The Financial Services and Markets Act 2000 (FSMA) is the principal source of law governing (re)insurance in the UK. FSMA and other regulations provide the main framework for the UK’s regulatory regime, but a large proportion of the law applicable to (re)insurers in the UK is influenced by or derived from European Community legislation, with the most significant source being EU Directive 2009/138/EC, commonly known as “Solvency II”. Solvency II has been transposed into UK law in a number of ways: through FSMA itself, in statutory instruments (the Solvency 2 Regulations 2015 (SI 2015 No. 575)) and through new rules in the UK regulators’ “rulebooks”. As in other European jurisdictions, (re)insurers in the UKare also subject to directly applicable regulations made under Solvency II, notably Commission Delegated Regulation (EU) 2015/35 (the Solvency II Regulation), which have been incorporated into English law so as to apply post-Brexit, and they should also consider relevant guidance, including from the European Insurance and Occupational Pensions Authority (EIOPA). References to Solvency II in this article are to the Solvency II Directive and the Solvency II Regulation (see 3.1 Overseas-Based Insurers or Reinsurers and 13.1 Additional Market Developments for further information about the impact of Brexit).
These sources may be supplemented by UK legislation in respect of other specific aspects of insurance business, including, for example, the Insurance Act 2015, which came into force on 12 August 2016 and reformed insurance contract law (the IA 2015).
The UK is a common law jurisdiction, so as well as statute, precedent judicial decisions have an impact on the development of the UK’s legal system. In the context of (re)insurance, this may be particularly relevant in the interpretation of insurance contracts and in filling any gaps left by statute.
Under FSMA, (re)insurers in the UK are regulated by both the Prudential Regulation Authority (PRA) and the Financial Conduct Authority (FCA), which are responsible for authorised firms’ prudential regulation and conduct supervision, respectively. UK (re)insurers are therefore often referred to as being “dual-regulated”. Insurance intermediaries such as brokers and managing general agents (MGAs) are regulated by the FCA only.
The PRA Rulebook, the FCA Handbook and associated supervisory statements are important sources of rules and guidance for the financial services firms to which they apply, including (re)insurers.
The specialist (re)insurance market, Lloyd’s of London, is also regulated by the PRA and FCA, and managing agents/underwriters participating in the Lloyd’s market are also subject to Lloyd’s supervision.
As a result of the “general prohibition” in Section 19 of FSMA, a firm seeking to conduct (re)insurance business in the UK must obtain authorisation or permissions under Part 4A of FSMA from the PRA (unless it is exempt or can rely on the EU’s passporting regime – see 3 Overseas Firms Doing Business in the Jurisdiction for further details, including in relation to the impact of Brexit). The FCA must consent to the PRA’s granting authorisation. Insurance intermediaries apply to the FCA rather than the PRA.
To obtain authorisation, a firm must be able to satisfy the “threshold conditions” set out in FSMA on an ongoing basis. These conditions include:
The PRA-regulated activities that are referred to broadly as “(re)insurance business” are set out in the Financial Services and Markets Act 2000 (PRA-regulated Activities) Order 2013, and include effecting or carrying out contracts of insurance (in other words, entering into or performing contracts of insurance, respectively) and managing the underwriting capacity of a Lloyd’s syndicate as managing agent at Lloyd’s.
A regulated activity is subject to the general prohibition to the extent that it is carried on “by way of business” in the UK. This restricts the applicability of the rules to persons who undertake the activity in a commercial context and with some degree of regularity. Assuming the activities themselves are carried out in the UK, it is irrelevant if the underlying risks are located outside the UK or if the contracts are subject to a different governing law. If the activity is not carried on in the UK, authorisation is not required under FSMA even if policyholders and/or the underlying risks are located in the UK.
Statute does not fully define the term “contract of insurance”: the Financial Services and Markets Act 2000 (Regulated Activities) Order 2001 does not set out the features which determine whether a contract is an insurance contract, so it is useful to look to the common law for this analysis. Although the regulators may determine whether a contract is a contract of insurance and therefore subject to regulation, this may be challenged in court.
A firm will need to seek PRA authorisation for each class of business it intends to write. FSMA divides insurance business into 18 distinct classes of general business and ten classes of long-term (or life) business.
UK (re)insurance companies are subject to the capital requirements contained in Solvency II, as set out and expanded upon in the PRA Rulebook. There are basic requirements that apply to all authorised (re)insurers, plus additional and different requirements for general insurers, life insurers and pure reinsurers. The PRA can impose additional capital requirements on individual firms if deemed necessary to address certain risks, such as operational or conduct risks. The capital requirements under Solvency II consist of the minimum capital requirement (MCR – ie, the minimum amount of capital a (re)insurer needs to cover its risks) and the solvency capital requirement (SCR – ie, effectively the amount of capital a (re)insurer needs to operate as a going concern), assessed on a value at risk measure. A firm’s SCR can be calculated according to a standard formula, or, with PRA approval to do so, using its own internal model. Capital requirements apply at both the entity and group level. Lloyd’s Solvency II capital requirements are calculated as a whole based on its own internal model and apply to the market as a whole across all Lloyd’s syndicates. Lloyd’s operates its own capital assessment of each syndicate, the Economic Capital Assessment, which is broadly based on Solvency II.
Solvency II and the PRA Rulebook also provide the requirements as to reserves to be maintained by UK (re)insurance companies. Reserves, or technical provisions, must be calculated in a prudent, reliable and objective manner, with the value of the technical provisions corresponding to the amount the (re)insurer would have to pay if its (re)insurance obligations were immediately transferred to another Solvency II firm. Technical provisions must represent a best estimate, as well as including an additional risk margin, calculated in the prescribed manner.
There is no different regulation specifically for writing excess of loss (or XOL) layers in the UK and authorisation requirements apply equally to insurers and reinsurers. A contract of insurance includes a contract of reinsurance, although a company may be licensed as a “pure reinsurer” and therefore not permitted to write direct business. It is worth noting that fewer of the conduct rules apply to reinsurers, as the insureds are regulated insurers rather than individuals. Therefore, XOL reinsurance may be subject to lighter regulation – eg, not being subject to all the consumer conduct rules. Since the introduction of the IA 2015, which applies to business insurance and reinsurance contracts and contains the duty of fair representation of the risk, as well as specifying remedies the (re)insurer has for a breach, there has been a move away from (re)insurers being favoured under the common law on insurance contracts.
The IA 2015 followed on from other changes to amend the common law and insurance contracts in favour of consumers, including the Third Parties (Rights against Insurers) Act 2010, which made it easier for third parties to claim directly against insurers (on liability insurance) where the insured was insolvent, and the Consumer Insurance (Disclosure and Representations) Act 2012, which curtailed an insurer’s rights to avoid the contract at common law.
Insurance premium tax (IPT) derives from European Community law and was introduced in the UK by the Finance Act 1994 and the Insurance Premium Tax Regulations 1994. IPT is a tax on premiums paid under all contracts of insurance, wherever written or wherever the insurer or insured is located, except those specifically exempted from IPT (which includes those where the contract relates only to non-UK risks, reinsurance or life assurance, among other categories). IPT is generally payable to HMRC by the insurer (or in some cases by a taxable intermediary). In practice, groups of insurers that are UK corporates may account for IPT under a single registration, while other special registration arrangements apply to Lloyd’s syndicate members, non-UK insurers and partners in a partnership. IPT is chargeable at 12% (standard rate) or 20% (higher rate) of the IPT exclusive amount of the premium paid to the insurer by the insured (or taxable intermediary), depending on the type of insurance contract and who arranges it.
The starting point for firms deemed to be carrying on (re)insurance business in the UK (even if they do not have a permanent establishment in the UK, for example, by acting through agents) is that authorisation under FSMA is required.
