digital disruption of the insurance industry
TRANSCRIPT
INSURANCEREVIEW
Digital disruption of traditional insurance
1ST QUARTER 2016
Changing value chain
p.1
Blockchain
p.5
Data driven insurance
p.11
EDITORIAL
During the past years the financial sector experienced serious challenges. External pressure from regulators, heavy competition and macro-economic developments are still relevant topics. Cost focus and the influence of technology are becoming increasingly important while business models need to be adjusted ever faster.
These developments already had their impact on banks, while insurers are so far dodging the bullet. The FinTech-1000 currently entails around 25 insurance start-ups, which is a mere 2%. FinTechs are especially aimed at banks, averting attention from the insurance sector. However in the meantime established players increasingly affect the value chain of insurers. Simultaneously technological solutions, capable of changing the traditional insurance business model are emerging. This edition of the Insurance Review aims at providing insights into these developments by focusing on three themes.
With the first theme we will discuss the changing insurance value chain. In general factors such as low margins, low interest rates, changing regulations and digitalization are seen as the biggest challenges. At the same time a less obvious development is gaining momentum, which is able to change the role of the insurer
completely. Because new and existing players are extending their businesses, they increasingly operate within the value chain of insurers. Therefore the first articles will focus on the changes in the value chain, but also on how insurers can deal with these developments.
The second theme focuses on a very real opportunity as well as threat to insurers; the blockchain technology. This technology has the potential to fully digitize insurance products. This would completely transform the insurance business model; the underlying technology and impact on insurers is explored.
The third theme is about the importance of data in your organisation. What are the potential opportunities and why is it especially important for insurers to make data quality a priority?
With this Insurance Review we would like to present you a realistic and pragmatic overview of the most pressing challenges insurers will be confronted with over time. I hope you will be able to use these insights in order to strengthen your organisation and transform challenges into opportunities.
Stephan LinnenbankHead of Financial Services Benelux
TABLE OF CONTENTS
CHANGING VALUE CHAIN
The unbundling of the insurance value chain
Digitalisation opens new doors for insurers
BLOCKCHAIN
Blockchain: Technology and implications
The impact of blockchain’s smart contracts on insurance
DATA DRIVEN INSURANCE
Usage based insurance: a springboard towards services
The importance of data quality
1
3
5
9
11
13
1
THE UNBUNDLING OF THE INSURANCE VALUE CHAIN
Digitalisation is changing the insurance industry; the value chain of Dutch insurers is unbundling due to newcomers. While these start-ups expand their business, insurers compete over an ever diminishing and more fragmented market. How can insurers stop this downtrend and regain their lead?
During recent years billions of euros have been invested in FinTech companies. And it is not hard to understand why investors are so keen to do so; the financial sector makes phenomenal profits while using outdated technology in large, cumbersome organisations. Also FinTech start-ups are not just chipping away at their market share, but are fundamentally changing the value proposition while they do it.
When it comes to finances, trust is important and established brands as well as high regulatory barriers to entrance have kept the financial sector largely from being digitally disrupted. After the financial crisis however, trust has disappeared and been replaced by an unprecedented willingness of policymakers to change the financial system. And since it is the banks who are under scrutiny of the general public, insurers worldwide seem to think they will dodge the bullet. However when we take a closer look at the insurance value chain, this sector could prove to be the next victim of digitalisation that is still in denial.
Simply put, the traditional insurance value chain can be dissected into various activities. This also shows a selection of the newcomers, claiming their share in the traditional value chain and uproot the traditional value proposition of insurers.
This unbundling has gained momentum during the last years. When looking at information & orientation in the value chain, (social) media, internet and finance authorities are bombarding the consumer with information. Especially for non-complex insurance needs, consumers will skip advice since newcomers operating in the ‘Compare’ part of the value chain offer detailed and easy accessible interfaces. More complex (business) related products are still often outsourced to specialized insurance brokers, who will often do the comparing, execution and customer service as well.
The number of intermediaries aimed at private, non-complex products has been greatly reduced in the Netherlands during the last years, while (or, because) the popularity of comparison sites skyrocketed. And this only signals the beginning; over the years many of the newcomers have expanded their businesses. Independer.nl for instance started as an informative site, but is steadily expanding its business and is taking over a share of the intermediary when it comes to comparing prices, providing advice as well as the execution of policies on non-complex insurance. For free.
UNBUNDLING OF THE VALUE CHAIN
2
When looking at the value chain and the corresponding competitors that outperform insurers, one question arises; where can the traditional insurer add value? Currently the brand, customer base and ingrained habits of customers form the legitimacy for traditional insurers’ existence. But this will slowly decay when start-ups will come with better products and services. It is time to conclude that although insurers try to keep their value chain intact, they cannot compete on all the components.
Therefore during the next years, insurers will have to decide what their value proposition will be – what part of the value chain, or what market will they focus on. Will you be the cost leader, the excellent service provider or the data & risk guru? Or will you focus exclusively on certain customer segments and tailor products to their needs? Of course focusing on one proposition is a more risky strategy than focusing on various components of the value chain; if you have chosen the wrong strategy or your more specialized competitor has a better proposition, there are no other components left to soften the blow for your company. How to mitigate this risk?
THE VALUE PROPOSITION
Insurers are still able to excel at the administration, data & risk as well as customer service. Recent cost cutting initiatives however means administration has been digitized and often (partially) outsourced. Billing, declarations but also internal processes like payroll and document handling; newcomers offer specialized services even larger insurers cannot compete with. But also when it comes to data & risk, a field eminently suitable for insurers, customers have hardly seen any products related to the incredible amounts of data insurers are able to gather.
If you are lucky, your insurer might have started to experiment with car insurance pricing based on driving style. But brake hard and you will be penalized for dangerous driving, even if it is to avoid a collision. In the meantime, Palantir analyses data to detect fraud at insurance companies, helps biotech companies to find new cures for life-threatening diseases and track terrorists worldwide. Also PredPol does not just help police, but can accurately predict when and where a next crime will occur, using data analytics. Why then, seem insurers to be unable to come up with better products? It would seem obvious that any head start insurers may have had when it comes to data & risk, they have lost it a long time ago.
This lag in tech-savvy solutions also shows in the customer service most insurers offer. While greenfield InShared has automated its entire claim process (including claim assessment), many insurers still require their customers to call them (see also our recent article). In our shift to a digital-first self-service, this does not live up to customers’ expectations.
