The Financial Services and Markets Act 2000 (FSMA) is the principal source of law governing insurance and reinsurance in the United Kingdom. FSMA and related regulations provide the main framework for the UK’s regulatory regime, but a large proportion of the law applicable to re/insurers in the UK is provided by, influenced by, or derived from European Community legislation, the most significant source being EU Directive 2009/138/EC, commonly known as “Solvency II”. Having come into effect on 1 January 2016, Solvency II has been transposed into UK law in a number of ways: through FSMA itself, in statutory instruments (The Solvency 2 Regulations 2015 (SI 2015 No. 575)), as well as through new rules in the UK regulators’ “rulebooks”. Re/insurers in the UK, as in other European jurisdictions, are also subject to directly applicable Regulations made under Solvency II, notably Commission Delegated Regulation (EU) 2015/35 (the “Solvency II Regulation”), and should also consider relevant guidance, including from the European Insurance and Occupational Pensions Authority (EIOPA). References to Solvency II in this section are to the Solvency II Directive and the Solvency II Regulation.
These sources may be supplemented by UK legislation in respect of other specific aspects of insurance business, including, for example, the Insurance Act 2015, which reformed insurance contract law and came into force on 12 August 2016 (the “IA 2015”).
The UK is a common law jurisdiction, so as well as statute, precedent judicial decisions have an impact on the development of the UK’s legal system. In the context of insurance and reinsurance, this may be particularly relevant in determining how insurance contracts are interpreted and in filling any interpretation gaps left by statute.
Under FSMA, insurers and reinsurers in the UK are regulated by both the Prudential Regulation Authority (PRA) and the Financial Conduct Authority (FCA), which are responsible for authorised firms’ prudential regulation and conduct supervision, respectively. UK re/insurers are therefore often referred to as being “dual-regulated”. Insurance intermediaries, such as brokers and managing general agents (MGAs), are regulated by the FCA only.
The PRA and FCA are both subject to the direction of the Bank of England and must cooperate and coordinate their activities. The PRA Rulebook, the FCA Handbook and associated supervisory statements are important sources of detailed rules and guidance on governance, capital and conduct of business requirements for the financial services firms to which they apply, including re/insurers.
The specialist re/insurance market, Lloyd’s of London (“Lloyd’s”), is also regulated by the PRA and FCA, and managing agents/underwriters who participate in the Lloyd’s market will also be subject to Lloyd’s supervision. For example, managing agents at Lloyd’s are supervised by the Society of Lloyd’s, as well as being dual-regulated.
As a result of the “general prohibition” in Section 19 FSMA and related provisions, a firm seeking to conduct re/insurance business in the UK must obtain authorisation or permissions under Part 4A FSMA from the PRA (unless it is exempt or can rely on the EU’s passporting regime, as to which, see 3 Overseas Firms Doing Business in this Jurisdiction). The FCA must consent to the PRA’s granting authorisation. Insurance intermediaries apply to the FCA rather than the PRA. To obtain authorisation, a firm must be able to satisfy the “threshold conditions” set out in FSMA on an ongoing basis. These include:
The PRA-regulated activities that are referred to broadly above as “re/insurance business” are set out in the Financial Services and Markets Act 2000 (PRA-regulated Activities) Order 2013, and include effecting or carrying out contracts of insurance (in other words, entering into or performing contracts of insurance, respectively) and managing the underwriting capacity of a Lloyd’s syndicate as managing agent at Lloyd’s.
A regulated activity is subject to the general prohibition to the extent that it is carried on “by way of business” in the UK. This restricts the applicability of the rules to persons who undertake the activity in a commercial context and with some degree of regularity. Assuming the activities themselves are carried out in the UK, it is irrelevant that the underlying risks may be located outside the UK or the contracts subject to a different governing law. By the same token, if the activity is not carried on in the UK, authorisation is not required under FSMA even if policyholders and/or the underlying risks are located in the UK.
Statute does not fully define the term “contract of insurance”: the Financial Services and Markets Act 2000 (Regulated Activities) Order 2001 does not set out the features which determine whether a contract is an insurance contract, so it is useful to look to the common law and judicial precedent for this analysis. Although the regulator may make its own interpretation of the case law to decide whether a contract is a contract of insurance and therefore subject to regulation, this is open to challenge in court.
A firm will need to seek PRA authorisation for each class of business it intends to write. FSMA divides insurance business into 18 distinct classes of general business and ten classes of long-term (or life) business.
UK re/insurance companies are subject to the capital requirements contained in Solvency II, as set out and expanded upon in the PRA Rulebook. There are basic requirements which apply to all authorised (re)insurers plus additional and different requirements for general insurers, life insurers and pure reinsurers, and the PRA can impose additional capital requirements on individual firms if thought necessary to address operational, conduct or other identified risks. The capital requirements under Solvency II consist of the minimum capital requirement (MCR), being the minimum amount of capital a re/insurer needs to cover its risks, and the solvency capital requirement (SCR), being effectively the amount of capital a re/insurer needs to operate as a going concern, assessed on a value at risk measure. A firm’s SCR can be calculated according to a standard formula, or, with PRA approval to do so, using its own internal model, tailored to the firm’s specific risk profile. Capital requirements apply at both the entity and group level. Lloyd’s Solvency II capital requirements are calculated as a whole based on its own internal model and applies to the market as a whole across all Lloyd’s syndicates. Lloyd’s operates its own capital assessment of each syndicate, the Economic Capital Assessment, which is broadly based on Solvency II.
Solvency II and the PRA Rulebook also provide the requirements as to reserves to be maintained by UK re/insurance companies. Reserves, or technical provisions, must be calculated in a prudent, reliable and objective manner, with the value of the technical provisions corresponding to the amount the re/insurer would have to pay if its re/insurance obligations were immediately transferred to another Solvency II firm. Technical provisions must represent a best estimate, as well as including an additional risk margin, calculated in the prescribed manner.
There is no different regulation specifically for writing excess of loss layers in the UK and authorisation requirements apply equally to insurers and reinsurers. A contract of insurance in the legislation includes a contract of reinsurance although a company may be licensed as a “pure reinsurer” and therefore not permitted to write direct business. It is worth noting however that fewer of the conduct rules apply to reinsurers, or in the context of insureds being large companies, rather than individual policyholders. Therefore, excess of loss reinsurance may be subject to lighter regulation, for example not being subject to all the consumer conduct rules. Since the introduction of the IA 2015, which applies to business insurance and reinsurance contracts and contains the duty of fair representation of the risk, as well as specifying remedies the re/insurer has for a breach, there has been a move away from re/insurers being favoured under the common law on insurance contracts.
The IA 2015 followed on from other changes to amend the common law and insurance contracts in favour of consumers including the Third Parties (Rights against Insurers) Act 2010 which made it easier for third parties to claim directly against insurers (on liability insurance) where the insured was insolvent, and the Consumer Insurance (Disclosure and Representations) Act 2012 which curtailed an insurer’s rights to avoid the contract at common law.
Insurance premium tax (IPT) derives from European Community law and was introduced in the UK by the Finance Act 1994. IPT is a tax on premiums paid under taxable insurance contracts, and applies to all contracts of insurance (but not reinsurance), wherever written or wherever the insurer or insured is located. There are certain exempt contracts, including an exemption where the contract relates to a non-UK risk. IPT is generally payable to HMRC by the insurer (or in some cases by a taxable intermediary). There are two different rates of tax which may be applicable: 12% (standard rate) or 20% (higher rate) of the premium paid to the insurer by the insured (or taxable intermediary), depending on the type of insurance contract and who arranges it.
The starting point for firms deemed to be carrying on re/insurance business in the UK (even if they do not have a permanent establishment in the UK, for example, by acting through agents) is that authorisation under FSMA is required.