Business Not Carried on in the UK
As noted in 2 Regulation of Insurance and Reinsurance, a risk in the UK can be insured without UK authorisation if the regulated activity is not being carried on in the UK. It may be possible for overseas (re)insurers to arrange to carry out their business in such a way that they are not deemed to be doing so in the UK itself, thereby avoiding the need for approval under FSMA. This may not be an entirely straightforward approach, however, given that the position is not entirely certain, there is a significant amount of guidance from the regulators and case law around what activities constitute “effecting” or “carrying out” a contract of insurance and whether business is therefore being carried on “in the UK” and, under FSMA, permission may still be required for other activities connected to the main regulated insurance activities. For example, making arrangements in the UK in connection with the “effecting” of a contract of insurance is an FCA-authorised activity and would require authorisation.
Non-UK insurers may apply for authorisation to establish a UK branch if they meet the relevant regulatory requirements to do so. There are certain distinctions under Solvency II; for example, a single branch cannot carry out both life and non-life insurance activities (subject to certain “grandfathering” provisions), and Solvency II sets no particular standards for pure reinsurers to establish a branch.
Until 31 December 2020, firms established and authorised outside the UK but within the European Economic Area (EEA) were exempt from the requirement for UK authorisation under the EU passporting regime. This meant that those firms could conduct business in the UK on a cross-border basis, by way of either freedom of services or establishment.
Effect of Brexit
The basis on which the UK will leave the EU is still uncertain at the time of writing (see 13 Other Developments in Insurance Law). Once the transitional period finishes on 31 December 2020, it is likely that the insurance industry will lose its automatic passporting rights between the UK and the rest of the EU. In anticipation of this, the PRA and FCA have implemented a “temporary permissions regime” which, under certain conditions, would permit non-UK EEA firms to continue to passport into the UK for a limited period. Provisions have also been implemented to preserve the validity of contracts written cross-border into the UK pre-Brexit where the EEA insurer does not intend to apply for UK authorisation. It is currently unclear which EEA Member States will implement broadly similar transitional provisions that would allow UK-authorised firms to continue to service policyholders resident in those Member States under existing contracts for a limited period in the event of the transition period ending without an agreement on financial services.
There is no prohibition on fronting in the UK. Historically the UK regulators have tended to look unfavourably on the practice, but it is possible and, indeed, a number of financial guaranty firms have entered into fronting arrangements, whereby business was written in the UK and 100% reinsured back to the parent entity. The Financial Services Authority (FSA) – the PRA and FCA’s predecessor – had concerns around counterparty credit risk of the non-UK parent and the possible risk of UK policyholders not being paid, which was perceived as less of an issue for commercial lines like financial guarantees, particularly where obligations were collateralised. This concern was dealt with in the regulator’s rulebook through a presumption that reinsurance above a certain amount of reserves assumed too much credit risk unless it could be justified and mitigated, for example by collateral or a guarantee. In practice, the regulators would now expect retention of at least 10% of the risk (as a general rule of thumb). This figure has also been raised more recently as “a good referential” by EIOPA in its Brexit guidance.
Despite the uncertainties of Brexit, M&A activity in the global (re)insurance industry rose in the first half of 2020 (compared with the same period in 2019). However, a significant portion of these deals were negotiated and agreed pre-pandemic. The first half of 2020 also saw a slowdown in the number of deals valued over USD1 billion. Capital raising has been a feature of the 2020 market, and the second half of 2020 has seen increased deal activity. The sustained low interest environment has undoubtedly also increased pressure on (re)insurers to refine their business models, increasing scale and/or exit classes of unprofitable or non-core business.
The life insurance sector has seen considerable activity following the implementation of Solvency II, with a number of insurers exiting lines of business with higher capital requirements, such as annuities or other products with long-term guarantees. There has also been an effect on the run-off market as firms look to be as capital-efficient as possible in a low-interest, low-growth environment and off-load non-core business through share sales, reinsurance or business transfers, or often a mixture of the two latter approaches. These deals can release significant amounts of regulatory capital, which the insurer can then deploy elsewhere in new opportunities (see also 12 Recent and Forthcoming Legal Developments).
Consolidation in the broker market is ongoing and is likely to continue as the market adjusts to regulatory change and the challenging economic environment, as is the deal activity in “insurtech” businesses (see 10 Insurtech).
In the non-life sector, a number of acquirers continue to be interested in Lloyd’s businesses. Membership of Lloyd’s gives a presence in the global (re)insurance and specialty markets using Lloyd’s international licences and capital rating, thus avoiding the need for separate authorisations and individual capital requirements in each jurisdiction. In addition, 2020 saw the launch of four new “syndicates-in-a-box”, part of Lloyd’s modernisation agenda.
Much M&A activity has been driven by financial investors with plenty of capital and an interest across the full spectrum of the insurance sector.
(Re)insurance distribution in the UK takes place through a wide variety of channels, including through direct sales, brokers acting on behalf of their clients in arranging (re)insurance cover, agents acting on behalf of the (re)insurer, independent intermediaries, banks (through bancassurance or partnership arrangements), various retailers in connection with retail products being sold, and increasingly online sales, often through comparison websites, particularly for motor and home insurance.
Distribution at Lloyd’s takes place through brokers and through insurance agents or coverholders, holding binding authorities on behalf of the managing agents/syndicates for whom they underwrite. Such intermediaries have to be separately approved by Lloyd’s in addition to receiving any other intermediary authorisation required in the jurisdictions where they operate. There has been significant consolidation in the broker and intermediary sector in the UK.
Regulation of distribution in the UK is based on the EU’s Insurance Distribution Directive (Directive 2016/97/EU) (IDD), which replaced the Insurance Mediation Directive (Directive 2002/92/EU). The IDD aimed to improve intermediary regulation to cover all sellers of insurance, including insurers themselves, and ensure the same level of protection for consumers regardless of the distribution channel used. In the UK, intermediation by (re)insurers was already regulated and, therefore, fewer changes were required to implement the IDD. The IDD is implemented in the UK through FSMA and associated statutory instruments, as well as through the FCA Handbook.
The FCA is responsible for the authorisation and both the prudential and conduct regulation of intermediaries operating in the UK. Every person in the intermediation chain from customer to insurer must be either authorised or exempt. Intermediation is defined widely to include arranging a contract of insurance, making arrangements with a view to someone entering into a contract of insurance, dealing in a contract of insurance as agent, advising on a contract of insurance or assisting in the administration and performance of a contract of insurance. A lighter conduct regime applies to reinsurance intermediation.
Rules for intermediaries range from compliance with capital and professional indemnity insurance requirements through training and competence requirements to information required to be provided to potential customers, which varies according to the type of intermediary, business and customer.
The IA 2015 reformed UK insurance contract law in relation to misrepresentation and non-disclosure in commercial contracts. It applies to all (re)insurance contracts entered into wholly or mainly for the purposes of trade, business or profession that are entered into or varied after 12 August 2016.
Duty of Fair Presentation
The IA 2015 places the insured’s common law duty of full and frank disclosure on a statutory footing, imposing a duty on insureds to make disclosures in a manner that would be reasonably clear and accessible to a prudent insurer. The “accessibility” requirement is intended to prevent “data dumping” – ie, disclosing a mass of data without highlighting material considerations.
Representations of fact by insureds must be “substantially correct”, and representations of expectations or belief must be made in good faith. An insured must make a “reasonable search” of the information available to them, including information held by their agents or others who are intended to be covered by the insurance.
An insured will need to disclose every material circumstance they know or ought reasonably to know, or sufficient information to put a prudent insurer on notice that the insurer needs to make further enquiries for the purposes of revealing the material circumstances.
