When talking with board members of incumbents behind closed doors I sometimes hear that the BaFin and the regulator will save them from attacking insurtech companies and the tech giants entering the market. Can they count on your protection?
BaFin’s primary statutory mandate is to ensure the proper functioning, stability and integrity of the German financial system. BaFin operates in the public interest and in strict neutrality to all market participants, thereby upholding overarching principles of the rule of law. Bank customers, insurance policyholders and investors alike ought to be able to trust the financial system. This all necessitates that BaFin neither protects incumbents nor fosters or unnecessarily hinders the use of new technologies.
The financial sector is – for good reason – a strictly regulated sector. To some extent, the regulatory framework might occur as an administrative entry hurdle for new entrants, but this effect is neither intended by regulation nor is it BaFin’s purpose to put up entry hurdles. The sole purpose of the regulation in place is to support BaFin’s objectives as outlined above, namely the duty to ensure the stability of the financial market and the collective consumer protection. Sustainable regulatory requirements never was and will never be at the forefront of technical possibilities, as proven concepts and processes should not be given up before it has been proven in the long run that new solutions can permanently and fully replace trusted ones. Cautious – not disruptive – amendments in regulatory and supervisory practice to keep in touch with market developments might not sound fancy, but we aim at trust and stability, not marketing.
In order to enable the use of innovative new technologies, the regulatory framework in place is guided by the principle of technological neutrality. Furthermore, BaFin aims at sustaining a level playing field for all market participants by following the principle “same business, same risks, same rules” and by taking the principle of proportionality sufficiently into account.
BaFin just published a large study on the effect of big data and artificial intelligence for the supervision and regulation of financial services (“Big Data meets artificial intelligence – Challenges and implications for the supervision and regulation of financial services”). Some of the statements in the report can be seen as a description of a “race of innovation” in the insurance industry. Do you and if yes why do you see a necessity to innovate in an industry that is not known for that or that looks pretty stable from outside?
In principle, InsurTech companies can help to encourage transparency and competition for the consumer. This is because new market participants can increase the pressure on the industry to optimise processes, systems and products. BaFin welcomes this development, not only because of the benefits it could bring for the consumer, but also because it could strengthen the competition and stability of the German insurance market in the long term. However, BaFin does not consider the core insurance business to be affected by the new providers on the market, at least not in the short run. In the long term, insurance is more than just the ability to react quickly and innovatively to the market.
The question whether or to what extent there is a necessity for the insurance sector or single insurers to innovate, is not a question for a supervisory authority to answer. It is not up to BaFin to make business decisions for supervised firms. With the report, we wanted to disclose our current observations and raise awareness for possible risks and benefits of the use of big data and AI related technologies. Additionally to the publication of the report, BaFin started a consultation on it (will last until 30 September 2018) to initiate discussions about the use and consequences of BDAI on the financial market.
However, with regard to automated processes, the insurance sector is one of the sectors that has adapted new technologies already at a very early stage. Additionally, the use and processing of large amounts of data has always been a key task in the insurance sector. Furthermore, in the German insurance sector, we have incumbents that are willing to take a pioneering role in Europe – members of B3i project for example. We for instance observe a rising amount of cooperation between start-ups – usually missing specific insurance know-how and a consumer base etc. – and incumbents. We also see incumbents investing venture capital in start-ups and follow this development closely. On the technological site, we can report that a huge number of insurers of the private health sector has already established supporting apps, helping policyholders with claims handling and other issues.
How would you describe the state of the “race of innovation”? Do we have surprising front runners and insurers trailing behind?
As mentioned above some larger insurance groups take a pioneering role in this at the moment. However, the medium-term outcome is difficult to predict, since mid-size insurers are already following and trying to adapt to new market conditions.
Furthermore, bearing consumers reservations in mind, it is not yet clear who will be winners and losers of this process. Let me further explain this with an example: In future it could be that telematics-tariffs in motor insurance will become market standard, due to the possibility to better calculate detriment of a policy holder – we are not observing this development yet but let’s assume so. Therefore, every property and casualty insurer will or at least would like to offer these tariffs. However, the question will be, whether (all) consumers will be willing to disclose their motor related data for this purpose. It might be that a certain number of consumers is not willing to do so. In this case, the business strategy to offer no or not only telematics tariffs in motor insurance could still be beneficial for an insurer.