Business not Carried on in the UK
As noted in 2 Regulation of Insurance and Reinsurance, a risk in the UK can be insured without UK authorisation if the regulated activity is not being carried on in the UK, ie, neither the “effecting” nor “carrying out” of the insurance relationship takes place in the UK. It may be possible for overseas re/insurers to arrange to carry out their business in such a way that they are not deemed to be doing so in the UK itself, thereby avoiding the need for approval under FSMA. This may not be an entirely straightforward approach, however, given that the position is not entirely certain, there is a significant amount of guidance from the regulators and case law around what activities constitute “effecting” or “carrying out” a contract of insurance and whether business is therefore being carried on “in the UK”, and under FSMA, permission may still be required for other activities connected to the main regulated insurance activities. For example, making arrangements in the UK in connection with the “effecting” of a contract of insurance is an FCA authorised activity and would require authorisation.
Firms established and authorised outside the UK but within the European Economic Area (EEA) are exempt from the requirement for UK authorisation under the passporting regime. This means these firms may conduct business in the UK (or any other host Member State) on a cross-border basis, either by way of freedom of services (providing services with no permanent physical presence in the host state) or freedom of establishment (setting up an establishment, a “branch”, in the host state).
A key feature of passporting is that the home state regulator authorises and supervises the firm, and the host state regulator relies on such authorisation and supervision. The PRA and FCA’s role in relation to firms passporting into the UK principally entails reporting information to the home state regulator and exercising power on their behalf: certain provisions of FSMA allow the PRA and FCA to assist a home state regulator on request, exercise regulatory functions on their behalf or take action against the firm for contravening FSMA.
Therefore, o permission need be sought from the PRA by firms passporting into the UK; instead, an informational notification process applies. Broadly (and with some differences for reinsurance), the firm will notify its home state regulator, who then issues a “consent notice” to the PRA. The firm may then start its activities, subject to any conditions imposed by the UK regulators.
Under Solvency II, prudential supervision is dealt with by a firm’s home state, but conduct matters are often dealt with by the host state. Under “general good” Solvency II provisions, the FCA (which is responsible for conduct supervision) may impose additional consumer protection or conduct measures on firms passporting into the UK where supervision of the matter has not been reserved to the home state regulator.
Non-EEA (ie, third country) insurers may apply for authorisation to establish a UK branch if they meet the relevant regulatory requirements to do so. There are certain distinctions under Solvency II; for example, a single branch cannot carry out both life and non-life insurance activities in the same EEA Member State (subject to certain “grandfathering” provisions), and Solvency II sets no particular standards for pure reinsurers to establish a branch (Solvency II just requires that pure reinsurers from third countries should not be treated more favourably than an EU pure reinsurer relying on passport rights).
The PRA recommends that a third-country insurer or reinsurer intending to establish a UK branch should contact the PRA and engage in pre-application discussions to ensure that the application process is efficient. In this way, applicants can better understand the overall authorisation process and prepare a suitable application that meets the PRA’s and FCA’s respective requirements.
As an EEA Member State, the UK is subject to the equivalence regime under Solvency II, whereby the European Commission may formally recognise a third country’s solvency and prudential regime as equivalent to the framework in the EEA. The objective here is to avoid unnecessary duplication of regulation, given the global nature of the insurance industry. Equivalence is assessed in three separate areas: reinsurance, solvency calculation and group supervision. Equivalence may be granted on a full, temporary or provisional basis. Switzerland and Bermuda currently have full equivalence.
Equivalence does not permit a third-country insurer or reinsurer to carry on business in the UK. To do that, it would still need to authorise a branch or subsidiary. Rather, equivalence affects group supervision, group solvency calculations and credit given for reinsurance from a reinsurer located in an equivalent jurisdiction.
Effect of Brexit
The basis on which the UK will leave the European Union is still uncertain at the time of writing (See 13 Other Developments). Once the UK leaves the EU, it is likely that the insurance industry will lose its automatic passporting rights between the UK and the rest of the EU. In anticipation of this, the PRA and FCA have implemented a “temporary permissions regime” which, under certain conditions, would permit non-UK EEA firms to continue to passport into the UK for a limited period after the UK’s departure from the EU. Provisions have also been implemented to preserve the validity of contracts written cross-border into the UK pre-Brexit where the EEA insurer does not intend to apply for UK authorisation to write business in the UK post-Brexit. Several other EEA Member States (including Germany, Italy, Luxembourg, the Netherlands, the Republic of Ireland and Spain) have implemented broadly similar transitional provisions which would allow UK-authorised firms to continue to service policyholders resident in those Member States under existing contracts for a limited period in the event of a no-deal Brexit.
There is no statutory or regulatory prohibition on fronting in the UK. Historically the UK regulators have tended to look unfavourably on the practice, but it is possible and indeed a number of financial guaranty firms entered into fronting arrangements, whereby business was written in the UK and 100% reinsured back to the parent entity. The Financial Services Authority (the PRA and FCA’s predecessor regulator) had concerns around counterparty credit risk of the non UK parent and the possible risk of UK policyholders not being paid, which was perceived as less of an issue for commercial lines like financial guarantees, particularly where obligations were collateralised. At that time, this concern was dealt with in the regulator’s rulebook through a presumption that reinsurance above a certain amount of reserves assumed too much credit risk unless it could be justified and mitigated, for example by collateral or a guarantee.
In practice, the FSA would usually expect retention of at least 10% of the risk (as a general rule of thumb) and the PRA currently follows a similar approach, expecting individual reinsureds to justify and manage their reinsurance credit exposure.
This figure has also been raised more recently as “a good referential” by EIOPA in its Brexit guidance, where it warned UK insurers to avoid fronting in their post-Brexit EEA headquarters and suggested 10% retention as a minimum to EEA regulators.
Despite the uncertainties of Brexit, there have been a number of very large acquisitions in the UK insurance sector this year. Deals have been drive by cheap financing and favourable foreign exchange rates, the perceived importance of scale in some sectors, hedging against the future in the use of technology, regulatory and capital pressures and the desire to enter new markets and have global reach. The sustained low interest environment has undoubtedly also increased pressure on re/insurers to refine their business models, increase scale and/or exit classes of unprofitable or non core business.
The life insurance sector has seen considerable activity following implementation of Solvency II, with a number of insurers exiting lines of business with higher capital requirements such as annuities or other products with long term guarantees. There has also been an effect on the run-off market as firms look to be as capital efficient as possible in a low interest, low growth environment and offload non-core business through share sales, reinsurance or business transfers, or often a mixture of the two latter approaches. Both Prudential UK and Standard Life in the UK have offloaded large blocks of life and annuity business to Rothesay Life and Phoenix, respectively, and Legal & General has sold its mature savings business (comprising around GBP33 billion of unit linked and GBP21 billion with policies business) to Swiss Re. These deals can release significant amounts of regulatory capital which the insurer can then deploy elsewhere in new opportunities.
Consolidation in the broker market is ongoing and is likely to continue as the market adjusts to regulatory change and the challenging economic environment, as is the acquisition and investment activity in “insurtech” businesses (see 10 Insurtech).
In the non-life sector, there continues to be a number of acquirers interested in Lloyd’s of London businesses. Membership of Lloyd’s gives a presence in the global insurance, reinsurance and specialty markets using Lloyd’s international licenses and capital rating, thus avoiding the need for separate authorisations and individual capital requirements in each country an acquirer may wish to expand into.
Much M&A activity has been driven by financial investors with plenty of capital and an interest in the insurance sector; these include private equity, and hedge funds as well as Canadian pension funds and sovereign wealth funds. These investors are interested across the insurance sector, in brokers, Lloyd’s, life and non life businesses and we expect this interest to continue in the future.