A “material circumstance” for these purposes is anything that would or is reasonably likely to influence the judgement of a prudent insurer in determining whether to take the risk and, if so, on what terms.
In the case of commercial contracts, where the breach of the duty of fair presentation by the insured was deliberate or reckless, the insurer can avoid the contract, keep the premium and refuse to pay claims. Where the breach was not deliberate or reckless, the remedy depends on what the insurer would have done if a fair presentation had been made. If the insurer would not have entered into the contract at all, it can return the premium, avoid the contract and refuse to pay claims. If the insurer would have entered into the contract but on different terms, the contract is treated as if the different terms had been agreed. If the insurer would have charged a higher premium, the insurer can proportionately reduce the amount it pays on a claim.
In relation to consumer contracts, the Consumer Insurance (Disclosure and Representations) Act 2012 (CIDRA 2012) requires the insurer’s remedies to be proportionate to the failings of the insured.
An insurance intermediary may act on behalf of the insurer or the insured. Where an insurance broker is acting on behalf of the insured, its duty is to exercise reasonable care and skill in the fulfilment of its instructions and the performance of its obligations. An insurance broker is also under a duty to carefully ascertain its clients’ insurance needs and to use reasonable skill and care to obtain insurance that meets those needs, together with carefully reviewing the terms of any quotations or indications given to its clients. An insurance broker must also ensure that it explains to its client the terms of the proposed insurance to ensure the client is fully informed and satisfied that all its insurance requirements are met. An intermediary acting on behalf of an insurer must comply with the conduct of business requirements applicable to the selling of insurance.
At common law, there is no requirement for a contract of insurance to be in any particular form or even to be in writing, although there is usually a document (called a policy) that evidences the contract. Some insurance contracts, such as contracts for marine insurance, are required by statute to be expressed in a policy.
The Marine Insurance Act 1906 and the Life Assurance Act 1774 (which is not restricted to life insurance) require an insured person to have an insurable interest in the subject matter of the insurance. This means that, in order for an insurance contract to be valid, the person taking out the insurance should stand to benefit from the preservation of the subject matter of the insurance or suffer a disadvantage should it be lost.
The law on insurable interest differs depending on whether the contract is for non-indemnity insurance (insurance that pays out a lump sum on the occurrence of a specified event, such as death, personal accident or critical illness, regardless of the loss suffered) or indemnity insurance (which compensates the policyholder for loss suffered). In the case of non-indemnity insurance, the Life Assurance Act 1774 makes null and void any policy on the life or lives of any person or on any event made by any person having no interest.
The English and Scottish Law Commissions have consulted on the topic of insurable interest at various times over the past ten years, suggesting that the law of insurable interest is complex and uncertain, and not required at all in relation to indemnity insurance. In 2016, the Law Commissions conducted a short consultation on a draft Bill to reform the law on insurable interest, and published an updated draft Bill on 20 June 2018. At the time of writing, the Law Commissions were analysing responses to the consultation on the updated draft Bill and indicated that they will produce a report with final recommendations in due course.
Generally, an insurable interest is required for multiple insureds and beneficiaries who are not named in the contract; mortgagees, for example, do have an interest in the relevant policy through their loan secured on the relevant property. For life policies, the position is a little less straightforward – where there are “mid-term beneficiaries” in multi-life policies, the requirement for an insurable interest at the time the policy is taken out means that, in theory, the policyholder lacks an insurable interest in respect of those potential beneficiaries. The draft Bill (see 6.4 Legal Requirements and Distinguishing Features of an Insurance Contract) contains wording intended to clarify the position in favour of such potential beneficiaries.
Consumer contracts tend to have more protection for the insured through regulation. CIDRA 2012 provides clarity to consumers on what information they need to provide to insurers when taking out an insurance policy. It removes the duty on consumers when buying or renewing insurance to volunteer information, replacing it with a duty to take reasonable care not to make a misrepresentation. Generally, representations will be made by consumers in response to questions raised by the insurer.
In relation to consumer contracts, CIDRA 2012 also requires the insurer’s remedies to be proportionate to the failings of the insured. This means that an insured is not unfairly deprived of all cover in circumstances where an insurer would still have accepted the risk had it known the full facts.
The term “Alternative Risk Transfer” (ART) encompasses a number of alternative techniques used to transfer risk as compared with traditional contracts of insurance or reinsurance. As such, the type and structure of an ART transaction will affect its regulatory treatment. (Re)insurers in the UK have used ART for a number of years and, where the technique used includes some transfer of risk, regulatory credit will be given for that transfer if it meets the specific criteria set out in the Solvency II Regulation. The Solvency II Regulation explicitly recognises risk mitigation techniques used to transfer a variety of risks, including underwriting risk, but only if they fulfil the relevant criteria.
Industry Loss Warranties (ILWs) are a type of contract that pays out upon the occurrence of a market loss of agreed severity in response to certain catastrophe events. There might also be a double trigger of loss to the insured/reinsured in addition to market loss. There can, however, be considerable basis risk – ie, the risk that whatever loss the (re)insured suffers will not be fully compensated by the ILW recovery because the two do not exactly match or because the market trigger is not reached. They may not therefore attract much Solvency II credit and for that reason there may be more careful matching of triggers and more payouts based on indemnity rather than fixed sum payouts.
A new onshore insurance-linked securities (ILS) regime was implemented in the UK with effect from 4 December 2017. The UK regime has been set up to be fully compliant with Solvency II rules on special purpose vehicles and therefore the appropriate reinsurance credit under Solvency II should be received.
ART transactions from other jurisdictions will be treated as reinsurance for UK cedents if the contract can be shown to fulfil the common law definition of insurance and also fulfils the Solvency II Regulation’s requirements for recognition as a risk mitigant. ART transactions structured as derivative contracts can also be recognised as a risk mitigant if they fulfil the conditions for derivatives as risk mitigants.
Insurance contracts are construed according to the principles of construction generally applicable to other contracts. The following general rules of construction apply:
The IA 2015 reformed the law of warranties and remedies for fraudulent claims in relation to both consumer and business insureds.
The IA 2015 abolished the so-called “basis of contract” clause in insurance contracts, which turns an insured’s representations into warranties. Breaches of warranty that are irrelevant to the loss that occurs will no longer discharge insurers from liability.
Where the insured can demonstrate that a failure to comply with a contractual term, including a warranty, could not have increased the risk of the loss that occurred, insurers will no longer be able to rely on the breach to exclude, limit or discharge their liability. A breach of warranty will discharge the insurer from liability for loss occurring after the breach but not from liability for loss occurring before the breach or after the breach has been remedied.
Contracting Out of the IA 2015
The IA 2015 provides that breaches of warranty that are irrelevant to the loss that occurs will no longer discharge insurers from liability (see 8.2 Warranties). In consumer contracts, any attempt to contract out of any part of the IA 2015 will be of no effect. In commercial contracts, an insurer seeking to contract out of the provisions of the IA 2015 must take sufficient steps to bring the relevant term to the insured’s attention and ensure that the term is clear and unambiguous as to its effect.
The IA 2015 enables insurers to treat the insurance contract as terminated from the date of the fraudulent act. The previous common law position of insurers not being liable for fraudulent claims and being able to recover payments made to the insured in respect of a fraudulent claim remains unchanged.
It is common for an insurance contract to specify a mechanism for dealing with disputes prior to resorting to litigation or arbitration. This may range from an initial attempt to resolve the dispute through nominated senior executives or managers to other dispute resolution mechanisms, such as an independent expert determination or mediation. Whilst insurance disputes are often litigated, it is common for commercial insurance contracts and reinsurance contracts to contain an arbitration clause providing for disputes to be settled through arbitration rather than the courts.
