News and Views: Argo, Tesla, Aon

Matthew Josefowicz

Matthew Josefowicz on reports that Aon is in talks to sell its employee benefits outsourcing group.





Chuck Ruzicka

Chuck Ruzicka on Tesla’s win with federal regulators and why it’s just the first of many battles for self-driving car manufacturers.





Mitch Wein

Mitch Wein on Argo Risk Tech Solutions and the future of commercial and personal lines insurance.





Argo Risk Tech Solutions a Step Towards IoT-Powered Commercial and Personal Lines Insurance

Mitch Wein

The recently-launched Argo Risk Tech Solutions looks at common causes and locations of accidents, like slip-and-fall, in the workplace. The idea is to use IoT devices like sensors to communicate to the employees to modify behavior and identify areas of risk like a wet floor, hot soup bowl or items blocking the halls. The IIR article indicates that companies using this technology have seen accidents reduced substantially over a period of time. This positions insurers not just to transfer the cost of risk to them for the cost of premium to an employer, but to actually prevent the risk from ever materializing. This in turn reduces the overall loss experience and allows the premium to be reduced. This approach will be adopted in more and more areas of commercial and personal lines insurance and will be widespread by the 2020s. Over time policy holders that do not deploy these types of sensors will be penalized by being put in different risk pools from those that have the sensors. It will no longer be an option but a requirement. Even further out, the analytics tied to the collection of this data from IoT devices might proactively communicate what to do and when to do it to minimize risk (ex. a commercial truck taking an optimal road to minimize an accident weighed against the time it takes to do the journey). There could be some backlash, however, as people may start to feel the technology is too invasive and not want to provide data or work with a company that does.

CIOs Should Not Underestimate the Potential of XaaS

Chris Eberly

Chris Eberly

Some technology trends are just that: trends. Others have the potential to change the landscape of the IT industry landscape. A deep review and understanding of XaaS (“Anything as a Service”) puts the practice on a parallel with similar industry sea changes of the past, like the PC movement of the 80s, the web movement of the 90s, and the sourcing movement in the 00s. Here are our thoughts on what the best practices are for CIOs moving forward with XaaS implementation:

    • Review current business processes with a critical eye: Whenever a CIO embarks on replacing any major platform, the first caution is not to recreate what already exists into another system, unless the business is completely satisfied with the current platform which quickly begs the question; why move? Assuming there is a need to move because the existing platform is complex, not scaling appropriately, doesn’t support current compliance requirements, lacking modern security
      capabilities, costing too much to maintain, or any other similar reason, the first step should be to review what functions are being supported, what value is behind these functions, and are these functions generic to the industry.
    • Define value add processes and align to benefit targets: It is important to define value-add processes and take the step to align benefit targets to each of these processes. This analysis will need to start with a top-level agreement between CIO and COO on value benefits, cost of non-standard process, and success metrics before moving into discussions and process planning.
    • Implement Rent vs Buy vs Build model: A very old question that is outlined in just about every IT strategy is the philosophy direction of Buy versus Build. XaaS adds a new dimension of whether the function or service should be rented? In other words, can the company pay per user, pay per customer or pay per policy instead of making the significant investment, to buy or build a platform?
    • Prepare for organizational shift, not just technology shift: There is clearly a technology shift in moving to XaaS which includes all the challenges and opportunities with implementing a new platform. One aspect that isn’t as apparent is the need to make an organizational shift from a focus on development and application maintenance to vendor and product management. Specific consideration might include QA focus more on regression testing using business use cases instead of feature testing focus, a shift from focus on intra data center design to inter data center design, and architecture with greater focus on data, data management instead of interconnecting applications within data center.
    • Shift primary focus to data and analytics capabilities: Many IT shops spend most their time and resource maintaining, developing, and servicing existing platforms, which leaves little ability to address the huge data frontier. By fully taking advantage of XaaS, IT shops can reallocate resources to focus on unleashing the power of data into the whole enterprise.

Lessons learned and experience from previous sea changes lead us to review XaaS as part of the IT strategy roadmap. XaaS is not simply a new technology but rather a clear move and opportunity that requires a full assimilation into IT shops. At a minimum, adopting XaaS should create the opportunity to bring IT and business teams closer together.

 

For more on this topic, see my recent CIO Checklist report: http://novarica.com/best-practices-for-xaas-strategy/