What I want to point out is that there are many factors of influence that contribute to the success or flop of a technology and/or a company and even if the enthusiasm of young entrepreneurs is refreshing and keeps the market moving, it is not yet clear which technologies and business models might prevail and which might not. Next to preferences of consumers, there are also important legal requirements, which have to be taken into account. I am not just referring to the regulatory requirements of the financial sector, but also to other legal frameworks as, for instance, data protection laws.
Several tech giants are entering the insurance industry. Amazon and Uber don’t conceal their efforts anymore. In your study “Big Data meets artificial intelligence”, you mentioned that they quickly could be “system relevant”. What do you mean with that?
The companies you mentioned have data or digital driven business models and already succeeded in achieving both a large client and a large data base. Furthermore, big tech companies (e.g. GAFA) do know a lot about their consumers since consumers often pay the use of services offered by these companies with their personal data. The combination of having a large client base and deep knowledge about each client not limited to financial data makes big tech, platform driven companies eventually a considerable competitor for every service-providing sector they want to enter. Meaning, Big Data in combination with highly automated processes and network effects can foster a “winner-takes-all” market structure. The insights big tech companies have about their consumers can help them to develop innovative and / or personalized insurance products, from which they can obtain even more data. This can be referred to as a “self-supporting market penetration process”, fostering monopoles. However, big tech companies entering the insurance sector to self-conduct insurance business would have to apply to the same regulatory framework as every other company that wants to conduct insurance business on the German market.
In the study, we also explain that unregulated service providers – e.g. cloud computing providers, data vendors – could become systemically important for the sector too. This, of course, would be an issue that we assess, e.g. regarding our understanding of systemically importance and our supervisory set of tools.
Mark Zuckerberg answered several question in his hearing in front of US Senators and Congressmen with “I don’t know. Only the Algorithms knows.” Right now a lot of #insurtech, #fintech and incumbents are working on Algorithms. Do you support black box algorithms in insurance application processes and claim management?
No, BaFin does not support black box approaches for a simple reason: It is not consistent with the legal requirements.
Let me ask some simple questions: How can the management board of an insurer perform its tasks if it does not know how decisions are made in its company. Furthermore, how shall the internal audit department of an insurer or a supervisory authority be able to perform their tasks and achieve their objectives, if they are not able to verify and examine decision making processes? How shall the risk management be able to assess and manage processing risks if they too do not know how decisions actually are made?
As we underline it in our BDAI-study, the use of BDAI and the automation of decision making processes cannot result in a shift of responsibility for the results of these processes from humans to machines. Therefore, insurers have to ensure compliance with the regulatory framework by design. This means, amongst others, appropriate documentation and effective control systems are required. Such measures are also beneficial for the insurer itself since a better understanding of models provides an opportunity to improve analysis processes – allowing, for instance, the responsible units in the supervised firm to identify statistical issues.
In order to become board member of an insurance or bank in Germany, BaFin needs to approve a candidate checking his or her expert knowledge. You just lowered the bar for CIOs a lot in order to attract more candidates from outside the industry. Are you so unhappy with the current workforce in German board rooms?
As a former board member of an insurance company, I can assure you that we are not, as you stated it, unhappy with the current quality of board members of German insurers.
However, the ongoing digitalisation leads to IT becoming a matter of vital importance that affects the risk position of insurance undertakings. Vulnerabilities in IT security can quickly develop into existential risks.
For BaFin, ensuring insurers can effectively tackle the new challenges posed by digitalisation is a matter of vital importance. Therefore, BaFin is assessing and adjusting its administrative practice when necessary. In relation to the practical experience required by management board members, BaFin is providing greater flexibility for the appointment of IT specialists when it comes to weighing the increasing need for specialist knowledge against the requirements on the essential professional qualifications that the management board needs in order to fulfil its collective responsibilities.
Several countries are exploring or experimenting with regulatory sandboxes in order to support innovation by start-ups. Does BaFin plan that too?
If your understanding of a ‘sandbox’ is an unlevelled playing field in which a limited number of authority-selected companies receive regulatory or supervisory privileges and by which consumers might face more risks, the answer then clearly is ‘no’. BaFin is not planning the implementation of an entity-based regulatory sandbox. This is not only because BaFin’s mandate does not include promotion of competition or technologies. From BaFin’s point of view, a sandbox is at least challenging the objectives to ensure a level playing field for all market players and to support and foster consumer protection and financial stability and – in the end – can lead to regulatory arbitrage.