Consumer contracts have to contain certain provisions required by law or regulation to protect consumers. Whilst consumer contracts are sometimes litigated, insurers must provide consumers with details of complaints procedures and their right to refer disputes to the financial ombudsman. They are also under a regulatory duty to treat customers fairly. Consumer disputes will therefore often be settled through internal procedures or an ombudsman ruling rather than through the courts.
Limitation Period for Insurance Claims
There is no specific statutory limitation period for making a claim under an insurance or reinsurance contract. Insurance contracts are subject to the normal limitation period under the Limitation Act 1980 for causes of action founded on breach of contract (six years from the date on which the cause of action accrues).
As well as the statutory limitation period, insurance and reinsurance contracts typically include a notification clause requiring the insured to give the insurer notice of claims or losses, or of circumstances that give rise to a claim or loss, in a particular manner (usually in writing) and within a particular period (for example, "as soon as reasonably practicable"). An insured can lose the right to an indemnity for failure to comply with a notification clause where compliance is a condition precedent to bringing the claim. So-called “claims made” policies provide cover for claims actually made within the policy period – usually a year.
Enforcement of Insurance Contracts by Third Parties
The Contracts (Rights of Third Parties) Act 1999 allows for third party enforcement in certain circumstances. For example, a third party may be able to enforce a contractual term in an insurance contract if either:
In practice, however, contracts of insurance usually exclude the Contracts (Rights of Third Parties) Act 1999.
Disputes over jurisdiction regarding civil and commercial matters are resolved using two principal sets of jurisdictional rules: the European regime, and the common law regime. The European regime takes priority where it applies.
The jurisdictional rules that form part of the European regime are set out in two EU regulations:
Jurisdiction in matters relating to insurance is determined on the basis of distinct rules set out in the EU regulations, which aim to protect the so-called “weaker party”. In particular, a policyholder, an insured or a beneficiary can choose to claim against an insurer in the courts of different Member States, including the Member State where the insurer is domiciled, the Member State where the claimant is domiciled, or – in the case of a co-insurer – the Member State where proceedings are brought against the leading insurer. On the other hand, an insurer can only claim in the courts of the Member State where the defendant is domiciled. Parties can depart from these rules only by agreement in prescribed circumstances.
Disputes over the law applicable to contracts concluded after 17 December 2009 are resolved on the basis of the rules set out in Regulation (EC) 593/2008 of 17 June 2008 on the law applicable to contractual obligations, commonly known as the Rome I Regulation. Unlike the previous European regime set out in the Rome Convention on the Law Applicable to Contractual Obligations 1980 (transposed in the United Kingdom through the Contracts (Applicable Law) Act 1990), the Rome I Regulation applies to insurance contracts, with the exception of certain life assurance contracts.
Most EU law (including Rome I and the Recast Brussels Regulations) continues to apply to the UK during the Brexit transition period, and most references to Member States in EU law will include the UK.
The Rome I Regulation will continue to apply after 1 January 2021. The UK has incorporated the provisions of Rome I into English law by virtue of the Law Applicable to Contractual Obligations and Non-Contractual Obligations (Amendment etc.) (EU Exit) Regulations 2019, which comes into force on 1 January 2021.
The UK has requested to join the Lugano Convention after the transition period (it is currently a party to the Convention and will remain so until the end of the transition period), but requires unanimous approval from the current contracting parties. Although certain countries have already indicated that they support the UK's accession, the EU and Denmark have withheld their support. Even if EU consent is given, the accession process may take up to a year, which exceeds the time remaining until the expiry of the transition period.
Regardless of whether the UK is allowed to accede to the Lugano Convention, the UK intends to rejoin the 2005 Hague Convention on Choice of Court Agreements upon the expiry of the transition period. This Convention would apply post-transition between the EU and the UK (as well as Singapore, Montenegro and Mexico). The Hague Convention requires the court designated in an exclusive jurisdiction agreement to hear the case, and generally prevents courts of other contracting states from hearing parallel proceedings, which goes some of the way towards plugging the gap that will be left by the Recast Brussels Regulations in a no-deal scenario.
It is currently unclear if the 2005 Hague Convention will apply in respect of exclusive jurisdiction clauses concluded between 1 October 2015 (which is when the 2005 Hague Convention came into force in the UK, by virtue of the EU’s accession to the Convention on Member States’ behalf) and 1 January 2021 in favour of the English courts, as the EU Commission has stated that it considers that the 2005 Hague Convention will only apply between the UK and EU Member States with respect to exclusive jurisdiction clauses concluded on or after 1 January 2021.
Civil litigation in England and Wales is adversarial in nature. The first stage in typical court proceedings is the issuance of a claim form, which contains the names of the parties, details of the claim and its value. The claimant then serves the claim form on the defendant, and must also prepare and serve the particulars of the claim, stating the facts on which it relies, the remedy sought, and any other relevant information. Legal argument will usually be reserved for the actual trial.
The defendant can choose to defend against the claim by serving a defence. The claimant can reply to the defence. If the defence includes a counterclaim, the claimant’s reply must also include a defence.
Next steps include disclosure, when each party is required to disclose to the other documents within its control that are relevant to the issues in dispute. The disclosure obligation in English litigation is wide and requires each party to disclose documents that support or harm their case or their opponent’s case. Parties will also typically exchange witness statements on issues of fact and expert reports.
The case will then proceed to trial. English trials principally involve each party’s counsel making oral submissions and drawing the judge's attention to the relevant evidence and law, including calling on the evidence of witnesses and experts upon which they seek to rely, and cross-examining opposing witnesses and experts.
The parties must take each step within prescribed periods of time set out in the civil procedure rules, or decided by the court, including in case management conferences (CMC) where the parties and the judge decide how the case should be conducted going forward, including setting a timetable for all the steps up to trial.
If an unsuccessful party does not voluntarily comply with the judgment of the court, various enforcement procedures are available, including the seizure and sale of that party’s assets or the imposition of a charge over certain assets.
Foreign judgments can be enforced in England and Wales, but the rules governing the recognition and enforcement of foreign judgments will vary depending on the foreign jurisdiction:
Under the European regime, the judgment creditor requires the leave of the court to enforce a foreign judgment, following which it can be enforced as if were an English judgment. Under the Recast Brussels Regulation, the judgment creditor needs to provide the enforcing authority (and the judgment debtor) with a certificate from the court of origin, certifying that the judgment is enforceable and contains relevant details, as well as an authenticated copy of the judgment and a translation, if relevant. Under the 2001 Brussels Regulation, the judgment creditor was also required to obtain a declaration of enforceability from the enforcing state, but this requirement was removed under the Recast Brussels Regulation to streamline enforcement.
The judgment debtor can apply to the court where enforcement is being sought, requesting that enforcement is refused. The grounds for refusal are limited and do not allow the enforcing court to revisit the merits of the judgment.
The current rules on enforcement will generally continue to apply to proceedings commenced before the end of the Brexit transition period.
As to proceedings commenced post-transition, if there is no exclusive jurisdiction clause and absent an agreement between the UK and EU (for example, until the UK joins the Lugano Convention in its own right, assuming this will happen eventually), the enforcement of judgments will depend on the rules on enforcement in the UK and the relevant EU Member State. If there is an exclusive jurisdiction clause, then the enforcement rules depend on when the exclusive jurisdiction clause was entered into. If it was entered into post-transition, then the 2005 Hague Convention provides for enforcements of judgments in a similar way to the Recast Brussels Regulation. If the exclusive jurisdiction clause was entered into before the end of the transition period, then the situation is currently unclear given the uncertainty of the application of the 2005 Hague Convention to exclusive jurisdiction clauses agreed after 1 October 2015 but before the end of the transition period (see 9.2 Insurance Disputes over Jurisdiction and Choice of Law).