Luckily insurers can cannibalize on their brands and customer base for some time, and most insurers are making efforts to adapt to the new reality. Neither is the situation so dire that immediate revolutionary actions are needed. But insurers must realize they have already lost their head start, and the current pace of development is only increasing their arrearage. So in order to find their own competitive advantage, insurers have to pick up the pace in order to prevent drastic, high risk measures in the future.
In order to prepare for this new reality, companies can adopt various measures. Generali invests in hedge funds aimed at tech start-ups, claiming it is time to “change or disappear” for the insurance sector. A common tactic in the Dutch insurance sector is to create a spin-off brand to test the waters. Once the spin-off proves successful, it can be re-incorporated in the organisation and can serve as a best practice as well as a cultural change catalyst for the entire holding. Various insurers have founded their own start-up booster (i.e. Allianz Digital Accelerator), where insurer and start-ups can benefit from each other’s strengths. Or organize your own corporate garage in which various (lean) start-ups are created and tested (Aegon’s Kroodle).
The how in this matter is still subordinate to the why & what. There is still time to discover the necessary tools and knowledge needed for your future organisation. And when (inevitably) the time has come that your traditional insurance value proposition has become obsolete, your organisation will know what to do, and why it is the most viable strategy for your company. After all, you have done it before. But only if you start experimenting while you still can; FinTech is not waiting for anyone.
PREPARING FOR A NEW REALITY
3
DIGITALISATION OPENS NEW DOORS FOR INSURERS
A digital world is no longer just a theory…it is reality. Every two days we create as much information as we did from the beginning of time until 2003 and by 2020, it is estimated that the amount of digital information in existence will have grown from 3.2 zettabytes today to 40 zettabytes. A major factor of this exponential growth in data production is the consumerisation of smart internet enabled devices & the rise of data and analytics. These factors have huge implications for the insurance industry, which has traditionally been very conservative in their entrance into the digital economy. Risks are no longer just in the physical world…but in the virtual too. This also means the unbundling of value chains, new data driven business models, and products that are no longer fit for purpose, or at least, not ‘digitally ready’.
DIGITALISATION OF THE VALUE CHAIN
Within this maze of technological advancements there is a massive opportunity for insurers under the following two banners:
1. The Internet of Things (IOT) which can be defined as “an intelligent IP-connected network of objects and devices, each with a unique identity and the ability to sense, interact and communicate with each other using embedded communications and processing capabilities.”
2. Data optimisation using Advanced Analytics, which has the capabilities to compare “countless different data points historically and with each other, unlocking the potential of data into actionable information.”
The purpose of this article is to argue the case for adopting the latest technology for risk profiling, monitoring and proactive claims management, packaged within traditional insurance policies, creating a new breed of ‘Digital ready’ insurance. I will take Health Insurance and the rise of ‘Technology enabled care’ as an illustrative example.
These factors present opportunities for insurers to change the set-up of insurance products and how they interact with policyholders enabling:
• The provision of individually-priced insurance products with premiums varying on the basis of real-time data• Communication with customers via interactive digital plat-forms and devices, improving the customer relationship and whilst changing the purpose of insurance from reactive indemnity for policyholders to proactive intervention, informing the insured when an increased risk is detected.
This convergence of IOT enabled devices and analytics underpinned by data will impact the structure of the current insurance value chain, creating a new ‘Digital Insurance Value Chain’:
This emergence of the IOT allows behavioral and biometric data to be captured and analysed, giving insurers far more information than they would previously have had access too, enabling more accurate and reflective risk based pricing and proactive risk mitigation capabilities.
Current Insurance Value Chain
MarketingDistribution &
Channel Management
Product Development
Underwriting / New Business
Policy Administration
Claims Management
Distributions are fitted to claims data
By the time new prices are calculated, the claims data is outdated and not representative of the real time risk
4
Digital Value Chain
Let’s take Health Insurance as an example of this data driven IOT approach to insurance.
According to the Association of British Insurers (2014), Health insurance covers approximately 5.1m people in the UK and pays out approximately £7.3m in claims every day.
One of the biggest technological development in the healthcare sector has been that of ‘Technology Enabled Care’ (TEC), which is defined as “the convergence of health technology, digital and media communications to help patients self-manage conditions and enable remote monitoring for care providers”.
This technology has huge implications on the Health insurance claim equation, which has been modelled below and includes example objectives and technology to achieve them:
THE HEALTH INSURANCE PRODUCT OF 2020
The data captured from these devices/solutions can be used for risk profiling of the policyholder to better inform pricing, for monitoring purposes and proactive risk management.
As a practical example, if an insured’s health data deviates from a pre-defined ‘healthy norm’ i.e. their body weight dramatically
increases/decreases, the insurer is notified and proactive action can be taken to investigate further, which could have resulted in a more serious health concern/claim later in time.
The insured benefits from reduced premiums and more tailored care by agreeing to be monitored, and the insurer benefits from claim/cost mitigating capabilities through data driven insights, as well as the potential for a improved customer relationship.
By using this technology, traditional health insurance policies, which receive health information through form filling pre policy inception, will now have a greater pool of ongoing data to work with, leading to a new product set up:
For insurers wanting to develop a new line of ‘digitally ready’ insurance products, they will need to assess their current competencies against the capabilities needed to develop a data driven business model. There will be a need to integrate a variety of systems that support all aspects of the value chain. They will need to understand the importance of creating ‘partnership ecosystems’ with device providers and system integration specialists, and may consider outsourcing non value adding tasks and focus upon driving value through digital investment.
WHAT NEXT?
5
BLOCKCHAIN: TECHNOLOGY AND IMPLICATIONS
Blockchain technology has the power to lower costs, prevent fraud and reduce time to settlement. Read on to find out more about the innovation that the major banks are investing in now to help them adhere to regulation and provide a better service for their clients.
Anju Patwardhan, Chief Innovation Officer at Standard Chartered, has claimed Blockchain Technology could contribute to the “security of banks and integrity of the financial system”. While John Palychata, of BNP Paribas Securities Services, says the “system has the potential to completely upend post-trade infrastructure”. Furthermore, Oliver Bussman, Group Chief Information Officer at UBS, claims the technology has the possiblity “not only to change the way we do payments but it will change the whole trading and settlement topic”. So what is Blockchain technology and what impact could it have in the real economy? In this article we outline how Blockchain technology works, and discuss the benefits and drawbacks of what could be the biggest change to the banking industry since the 16th Century, when central clearing banks were first established.