Insurance and reinsurance distribution in the UK takes place through a wide variety of channels, including through direct sales, brokers acting on behalf of their clients in arranging insurance or reinsurance cover, agents acting on behalf of the insurer or reinsurer, independent intermediaries, banks (through bancassurance or partnership arrangements), various retailers in connection with retail products being sold, and increasingly online sales, often through comparison websites, particularly for motor and home insurance.
Distribution in the Lloyd’s market takes place through brokers and through insurance agents or coverholders, holding binding authorities on behalf of the managing agents/syndicates for whom they underwrite. Such intermediaries have to be separately approved by Lloyd’s in addition to any other intermediary authorisation required in the jurisdictions where they operate. There has been significant consolidation in the broker and intermediary sector in the UK, as there has been elsewhere. Intermediaries can range in size from single individuals through broker networks to large global operations such as Aon, Marsh & McLennan and Willis Towers Watson.
Regulation of distribution in the UK is based on the Insurance Distribution Directive (the IDD) (Directive 2016/97/EU) which replaced its predecessor, the Insurance Mediation Directive (Directive 2002/92/EU), entering into force on 22 February 2016 and applying to relevant firms in the distribution chain from 1 October 2018. The IDD aimed to improve intermediary regulation in Europe to cover all sellers of insurance including insurance companies themselves and ensure the same level of protection for consumers regardless of the distribution channel used. In the UK, intermediation by insurers and reinsurers was already regulated and, therefore, fewer changes were required to implement the IDD than might otherwise have been the case. The IDD is implemented in the UK through FSMA and associated statutory instruments as well as through the FCA Handbook.
The FCA is responsible for the authorisation and both the prudential and conduct regulation of intermediaries operating in the UK. Every person in the intermediation chain from customer to insurer must either be authorised or exempt. Intermediation is defined widely to include arranging a contract of insurance, making arrangements with a view to someone entering into a contract of insurance, dealing in a contract of insurance as agent, advising on a contract of insurance or assisting in the administration and performance of a contract of insurance. A contract of insurance includes a contract of reinsurance although a lighter conduct regime applies to reinsurance intermediation.
Rules for intermediaries range from compliance with capital and professional indemnity insurance requirements through training and competence requirements to information required to be provided to potential customers, which varies with the type of intermediary, business and customer.
The IA 2015, which came into force on 12 August 2016, reformed UK insurance contract law in relation to misrepresentation and non-disclosure in commercial contracts. It applies to all insurance contracts entered into wholly or mainly for the purposes of trade, business or profession that are entered into or varied after that date.
Duty of Fair Presentation
IA 2015 places on a statutory footing the insured’s common law duty of full and frank disclosure. It imposes a duty on insureds to make disclosures in a manner that would be reasonably clear and accessible to a prudent insurer. The “accessibility” requirement is intended to prevent “data dumping”, ie, disclosing a mass of data without highlighting material considerations.
Representations of fact by insureds must be “substantially correct” and representations of expectations or belief must be made in good faith. An insured must make a “reasonable search” of the information available to them, including information held by their agents or others who are intended to be covered by the insurance.
An insured will need to disclose every material circumstance the insured knows or ought reasonably to know, or sufficient information to put a prudent insurer on notice that the insurer needs to make further enquiries for the purposes of revealing the material circumstances
A “material circumstance” for these purposes is anything that would or is reasonably likely to influence the judgment of a prudent insurer in determining whether to take the risk and, if so, on what terms.
In the case of commercial contracts, where the breach of the duty of fair presentation by the insured was deliberate or reckless, the insurer can avoid the contract, keep the premium and refuse to pay claims. Where the breach was not deliberate or reckless, the remedy depends on what the insurer would have done if a fair presentation had been made. If the insurer would not have entered into the contract at all, it can return the premium, avoid the contract and refuse to pay claims. If the insurer would have entered into the contract but on different terms, the contract is treated as if the different terms had been agreed. If the insurer would have charged a higher premium, the insurer can proportionately reduce the amount it pays on a claim.
In relation to consumer contracts, CIDRA 2012 requires the insurer’s remedies to be proportionate to the failings of the insured. This means that an insured is not unfairly deprived of all cover in circumstances where, had the insurer known the full facts, it would still have accepted the risk.
An insurance intermediary may be acting on behalf of the insurer or the insured, depending on the nature of its contractual relationship. Where an insurance broker is acting on behalf of the insured, its duty is to exercise reasonable care and skill in the fulfilment of its instructions and the performance of its obligations. An insurance broker is also under a duty to carefully ascertain its clients’ insurance needs and to use reasonable skill and care to obtain insurance that meets those needs, together with carefully reviewing the terms of any quotations or indications given to its clients. An insurance broker must also ensure that it explains to its client the terms of the proposed insurance to ensure the client is fully informed and satisfied that all its insurance requirements are met.
At common law, there is no requirement for a contract of insurance to be in any particular form or even to be in writing, although there is usually a document (called a policy) that evidences the contract. Some insurance contracts, such as contracts for marine insurance, are required by statute to be expressed in a policy.
The material terms of a contract of insurance are the definition of the risk to be covered, the duration of cover, the amount and method of payment of the premium and the amount payable by the insurer in the event of an insured loss.
The Marine Insurance Act 1906 and the Life Assurance Act 1774 (which is not restricted to life insurance) require an insured person to have an insurable interest in the subject matter of the insurance. This means that, for an insurance contract to be valid, the person taking out the insurance should stand to benefit from the preservation of the subject matter of the insurance or suffer a disadvantage should it be lost.
The law on insurable interest differs depending on whether the contract is for non-indemnity insurance (insurance which pays out a lump sum on the occurrence of a specified event, such as death, personal accident or critical illness, regardless of the loss suffered) or indemnity insurance (which compensates the policyholder for loss suffered). In the case of non-indemnity insurance, the Life Assurance Act 1774 makes null and void any policy on the life or lives of any person or on any event made by any person having no interest.
The indirect effect of the Gambling Act 2005 is that there is no requirement of insurable interest in the case of most indemnity insurance policies (including insurance on goods, land and buildings) and liability insurance. Section 1 of the Gambling Act 2005 provides that the fact that a contract relates to gambling shall not prevent its enforcement.
The English and Scottish Law Commissions have consulted on the topic of insurable interest at various times over the past ten years, suggesting that the law of insurable interest is complex and uncertain, and not required at all in relation to indemnity insurance. In 2016, the Law Commissions conducted a short consultation on a draft Bill to reform the law on insurable interest, and on 20 June 2018, they published an updated draft Bill for further consultation.
Generally, an insurable interest is still required and mortgagees do of course have an interest in the relevant policy through their loan secured on the relevant property. For life policies, the position is a little less straightforward - where there are “mid-term beneficiaries” in multi-life policies, the requirement for an insurable interest at the time the policy is taken out means that, theoretically at least, the policyholder lacks an insurable interest in respect of those potential beneficiaries. The draft Bill referred to in 6.4 Legal Requirements and Distinguishing Features of an Insurance Contract contains wording intended to clarify the position in favour of such potential beneficiaries.
Consumer contracts tend to have more protection for the insured through regulation. The Consumer Insurance (Disclosure and Representations) Act 2012 (“CIDRA 2012”), which came into force on 6 April 2013, provides clarity to consumers on what information they need to provide to insurers when taking out an insurance policy. CIDRA 2012 removes the duty on consumers when buying or renewing insurance to volunteer information, and replaces this with a duty to take reasonable care not to make a misrepresentation. Generally, representations will be made by consumers in response to questions raised by the insurer.