Arbitration clauses in commercial insurance and reinsurance contracts can be enforced in the same way as arbitration clauses in other kinds of contracts. Indeed, arbitration is a popular method of resolving insurance disputes. The Insurance and Reinsurance Arbitration Society (ARIAS (UK)) has prepared a recommended arbitration clause, which takes into account the ARIAS Arbitration Rules and the provisions of the Arbitration Act 1996 (the 1996 Act).
Under Section 66 of the 1996 Act, arbitral awards can be enforced as a judgment with leave of the court, whether they are domestic or foreign.
The United Kingdom is a signatory to the New York Convention, which entered into force on 23 December 1975, with a reciprocity reservation. The UK has submitted notifications extending the territorial application of the New York Convention to Gibraltar, the Isle of Man, Bermuda, the Cayman Islands, Guernsey, Jersey and the BVI.
For foreign awards governed by the New York Convention, Section 103 of the 1996 Act contains the grounds of review for recognition and enforcement, which are set out in Article V of the New York Convention. In practice, the UK is an “arbitration-friendly” jurisdiction and the grounds for review of foreign awards are limited.
In addition to the New York Convention, the UK is also a party to the Geneva Convention on the Execution of Foreign Arbitral Awards of 1927, the Convention on the Settlement of Investment Disputes between States and Nationals of Other States of 1965 and numerous other Bilateral and Multilateral Investment Treaties.
Arbitration is commonly used in insurance and reinsurance disputes, and a clause requiring this form of dispute resolution to be used may be contained in the policy. The International Chamber of Commerce (ICC) and the London Court of International Arbitration (LCIA) are frequently used.
A contract might also require resolution of a dispute through another form of alternative dispute resolution, such as mediation. The court will encourage mediation before litigation for both insurance and reinsurance contracts, and failure to attempt it may result in costs penalties.
The Enterprise Act 2016 introduced an implied term to (re)insurance contracts that insurers must pay sums owed to policyholders within a reasonable time. The type of insurance, the size and complexity of the claim, compliance with any relevant statutory or regulatory rules or guidance, or factors outside the (re)insurer’s control will all be taken into account when assessing what constitutes a reasonable time.
A breach of this implied term could give rise to a claim for damages. The limitation period for the insured to bring the claim for damages is one year from the date of the last payment in respect of the relevant loss (Limitation Act 1980).
Parties to a non-consumer contract can contract out of the reasonable time obligation, provided they comply with the IA 2015 transparency provision.
As a result of the doctrine of subrogation, an insurer may pursue third parties for claims pursuant to which the insurer may be liable to the insured. The insurer can “step into the shoes” of the insured and pursue in the insured’s name or, alternatively, require the insured to pursue claims that may lie against third parties in respect of the insured event giving rise to a claim under the policy. To trigger subrogation, at common law it is necessary for the insured to be fully indemnified as a condition to the insurer exercising its subrogation rights. In practice, the extent of – and circumstances for – the exercise of subrogation and procedures applicable is specified in the policy.
An increasing number of start-ups are applying new technologies in the insurance space. Incumbent insurers are focused on partnering with and acquiring these businesses in order to avoid disruption, meet evolving customer demands and capitalise on insurtech’s potential.
Several of the most common strategies are listed below. Importantly, these strategies are not mutually exclusive and global players typically utilise several in parallel, if not all of them.
Below are some of the products involved in insurtech.
Efforts have been made by regulators to adapt to insurtech, demonstrated by the launch of Project Innovate by the FCA in 2014. A key component of the project is the regulatory sandbox. This involves early, open and honest communication between insurtech firms and their respective regulators, who provide individual guidance, potential modification of rules and letters of no enforcement action for a limited duration. The FCA closely monitors the pilot and receives information regarding current innovations.
As a centre for the global (re)insurance industry, the UK industry – particularly Lloyd’s and the London market – is focused on the many emerging risks common to those in the rest of the world, including catastrophe and environmental risk from climate change, cybersecurity risk and the changing risk profile of common types of insurance, such as motor and liability, with the development of automation and AI (see also 12 Recent and Forthcoming Legal Developments in connection with the developments arising from the COVID-19 pandemic).
UK businesses have a heightened awareness of the threat that cybercrime poses, following a number of recent high-profile data breaches. The joint report on cyberthreat to UK business from the National Cyber Security Centre (NCSC) and the National Crime Agency (NCA) acknowledged the pace at which cyberthreats evolve, and urged collaboration between government, law enforcement agencies and business to tackle this universal threat. In its Annual Review 2020, the NCSC stated that it had been involved with, or defended the UK from, 723 cyber-attack incidents in the previous 12 months. Whilst (re)insurers face cyber-risks themselves, it is also an opportunity for them to offer cyber-risk insurance protection to others.
The UK government is committed to making the UK a leader in cybersecurity, and the FCA and PRA are both alive to the risks that financial services firms such as (re)insurers face from cyberthreats. The PRA and FCA are engaging with industry and co-operating with each other and the Bank of England (BoE) to monitor the use of new technologies, assess emerging regulatory risk and test firms’ operational resilience and cyber-resilience through stress tests – and to apply enforcement and fines when regulatory and data breaches occur.
Longevity risk has been an increasing focus of the regulator, due in part to the peculiarities of Solvency II. In 2017, the PRA recognised that the design of the risk margin makes it highly sensitive to interest rate conditions. In the BoE’s public response to the European Commission’s Call for Evidence on EU Financial services regulation, the PRA noted that interest rate sensitivity, coupled with historic low rates in the UK, meant that the risk margin is disproportionally large for UK insurers writing interest rate sensitive risks, which are usually long term. The PRA also noted that the volatility was undesirable from a prudential viewpoint because of its potential to promote pro-cyclical investment behaviour by insurers. Consequently, the PRA publicly supported redesign of the risk margin to deliver more stable balance sheet outcomes for insurers and thereby support their key role as long-term investors in the economy.
In June 2018, BoE Deputy Governor Sam Woods explained that, due to Brexit uncertainties, the PRA was struggling to find a way to implement a change (to the risk margin) with enough certainty that firms could rely on for pricing, capital planning and the use of reinsurance. He also noted that calculation of the risk margin had pushed leading UK insurers into reinsuring a substantial proportion of longevity risk offshore, and whilst there were no immediate concerns regarding this issue, it could become a prudential concern if left unconstrained. The PRA is taking an increasing interest in such transactions, and insurers are required to notify the regulator of their longevity deals and the mitigating steps taken to reduce their counterparty exposure associated with offshore reinsurance. In a recent review of Solvency II announced by HM Treasury, it was indicated that reform to the risk margin was part of the agenda.
Several features of DLT, such as blockchain, justify its reputation of offering a high standard of protection against cybersecurity risk. From the sharing of identical information across networks to the cryptography-based protections built into the technology, DLT represents an exciting development in the fight against cybercrime. The ability to protect data from cyber-attacks or malicious tampering is not only beneficial from a business risk point of view, but it also makes a product based on DLT more attractive to both consumers and regulators, who must balance innovation against risks to markets and customers. However, weaknesses in DLT have been revealed through a series of cyber-attacks against digital currencies that use DLT.
To manage the policy and regulatory implications of DLT and cryptoassets in financial services, in March 2018 the BoE, the FCA and HM Treasury created a Cryptoassets Taskforce, which published a report in October 2018 detailing specific actions to be taken by regulatory authorities to mitigate the risks that come with the potential benefits of DLT. The FCA issued its own guidance on cryptoassets in July 2019 (PS19/22), following a January 2019 consultation.
The impact of the COVID-19 pandemic in 2020 has seen above-average major claims activity, particularly with business interruption insurance. The industry has strongly advised the UK and other governments globally to introduce a public-private risk-financing mechanism for future pandemics, referred to as “Pandemic Re”, which is modelled off the UK government-backed terrorism risk mutual “Pool Re”.