Origins of Blockchain technology, the real innovation of Bitcoin
Blockchain is the technology behind the much debated Bitcoin currency. Bringing together cryptography, game theory and peer-to-peer networking, the key innovation behind the digital currency is a distributed ledger which allows a payment system to operate in an entirely decentralised way, without any intermediaries. An electronic payment system, such as Bitcoin, must have a reliable method of recording transactions that all participants can agree are accurate. To achieve this there are two main issues: devising a secure and reliable method of updating a public ledger of which there are multiple copies distributed globally, and the second is creating the necessary incentives for users to contribute resources to verify transactions.
The number of Bitcoins at any address is derived from the output of earlier transactions that are all publically available on the Blockchain. Bitcoin transactions may have a number of inputs or outputs; for instance, any ‘change’ from a transaction is paid as an output and any credit included in the input which is not accounted for in the output is accepted as a transaction fee. Digital signatures are used to provide proof that the transaction message was created by the person who wants to make the payment. This is a form of public-key cryptography – it works by creating ‘public’ keys which can be used to decrypt messages
TECHNICAL OVERVIEW
encoded by a corresponding ‘private’ key. To create a digital signature, the sender encrypts the message they wish to sign with their private key. This message can then only be decoded with the corresponding public key, which is also broadcast so the transaction can be verified. ‘Miners’ is the term given to those who compete to decrypt blocks on the Bitcoin network; these miners are arranged in a peer-to-peer configuration, with no centralised point. Although miners are under no obligation to do so, the Bitcoin protocol calls for all messages to be transmitted across the network on a ‘best efforts’ basis, sharing the message with one’s immediate peers. This means the transaction is not broadcast to the entire network at once, but instead goes to a subset of the peers first, then to their peers and so on. Bitcoin users are under no formal requirement to pay transaction fees and if they do offer one, the size of that fee is at their discretion. However, Bitcoin miners are able to choose which transactions they process, so a higher fee offered gives them a greater incentive to validate transactions.
Verification of a transaction block has two elements: validation and achieving consensus. Validating a transaction, which includes checking the digital signatures, takes a very short amount of time – less than 10 seconds in 99% of cases. By design, establishing consensus is more difficult and requires each miner to demonstrate the investment of computing resources known as ‘proof of work’. Digital currencies make use of a fundamental principle in game theory: ‘cheap talk’. That is, any proposed change to the ledger, since it is effectively free to issue, should receive very little weight.
6
In order for a proposed change to the ledger to be accepted by others as true, those proposing the change must demonstrate that is was costly for them to initially issue the proposal. This allows the incentivisation of the system to be balanced in favour of transaction verification by making it very easy to spot a fraudulent transaction. The only method of attacking the system is by assembling sufficient computing power on a network to ‘verify’ fraudulent transactions. This would undermine trust in the ledger as a whole and the value of any Bitcoins the attacker could steal. Therefore, it is logical for anyone capable of assembling the necessary computing power to contribute to the continuation of the system, rather than attacking it. The proof of work scheme means that the time taken for a miner to successfully verify a block of transactions is largely random. As new miners join the network or as exiting miners invest in faster computers, the time taken for a successful verification can fall. To allow time for each verification to pass across the entire network, the difficulty of the proof of work problem is periodically adjusted so that the average time between block remains broadly constant at ten minutes for Bitcoin, meaning that payments are not instantaneous.
The nature of a distributed system means that it is feasible for two miners to successfully verify two different candidates for the next block at essentially the same time. When this happens, both copies are initially retained by the network as branches of the main chain, but miners will proceed to work on the candidate block that follow on from whichever one they receive first. The chain of blocks representing the longest sum of work done is accepted as truth within the Bitcoin network. Whichever branch is received by the majority of the network will initially be selected. However, the branch with the most computation resources should ultimately take the lead. This branch will be the most likely to have a subsequent block built on top of it and is therefore more likely to eventually ‘win’ the race. Miners that are working from alternate branches then have a significant incentive to switch to the longer branch, as any work they contribute to the shorter branch will never be accepted by the majority of the network.
Despite the application of new technology, the basic structure of centralised payment systems has remained unchanged since the early banks set up a central ‘clearing’ bank so their clients could transfer money to the clients of other banks. In the traditional banking system, there is a central ledger, with settlement taking place across the books of a central authority, acting as a clearing bank. This is traditionally undertaken by the central bank of the given country. Each participant holds a balance at the central bank, recorded in the ledger, which is reflected in the participant bank’s internal ledger. However with the application of the blockchain, financial organisations or even individuals could directly exchange funds without the need for any intermediaries. Banking is already almost entirely digital, so technology innovation is likely to be the most influential source of disruption. This should lead to reduced transaction transfer times, at a lower cost.
APPLICATION IN THE REAL ECONOMY
Workflow of a simple blockchain
Source : Bitcoin : Peer-to-Peer Electronic Cash System, Nakamoto
A key problem of any electronic payment system is how to ensure that money cannot be ‘double-spent’. A payment system that relies on digital records must have a way of preventing double spending because it is simple to copy and edit digital records. An alternate approach to the historic central ledger approach is to implement a fully decentralised payment system, in which copies of the ledger are shared between all participants and a process is established by which users agree on changes to the ledger. Since anybody can check any proposed transaction against the ledger, this approach removes the need for a central authority and thus for participants to have confidence in the integrity of any single entity.
Combat Money Laundering With Blockchain technology creating the visibility to view the full transaction history of every event throughout the chain, vendors have already shown how anti-money laundering (AML) services can be developed. By giving greater transparency and enhancing compliance to regulations, the technology can aid in the identification of any activity that is suspicious or non-compliant. Blockchain technologies can aid industry participants to adhere to a number of regulations including AML and T+2 Settlement.