In relation to consumer contracts, CIDRA 2012 also requires the insurer’s remedies to be proportionate to the failings of the insured. This means that an insured is not unfairly deprived of all cover in circumstances where, had the insurer known the full facts, it would still have accepted the risk.
The term “Alternative Risk Transfer” (ART) encompasses a number of alternative techniques used to transfer risk as compared with traditional contracts of insurance or reinsurance. As such, the type and structure of an ART transaction will affect its regulatory treatment. Re/insurers in the UK market, and particularly in the London market, have used ART for a number of years and provided the technique used includes some transfer of risk, regulatory credit will be given for that transfer provided it meets the specific criteria set out in the Solvency II Regulation. The Solvency II Regulation explicitly recognises risk mitigation techniques used to transfer a variety of risks, including underwriting risk, but only if they fulfil the relevant criteria.
Industry Loss Warranties (ILWs) are a type of contract which pays out, often a fixed sum, on the occurrence of a market loss of agreed severity in response to certain catastrophe events. There might also be a double trigger of loss to the insured/reinsured in addition to market loss. ILWs have been around for a number of years and can vary both as to triggers and as to payment amounts. There can however be considerable basis risk, ie, the risk that whatever loss the insured/reinsured suffers will not be fully compensated by the ILW recovery because the two do not exactly match or because the market trigger is not reached. They may not therefore attract much Solvency II credit and for that reason it may be that there will be more careful matching of triggers and more payouts based on indemnity rather than fixed sum payouts.
A new onshore ILS regime was implemented in the UK with effect from 4 December 2017. The UK regime has been set up to be fully compliant with Solvency II rules on special purpose vehicles and therefore the appropriate reinsurance credit under Solvency II should be received.
ART transactions from other jurisdictions will be treated as reinsurance for UK cedents if the contract can be shown to fulfil the common law definition of insurance and also fulfils the Solvency II delegated regulation requirements for recognition as a risk mitigant. ART transactions structured as a derivative contract can also be recognised as a risk mitigant, similarly if they fulfil the conditions for derivatives as risk mitigants in the Solvency II regulation.
Insurance contracts are construed according to the principles of construction generally applicable to other contracts. The following general rules of construction apply:
The purpose of warranties is to circumscribe risk. Section 33(1) of the Marine Insurance Act 1906 defines warranties as terms by which the policyholder undertakes to do or not to do some particular thing, or that some condition will be fulfilled. IA 2015 reformed the law of warranties and remedies for fraudulent claims in relation to both consumer and business insureds.
IA 2015 abolished the so-called “basis of contract” clause in insurance contracts which turns an insured’s representations into warranties. Breaches of warranty that are irrelevant to the loss that occurs will no longer discharge insurers from liability as was the case previously.
Where the insured can demonstrate that failure to comply with a contractual term, including a warranty, could not have increased the risk of the loss which occurred, insurers will no longer be able to rely on the breach to exclude, limit or discharge its liability. A breach of warranty will discharge the insurer from liability for loss occurring after the breach. It will not discharge the insurer from liability for loss occurring before the breach or after the breach has been remedied.
Contracting Out of IA 2015
As stated in 8.2 Warranties, IA 2015 provides that breaches of warranty that are irrelevant to the loss that occurs will no longer discharge insurers from liability. In consumer contracts, any attempt to contract out of any part of IA 2015 will be of no effect. In commercial contracts, an insurer seeking to contract out of the provisions of the IA 2015 (eg, in order to make a “disadvantageous term” a condition precedent to the insurer’s liability) must take sufficient steps to bring the relevant term to the insured’s attention and ensure that the term is clear and unambiguous as to its effect.
IA 2015 enables insurers to treat the insurance contract as terminated from the date of the fraudulent act. The previous common law position of insurers not being liable for fraudulent claims and being able to recover payments made to the insured in respect of a fraudulent claim remains unchanged.
It is common for an insurance contract to specify a mechanism for dealing with disputes prior to resorting to litigation or arbitration. This may range from an initial attempt to resolve the dispute through nominated senior executives or managers to other dispute resolution mechanisms such as an independent expert determination or mediation. Whilst insurance disputes can be, and are, often litigated, it is common for commercial insurance contracts and reinsurance contracts to contain an arbitration clause providing for disputes to be settled through arbitration rather than the courts.
Consumer contracts have to contain certain provisions required by law or regulation to protect consumers. Whilst consumer contracts are sometimes litigated, insurers must provide consumers with details of complaints procedures and their right to refer disputes to the financial ombudsman. They are also under a regulatory duty to treat customers fairly. Consumer disputes will therefore often be settled through internal procedures or an ombudsman ruling rather than through the courts.
Limitation Period for Insurance Claims
There is no specific statutory limitation period for making a claim under an insurance or reinsurance contract. Insurance contracts are subject to the normal limitation period under the Limitation Act 1980 for causes of action founded on breach of contract (that is, six years from the date on which the cause of action accrues).
As well as the statutory limitation period, insurance and reinsurance contracts typically include a notification clause requiring the insured to give the insurer notice of claims or losses, or of circumstances which give rise to a claim or loss, in a particular manner (usually in writing) and within a particular period (for example, "as soon as reasonably practicable"). An insured can lose the right to an indemnity for failure to comply with a notification clause where compliance is a condition precedent to bringing the claim. So-called “claims made” policies provide cover for claims actually made within the policy period, usually a year.
Disputes over jurisdiction regarding civil and commercial matters are resolved using two principal sets of jurisdictional rules: the European regime, and the common law regime. The European regime takes priority where it applies.
The jurisdictional rules that form part of the European regime are set out in two EU regulations. Jurisdiction in relevant proceedings instituted before 10 January 2015 is decided on the basis of the Council Regulation (EC) 44/2001 on jurisdiction and the recognition and enforcement of judgements in civil and commercial matters, commonly known as the 2001 Brussels Regulation. Jurisdiction in relevant proceedings instituted on or after 10 January 2015 is decided on the basis of the Regulation (EU) No 1215/2012 of the European Parliament and of the Council of 12 December 2012 on jurisdiction and the recognition and enforcement of judgments in civil and commercial matters, commonly known as the Recast Brussels Regulation.
Jurisdiction in matters relating to insurance is determined on the basis of distinct rules set out in the EU regulations, which aim to protect the so-called “weaker party”. In particular, a policyholder, an insured or a beneficiary can choose to claim against an insurer in the courts of different Member States, including the Member State where the insurer is domiciled, the Member State where the claimant is domiciled, or – in the case of a co-insurer – the Member State where proceedings are brought against the leading insurer. On the other hand, an insurer can only claim in the courts of the Member State where the defendant is domiciled. Parties can depart from these rules only by agreement in prescribed circumstances.
Disputes over the law applicable to contracts concluded after 17 December 2009 are resolved on the basis of the rules set out in Regulation (EC) 593/2008 of June 17, 2008 on the law applicable to contractual obligations, commonly known as the Rome I Regulation. Unlike the previous European regime set out in the Rome Convention on the Law Applicable to Contractual Obligations 1980 (transposed in the United Kingdom through the Contracts (Applicable Law) Act 1990), the Rome I Regulation applies to insurance contracts with the exception of certain life assurance contracts.
Civil litigation in England and Wales is adversarial in nature. The first stage in typical court proceedings is the issuance of a claim form, which contains the names of the parties, details of the claim and its value. The claimant then serves the claim form on the defendant, and must also prepare and serve the particulars of the claim, stating the facts on which it relies, the remedy sought, and any other relevant information. Legal argument will usually be reserved for the actual trial.
The defendant can choose to defend against the claim by serving a defence. The claimant can reply to the defence. If the defence includes a counterclaim, the claimant’s reply must also include a defence.