In addition, regulators have taken an active role in approaching the issues posed by COVID-19. In the UK, the FCA initiated a test case on business interruption insurance and, in January 2021, the Supreme Court issued a judgment that substantially allowed the appeals of the regulator. However, there were certain qualifications given to the Supreme Court’s findings, meaning that insurers and insureds will need to continue to carefully consider their policy language. With regard to the issue of causation, rather than following the “but for” test, the Supreme Court determined that where there are multiple concurrent causes of loss, only one of which is covered by the policy, unless the other cause is specifically excluded, the insurer may be liable. However, it remains dependent on the policy wording itself to determine whether this causal connection is sufficient to trigger the insurer’s obligations. In addition, as part of its judgment, the Supreme Court overruled the Orient Express case, which is likely to have wider implications for business interruption policies beyond the pandemic. The judgment is also likely to result in potentially difficult discussions between cedants and reinsurers, and, in some cases, may result in litigation over the extent of coverage.
Part VII Transfers
In the UK there are specific provisions (in Part VII of FSMA) allowing one insurer to transfer its business to another, without the requirement for policyholder consent or consent from any other affected counterparties (a “Part VII transfer scheme”). There have been an increasing number of these over the past few years due to M&A activity and reorganisations driven by Solvency II or Brexit. A judgment of the High Court delivered on 16 August 2019 by Mr Justice Snowden refused to sanction a proposed Part VII transfer scheme whereby Prudential proposed to transfer annuity policies (constituting approximately GBP12.9 billion of liabilities) to Rothesay Life. Upon appeal, the Court of Appeal overturned the refusal to sanction the proposed transfer and remitted the application to a different judge of the High Court.
There are continuing uncertainties surrounding any final Brexit outcomes for the (re)insurance market, including the likely post-transition period relationship between the UK and the EU27. Unless a deal on the terms of their future relationship (including in relation to the (re)insurance industry) is agreed before the transitional period finishes, it seems likely that the UK will be treated as a third country going forwards, which includes the loss of automatic passporting rights between the UK and the rest of the EU. At the time of writing, no such deal has been reached. In November 2020, HM Treasury announced that the UK will be granting a package of equivalence decisions to the EU and EEA Member States. No equivalent statement from the EU has been announced at the time of writing.
Insurers have been planning for some time on the basis of a no-deal or hard Brexit to set up new authorised subsidiaries or branches so as to be able to access both the UK and EU markets in case this is required post-Brexit.
The UK government has drafted legislation intended to maintain EU laws and regulations currently directly applicable in the UK, including those relating to (re)insurance, and in particular Solvency II, but without the references to EU institutions and the reciprocal arrangements that come with being a member, by incorporating these into domestic law through statutory instruments under the European Union Withdrawal Act. The intention is, therefore, that there will be no difference in (re)insurance regulation as it currently applies in the UK and to UK authorised (re)insurers immediately post-Brexit, with the amendments being made purely to reflect the UK’s withdrawal from the EU and its institutions.
It is unlikely that the regulators or the UK (re)insurance industry will wish to diverge greatly from Solvency II, given the amount of effort, time and money spent on its implementation. However, some changes may be made in areas that are already heavily criticised by the regulators and the industry, notably the risk margin, the matching adjustment and the treatment of certain long-term investments. Each of these was raised in HM Treasury’s Call for Evidence on Solvency II, which aims to discuss how Solvency II law and regulation in the UK might change post-Brexit. Over time, there will be some EU-derived laws and regulations that the UK government will amend or remove completely, but the extent of change is likely to depend on what can finally be agreed with the EU on the future relationship.
Insurance-Linked Securities Regime
The new ILS regime for the UK was implemented after a significant amount of work between the regulators, the industry and HM Treasury to design an onshore regime that would allow the UK to compete with more established ILS jurisdictions, whilst ensuring that ILS issued in the UK would be compliant with Solvency II.
The new rules introduced protected cell companies into the UK for the first time, together with an attractive tax regime and a bespoke approach to regulation and supervision to reflect the nature of ILS transactions.
The defining feature of 2020 was, of course, the COVID-19 pandemic. Along with the terrible human suffering which has resulted, the virus has also precipitated the biggest financial crisis of modern times and the insurance industry has not been immune. This has led to a re-evaluation of established insurance products and legal presumptions.
In particular, the insurance regulator – the Financial Conduct Authority – initiated legal proceedings to test the limits of non-damage business interruption insurance. At the time of writing, we await the decision of the Supreme Court in these proceedings, which are likely to lead to a root and branch overhaul of this (and other) classes of insurance business. In particular, the Supreme Court decision can be expected to address not just issues particular to business interruption insurance but also wider issues such as causation and policy construction. It is anticipated that the Court’s decision will be handed down in January 2021.
Interestingly, the various lockdown measures imposed by the UK Government during 2020 have led to an increased interest in the purchase of Usage Based Insurance (UBI). This is part of an increasingly powerful and continuing trend in the industry towards the adoption of insurtech in all aspects of the business. In the long-term, organisations that are slow to embrace this new technology will struggle to compete and to retain their place in the market.
Insurtech is an elastic term that broadly includes Artificial Intelligence (AI) and associated technologies such as chatbots, robotics, telematics and gamification.
Initially, these innovations have impacted the consumer market and the markets servicing SMEs; it seems inevitable, however, that the technology will expand into more complex risks as it beds down.
The discussion that follows provides an overview of the current and future use of insurtech as well as highlighting some of the commercial, legal and even philosophical issues that its use will raise.
Currently, insurtech is being deployed broadly in two areas of the underwriting process: the gathering and analysis of data to create personalised policies, and the elimination of repetitive tasks and unnecessary delays. Essentially, this involves the combination of highly specific source data relating to the potential insured with broader data sources and the application of algorithms to this material to provide a fast but targeted risk analysis.
Source Data and Personalised Insurance
One of the major innovations that insurtech has introduced is Usage Based Insurance, which can be used to develop more personalised insurance products. Personalisation is achieved by the use of algorithms to analyse the insured’s own data together with external information from a broad range of sources to generate a bespoke risk score. This process is intended to significantly improve the relevance of the insurance to the buyer as well as the underwriter’s ability to assess risk.
Pay as you drive insurance is at the forefront of this process and there are a number of examples on the market. This insurance is priced on the basis of a fixed cost for the car’s stationary risk, such as fire and theft, and a flexible element based on the number of miles driven each month. Mileage information is collected through the use of telematics involving a "black box" in the car to relay information to the insurer in real time. Drivers can also see the cost of their insurance as it is incurred.
More particularly, however, insurance can be tailored not only by reference to how far an insured drives but also by how the insured drives. This will involve the use of telematics to monitor variables such as the speed at which a vehicle is driven on different kinds of road, whether the driver brakes or accelerates sharply, whether the driver take rests on long drives and where and when the car is driven. This information is transmitted from a black box in the car to the insurer, and is then compared with data from others to set a premium. Clearly, this involves the collection and analysis of personal data from a large group of individuals to see, for example, where accident hotspots may be and what times of day and days of the year are the most dangerous. There are obvious data protection issues that arise from this but also, perhaps, wider issues relating to privacy and consumer caution and concern about the amount of their data held by distant corporations.
UBI may also be open to abuse. For example, can the telematics differentiate between those occasions when the insured is driving the car, when another named driver is at the wheel, or when the car is being driven by someone who is not covered under the insurance? In the future, perhaps some form of genetic code – a fingerprint or iris scan – will also be required (bringing with it additional data privacy issues).
