Let’s start with a quick overview of the various ways in which data is shared around the sector. It falls roughly into three types:
- cross sector bodies, such as the Motor Insurers Bureau and the Insurance Fraud Bureau. They draw together many different types of data from across the sector, including about all insured vehicles, stolen and written off vehicles, loss incidents and claims, injury claims, no claims discounts, cases of suspected fraud and cases of confirmed fraud.
- risk specialist bodies, such as Thatcham Research, the Fire Protection Association and facilities such as Pool Re and Flood Re. These type of bodies focus on particular types of risk and draw and hold data from across the sector relevant to their research, standards and business.
- data brokers and software houses, such as Verisk, Lexus Nexus and Friss. These firms draw data from insurer clients, combine it with data sources from outside the sector, and share trends and insight for underwriting, claims and fraud purposes.
All Data
Overall, this adds up to an awful lot of data being moved around between insurers. It might be best to turn this around and consider what data is not being shared between insurers. The answer would seem to be ‘not a lot’. In terms of lines of business like motor and household insurance, we should assume that all of the data we provide to our own insurer is being shared in some form or other, directly or indirectly, with other insurers, perhaps all insurers. On top of that, the same can be said for all data relating to loss incidents and submitted claims.
This then makes those two questions raised earlier pretty pertinent: what do they plan to do with it, and how well do they manage those arrangements?
Plans and Ambitions
A lot of what insurers plan to do with all this shared data is explained on websites, in blogs and in press releases. To summarise them, it boils down to: a) supporting honest customers by tackling various forms of dishonesty, and b) reducing losses by sharing insight. Nothing wrong with that, you may well say. And I would agree – reducing dishonesty and loss levels are important goals that the sector has set for itself. This supports fairness and honesty, to name but two ethical values.
Yet bear in mind a key word in that first question: plan. What is planned and what actually happens can be different. Here’s an example from the South Korean insurance market, about how data sharing there turned into a new business nightmare. The quotes are from an article I wrote in 2014.
When Things Go Wrong
“In December 2012, the South Korean regulator disciplined three insurance market associations for privacy and consent issues relating to the handling of 8 million policyholder records. At the same time, a Government agency launched an investigation into the South Korean regulator itself, amid allegations relating to the misuse of a collective search system called KLICS, designed to prevent insurance fraud. Users of KLICS stood accused of having collated far more personal information than was needed for its stated purpose, or policyholders had given consent to.”
“Now comes news that the South Korean regulator has instructed all financial institutions to stop all telemarketing activities until the end of March, following data fraud at a credit information service provider. That same regulator then uncovered further data leaks at three insurers. Telemarketing accounts for a significant proportion of some insurers’ new business, so not surprisingly, the sector is up in arms about the instruction.”
What started out as a cross sector database to help tackle insurance fraud ended up being used for purposes far beyond that intention. Note that even the insurance regulator got embroiled in the fall out. The repercussions included the shutting down of a key new business source for three months until the mess was sorted.
Governance and Delivery
My point here is that there can often be a difference between what is planned and what ends up being done. In a corporate setting, it is down to a firm’s governance arrangements to keep an eye out for such variances and question management about what is happening and why. So this leads us on to the second of those two questions: how well are those arrangements being managed?
The simple answer is that we do not know how well managed are the governance arrangements around cross sector data sharing. Organisations like the MIB, IFB et al are overseen by insurance executives and the partners of law firms working for them. There is no involvement from anyone independent of the sector and its legal suppliers.
What about regulators, some of you may ask. These organisations all fall outside of vertical regulators like the FCA, but are subject of course to horizontal regulators like the ICO.
The sector’s response when opaque practices are challenged is to expect the public and its representatives to ‘just trust us – we know what we are doing’. There’s something ironic in this. The public is being asked to trust insurers in how they handle data about the extent to which they mistrust the public. Remember that this is not just data about people who get up to suspicious things. This is data about everyone.