As More Insurers Look to Big Data, Expect Regulators to Pay Attention

Mitch Wein

We have written previously about the ever increasing importance of data in Insurance. A related area of interest to insurers is the growth of predictive analytics. Modern predictive analytics solutions are capable of providing deep insight into a wide range of business areas such as underwriting risk, product profitability, and financial projections. However, maturity and adoption of predictive analytics solutions vary widely among insurers. As more carriers prioritize data strategy, usage of this potentially disruptive technology will grow rapidly. Data is a major component of Novarica’s “Hot Topics” for insurers, which include social, mobile, analytics, big data, cloud, digital, and Internet of Things/drones. Data is being utilized to speed up underwriting, utilizing external third party data (e.g. prescription information, telematics information for driving), improve actuarial models (e.g. data collected from drones, the National Weather Service), and help to process claims (e.g. data generated from devices, commercial vehicles, health devices). Over 25% of insurers ran big data programs last year in order to gain insights from large volumes of data with high variety (structured and unstructured) and velocity. This article from the New York Times discusses the increasing concern of regulators, mostly in Europe and the UK, that access to large amounts of data may ultimately lead to a decrease in competition by freezing out smaller firms who can’t get at as much data as large firms like Amazon, Google and Facebook. The article mentions the case of IBM, which is combining internal data with customer data in order to train Watson AI software for a wide variety of tasks in fields ranging from medicine to finance. Some insurance carriers are working with IBM’s Watson software to develop underwriting, claims, and actuarial modeling. Data will continue to grow in importance even as it grows in volume. It is inevitable that regulators will start looking more at data and access to it as we move forward into the 2020s.

Revenge of the Mutuals?

Rob McIsaac

An interesting article came out over the weekend that delves into the consolidation that has taken place among publicly traded life insurance companies, and contrasts this trend with the relatively stable number of mutual carriers that are in the market today. We are now the better part of two decades past the period when there was a significant demutualization effort which included notable, name-brand, national carriers. In that period, we have weathered multiple recessions, one of them the worst economic downturn since the 1930s, and emerged into a world that has experienced persistent low interest rates. Taken as a whole, these factors have produced a series of economic outcomes which were outside of the planning corridors that many carriers executed against. As the article suggests, carriers face some very interesting challenges going forward. For those with long tail liabilities such as life and annuity contracts, the conflicts associated with quarterly earnings reports and maximizing shareholder value appear to be particularly daunting.

There is more to this story, however, which may suggest some additional advantages for mutual carriers. Almost without exception, life carriers are grappling with aging technology platforms which may date as far back as the Kennedy administration. The blocks of business on these platforms are themselves old, and may be closed to new business. But because they were at the heart of these businesses over multiple decades they have become, through the magic of cost accounting, blocks of business which absorb significant overhead for carriers. For many companies, these platforms represent a significant drag in terms of being able to implement new products and services effectively. At the same time, however, these platforms, if they are walled off, can become quite stable and relatively inexpensive to operate. This can meaningfully influence both operational and financial outcomes for carriers.

We recently unearthed a 1995 chronicle from MIT which provides a fascinating view of the first 35 years of policy administration utilization in North America. The fact that many of the systems that were deemed to be aging in that 22-year-old report are still being used by carriers should give cause for concern to some!

In any case, as carriers plot their technology strategy for the future, addressing these old systems and blocks of business running on them will become increasingly critical. The investments and planning horizon required to make them successful may be easier for mutually owned companies to execute than it will be for their publicly traded competitors given their respective focus on long- versus short-term results.

Even as market competitive threats loom large, it is not just a technology challenge that many life insurance carriers face. There is an accounting and a reporting issue which carriers would be well advised to consider as they put their strategic plans in place.

News and Views: Lemonade’s Instant Claims, NYS Cyber Regulations Delay, UnitedHealthcare Motion, and BMW’s Self-Driving Cars

Matthew Josefowicz

Matthew Josefowicz on why Lemonade’s instant claims processing is most impressive when looked at from a user experience standpoint.





Mitch Wein

Mitch Wein on the delayed implementation of New York State’s new cybersecurity regulations.





Tom Benton

Tom Benton on UnitedHealthcare Motion and the future of wearables in wellness programs.





Chuck Ruzicka

Chuck Ruzicka on BMW’s entry into the self-driving car market and the importance of learning in innovation.





UnitedHealthcare Motion Provides Model for Faster Adoption of Wearables

Tom Benton

The potential for wearables in health and life insurance has been hindered over the past few years by lack of standards and slowing adoption by consumers. This week, UnitedHealthcare and Qualcomm announced they have “enhanced and expanded” the employee wellness program UnitedHealthcare Motion. UnitedHealthcare Motion is making progress in wearables use for wellness programs by leveraging the advantages of using the Qualcomm 2net platform, a medical-grade cloud-based infrastructure for medical device applications, with enhanced security and flexibility provided by standardization of end-to-end connectivity for wearables. The ability to quickly integrate in the Fitbit Charge 2, first shipped to consumers in mid-September 2016, shows the advantage of a standard platform that can respond to changing consumer demands and device capabilities. As mentioned in Novarica’s report on “Internet of Things, Wearables and Insurance Customer Experience”, security and standardization as seen with the UnitedHealthcare Motion BYOD capability will enable faster adoption of wearables for use by insurers to improve customer experience.

With Yodil Acquisition, Duck Creek Continues to Broaden Its Offerings, and Core System Consolidation Continues in the New Year

Jeff Goldberg

2017 has barely begun and the 2016 trend towards core system consolidation in the insurance industry is showing signs of going strong for another year. Duck Creek’s recently announced acquisition of Yodil comes as no surprise, as it both continues the willingness by Duck Creek to invest in broadening the scope of its offering as well as a growing focus on data and business intelligence across the industry as a whole.