UBI is clearly also applicable to the commercial environment. For example, it may be used to achieve a more accurate picture in real time of where particular ships navigate and how much time is spent at sea. It will also enable insurers to keep track of particular cargos, with black boxes attached to shipping containers to measure location, distance travelled, method of storage and speed.
It would be wrong, however, to think that this new technology is limited to various means of transport: its application to life and health insurance is also being actively explored. For example, the insured’s success in achieving quotas on Fitbits and other similar devices can be monitored. The use of AI technology can also improve the accuracy of data used to underwrite insurance by providing information about how much we actually drink, smoke and exercise as opposed to what we say we do.
In a similar vein, insurers are using "gamification" to enhance these processes. As the name suggests, gamification involves the inclusion of some gaming experiences into the insurer client relationship (for example, by encouraging the insured to achieve Fitbit targets) in order to strengthen the relationship between insurer and insured, and introduce risk management elements. These techniques also increase the insurer’s ability to give insureds the kinds of insurance products that they want.
Indeed, some insurers have been trialling the use of "selfies" as a basis for providing a quote for life or health insurance. In this process, the putative insured sends a smartphone selfie to the insurer where an algorithm is used to assess the insured’s gender, age, BMI and smoking indications in order to generate an initial quote. It is anticipated that, in time, the algorithm will be able to assess alcohol consumption and chronic disease. Clearly, this approach will generate data privacy issues as well as ethical issues, not least with regard to information relating to chronic disease.
While initiatives of this nature will benefit the healthy insured, one can see that there is a danger that the use of this personal source data may result in less affordable insurance for less healthy insureds. This in turn may lead to regulatory challenges in relation to potential discrimination. As noted, particular regulatory issues will also arise in connection with the use of sensitive personal information (called "special data" in the General Data Protection Regulation (GDPR) which has been implemented recently across the European Union. In the UK it is enacted in the Data Protection Act 2018, which is expected to survive Brexit).
More controversial is the possibility of applying advanced analytics to genetic data to assist insurers by modelling an insured’s susceptibility to genetic disorders and to assess health risks and price accordingly. Clearly, this raises very significant ethical issues and one must assume that regulators will be very cautious about the collection and use of this sort of information.
The introduction of robotic process automation (RPO) and the use of big data means that underwriting decisions can be made, and policy documentation issued, much more quickly than in the past. This is achieved by using the RPO and chatbots to interrogate the insured in respect of key variables and to process that information and take the necessary underwriting decisions. Many of us will be familiar with a similar process in connection with the purchase of our motor or home insurance. The difference here, however, is that the process can be entirely automated by using RPO, and the analysis of big data provides a far more accurate and sensitive basis for setting premiums for particular risks on the basis of the information provided by the insured.
One of the benefits of this is expected to be to enable insureds to "book" particular days on which they wish to be covered by accident insurance, for example.
In summary, the key elements of all of these developments are the ability to use technology to obtain highly personalised "source" data, combine it with relevant "big data" and apply an appropriate algorithm to arrive in quick time at a bespoke risk assessment.
Initiatives of this nature will become increasingly common as the full impact of the internet of things (IoT) is realised. We can expect to see increasing use of location-based sensors such as smart thermostats and geographical information systems (GIS) relaying information to insurers in real time to facilitate more accurate underwriting.
2020 also saw the first algorithmically driven Lloyd’s syndicate, Ki, which began writing business in January 2021. This trend is expected to continue in the coming years, not least as a reflection of the drive to reduce cost.
New Risks and New Opportunities
In addition to developing new techniques for assessing and underwriting existing risks, insurers are increasingly being asked to provide cover for the new technology itself. As responsibility and decision-making shifts from humans to algorithms, new liability challenges arise for insurers. In addition, interconnectivity and the IoT – which are vital in driving the AI revolution – bring with them a significant increase in the vulnerability of autonomous, self-learning machines to failure, or an attack exploiting the numerous data points required by such technology. This will increase the demand for cyber-insurance but, at the same time, the lack of data and the difficulty in predicting how and where AI may be attacked or fail is likely to make the class more difficult for insurers to analyse and price. New forms of business interruption insurance will also be required. It should also be borne in mind, however, that improved AI is likely to lower the cost of developing malware and other forms of cyber-attack, thus making AI and cyber-related losses more likely.
AI is having a huge impact on the speed and manner in which insurers can process claims. Indeed, one new tech-driven company promises to process home insurance claims in seconds and pay them in minutes. Meanwhile, on the commercial front, new technology will assist in the prediction of loss development and the speedy assessment and settlement of claims arising from hurricanes and other natural catastrophes. While these speeds are clearly not appropriate to many classes of claim, insurers that do not take steps to incorporate insurtech will become increasingly unattractive to buyers.
Detecting fraudulent claims is a major issue for insurers, with recent figures from the Association of British Insurers showing approximately 107,000 fraudulent claims with a value of approximately GBP1.2 billion detected in the United Kingdom alone in 2019. It is no surprise, therefore, that insurers are developing algorithms that use big data and machine learning to identify the markers of a fraudulent claim. Claims are then tested against these markers by the AI so that suspicious activity can be subjected to closer examination. It is to be hoped that this process is not jeopardised by the requirements of the GDPR to control the processing of personal data and inform data subjects of the purposes for which their data is being used. It also seems inevitable that fraudsters are developing their own complex algorithms to trigger unjustified claims payments and so, from this point of view at least, AI may be a double-edged sword.
Experience suggests that even with the most advanced insurtech there will be disputed claims, some of which will lead to litigation or other forms of dispute resolution, such as arbitration or mediation. Here too, AI will have a role to play. New litigation prediction models for insurers are being developed with the intention of removing some of the uncertainty from dispute resolution. This new technology is designed to assist in assessing the chances of success in defending claims, the likely quantum of successful claims and the potential cost consequences of disputing the claim – including the reliability of cost estimates, the potential cost exposure to the other party and the likelihood of cost overruns. This information should enable insurers to arrive at a much more reliable cost benefit analysis of any dispute and to adjust their strategy accordingly.
There are a number of projects of this nature across the market reflecting co-operation between lawyers, technology providers, statisticians and academics. While they will certainly face technological, mathematical and regulatory challenges (for example, in relation to GDPR and laws aimed at countering discrimination), these models represent part of the continuing drive to increase claims efficiency, reduce costs and eliminate frictional damage in the processing and settlement of claims. Without these changes, the threat to traditional insurance models will undoubtedly continue to increase.
At present, these tools are being developed principally with the resolution of high-volume, low-value insurance claims in mind, since it is easier to develop statistical models and predictive AI for this type of business. Nonetheless, predictive modelling is also expected to have an application for high-value complex claims.
The growing use of AI is not without its pitfalls for buyers and sellers of cover as well as for brokers and other intermediaries.
For the insurer, the huge volume of often sensitive personal data required to maximise the benefits of AI requires very careful handling. A failure to safeguard this material, or to obtain the necessary consents for its use, can expose the insurer to severe financial penalties (up to 4% of its annual turnover under the GDPR). Perhaps more importantly, however, the loss or abuse of this data is likely to have a devastating impact on the insurer’s reputation and commercial position. In addition, information of this kind is particularly attractive to cybercriminals and, at a time when even sophisticated operators are vulnerable to attack, managing this risk will require constant vigilance from the insurer and its service providers.
Just as significantly, it will be important to manage the machine learning aspect of both underwriting and claims handling, to avoid discrimination on the grounds of race, gender or location. For example, AI deployed in the underwriting process may note that males are more likely to have a motor accident than females. If the AI starts to adjust premiums taking this information into account, there is a clear risk that it will place the insurer in danger of breaching anti-discrimination laws such as the EU Gender Directive, which will continue to apply in the UK following Brexit, at least initially. This is a complex issue and discrimination is not always obvious – for example, discriminating on the basis of an insured’s address can be a proxy for discrimination on the grounds of ethnicity, and it has even been suggested that discrimination on the basis of the insured’s email address has taken place.