A Private Network The traditional banking system has a level of privacy by limiting access to information to the parties involved and the trusted third party. In a distributed system it is necessary to announce all transactions publicly, however privacy can be maintained by recording events in a different way. By keeping public keys anonymous everyone can see that an individual is sending an amount to someone else, but without information linking the transaction to that person. This is analogous to the level of information released by stock exchanges, where the time and size of individual trades is made public, without revealing who the parties involved were. As an additional firewall, a new key pair should be used for each transaction to keep them from
LEGAL IMPLICATIONS
7
being linked to a common owner. However if regular multi-input transactions occur there is a risk of the transactions being linked to the owner.
RiskIn an intermediated banking set up there are three main types of risk: credit, liquidity and operational risk. The modern banking system evolved in response to the need to make payments more efficiently, and when payment systems were computerised this need remained. However, because there is a centralised point in the network which all transactions must pass through, there is a single target for attackers. Current distributed payment systems remove the credit and liquidity risks by eliminating intermediaries: payments are made directly between the payer and the payee. To confirm this, users need to have confidence that for any distributed system they use, the cryptography employed has been implemented correctly.
Distributed systems should also be more resilient to systematic operational risk because the system as a whole is not dependent on a centralised third party. A distributed system effectively has as many redundant backups as there are contributors to the network. The ledger exists in multiple copies which essentially makes it more resilient than a centralised database. Historic transactions are unalterable and permanently accessible to all participants, ensuring that if an attack does occur each participant’s balance is recoverable.
FraudThe nature of fraud risk is also significantly different between a centralised and decentralised payments system. In a decentralised system there is no need for users to disclose their complete payment details when making a payment, thus removing the risk of payment details being stolen in the transaction process. However, the risk of direct loss of currencies is higher than that for deposits held with commercial banks: if a user’s private key is lost then their digital currency will not be recoverable. The problem of keeping private keys secure means that investors could entrust an authority to look after them, opening up a new market for companies offering this service.
Distributed systems are also subject to a danger of system wide fraud if the process of achieving consensus is compromised. Cryptocurrencies are currently designed so that a would-be attacker would require sustained control of a majority of the total computer power across the entire network of miners. The rule that the chain with the greatest sum of work done wins is the vital element in combating fraud in the Bitcoin network. Any attacker attempting to modify earlier blocks would have to control enough computing power for them to both catch up with and overtake the genuine blockchain as the longest. To be assured of success, the would-be attacker would need to obtain and retain the majority of all computing resources on the network. This is known as the 50%+1 rule.
There are two areas of weakness in the 50%+1 rule: the position of the attacker in the network and the strategic timing of when an attacker chooses to release messages to the rest of the network. An attacker’s position in a network is significant because the longer it takes for messages to propagate across a digital currency’s network, the greater the probability that a fork in the chain will emerge. A potential attacker which is centrally located will be able to communicate to most of the network
quickly, and so may not strictly require a majority if other users are relatively distant. Furthermore, an incentive exists for miners to strategically choose when they broadcast their success at verifying transaction blocks. Miners can delay announcing their success so that other miners waste time trying to verify the old block, while the user starts to work on the new block. As mining is a zero-sum game, it is possible that when one miner receives outsized returns, this creates an incentive for other miners to either drop out or to join in the first pool, eventually leading to the pool controlling a majority of the network’s computing resources.However, in principle this could be resolved by existing completion rules, assuming that Regulators have visibility of the proof-of-work of each pool.
Moreover, it is possible to impose conditions on the payment, so they the receiver cannot spend the proceeds unless they are met. Therefore, the rules could be set so that any user would have to announce the block to the whole network fully before they could start work on the next block. More complex transactions may require multiple conditions to be met before any funds are released. This capability allows the technology to be expanded to support more complex transactions.
Impact on intermediariesThrough better visibility between supply and demand, settlement processes will be more easily streamlined leading to reduced overheads in settlement costs including personnel to run settlement desks, reduced/non-existent buy-ins, reduction in failed trades and associated costs, to name a few. Overall the transparency allows the whole supply chain to work a lot more efficiently, reducing overall costs, through direct personal and indirect costs (buy-in, fails etc) and lead times to settlement. As the adoption of blockchain continues, we expect to see rationalisation in intermediaries, in addition to new blockchain-only entrants offering a more efficient service to clients who wish to trade directly.
The costOne major concern about blockchain technology’s application to banking is how all these transaction blocks would be stored, as a distributed ledger is far less efficient than a centralised database. A block header with no transactions is roughly 80 bytes in size. In cryptocurrencies so far, a new block is generated approximately every ten minutes. This equates to: 80 bytes x 6 x 2 4 x 365 = 4.2MB per year. Moore’s Law predicts that at the current growth of 1.2GB per year, storage should not be a problem even if the block headers must be kept in memory. Consequently, there is the question of how much computing power would be required to operate at the volume and frequency of modern payments. In order to be able to break the keys quickly, significant computing power is required; the amount of heat this would generate could be significant, causing unexpected server shutdown. This amount of server power is expensive to maintain efficiently and is damaging to the environment – something which financial services organisations are increasingly considering when making investments.
ECONOMIC IMPLICATIONS
8
IncentivisationOne of the biggest questions about how to put a distributed system into practice, is how to incentivise people to actually join the network. Bitcoin rewards users with new coins each time they map the transaction keys – this also serves to grow the supply of the currency within the network. However, this is not sustainable in the real economy. An alternate method of incentivisation can also by funded with transaction fees. If the output of a transaction is less that its input values, the difference is a transaction fee that is added to the incentive value of the block containing the transaction. Similarly there could be a fixed transaction fee, like with Paypal, that the public would be willing to pay over and above traditional banking rates for an improved service.
The incentive may also help to encourage miners to stay honest. If a potential attacker is able to assemble more CPU power that all the other nodes, he would have to choose between using it to defraud people by stealing back his payments, or using it to generate more money. He ought to find it more profitable to play by the rules than to undermine the system and the validity of his own wealth.
Infrastructure challengeAdopting this technology would require the industry to completely change the way they think about IT architecture. This will require significant investment and modification of internal, as well as external, processes. However, when financial institutions are faced with such challenges – as has recently been the case with KYC – they can collaborate and find cost effective solutions if there is a common goal. We are seeing nearly all global banks setting-up research departments into this area or buying-up fintechs who are specialized in distributed technology to stay competitive.
BLOCKCHAIN IN PRACTICE
This could be one confirmed success story where banks, regulators and tech companies work together to reduce costs, increase transparency and restore consumer trust. Distributed ledgers work best where transactions can be pre-funded, participants are knowledgable and where money-laundering is an issue. The largest potential markets are cross-border payments and clearing securities. These are obvious opportunities as blockchain technology thrives where new parties regularly enter and leave the market, and where transactions involve multiple entities and assets.