Next steps include disclosure, when each party is required to disclose to the other documents within its control that are relevant to the issues in dispute. The disclosure obligation in English litigation is wide and requires each party to disclose documents that support or harm their case or their opponent’s case. Parties will also typically exchange witness statements on issues of fact and expert reports.
The case will then proceed to trial. English trials principally involve each party’s counsel making oral submissions and drawing the judge's attention to the relevant evidence and law, including calling on the evidence of witnesses and experts that they seek to rely on and cross-examining opposing witnesses and experts.
The parties must take each step within prescribed periods of time set out in the civil procedure rules, or decided by the court, including in case management conferences (CMC) where the parties and the judge decide how the case should be conducted going forward, including setting a timetable for all the steps up to trial.
If an unsuccessful party does not voluntarily comply with the judgement of the court, various enforcement procedures are available including the seizure and sale of that party’s assets or the imposition of a charge over certain assets.
Foreign judgements can be enforced in England and Wales. However, the rules governing the recognition and enforcement of foreign judgements will vary depending on the foreign jurisdiction:
Under the European regime, the judgment creditor requires the leave of the court to enforce a foreign judgment, following which it can be enforced as if were an English judgment. Under the Recast Brussels Regulation, the judgment creditor needs to provide the enforcing authority (and the judgment debtor) with a certificate from the court of origin, certifying that the judgment is enforceable and contains relevant details, as well as an authenticated copy of the judgment and a translation, if relevant. Under the 2001 Brussels Regulation, the judgment creditor is also required to obtain a declaration of enforceability from the enforcing state, but this requirement was removed under the Recast Brussels Regulation to streamline enforcement.
The judgment debtor can apply to the court where enforcement is being sought requesting that enforcement is refused. The grounds for refusal are limited and do not allow the enforcing court to revisit the merits of the judgment.
Arbitration clauses in commercial insurance and reinsurance contracts can be enforced in the same way as arbitration clauses in other kinds of contracts. Indeed, arbitration is a popular method of resolving insurance disputes. The Insurance and Reinsurance Arbitration Society (ARIAS (UK)) has prepared a recommended arbitration clause, which takes into account the ARIAS Arbitration Rules and the provisions of the Arbitration Act 1996.
Under Section 66 of the 1996 Act, arbitral awards can be enforced as a judgement with leave of the court, whether they are domestic or foreign.
The United Kingdom is a signatory to the New York Convention, which entered into force on 23 December 1975, with a reciprocity reservation. The United Kingdom has submitted notifications extending the territorial application of the New York Convention to Gibraltar, Isle of Man, Bermuda, Cayman Islands, Guernsey, Jersey and the BVI.
For foreign awards governed by the New York Convention, Section 103 of the 1996 Act contains the grounds of review for recognition and enforcement, that are set out in Article V of the New York Convention. In practice, the United Kingdom is an “arbitration-friendly” jurisdiction and the grounds for review of foreign awards are limited.
In addition to the New York Convention, the United Kingdom is also a party to the Geneva Convention on the Execution of Foreign Arbitral Awards of 1927, the Convention on the Settlement of Investment Disputes between States and Nationals of Other States of 1965 and numerous other Bilateral and Multilateral Investment Treaties.
Arbitration is commonly used in insurance and reinsurance disputes, and a clause requiring this form of dispute resolution to be used may be contained in the policy. The International Chamber of Commerce (ICC) and the London Court of International Arbitration (LCIA) are frequently used.
A contract might also require resolution of a dispute through another form of alternative dispute resolution, for example mediation. The court will encourage mediation before litigation for both insurance and reinsurance contracts and failure to do so may result in costs penalties.
The Enterprise Act 2016 introduced an implied term to (re)insurance contracts that insurers must pay sums owed to policyholders within a reasonable time. The type of insurance, the size and complexity of the claim, compliance with any relevant statutory or regulatory rules or guidance, or factors outside the (re)insurer’s control will all be taken into account when assessing what constitutes a reasonable time.
A breach of this implied term could give rise to a claim for damages. The limitation period for the insured to bring the claim for damages is one year from the date of the last payment in respect of the relevant loss (Limitation Act 1980).
Parties to a non-consumer contract can contract out of the reasonable time obligation so long as they comply with the IA 2015 transparency provisions.
Insurtech is bringing significant and unparalleled change to the insurance industry. An increasing number of start-ups are applying new technologies in the insurance space. Incumbent insurers are focused on partnering with and acquiring these businesses in order to avoid disruption, meet evolving customer demands and capitalise on insurtech’s potential.
Virtually all major insurers now pursue insurtech opportunities in some form or another. Several of the most common strategies used by global and UK insurers are listed below, ranging from early- to late-stage investment. Importantly, these strategies are not mutually exclusive and global players typically utilise several, if not all of them in parallel.
Below are some of the products involved in insurtech:
Efforts have been made by regulators to adapt to insurtech, demonstrated by the launch of Project innovate by the FCA in 2014. A key component of the project is the regulatory sandbox. This involves early, open and honest communication between insurtech firms and their respective regulators, who provide individual guidance, potential modification of rules and letters of no enforcement action for a limited duration. In exchange, the FCA closely monitors the pilot and receives information regarding current innovations. The PRA and FCA have also set up a New Insurer Start Up Unit which has produced an online guide to all the stages in setting up an insurer, and are requesting feedback on this initiative.
As a centre for the global insurance and reinsurance industry, the UK industry, particularly Lloyd’s and the London market, is focused on the many emerging risks common to those in the rest of the world, climate change changing the pattern of catastrophe and environmental risk, increasing digitalisation resulting in greater danger in cybersecurity risk and the changing risk profile of common types of insurance, such as motor and liability, with the development of automation and artificial intelligence.
UK businesses have a heightened awareness of the threat that cyber crime poses, following a number of recent high profile data breaches. The recent joint report on cyber threat to UK business from the National Cyber Security Centre (NCSC) and the National Crime Agency (NCA) acknowledged the pace at which cyber threats evolve and urged collaboration between government, law enforcement agencies and business to tackle this universal threat. In its Annual Review 2019 the NCSC stated that it had been involved with, or defended the UK from, 658 cyber attack incidents in the previous 12 months. Whilst (re)insurers face cyber risks themselves, it is also an opportunity for them to offer cyber risk insurance protection to others.
The UK government is committed to making the UK a leader in cyber security and the FCA and PRA are both alive to the risks that financial services firms, such as insurers, face from cyber threats. The PRA and FCA are engaging with industry and co-operating with each other and the Bank of England to monitor the use of new technologies, assess emerging regulatory risk and test firms’ operational and cyber resilience through stress tests - and enforcement and fines when regulatory and data breaches occur.
Longevity risk has been an increasing focus of the regulator, in part due to the peculiarities of the Solvency II regulatory regime. 2017 saw recognition by the PRA that the design of the risk margin (which is used in the calculation of an insurer's liabilities) makes it highly sensitive to interest rate conditions, to a degree that was not foreseen by the architects of Solvency II. In the Bank of England's public response to the European Commission’s Call for Evidence on EU Financial services regulation, the PRA noted that interest rate sensitivity, coupled with historic low rates in the UK, meant that the risk margin is disproportionally large for UK insurers writing interest rate sensitive risks which are usually long term, ie, longevity risk, annuities or savings products with a form of guarantee. The PRA also noted that the volatility was undesirable from a prudential viewpoint because of its potential to promote pro-cyclical investment behaviour by insurers. Consequently, the PRA publicly supported redesign of the risk margin to deliver more stable balance sheet outcomes for insurers and so support their key role as long term investors in the economy.
