus paper by the EU's Fundamental Rights Agency (FRA) draws attention to the fact that when algorithms are used in decision-making there is a potential for beach of the principle of non-discrimination contrary to Article 21 of the EU's Charter of Fundamental Rights. The FRA recommends, among other things, that potential biases and abuses created by the algorithm should be recognised, that the quality of data should be checked and that the way in which the algorithm was built should be capable of explanation.

ii The insured

While AI should provide the insured with quicker and more focused insurance cover, it does not come without its pitfalls. In particular, the use of AI will make it much easier for insurers to identify sub-prime risks and there is clearly a danger of anti-selection or 'writing down', which will make it much harder for insureds with particular or unusual characteristics to obtain cover. Ultimately, this may require regulatory change to address.

iii The intermediaries

One of the perceived advantages of AI is that it will create more direct contact between the insured and the insurer, enabling the insurer to broaden its offering to the insured, and to respond more precisely to the insured's needs. Similarly, existing distribution networks will be bypassed to remove unnecessary friction and cost from the insurance-buying process. This will mean that, like insurers, brokers and other intermediaries will find their business model under attack. While in the short term this may be an issue principally in the mass market, it is inevitable that it will also find a role in commercial placements. This development, along with greater scrutiny of the role of intermediaries from regulators, threatens to create a perfect storm, which will require intermediaries, like insurers, to adapt to survive.

iv Legal challenges

The use of AI raises a number of legal issues, but perhaps the most difficult in the context of insurance is the question of liability. In order properly to underwrite the policies that they issue, as well as to enable them to resolve claims and analyse their own exposure, insurers will need to understand not only where the liability rests for damage caused by malfunctioning AI, but also who is liable for damage caused by the decisions taken by AI. In cases in which errors by the developer or manufacturer of the AI results in the AI malfunctioning, issues of liability would appear at first sight to be relatively straightforward. As the decisions taken by AI systems become further removed from direct programming and increasingly based on machine learning principles, however, it may be difficult to identify the precise cause of a particular AI decision or the source of any damage. A system that learns from information it receives from the world can operate independently from its operator and in a way that its designers did not or could not have anticipated. Who will be liable if the actions of AI are inexplicable or cannot be traced back to human error?

The European Union has begun to address this issue through the European Parliament's resolution and recommendations to the Commission contained in the Civil Law Rules of Robotics passed in February 2017. This document invites the Commission to consider two approaches to liability: strict or risk-based. The latter would focus on 'the person who is able . . . to minimise risks and deal with negative impacts'. It also considers the possibility of a compulsory insurance scheme that would take into account 'all potential responsibilities in the chain [of causation]'. These recommendations are now under consideration by the European Commission.

Similarly, the upper house of the UK Parliament issued a paper in April 2018 entitled 'AI in the UK – Ready Willing and Able'. In the paper, the authors consider the question of liability in the context of AI and recommended that the issue be reviewed by the Law Commission of England and Wales to decide whether legislation is required to allocate liability with the consequences for insurers that will surely follow.

VIII Summary

Insurtech is set to revolutionise all aspects of insurance from underwriting to claims handling to dispute resolution and distribution. This process is already underway, but its full extent is difficult to predict. Traditional insurance models face fundamental challenges, but at least the early indications are that they are beginning to recognise and respond to those challenges. Insurers that do not engage with this new technology will, however, face the risk of being left behind in a rapidly changing market.

One remaining obstacle to the exploitation of insurtech is uncertainty over the legal and regulatory framework in which it operates. While governments have taken some initial steps to address these issues, it is far from clear where that particular journey will end.


Footnotes

1 Simon Cooper is a partner at Ince Gordon Dadds LLP.