Not only does Blockchain technology have the potential to completely revolutionise the traditional banking industry, it has the capacity to bring banking services to completely new markets. According to the IMF, around 50% of the World’s adult population do not access formal banking services in any form. This may be due to geographic location, lack of trust in the banking system or being ‘unbanked’ because they lack the credit worthiness financial institutions require. However, with blockchain, as long as you have an internet connection and the appropriate software you can make a transaction; furthermore, as described above, a distributed ledger removes the need for preceding trust in the participants as money cannot be double spent.
It remains to be seen whether banks will successfully adopt this new technology or be completely surpassed by it. While it is likely that there will continue to be demand for transitional banking services, this is another threat to profits that banks will have to carefully navigate. This challenge is so apparent that China has banned Bitcoin because of the threat it poses to the traditional banking system. On the other hand, blockchain technology could, according to Santander, ‘reduce banks’ infrastructure costs related to cross-border payments, securities trading and regulatory compliance by $20bn a year up to 2022.
CONCLUSION
When it is recommended to have which type of network
DISTRIBUTED LEDGER CENTRALISED LEDGER
Multiple entries and exists in the market Stable market
Low value transactions High frequency transactions
Irreversible transactions Long/short transactions
Trust is an issue Participant verification required
Multiple assets in a transaction Unsophisticated participants
Susceptible to money laundering Trades cannot be pre-funded
9
THE IMPACT OF BLOCKCHAIN’S SMART CONTRACTS ON INSURANCE
In the previous article we’ve discussed the blockchain, the disrupting technology behind cryptocurrency Bitcoin. We outlined how the technology works and discussed its implications for the banking industry. This article focuses on smart contracts that can be created in a blockchain, and how they will affect the insurance industry.
The most widely known blockchain is the ledger of transactions for cryptocurrency bitcoin. A blockchain is a distributed ledger that maintains a continuously growing list of data records on decentralized servers, working as nodes. Every node holds a complete copy of the blockchain, a shared single source of truth. Nodes are incentivized to maintain a copy of the ledger by rewarding them with the cryptocurrency through a process called mining. A transaction would only be added to the ledger when a majority of the nodes agree on the validity of that transaction.
The core advantage of the blockchain as decentralized ledger is that it exists in an endless number of nodes. This ensures transparency, even when nodes are run anonymously, have poor connectivity with one another, and have operators who may be dishonest or malicious. Furthermore, through the elimination of intermediaries, blockchain ensures lower fees, whatever the ledger may hold.
The data in the distributed ledger can hold any amount or information, not just a cryptocurrency like bitcoin. The data is both individually identifiable and programmable. This means that users can assign properties to the data. Users can program the data to represent an amount in a currency, a share in a company, or even diamond certificates. Everledger is a start-up launched in 2015 that collects dozens of cross-referenceable data points on each recorded diamond in a permanent distributed ledger to ensure verification for insurance companies, owners, claimants, and law enforcement.
BLOCKCHAIN TECHNOLOGY
A concept that lends itself ideally for the blockchain is the smart contract. A smart contract is a contract between two or more parties that is created and stored in the blockchain, it involves more than the mere transfer of an amount and is self-executing upon programmed rules.
The concept is most easily explained with an example. Imagine a life insurance smart contract that pays a benefit to the designated
SMART CONTRACTS
beneficiary upon the death of the policy holder. The contract can perform real time checks on online death registers to determine the moment of payout. Smart contracts are trustless, autonomous, and self-sufficient.
Last September, a team at the London FinTech Week hackathon utilized smart contracts to walk away with the first prize. Given the fact that around 550,000 airline passengers in the UK do not claim on their insurance for delayed flights, the team presented a smart contract system that provides direct compensation for affected passengers. The team was able to do so by connecting tons of online data feeds containing flight information to smart contracts in Ethereum.
The Ethereum platform, by some experts dubbed as ‘Blockchain 2.0’ or ‘Bitcoin 2.0’, is a programming framework to allow a network of peers to create and administer their own smart contracts, without a central authority. It combines a blockchain network with a universal programming language that would allow users to invent whatever smart contract they want. These smart contracts, or apps, run exactly as programmed without any possibility of downtime, censorship, fraud or third party interference. The apps are able to interact with one another and conduct transactions in Ethereum’s own cryptocurrency, called ether. The platform even enables the design and issuance of one’s own cryptocurrency, where you either set the total amount in circulation to a simple fixed amount, or let it fluctuate based on any programmed ruleset.
Although Ethereum was launched in July 2015 and is still in a development phase, the platform has already spawned the creation of a large number of interesting apps and projects. WeiFund, for instance, is a non-profit, decentralized crowdfunding platform built on Ethereum. Because of the blockchain, this ‘Kickstarter in a box’ features lower fees and enhanced security.
BLOCKCHAIN 2.0
10
Lower operating costs are the biggest beneficiary for insurers that utilize smart contracts. Because the contract would be self-sufficient after its creation, no costly human interaction would have to take place afterwards. Furthermore, the self-executing character would greatly increase speed and efficiency in claims processing. Smart contracts are also said to avoid the textual ambiguity of traditional contracts, preventing legal disputes. Because the rules of the smart contract are programmed at creation, the contract would only execute according to said rules.
The programmable character also allows for less insurance fraud. Imagine a car insurance payout that can only be used for repairs at certified parties. Whether someone actually follows the rules is no longer verified in the bureaucratic process afterwards. The payout can even be programmed in such a way that it will automatically return to the insurer if the receiver doesn’t use it within a certain amount of time.
The hackathon example with the flight delay information showed us that the smart contract can also interact with the online world outside the blockchain. By connecting with the Internet of Things, insurers could even take this one step further to tailor their products. Think of travel insurance premiums that are only collected when your phone tells the contract you are abroad or car insurance premiums that are only collected when your car tells the contract you are driving. The possibilities of smart contracts fully depend on the creative minds walking around in the offices of the insurer.