In a letter to the House of Commons Treasury Committee in June 2018, BoE Deputy Governor Sam Woods explained that, due to Brexit uncertainties, the PRA was struggling to find a way to implement a change (to the risk margin) with enough certainty that firms could rely on for pricing, capital planning and use of reinsurance. He also noted that calculation of the risk margin had pushed leading UK insurers into reinsuring a substantial proportion of longevity risk offshore, and whilst there were no immediate concerns regarding this issue, it could become a prudential concern if left unconstrained. The PRA is taking an increasing interest in such transactions and insurers are required to notify the regulator of their longevity deals and the mitigating steps taken to reduce their counterparty exposure associated with offshore reinsurance.
Several features of DLT, such as blockchain, justify its reputation as offering a high standard of protection against cyber security risk. From the sharing of identical information across networks, to the cryptography-based protections built into the technology, DLT represents an exciting development in the fight against cyber crime. The ability to protect data from cyber attacks or malicious tampering is not only beneficial from a business risk point of view, but it also makes a product based on DLT more attractive to both consumers and regulators, who must balance innovation against risks to markets and customers. However, weaknesses in DLT have been revealed through a series of cyber attacks against digital currencies that use DLT.
To manage the policy and regulatory implications of DLT and cryptoassets in financial services, the BoE, the FCA and HM Treasury created a Cryptoassets Taskforce in March 2018. The Taskforce published a report in October 2018 detailing specific actions to be taken by regulatory authorities to mitigate the risks that come with the potential benefits of DLT. The FCA issued its own guidance on cryptoassets in July 2019 (PS19/22), following a January 2019 consultation.
In the UK there are specific provisions (in Part VII of FSMA) allowing one insurer to transfer its business to another, without the requirement for policyholder consent or consent of any other affected counterparties (a “Part VII transfer scheme”). There has been an increasing number of these over the past few years due to M&A activity and reorganisations driven by Solvency II or Brexit.
In a judgment of the High Court delivered on 16 August 2019, Mr Justice Snowden refused to sanction a proposed Part VII transfer scheme whereby Prudential plc proposed to transfer annuity policies (constituting approximately GBP12.9 billion of liabilities) to Rothesay Life plc. This was despite the fact that the independent expert (appointed to report to the High Court on the proposed scheme) and the PRA and the FCA had all approved the proposed scheme.
In his judgment, Mr Justice Snowden said that in considering whether it was appropriate to sanction the scheme, the High Court should take account of all the circumstances of the case, including, in this instance, the subjective views of policyholders on the respective ages and reputations of the insurers.
The exercise of the High Court’s discretion under FSMA in this case casts doubt on the previous industry assumption that consent would likely follow the support of the independent expert and the UK regulators. For future Part VII transfers, insurers and reinsurers may need to take into account factors beyond the actuarial and regulatory requirements under Solvency II and the current Part VII provisions.
On 27 September 2019, Prudential plc and Rothesay Life plc announced that they had filed an appeal against the decision. However, it is not expected that the case will come before the Court of Appeal until Spring 2020 at the earliest.
The basis on which the UK will leave the European Union is still uncertain at the time of writing. The revised withdrawal agreement negotiated between the UK and the EU27 in October 2019 provides for the UK to leave the EU on 31 January 2020, subject to a transition period until 31 December 2020 (which can be extended for up to two more years) during which both sides would broadly be treated as if the UK were still a member of the EU, including the maintenance of current passporting rights for EU insurers and reinsurers, and the mutual recognition of cross-border merger and insurance portfolio transfer procedures. However, unless the revised withdrawal agreement obtains the necessary parliamentary approval following the 2019 UK general election, it is possible that the UK will leave the EU without an agreement (a so called “hard Brexit”) on 31 January 2020, or after that date if the UK and the EU fail to agree the terms of their future relationship before the end of the transition period.
What does seem clear is that the insurance industry will lose its automatic passporting rights between the UK and the rest of the EU. Whilst the UK Government’s July 2018 white paper on “The Future Relationship Between the United Kingdom and the European Union” focused on a proposed free trade area in goods, there was very little detail on services other than an acknowledgement by the UK Government that there would no longer be the same degree of access between the UK and the rest of the EU. At the time of writing the UK is in the midst of a general election so there is even less certainty as to the direction a future government will take.
Insurers have been planning for some time on the basis of a no deal or hard Brexit and setting up new authorised subsidiaries or branches so as to be able to access to both the UK and EU markets in case required post Brexit.
The UK government has drafted legislation intended to maintain EU laws and regulations currently directly applicable in the UK, including those relating to insurance, and in particular the Solvency II regime, but without the references to EU institutions and the reciprocal arrangements which come with being a member, by incorporating these into domestic law through statutory instruments under the European Union Withdrawal Act.
The intention is, therefore, that there will be no difference in insurance regulation as it currently applies in the UK and to UK authorised insurers immediately post Brexit, with the amendments being made purely to reflect the UK’s withdrawal from the EU and its institutions.
It is unlikely that the regulator or the UK insurance industry will wish to diverge greatly from the Solvency II regime, given the amount of effort, time and money spent on its implementation. However, there are some areas already heavily criticised by the regulator and the industry where some changes may be made; notably in the Solvency II calculation of the risk margin, the matching adjustment and the treatment of certain long term investments. Over time, there will be some EU derived laws and regulations that the UK Government will amend or remove completely but the extent of change is likely to depend on what can finally be agreed with the EU on the future relationship.
Insurance Linked Securities Regime
The new ILS regime for the UK was implemented with effect from 4 December 2017 after a significant amount of work between the regulators, the industry and HM Treasury to design an onshore regime which would allow the UK to compete with more established ILS jurisdictions, whilst ensuring that ILS issued in the UK would be compliant with the Solvency II rules on special purpose vehicles.
The new rules introduced protected cell companies into the UK for the first time, together with an attractive tax regime and a bespoke approach to regulation and supervision to reflect the nature of ILS transactions.
Since its introduction the new regime has been used for Lloyd’s insurer Neon’s NCM Re vehicle, Scor’s Atlas Capital UK deal, Brit’s Sussex Capital UK vehicle and Pool Re’s Baltic PCC structure. It is hoped that more transactions will follow.
Over the next five to ten years, the insurance industry will be revolutionised by the use of insurtech in all aspects of the business. In the long-term, organisations that are slow to embrace this new technology will struggle to compete and to retain their place in the market.
Insurtech is an elastic term that broadly includes Artificial Intelligence (AI) and associated technologies such as chatbots, robotics, telematics and gamification.
Initially, these innovations will impact the consumer market and the markets servicing SMEs; it seems inevitable, however, that as the technology beds down, it will expand into more complex risks.
The discussion that follows provides an overview of the current and future use of insurtech as well as highlighting some of the commercial, legal and even philosophical issues that its use will raise.
Currently, insurtech is being deployed broadly in two areas of the underwriting process – the gathering and analysis of data to create personalised policies, and the elimination of repetitive tasks and unnecessary delays. Essentially, this involves the combination of highly specific source data relating to the potential insured with broader data sources and the application of algorithms to this material to provide a fast but targeted risk analysis.
Source Data and Personalised Insurance
One of the major innovations that insurtech has introduced is Usage Based Insurance, or UBI, which can be used to develop more personalised insurance products. Personalisation is achieved by the use of algorithms to analyse the insured’s own data together with external information from a broad range of sources to generate a bespoke risk score. This process is intended to significantly improve the relevance of the insurance to the buyer as well as the underwriter’s ability to assess risk.
Pay as you drive insurance is at the forefront of this process and there are a number of examples on the market. This insurance is priced on the basis of a fixed cost for the car’s stationary risk, such as fire and theft, and a flexible element based on the number of miles driven each month. Mileage information is collected through the use of telematics involving a “black box” in the car to relay information to the insurer in real time. Drivers can also see the cost of their insurance as it is incurred.