This is another example of a multi-year trend towards consolidation in the P&C core system space, a direct response to insurer preferences for suite providers as opposed to best-of-breed. Even when insurers do seek out standalone components, they show a strong inclination towards vendors who will be able to provide additional components at a later date. Over the course of their history, Duck Creek has continued to grow their offering to satisfy more of an insurer’s technology stack, both through development and acquisition.

What’s notable here is that Yodil isn’t what the industry has considered standard insurer core component like claims or billing, but instead is a business intelligence and data management offering. This move by Duck Creek is likely at least partially in response to Guidewire’s multiple acquisitions of data warehouse and business intelligence solutions, with EagleEye (now Guidewire Predictive Analytics) the most recent example. It’s safe to say that BI and data warehousing can now be considered a core part of the insurance suite just like any other business process focused system. Insurers are increasingly budgeting more money towards the data arena, so other suite vendors will need to follow up with their own competitive BI and warehousing offerings either through development or M&A.

The New Year Brings New Cybersecurity Regulations

Mitch Wein

Cybersecurity is back in the news this week, with Yahoo’s announcement that more than 1 billion user accounts, many of them containing sensitive information, were compromised in a 2013 cyber attack. Recently, Novarica held a Working Group on the new cybersecurity regulations that will go in force on January 1, 2017 in New York State. The law was drafted from the NAIC Cybersecurity Task Force’s Insurance Data Security Model Law but goes further in many cases than the draft law did. The new standards will apply to insurers offering licensed products in New York State. While some proposed requirements stand as general best practices most insurers have already established, others will require carriers to implement significant changes. Although financial and insurance institutions have until June 2017 to comply, carriers are already considering the upcoming shifts in resources and strategies. The regulations will mandate:

  • Annual submission of a written statement to the Department certifying compliance, with all supporting data, records and schedules maintained for five years.
  • Regular cybersecurity awareness training for all personnel, updated to reflect the annual risk assessment.
  • Appointing a Chief Information Security Officer.
  • Documentation of “areas, systems, or processes that require material improvement, updating or redesign” along with planned and in-progress efforts toward remediation.
  • Employment of cybersecurity personnel who must attend regular update and training sessions.
  • Establishing cybersecurity policies to address areas like access controls and identity management, business continuity and disaster recovery, capacity and performance planning, customer data privacy, data governance and classification, incident response, information security, physical security and environmental controls, risk assessment, systems and application development and quality assurance, systems and network monitoring and security, and vendor and third-party service provider management.
  • The policies must be reviewed by the board of directors or similar governing body, and approved by a senior officer.
  • Establishing and maintaining cybersecurity programs to:
    -detect incidents, identify internal and external risks
    -to implement defensive infrastructure, policies, and procedures
    -to respond to detected or identified incidents to mitigate the impact
    -to recover from incidents and restore normal operations
    -to fulfill regulatory reporting requirements

Most of the carriers present at the working group focused on the compliance expectations for vendors and third-party service providers. If partners do not comply with the regulations, the carriers manufacturing the products will be liable. We are unsure today if the carriers can get the penalties back from the MGA’s, agents and partners if the security breach was due to that agent’s or partner’s lack of compliance with the law.

Another area of focus was encryption. In the current draft of the legislation, carriers will have up to five years to implement encryption of nonpublic information both in transit and at rest. Many participants saw this as an onerous task, as PII data is already difficult to manage. Although the clause allows for “compensating controls” to stand in place of the encryption leading up to the five-year mark, carriers are already apprehensive of the burdens of such a large feat. In a similar context, multi-factor authentication will be required as well, but an extension of 1 year is being considered.

Some attending carriers with operations in Europe and the UK brought up concerns for how the cybersecurity legislation will affect international relationships. However, while there are some differences between the NYS regulation and the GDPR (General Data Protection Legislation), we don’t expect these difference to drastically impact the carrier’s ongoing technology activities.

Many carriers discussed the security and reliability of Cloud. While some saw Cloud as an additional risk, others saw it as a faster, seamless way to fortify cybersecurity. There was a general concern that because data centers from Cloud providers house different “tenants,” there is a risk of the data being exposed. There was a discussion of “accumulation risk” caused by a cloud which means that a hack of the cloud could automatically trigger a security event for everyone in the cloud. However, other attendees suggested that because it is easier to add a security tool to a Cloud solution, the risk of data exposure is mitigated.

Happy Holidays & Happy New Year!!!!

News and View Roundup: Penn Mutual and Vantis Life Merger, Root, the DDoS Attack

Rob McIsaac


Rob McIsaac on the recent merger between Penn Mutual and Vantis Life





Steven Kaye


Steve Kaye on what auto insurer startup Root can teach insurers about customer service





Tom Benton


Tom Benton on the recent DDoS attack and how insurers should be adjusting security to better protect consumer data.