But, what if the ‘traditional’ insurer can be cut out of the policy? Dynamis is creating peer-to-peer insurance on the Ethereum blockchain. Like Friendsurance, policyholders pool together, based on a sharing economy concept, and support each other financially in the event of any claim. But instead of a policy managed by people who process applications for new policies and applicants for new claims, the peer-to-peer insurance in Dynamis would only be managed by smart contract code, significantly reducing costs.
IMPLICATIONS FOR THE INSURANCE INDUSTRY
Whether the current blockchains are the most suitable for smart contracts is still doubtful. Blockchains rely on an underlying cryptocurrency that is highly volatile. Furthermore, the networks are maintained by miners that expect a reward to compensate for the energy consumption this requires. You would expect a consumer of insurance to be able to depend upon a network for more than a decade without having to worry about crypto-economic game theory issues. And are consumers going to rely on networks where jurisdiction and regulation have no reach?
Distributed ledger systems, like Ripple and Hyperledger, are said to overcome these issues. Rather than existing in anonymous nodes, these ‘permissioned’ ledgers use legal entities to
CHALLENGES
validate transactions. Imagine a distributed ledger between an insurer, intermediaries and a network of health providers. These distributed ledgers are applicable to all assets, including fiat money and shares, but can still replicate all applications pioneered by the cryptography community. Furthermore, they are relatively compatible with existing regulations.
Some of these distributed ledgers, like Ripple, still use a cryptocurrency. But, these currencies or tokens are being built without the expectation or intention of making these coins available for purchase to retail customers. These tokens are only used as verifiable cryptographic receipts internally between permissioned parties, as a way to prove that certain events happen at certain times for the parties involved, as well as for outside compliance and auditing agencies. Other distributed ledgers, like Hyperledger, do not even have an built-in cryptocurrency.
The distributed ledger might, for the time being, be more attractive because of the control they afford over the system. They are not subject to price volatility of underlying currencies, offer less regulatory risk and have a more secure authentication process that doesn’t rely on the incentives for miners to authenticate transactions.
Ultimately, it is for the organisation to question whether the blockchain or distributed ledgers could provide in its requirements. The possibilities of the smart contract are endless. It is for the insurance sector to experiment with it, before everybody else does.
11
USAGE-BASED INSURANCES: A SPRINGBOARD TOWARDS SERVICES
Pay what you actually consume: the principle is becoming more appealing to the insured, as they are in search of ever more transparent offers. This in turn, offers the insurance companies the possibility to adopt a more pronounced differentiation strategy in a market where traditional growth drivers have already been explored. Since its first car application ‘Pay as you drive’ by Corona Direct in 2006 in Belgium and ‘De Kilometerverzekering’ in the Netherlands, the increased penetration of smartphones and connected devices raises the question of the possibility of a widespread consumption insurance under which the insured would pay a premium depending on his actual usage. The usage would then be measured by the instant activation and deactivation coverage via a smartphone or connected device. This new trend embodies an offer the insurers of today are currently struggling with to explore, but which could redesign the insurance of tomorrow.
At the moment, the insurance sector is becoming a market of requirements, representing a big change compared to the mass market of the past. Consumers increasingly ask for offers which are adapted to their personal needs. The affinity offerings and micro-segmentation – in terms of products, related services or business approach –meet these requirements. Within this hypercompetitive market, insurers must organize their offerings around the products and customers, integrating the best possible behavioral dimensions of the targeted segments. An insurance that is dependable on the actual usage, fits perfectly with this approach and offers the following advantages:
USAGE-BASED INSURANCE,
A DISRUPTIVE OFFER
1. It allows the insurance companies to improve their image toward the policyholders. Enabling or disabling the insurance coverage allows the consumers to obtain an insurance contract which is more transparent and whose price is less difficult to understand given the reverse cycle.
2. The insurance gives the insurers the possibility to capture new customers. The fact that more and more people are comparing prices on the internet shows that consumers are increasingly looking for the best price.
3. It allows insurers to capitalize on the underlying trend, being the increased penetration of digital equipment. The digital innovation is indeed a way to seduce consumers who are more susceptible to connected devices: in 2014, 17% of the cars sold globally are considered as ‘connected’ and this number is expected to further increase to 90% in 2025. In Europe, the rise of connected devices,
• Example – classic car insurance The pricing reflects the behaviour of the client.The offers have a preventive dimension.• Example – car insurance depending on driving
behaviour, Pay How You Drive
Take into account actual consumption of the insured
Each these two types of insurance can be the object of an evolution towards the consump-tion insurance, allowing the insured to (de)activate his coverage via connected device
TRADITIONAL CONSUMPTION INSURANCE
"PAY AS YOU"Reflects the quatity used
USAGE AND CONSUMPTION INSURANCE
Either the cover is permanent, and only the pricing is based on consumption.• "Pay as you drive" offer, a device automatically measures the mileageEither coverage also depends on the manual activation/desactivation cycles by the insured.• Insurance is only activated when needed (i.e. travel insurance)
The usage volume criteria is already being captured throughthe behaviour. this therefore comes back to the principle of the usage insurance
Consumption insurance types developed in this article
12
and in particular connected cars, is expected to be partly driven by the introduction of new regulations regarding eCall.
4. Finally, this new way of insuring allows the insurer to have a better knowledge of his policyholders and their behavior through the collection of behavioral data transmitted via connected devices.
For these reasons, the usage-based insurance is expected to be used as a growth catalyst for insurers in line with two trends: the ‘Pay As You’, reflecting the amount of use, and the ‘Pay How You’, reflecting the individual behavior.
However, the relative performance of actors who offer ‘Pay As You Drive’, highlights the difficulties this new model imposes.
The prerequisite for the effective functioning of the consumption insurance ‘Pay As You’ primary lies with the insured since it is based on their provision of personal data, whether in real time or not. While the popularity of connected devices is assured, one cannot assume each insured will declare themselves ready to share all their personal data to their insurer. Assuming they do, the ‘Pay As You’ insurance however, can currently only be applied to the car insurance. Indeed, home and health insurance offers are not eligible, as they are required to be continuous in time. In addition, only a small part of the population benefits from the ‘Pay As You’ insurance. For example, policyholders do not necessarily gain from the affinity packaged deals which are based on the principle of sharing. Furthermore, they should be sufficiently occasional users in order to achieve premium savings. Finally, they also introduce a significant risk of fraud. All these issues together limit the growth potential of the contracts.
THE IMPORTANT OBSTACLES
OF THE ‘PAY AS YOU’ INSURANCE.