More particularly, however, insurance can be tailored not only by reference to how far an insured drive but also by how the insured drives. This will involve the use of telematics to monitor variables such as the speed at which a vehicle is driven on different kinds of road, whether the driver brakes or accelerates sharply, whether the driver take rests on long drives and where and when the car is driven. This information is transmitted from a black box in the car to the insurer. It is then compared with data from others to set a premium. Clearly, this involves the collection and analysis of personal data from a large group of individuals to see, for example, where accident hotspots may be and what times of day and days of the year are the most dangerous. There are obvious data protection issues that arise from this but also, perhaps, wider issues relating to privacy and consumer caution and concern about the amount of their data held by distant corporations.
UBI (Usage Based Insurance) may also be open to abuse. For example, can the telematics differentiate between those occasions when the insured is driving the car, when another named driver is at the wheel, or when the car is being driven by someone who is not covered under the insurance? In the future, perhaps some form of genetic code – a fingerprint or iris scan – will also be required (bringing with it additional data privacy issues).
UBI is clearly also applicable to the commercial environment. For example, it may be used to achieve a more accurate picture in real time of where particular ships navigate and how much time is spent at sea. It will also enable insurers to keep track of particular cargos with black boxes attached to shipping containers to measure location, distance travelled, method of storage and speed.
It would be wrong, however, to think that this new technology is limited to various means of transport. Its application to life and health insurance is also being actively explored. For example, the insured’s success in achieving quotas on Fitbits and other similar devices can be monitored. The use of AI technology can also improve the accuracy of data used to underwrite insurance by providing information about how much we actually drink, smoke and exercise as opposed to what we say we do.
In a similar vein, insurers are using “gamification” to enhance these processes. Gamification, as the name suggests, involves the inclusion of some gaming experiences into the insurer client relationship, for example by encouraging the insured to achieve Fitbit targets, in order to strengthen the relationship between insurer and insured, and introduce risk management elements. These techniques also increase the insurer’s ability to give insureds the kinds of insurance products that they want.
Indeed, some insurers have been trialling the use of "selfies" as a basis for providing a quote for life or health insurance. In this process the putative insured sends a smartphone selfie to the insurer where an algorithm is used to assess the insured’s gender, age, BMI and smoking indications in order to generate an initial quote. It is anticipated that in time the algorithm will be able to assess alcohol consumption and chronic disease. Clearly, this approach will generate data privacy issues as well as ethical issues not least with regard to information relating to chronic disease.
While initiatives of this nature will benefit the healthy insured, one can see that there is a danger that the use of this personal source data may result in less affordable insurance for less healthy insureds. This in turn may lead to regulatory challenges in relation to potential discrimination. As noted, particular regulatory issues will also arise in connection with the use of sensitive personal information (called “special data” in the General Data Protection Regulation (GDPR) which has been implemented recently across the European Union. In the UK it is enacted in the Data Protection Act 2018 which is expected to survive Brexit).
More controversial is the possibility of applying advanced analytics to genetic data to assist insurers by modelling an insured’s susceptibility to genetic disorders and to assess health risks and price accordingly. Clearly, this raises very significant ethical issues and one must assume that regulators will be very cautious about the collection and use of this sort of information.
The introduction of robotic process automation (RPO) and use of big data means that underwriting decisions can be made, and policy documentation issued, much more quickly than in the past. This is achieved by using the RPO and chatbots to interrogate the insured in respect of key variables and to process that information and take the necessary underwriting decisions. Many of us will be familiar with a similar process in connection with the purchase of our motor or home insurance. The difference here, however, is that the process can be entirely automated by using RPO, and the analysis of big data provides a far more accurate and sensitive basis for setting premiums for particular risks on the basis of the information provided by the insured.
One of the benefits of this is expected to be to enable insureds to ‘book’ particular days on which they wish to be covered by accident insurance for example.
In summary, the key elements of all of these developments are the ability to use technology to obtain highly personalised “source” data, combine it with relevant “big data” and apply an appropriate algorithm to arrive in quick time at a bespoke risk assessment.
Initiatives of this nature will become increasingly common as the full impact of the Internet of Things (IoT) is realised. We can expect to see increasing use of location-based sensors such as smart thermostats and geographical information systems (GIS) relaying information to insurers in real time to facilitate more accurate underwriting.
New Risks and New Opportunities
In addition to developing new techniques for assessing and underwriting existing risks, insurers are increasingly being asked to provide cover for the new technology itself. As responsibility and decision-making shifts from humans to algorithms, new liability challenges arise for insurers. In addition, interconnectivity and the IoT, which are vital in driving the AI revolution, bring with them a significant increase in the vulnerability of autonomous, self-learning machines to failure, or an attack exploiting the numerous data points such technology requires. This will increase the demand for cyber insurance but, at the same time, the lack of data and the difficulty in predicting how and where AI may be attacked or fail is likely to make the class more difficult for insurers to analyse and price. New forms of business interruption insurance will also be required. It should also be borne in mind, however, that improved AI is likely to lower the cost of developing malware and other forms of cyber attack, thus making AI and cyber-related losses more likely.
AI is having a huge impact on the speed and manner in which insurers can process claims. Indeed, one new tech-driven company promises to process home insurance claims in seconds and pay them in minutes. While these speeds are clearly not appropriate to many classes of claim, insurers that do not take steps to incorporate insurtech into their claims handling process, for example in the management of administrative tasks, will become increasingly unattractive to buyers.
Detecting fraudulent claims is a major issue for insurers, with recent figures from the Association of British Insurers showing approximately 98,000 fraudulent claims with a value of approximately GBP1.2 billion detected in the United Kingdom alone in 2018. It is no surprise, therefore, that insurers are developing algorithms that use big data and machine learning to identify the markers of a fraudulent claim. Claims are then tested against these markers by the AI so that suspicious activity can be subjected to closer examination. It is to be hoped that this process is not jeopardised by the requirements of the GDPR to control the processing of personal data and inform data subjects of the purposes for which their data is being used. It also seems inevitable that fraudsters are developing their own complex algorithms to trigger unjustified claims payments and so, from this point of view at least, AI may be a double-edged sword.
Experience suggests that even with the most advanced insurtech there will be disputed claims, some of which will lead to litigation or other forms of dispute resolution such as arbitration or mediation. Here too, AI will have a role to play. New litigation prediction models for insurers are being developed with the intention of removing some of the uncertainty from dispute resolution. This new technology is designed to assist in assessing both the chances of success in defending claims, the likely quantum of successful claims and potential cost consequences of disputing the claim – including the reliability of cost estimates, the potential cost exposure to the other party and the likelihood of cost overruns. This information should enable insurers to arrive at a much more reliable cost benefit analysis of any dispute and to adjust their strategy accordingly.
There are a number of projects of this nature across the market reflecting cooperation between lawyers, technology providers, statisticians and academics. While they will certainly face technological, mathematical and regulatory challenges (for example in relation to GDPR and laws aimed at countering discrimination) these models represent part of the continuing drive to increase claims efficiency, reduce costs and eliminate frictional damage in the processing and settlement of claims. Without these changes, the threat to traditional insurance models will undoubtedly continue to increase.
At present, these tools are being developed principally with the resolution of high volume, low value insurance claims in mind since it is easier to develop statistical models and predictive AI for this type of business. Nonetheless, predictive modelling is also expected to have an application for high value complex claims.
The growing use of AI is not without its pitfalls for buyers and sellers of cover as well as for brokers and other intermediaries.