In a sandbox approach, the competent authority decides which companies can enter it and which cannot. In contrast, BaFin’s approach of an innovation hub enables a level playing field, as it is open to all stakeholders in the financial sector, incumbents and start-ups alike. One core objective of our innovation hub is to best support financial technology related matters in regards to responsiveness and expertise and at the same time applying the existing and technological neutral regulation. Besides that, the high-level aims of BaFin’s innovation hub are the same as of a sandbox: Enabling access to the financial sector and reducing legal or regulatory uncertainties as well as implementing a communication channel to the market, allowing BaFin to learn more about innovative technologies from an early stage.
Even if we might touch new grounds with innovative technologies entering the financial sector, this should not lead to lowering regulatory requirements for just some market players. As our regulation is technological neutral regulatory requirements are based on the business a company runs. If businesses and relating risks are the same, then one has to comply with the same rules. However, it has to be added that BaFin follows a risk-based approach and the principle of proportionality.
If one takes a closer look at the sandboxes active in the EU, it is difficult to say where the actual differences to an innovation hub approach as described above might be. The FCA for instance, which discloses a lot of valuable information about their innovation facilitators on its homepage, states that FCA does not waive national or international law and that every company will need to apply for the relevant authorisation or registration in order to test their product or business model within the sandbox.
As much as incumbents count on the support of BaFin, start-ups sometimes seem to be a little afraid – and trying to avoid regulation. I personally made the experience that BaFin actually helps small and young companies applying for a licence. What do entrepreneurs need to know about BaFin and their support?
As I already mentioned above, BaFin does neither support incumbents nor start-ups by providing regulatory consultancy services. However, of course we hope that our efforts, as for instance the implementation of an innovation hub, are successful and allow us to achieve all underlying goals.
In order to provide clarification about legal requirements, we, amongst others, established a section for entrepreneurs and fintech companies on our website. However, providing general legal advice does not fall within BaFin’s legal remit. Companies that wish to apply for an authorization to conduct insurance business should familiarize themselves with the relevant legal requirements prior to that. But they should never fear asking us questions. Bafin is there for the market and that includes its newest entrants.
Because authoritative evaluations can only be made based on the individual circumstances pertaining to a specific case, we welcome entrepreneurs to get in contact with BaFin at an early stage. To facilitate contacting, BaFin has also established a contact form companies can use to present their business case and ask related questions.
What do insurance companies from outside Germany need to know before entering the market?
It depends on e.g. whether or not the company in question already owns a licence to conduct insurance business in another EU member state. Generally spoken, any company conducting insurance business needs prior written permission to do so. BaFin is the competent authority that issues these permissions.
For further and more detailed information, I would recommend to visit BaFin’s homepage (links “Foreign companies”, “Authorisation and permission to provide financial services”, “Insurance companies”).
Change moves quickly, but the insurance industry still works like decades – some even say a century – ago. How do you think will the insurance industry look like in 5 to 10 years? Which role will BaFin play?
I can just assume how the insurance sector might look like in 5 to 10 years. There are also other factors than technological developments we would have to take into account, as for instance the development of the interest rate, issues arising from an aging population, environmental and social changes etc.
However, in 5 to 10 years it might be that some insurance processes, re-insurance for instance, will already be embedded into a distributed ledger technology solution. It might also be that policy holders benefit from a fully automated underwriting and claims management process. Whether these processes then will still be conducted by every single insurance company or insurance group itself or just by probably a few service providers working along the insurance value chain, is hard to say today. We at least have not observed such developments yet. Considering the core of insurance business, to cover a specific risk of the policyholder or a third party by a service that it has to provide upon the occurrence of the agreed insured event, I believe insurers and not peer-to-peer networks will still do this.
Supervision and regulation play an even enhanced role as to today. Market stability of the financial sector and collective consumer protection will become more and more important. However, in order to achieve these objectives we might use tools that differ from the ones we use today. Supervisors might adapt their processes by increasing their use of SupTech, which should help to conduct supervision more efficiently and effectively.
The complexity of our world increases; financial business is a global business and even if new methods as BDAI tools will help companies to better understand consumer needs and improve financial services it also leads to the use of more data sources, more complex methods, models and algorithms. Already today, BaFin has to ensure that effective supervision will still be possible in future.
Thank your Dr. Grund!