Trust Deficit
So do the public trust insurers with their data? A few years ago, the Association of British Insurers commissioned some detailed research into consumer attitudes to insurance and data. This is what the research concluded:
“Close to nine in ten (86%) consumers say that they are concerned about organisations selling or sharing information about them when those organisations don’t have permission to do so. More than half (53%) remain uncomfortable with this even when they have given permission for their data to be shared.”
So clearly there’s not a lot of trust for insurers’ use of data out there. ‘Just trust us’ is a call that isn’t going to achieve much traction.
I don’t think the opaqueness path taken by the sector is sustainable in the mid to long term. It will always feel sustainable in the short term, but like the frog, insurers will progressively find themselves in hot water. The big question for them then is whether they want to adapt or prefer to stick until something implodes.
Bear in mind that I am not talking here about a complete flip from total opaqueness to total transparency. The latter isn’t necessary and anyway, can often feel too much like the former. What I’m talking about are levels of increased transparency. The danger for insurers is that the ‘stick rather than adapt’ approach (and the risk of an implosion that comes with it) puts the sector at risk of being jumped quickly across several levels of transparency, rather than moving one level at a time to test and achieve the right balance.
Four Exposures
How does that risk of ‘opaqueness implosion’ look like then? We can look at it in four ways. Firstly, there is a long term trend toward less tolerance of opaqueness. The expectation is that some form of openness is good and various forms of secrecy bad. This is part of the social trend that is moving us from the world of ‘tell me’, to the world of ‘show me’ and entering the world of ‘prove to me’.
Insurers are in essence positioning their data sharing initiatives before even the ‘tell me’ world, while society’s expectations are around the ‘show me’ and ‘prove to me’ worlds. That contributes to their approach feeling so out of kilter.
Secondly, friction is bound to arise as the public finds (against the background of that move to ‘show me’ and prove to me’) that more and more of their personal data is being collected and used in ways that they could never imagine. The public certainly expect some data to be used for underwriting, counter fraud and claims purposes, but there is a growing realisation that much much more is being used. My favourite, as regulator readers will remember, is the US auto insurer using whether you drink tap water or bottled water as an underwriting factor.
So we can see this as another long term trend: insurers on the one hand are gathering more data about us, while the public is becoming more wary about their reasons, and the reasonableness, of them doing so. I explored this in some depth in this article about what academics are calling the ‘logical relatedness’ of data use.
Challenges and Leaks
Thirdly, insurers are not the only ones that can harness data relating to insurance. The classic example here is Citizens Advice and their super complaint on price walking. They gathered lots and lots of micro outcome data from consumers, analysed it and came up with conclusions that were accepted by politicians and (eventually) regulators.
In such circumstances (and there will be others), an opaqueness mindset will always struggle to win ‘hearts and minds’. If others can command as good as, or even better, data than insurers, then the sector’s power to control narratives is severely weakened. A ‘more transparency’ mindset enables insurers to respond and adapt to such challenges.
And fourth and finally, leaks happen. One that I found particularly interesting was the appearance in the trade press of data about suspected application fraud volumes in motor insurance between 2017 and 2019 (more here). The surge in volumes was immense and my calls for an explanation went unheeded. The impression left was that suspected application fraud volumes were being played around with. I can’t see how they could triple in three years, and no one would come forward to show why.
This adds up to a precarious position for insurers. By covering their data sharing arrangements with a veil of secrecy, they are both failing to recognise wider trends and exposing the sector to having that veil ripped off. It should perhaps come as little surprise then that Citizens Advice have made clear their aim to make the insurance sector more transparent. I looked at the risk of ‘forced transparency’ back in this article a year ago.
To Sum Up
The UK sector has an opaqueness problem. The big risk is that it could collapse on the sector through challenges from outside. Their best response would be to open up their data sharing frameworks to some external scrutiny. There are independent experts out there who would be very good at engaging in a collaborative way, to help the sector ask the questions of itself that need to be asked. All done within the right level of confidentiality.
Sticking with the current opaqueness approach will progressively become less and less sustainable. Rather than have this bubble of secrecy popped, better to deflate it slowly and surely, through the right people asking the right questions. The two obvious ones to start with are those I raised at the beginning of this article - what are insurers plans for this data and how well are they managing those arrangements?