Meanwhile, the ‘Pay How You’ model has already seduced different players to adapt their offer. In the Netherlands, for example, four insurance companies are currently offering an insurance of which the premium is dependable on the driving behavior of the driver. Their offerings mainly focus on young drivers who are not able to achieve premium savings thanks to their accident-free years. Overall, the principle applied is the same, only the basis premium and possible premium savings differ. In Belgium, however, these offers are still non-existent, but are expected to pop-up in the upcoming years.Other insurers also offer customized offers starting from the ‘connected buildings’. These ‘Pay How You Live’ offers adjust the home insurance rate according to information gathered by occupancy sensors, door closings, volume measurement or alarm operations.If this type of offer presents similar obstacles as the ‘Pay As You’ insurance, why should we care? Overall, for one simple reason: the ‘Pay How You’ insurance offers the insurers an opportunity to break with their traditional profession and to change from a logic of compensation to a logic of prevention. The insurance is thus changing towards the delivery of Big Data usage optimization. Indeed, given the considerable amount of information collected through these contracts, the insurer will be able to offer different recommendations with high added value, such as:In home insurance, optimization of the energy consumption;In health insurance, follow-up and monitoring of health practices;In car insurance, optimization of the fleet usage.Many growth opportunities to explore, for which car insurance appears to be the chosen lab.
THE ‘PAY HOW YOU’ AS AN OPPORTUNITY
TO SHIFT TO OTHER SERVICES
13
THE IMPORTANCE OF DATA QUALITY
Much like oil for an engine, data is the resource that will determine if your business is up for a long run. More than ever, Data Quality is essential to run a successful business. A survey conducted by the Data Warehouse Institute covering 647 companies in various industries demonstrates how impactful data quality can be. The results are unequivocal.
In the insurance industry, data plays an even more important part because it is used in every area of the business such as actuarial, risk management, accounting, asset management and even marketing and commercial. Moreover, the industry has faced a number of challenges during the last few years, such as:
• The volume of data to deal with has been growing significantly
• Insurance practices are getting more industrialized, as a consequence, data management is getting even more complex
• Regulatory pressure impose higher quality requirements and tighter deadlines for reporting the information, therefore limiting the possibility to control and correct the data if needed
‘WHY DO I NEED TO ESTABLISH
A DATA QUALITY FRAMEWORK?’
Anticipating and preventing the cost of Data Quality is crucial. Many of the costs are often not considered by the companies.
54% of the respondents claim that "poor data quality has led to losses in revenue"
72% of them admit that "poor data quality has lead their business to significant extra costs"
67% of them declared it "impacts negatively their customer satisfaction"
Indirect Costs
• Bad strategic choices leading to financial losses
• Loss of user confidence in Data Quality
• Under-untilization of existing tools
• Time lost in corrections
• Financial sanctions for non-compliance
Direct Costs
• Incorrect automatic processes
• Manual modifications
• Increased reconciliation team
• Time lost in corrections
• Financial sanctions for non-compliance
Not paying enough attention to Data Quality will become a vicious circle soon enough
Anomalies found by usersbut not reported
Loss of confidence in theapplication and in its use
Quality level overstated by management
Under-dimensioning of controlsand corrective actions
Increased number of discrepancies within the application
14
DATA PROTECTION REGULATION:
INSURERS RISK HEAVY FINES
The new European Regulatory Framework for Data Protection is just around the corner and if insurers fail to comply they could be liable to penalties of up to 100 million euro or up to 5% of global turnover. What does the Data Protection Regulation entail for insurers?
The scale of data sharing and collecting is continuously increasing and the use of Digital technologies and Big Data applications becomes more important. However, over the years the number of data breach incidents have also increased. This phenomenon could jeopardize the right of the citizens over their Personal Data. Following these trends, the need for a new European Regulatory Framework that is future-proof and fits our digital age has increased. Especially since the centrepiece of existing EU legislation on personal data protection, the European Data Protection Directive (Directive 95/46/EC), dates from 1995(!). The completion of the new European General Data Protection Regulation is a policy priority for 2016 and will supersede the 1995 Data Protection Directive.
THE EUROPEAN GENERAL DATA
PROTECTION REGULATION
Although the proposed General Data Protection Regulation is not final yet, in principle it will consist of a more comprehensive and coherent policy on the fundamental right to personal data protection. It aims at harmonizing the local legislations and granting individuals more rights and control over their personal data. A main advantage for companies is that organisations will only have one regulatory authority, the Data Protection Authority (DPA), which supervises their activities across all EU member states.
However, the new Data Protection Regulation could significantly change these insurers’ activities of data collecting and processing. Here are a number of legal changes that will impact every insurance company;
• Documentation of data processing operations
• Impact assessments
• Appointment of data protection officer
• Data subject consent
• Data transfers
• Mandatory security breach reporting
• Fines of up to EUR 100 million or of up to 5 percent of annual worldwide turnover (the numbers are still under debate)
As regulation will change, the insurance industry will become more accountable for safeguarding personal data. The new regulation requires (increased) mandatory reporting to supervisory authorities. Insurers will need to document their data processing operations and this documentation must be made available to the DPA on request. In practice this will entail (another) work stream of monitoring, reviewing and assessing data processing procedures. Safeguards need to be included in all data processing activities in order to minimize operational and reputational risks. Furthermore, increased responsibility and accountability and the changes on operational processes will make data impact assessments a must for every insurer.Also, organisations with over 250 employees will need to appoint a data protection officer (DPO) that is exclusively responsible for data protection.More than data privacy rules reinforcement, the forthcoming regulation also aims at changing the way Personal Data are dealt. For example, the European Commission wants to implement a Data Privacy system or Internal Control system centralized around the Data Privacy Officer. The idea is to urge companies to embed Data Privacy into their operational processes by implementing two notions: Data Protection by Default and Data protection by Design. When transferring personal data to third parties, the legitimacy must be ensured. Moreover, the transfer outside the European Economic Area must be approved by the Data Privacy Authority first. In the context of globalization, this requirement has a substantial impact on operational processes. Nevertheless, for intra-group (international) data transfers, a Binding Corporate Rules agreement can be implemented in order to reduce the number of formalities with the DPA. This agreement ensures that all entities within a group comply with the regulation.