For the insurer, the huge volume of often sensitive personal data required to maximise the benefits of AI requires very careful handling. A failure to safeguard this material, or to obtain the necessary consents for its use, can expose the insurer to severe financial penalties (up to 4% of its annual turnover under the GDPR). Perhaps more importantly, however, the loss or abuse of this data is likely to have a devastating impact on the insurer’s reputation and commercial position. In addition, information of this kind is particularly attractive to cyber criminals and, at a time when even sophisticated operators are vulnerable to attack, managing this risk will require constant vigilance from the insurer and its service providers.
Just as significantly, it will be important to manage the machine learning aspect of both underwriting and claims handling to avoid discrimination on the grounds of race, gender or location. For example, AI deployed in the underwriting process may note that males are more likely to have a motor accident than females. If the AI starts to adjust premiums taking this information into account, there is a clear risk that it will place the insurer in danger of breaching anti-discrimination laws such as the EU Gender Directive which will continue to apply in the UK, at least initially, following Brexit. This is a complex issue and discrimination is not always obvious – for example, discriminating on the basis of an insured’s address can be a proxy for discrimination on the grounds of ethnicity, and it has even been suggested that discrimination on the basis of the insured’s email address has taken place.
Similarly, if the AI concludes that claims from a certain area or group are more likely to be fraudulent it may again place the insurer in danger of breaching the law or, at the very least, severely damaging its commercial reputation. It is important, therefore, that insurers continue to exercise control over what their insurtech is actually doing. Indeed, a recent focus paper by the EU’s Fundamental Rights Agency (FRA) draws attention to the fact that when algorithms are used in decision-making there is a potential for beach of the principle of non-discrimination contrary to Article 21 of the EU’s Charter of Fundamental Rights. The FRA therefore recommends, among other things, that potential biases and abuses created by the algorithm should be recognised, that the quality of data should be checked, and that the way in which the algorithm was built should be capable of explanation.
Traditional insurers also face a profound threat to their business model from so called “disrupters” – new businesses that seek to bypass traditional insurance underwriting and distribution structures by making personalised insurance available quickly using a combination of AI, algorithms, chatbots and direct marketing to allow customers to download and use an app to purchase policies on smart phones and social media or packaged with other products.
One final threat to insurers arises not so much from what they are doing themselves but from what their clients are doing. The increasingly widespread use of AI means that insurers’ clients may well be facing losses and liabilities of a kind that were rare or even non-existent in the past. Just as with cyber exposures, these risks may not be factored into traditional insurance policies, such as all-risk policies or package policies for large businesses. It may well be the case, however, that there is no relevant exclusion in the policy either, so that insurers find themselves facing losses that were not anticipated and that they have not included in their underwriting assessments. This is similar to the threat of “non-affirmative” cyber insurance, which the industry has only recently begun to tackle, and it will require careful analysis by insurers if it is to be managed successfully.
While AI should provide the insured with quicker and more focused insurance cover, it does not come without its pitfalls. In particular, the use of AI will make it much easier for insurers to identify subprime risks and there is clearly a danger of anti-selection or “writing down”, which will make it much harder for insureds with particular or unusual characteristics to obtain cover. Ultimately, this may require regulatory change to address.
One of the perceived advantages of AI is that it will create more direct contact between insured and insurer, enabling the insurer to broaden its offering to its client and to respond more precisely to the client’s needs. Similarly, existing distribution networks will be bypassed to remove unnecessary friction and cost from the insurance-buying process. This will mean that, like insurers, brokers and other intermediaries will find their business model under attack. While in the short-term this may be an issue principally in the mass market, it is inevitable that it will also find a role in commercial placements. The coincidence of such a development with the greater scrutiny of the role of intermediaries from regulators threatens to create a perfect storm that will require intermediaries, like insurers, to adapt to survive.
The use of AI raises a number of legal issues, but perhaps the most difficult in the context of insurance is the question of liability. In order to properly underwrite the policies that they issue, as well as to enable them to resolve claims and analyse their own exposure, insurers will need to understand not only where the liability rests for damage caused by malfunctioning AI but also who is liable for damage caused by the decisions taken by AI. In cases in which errors by the developer or manufacturer of the AI results in the AI malfunctioning, issues of liability would appear at first sight to be relatively straightforward. As the decisions taken by AI systems become further removed from direct programming and increasingly based on machine learning principles, however, it may be difficult to identify the precise cause of a particular AI decision or the source of any damage. A system that learns from information it receives from the world can operate independently from its operator and in a way that its designers did not or could not have anticipated. Who will be liable if the AI’s actions are inexplicable or cannot be traced back to human error?
The EU has begun to address this issue through the European Parliament’s resolution and recommendations to the Commission contained in the “Civil Law Rules of Robotics” passed in February 2017. This document invites the Commission to consider two approaches to liability: a strict liability approach or a risk-based liability approach. The latter would focus on “the person who is able… to minimise risks and deal with negative impacts”.
The EU paper also considers the possibility of a compulsory insurance scheme that would take into account “…all potential responsibilities in the chain [of causation]”. These recommendations are now under consideration by the European Commission.
Similarly, the upper house of the UK Parliament issued a paper in April 2018 entitled “AI in the UK – Ready, Willing and Able”. In the paper the authors consider the question of liability in the context of AI and recommend that the issue be reviewed by the Law Commission of England and Wales to decide whether legislation is required to allocate liability with the consequences for insurers that will surely follow. The UK Government’s response to the paper also highlights to need to mitigate the risk of potentially erroneous decisions made by AI through legal liability and the Law Commission is expected to be asked to consider the issue.
One final point to consider is the question of whether AI can be programmed in such a way that it inflicts damage to one person or object instead of another – the so-called “trolley bus problem”. For example, could an autonomous vehicle be programmed to prioritise the life of its passenger over that of a pedestrian? An approach of that nature was hinted at by Mercedes recently but was rapidly dismissed by the German Federal Ministry of Transport and Digital Infrastructure, which pointed out that making such a decision on the basis of a pre-programmed set of criteria was likely to be illegal. The Ministry also indicated that the German Government intends to introduce regulations to that affect.
In summary, insurtech is set to revolutionise all aspects of insurance from underwriting to claims handling to dispute resolution and distribution. This process is already underway, but its full extent is difficult to predict. Traditional insurance models face fundamental challenges but the early indications are that they are beginning to recognise and respond to those challenges. Insurers that do not engage with this new technology will, however, face the risk of being left behind in a rapidly changing market.
One obstacle to the exploitation of insurtech does remain, and that is uncertainty over the legal and regulatory framework in which it operates. While governments have taken some initial steps to address these issues, it is very far from clear where that particular journey will end.
Blockchain and the Verification of Data
Although blockchain is not strictly part of the AI revolution in insurance, it is set to have a significant impact on the way in which insurance transactions are carried out. Many commercial transactions require the existence of relevant insurance contracts to be verified. For example, the sale of goods and their transhipment overseas involves a significant amount of paperwork, including commercial invoices and bills of lading that provide the basis upon which the insurer will issue a policy of insurance to the shipper and its banker. These documents must then be transferred, usually in hard copy, to the interested parties overseas. This transfer process can take up to a week, during which time the goods may be sitting in port incurring charges, causing congestion and tying up assets. Blockchain will allow all of the parties to the transaction to view and verify the paperwork in real time, thus significantly speeding up the shipping process by removing the requirement for the physical transfer of documents between banks.
Similarly, worldwide insurance for a multinational corporation will involve locations and assets around the world. The underwriting process for this insurance involves collecting and verifying a range of data, such as asset values and loss histories, and making that data available to different interests. This can be a lengthy process but the use of blockchain technology can significantly simplify and speed up the process, while at the same time providing the necessary degree of transparency and reliability.
This use of blockchain to verify the existence of insurance can have other applications too – for example, by providing a platform to streamline the process by which a company can verify that a contractor has the insurance they claim to possess.