Similarly, if the AI concludes that claims from a certain area or group are more likely to be fraudulent, it may again place the insurer in danger of breaching the law or, at the very least, severely damaging its commercial reputation. It is important, therefore, that insurers continue to exercise control over what their insurtech is actually doing. Indeed, a recent focus paper by the EU’s Fundamental Rights Agency (FRA) draws attention to the fact that when algorithms are used in decision-making there is a potential for beach of the principle of non-discrimination contrary to Article 21 of the EU’s Charter of Fundamental Rights. The FRA therefore recommends, among other things, that potential biases and abuses created by the algorithm should be recognised, that the quality of data should be checked, and that the way in which the algorithm was built should be capable of explanation.
Traditional insurers also face a profound threat to their business model from so-called "disrupters" – new businesses that seek to bypass traditional insurance underwriting and distribution structures by making personalised insurance available quickly using a combination of AI, algorithms, chatbots and direct marketing to allow customers to download and use an app to purchase policies on smart phones and social media or packaged with other products.
One final threat to insurers arises not so much from what they are doing themselves but from what their clients are doing. The increasingly widespread use of AI means that insurers’ clients may well be facing losses and liabilities of a kind that were rare or even non-existent in the past. Just as with cyber-exposures, these risks may not be factored into traditional insurance policies, such as all-risk policies or package policies for large businesses. It may well be the case, however, that there is no relevant exclusion in the policy either, so that insurers find themselves facing losses that were not anticipated and that they have not included in their underwriting assessments. This is similar to the threat of "non-affirmative" cyber-insurance, which the industry has only recently begun to tackle, and it will require careful analysis by insurers if it is to be managed successfully.
While AI should provide the insured with quicker and more focused insurance cover, it does not come without its pitfalls. In particular, the use of AI will make it much easier for insurers to identify subprime risks and there is clearly a danger of anti-selection or "writing down", which will make it much harder for insureds with particular or unusual characteristics to obtain cover. Ultimately, this may require regulatory change to address.
One of the perceived advantages of AI is that it will create more direct contact between insured and insurer, enabling the insurer to broaden its offering to its client and to respond more precisely to the client’s needs. Similarly, existing distribution networks will be bypassed to remove unnecessary friction and cost from the insurance-buying process. This will mean that, like insurers, brokers and other intermediaries will find their business model under attack. While in the short-term this may be an issue principally in the mass market, it is inevitable that it will also find a role in commercial placements. The coincidence of such a development with the greater scrutiny of the role of intermediaries from regulators threatens to create a perfect storm that will require intermediaries, like insurers, to adapt to survive.
The use of AI raises a number of legal issues, but perhaps the most difficult in the context of insurance is the question of liability. In order to properly underwrite the policies that they issue, and to enable them to resolve claims and analyse their own exposure, insurers will need to understand not only where the liability rests for damage caused by malfunctioning AI but also who is liable for damage caused by the decisions taken by AI. In cases in which errors by the developer or manufacturer of the AI results in the AI malfunctioning, issues of liability would appear at first sight to be relatively straightforward. As the decisions taken by AI systems become further removed from direct programming and increasingly based on machine learning principles, however, it may be difficult to identify the precise cause of a particular AI decision or the source of any damage. A system that learns from information it receives from the world can operate independently from its operator and in a way that its designers did not or could not have anticipated. Who will be liable if the AI’s actions are inexplicable or cannot be traced back to human error?
The EU has begun to address this issue through the European Parliament’s resolution and recommendations to the Commission contained in the "Civil Law Rules of Robotics" passed in February 2017. This document invites the Commission to consider two approaches to liability: a strict liability approach or a risk-based liability approach. The latter would focus on "the person who is able... to minimise risks and deal with negative impacts."
The EU paper also considers the possibility of a compulsory insurance scheme that would take into account "…all potential responsibilities in the chain [of causation]." These recommendations are now under consideration by the European Commission.
Meanwhile, in the UK, the Law Commissions of England & Wales and of Scotland have issued a third and final consultation paper on legal liability surrounding the use of driver-less cars. Clearly, the proposals that follow from this consultation will have a significant impact on insurers and indeed on the law. Similarly, the upper house of the UK Parliament issued a paper in April 2018 entitled "AI in the UK – Ready, Willing and Able", in which the authors consider the question of liability in the context of AI and recommend that the issue be reviewed by the Law Commission of England and Wales to decide whether legislation is required to allocate liability with the consequences for insurers that will surely follow. The UK Government’s response to the paper also highlights to need to mitigate the risk of potentially erroneous decisions made by AI through legal liability, and the Law Commission is expected to be asked to consider the issue.
One final point to consider is the question of whether AI can be programmed in such a way that it inflicts damage to one person or object instead of another – the so-called "trolley bus problem". For example, could an autonomous vehicle be programmed to prioritise the life of its passenger over that of a pedestrian? An approach of that nature was hinted at by Mercedes recently but was rapidly dismissed by the German Federal Ministry of Transport and Digital Infrastructure, which pointed out that making such a decision on the basis of a pre-programmed set of criteria was likely to be illegal. The Ministry also indicated that the German Government intends to introduce regulations to that affect.
In summary, insurtech is set to revolutionise all aspects of insurance, from underwriting to claims handling to dispute resolution and distribution. This process is already underway, but its full extent is difficult to predict. Traditional insurance models face fundamental challenges, but the early indications are that they are beginning to recognise and respond to those challenges. Insurers that do not engage with this new technology will, however, face the risk of being left behind in a rapidly changing market.
One obstacle to the exploitation of insurtech does remain, and that is uncertainty over the legal and regulatory framework in which it operates. While governments have taken some initial steps to address these issues, it is very far from clear where that particular journey will end.
Blockchain and the Verification of Data
Although blockchain is not strictly part of the AI revolution in insurance, it is set to have a significant impact on the way in which insurance transactions are carried out. Many commercial transactions require the existence of relevant insurance contracts to be verified. For example, the sale of goods and their transhipment overseas involves a significant amount of paperwork, including commercial invoices and bills of lading that provide the basis upon which the insurer will issue a policy of insurance to the shipper and its banker. These documents must then be transferred, usually in hard copy, to the interested parties overseas. This transfer process can take up to a week, during which time the goods may be sitting in port incurring charges, causing congestion and tying up assets. Blockchain will allow all of the parties to the transaction to view and verify the paperwork in real time, thus significantly speeding up the shipping process by removing the requirement for the physical transfer of documents between banks.
Similarly, worldwide insurance for a multinational corporation will involve locations and assets around the world. The underwriting process for this insurance involves collecting and verifying a range of data, such as asset values and loss histories, and making that data available to different interests. This can be a lengthy process but the use of blockchain technology can significantly simplify and speed up the process, while at the same time providing the necessary degree of transparency and reliability.
This use of blockchain to verify the existence of insurance can have other applications too – for example, by providing a platform to streamline the process by which a company can verify that a contractor has the insurance they claim to possess.
Related issues arise in connection with the insurance of blockchain itself. In 2020 the High Court in England ruled that cryptocurrencies can be "property", and this decision in itself may present problems for property insurance in the future.
Hanging over all of this in the UK, however, is the issue of Brexit and the regulatory changes it will bring. The current "passporting" arrangements that allow insurers and brokers to trade freely in the European Union are due to end on 1 January 2021. At the time of writing, it is not clear whether there will be a deal between the UK and the EU to replace these arrangements going forward. In the absence of agreement, however, the parties will have to rely on individual agreements between the UK and Member States to determine the degree to which insurers and brokers can continue to trade in each other’s jurisdictions.