RESPONSIBILITY AND ACCOUNTABILITY
Customers will have the right to access their personal data, have it rectified or erased, object to its processing and not be subject to profiling. Also, they will have to give their specific consent for data processing activities of insurers. This implies that insurers need to prove that their customers gave explicit consent for data collection. In other words, insurers’ data collecting activities will have to rely on data subject consent to process personal data.
When transferring personal data to third parties, the legitimacy must be ensured. Moreover, the transfer outside the European Economic Area must be approved by the Data Privacy Authority first. In the context of globalization, this requirement has a substantial impact on operational processes. Nevertheless, for intra-group (international) data transfers, a Binding Corporate Rules agreement can be implemented in order to reduce the number of formalities with the DPA. This agreement ensures that all entities within a group comply with the regulation.
CONSENT AND DATA TRANSFERS
15
Under EU law insurers must protect personal data from misuse. The latest proposal includes fines up to EUR 100 million or up to 5 percent of annual Group turnover for data privacy law breaches (versus €300.000 currently in France and €450.000 in the Netherlands). Furthermore, when security breaches occur, companies will have to notify serious data breaches without undue delay and where feasible within 24 hours.
PENALTIES AND FINES
WHY DOES THE NEW REGULATION MATTER
FOR THE INSURANCE INDUSTRY?
Collecting and processing personal information is integral to the proper functioning of an insurance business. Automated processes in accessing and processing personal data enables insurers to assess risks, process and pay claims and to tailor information and cover to consumers’ individual needs. Some of the data insurers collect and process contain sensitive data. Also the volume of data in combination with the complex product distribution chains make insurers particularly sensitive to the importance of keeping data safe.
The proposed rules could make it difficult for insurers to continue provide the insurance services consumers expect and to fight fraud effectively. The Data Protection Regulation will restrict the ability of insurers to assess risk properly. This will result in a reduction of availability and range of insurance products and increase of cost for customers’ cover.
For example, the proposed regulation will not allow calculating risk that includes analysis of (claim history) data and measuring risks of potential policyholders who wish to transfer. This makes it hard to calculate risk and insurance premium for individual customers and this will eventually result in higher cost for customers’ cover. Moreover, without access to previous claim history, the efforts to protect honest policyholders against the consequences of insurance fraud will be hindered.
Finally, given that customers become more and more demanding and are drawn to new technologies, insurance activities are changing. Yet, the regulation can hold back innovation as well as the release of new products in the insurance industry. For example, the innovative life insurance product ‘Vitality’ of the South African insurer Discovery has the potential to transform the pricing of life insurance. In essence, customers who choose the Vitality program are willing to continually share their health data via wearables. Discovery then translates this private data into premium savings and other perks. However, with the proposed EU regulation, it is doubtful whether European Insurers will be able to drive their activities to this kind of products.
Questions insurers can ask themselves to assess Data Privacy risks:
• Do my current activities rely on data subject consent to process
personal data? Or do these activities have a legitimate interest in processing data that is not overridden by the interests of the data subject?
• Are my documents and forms of consent adequate? Are the consents freely given, specific, informed and explicit?
• How can I embed data subject consent in my future and current products, systems, documentations and processes?
• What data transfers are currently undertaken? How will I ensure that the transfer of data to other (non-EEA) countries are safeguarded in a way that is compliant with legislation?
• How can I implement Binding Corporate Rules on facilitating intragroup data transfers?
• Are my colleagues aware of the operational and regulatory changes ahead?
• What will I do to smoothen implementation of the Data Protection Regulation?
The General Data Protection Regulation is due to come into play soon. Given that the proposed financial penalties for non-compliance are severe, financial sanctions and reputational risk are the top data protection threats for insurers. However, insurers that start to take steps to address the proposed changes will be in a stronger position. After all, most of these risks can be avoided by adaption on time.In conclusion, the implementation of the General Data Protection Regulation should be a part of every insurers’ current strategy.
MOVE TOWARDS COMPLIANCE
YOUR CONTACT
Founded in 1999, Sia Partners is an independent global management consulting firm with over 700 consultants and an annual turnover of USD 125 million. The Group has 17 offices in 13 countries, including the U.S., its second biggest market. Sia Partners is renowned for its sharp expertise in the Energy, Banking, Insurance, Telecoms and Transportation sectors.
ABOUT SIA PARTNERS
All our publications are accessible on the Sia Partners blog : en.finance.sia-partners.com
For more information on Sia Partners : www.sia-partners.com
Follow us on Twitter @SiaPartners & Linkedin http://www.linkedin.com/company/sia-partners
Stephan Linnenbank
Head Financial Services Benelux+ 31 6 23 59 82 [email protected]
ASIA
Hong Kong 23/F, The Southland Building, 48 Connaught Road Central, Central – HK+852 2157 2717
Singapore 3 Pickering street #02-38048660 SingaporeT.+ 65 6635 3433
TokyoLevel 20 Marunouchi Trust Tower-Main1-8-3 Marunouchi, Chiyoda-kuTokyo 100-0005 Japan
EUROPE
AmsterdamBarbara Strozzilaan 1011083 HN Amsterdam - NetherlandsT. +31 20 240 22 05
Brussels Av Henri Jasparlaan, 1281060 Brussels - Belgium+32 2 213 82 85London Princess House,4th Floor, 27 Bush Lane,London, EC4R 0AA – United KingdomT. +44 20 7933 9333
MIDDLE EAST & AFRICA
Dubai, Riyadh, Abu DhabiPO Box 502665Shatha Tower office 2115Dubai Media CityDubai, U.A.E.T. +971 4 443 1613
Casablanca14, avenue Mers Sultan20500 Casablanca - MoroccoT. +212 522 49 24 80
NORTH AMERICA
New York115 Broadway 12th FloorNew York, NY10006 - USAT. +1 646 496 0160
Charlotte401 N. Tryon Street, 10th FloorCharlotte, NC 28202
Montréal 2000 McGill College, Suite 600, Montreal,QC H3A 3H3 - Canada
LyonTour Oxygène,10-12 bd Vivier Merle69003 Lyon - France
Milan Via Medici 1520123 Milano - ItalyT. +39 02 89 09 39 45
Paris 12 rue Magellan75008 Paris – France T. +33 1 42 77 76 17
Rome Via Quattro Fontane 11600184 Roma - ItalyT. +39 06 48 28 506