1. Solvency II style regulations will arrive in the Middle East
Although risk-based capital models have been in place for some time in the Middle East’s international financial centres such as the DIFC, most jurisdictions in the region apply a simple minimum capital requirement for insurers which is supplemented by the requirements to hold technical reserves.
The UAE will be the first country in the region to fully implement a model based on Solvency II, when the final phase of the Insurance Authority’s (IA) Financial Regulations come into effect.
It is likely that other countries in the GCC will follow suit shortly. Saudi Arabia, for example, has already introduced requirements in relation to disclosure and risk management for insurers which will readily provide the underpinnings for a Solvency II model.
One slight concern in the development of prudential regulation in the region is the trend towards requiring branches of foreign companies to hold capital locally. If continued into the insurance sector, this will lessen the distinction between a locally incorporated company and a branch of a foreign company and may result in some insurers exiting local markets.
2. Industry will be fundamentally altered as a result of new regulations
The UAE IA will issue new rules. Restrictions on indemnity commission and caps on the overall fees and commissions charged to customers, coupled with significant increases to the operating costs of intermediaries, will result in a dramatic decline in the number of advisors in the market.
The need to implement new systems to ensure compliance with enhanced client disclosure, training for staff and a requirement to register each person involved in the sale and distribution of life products will likely have a disproportionate impact on smaller intermediary firms. This may lead to increased M&A activity resulting in the long-awaited consolidation in the insurance broking community.
For insurers, the new regulations will require new products to be developed or amendments made to existing products to reflect the caps on fees and charges. Carriers will also have to make changes to their systems to ensure that the disclosure requirements are satisfied, particularly the ongoing requirements to disclose details of the “top five funds” available for investment through the products. Insurers will also need to develop education and training for distributors and consider how “orphan” customers – those customers whose advisors exit the market – will be dealt with.
Declining distribution capacity will be a concern for insurers and may result in the rise of direct distribution or potentially increased use of agency models in the UAE.
3. Losses from hurricanes Harvey, Irma, Maria and Nate could act as a catalyst for M&A
M&A have taken something of a back seat in the insurance industry over the past 18 months or so. Uncertainty, the enemy of deal-making, has weighed heavily on investor sentiment. In some markets, notably Europe, uncertainty persists with Brexit acting as a significant brake on M&A activity. Transactions have been overtaken on the corporate agenda by Brexit preparations as companies realise that there is now no time to lose.
However, growth remains an imperative in an increasingly difficult trading environment and the situation has not gotten any easier for insurers over the last six months. Investment returns remain under pressure and will likely remain so for some time, despite the interest rate rises in the US and the UK – the first for a decade.
Meanwhile, abundant liquidity in the market means there is little room for insurers to differentiate on price. And the rise of broker facilities and an increasing number of managing general agents entering the market are putting additional pressure on insurers.
Add in to the mix last year’s devastating hurricane season – the losses for which are still being worked out but will certainly run into the tens of billions of dollars, and we expect to see the balance sheets of a number of insurers coming under increasing strain. This could serve as a trigger for a wave of M&A in 2018 as re/insurers look for partners to help absorb these losses or consider putting their businesses up for sale.
4. Insurers ignoring the possibilities of IoT will be left behind
The IoT is no longer a fictional concept in sci-fi movies, it is a reality with over 20 billion connected devices in use today. Based on the exponential growth of the IoT, it is predicted that over 46 billion devices and sensors will connect our homes, cars and businesses by 2021.
Progressive insurers and disruptors who are recognising the potential business benefits of the IoT are developing innovative services that use real-time data mined from smart homes, vehicle sensors, mobile GPS and networked grids and businesses. Smart data analytics is facilitating the provision of tailored claim prevention services, which are challenging the traditional insurer modus operandi, and will increasingly move insurance into tailored risk-prevention service provision.
But technological development comes at a price. Significant regulatory challenges are looming – not least in regard to data-led services or marketing campaigns which are at the heart of the “privacy by design” requirements of the new regulations that come in force in May 2018. In addition, product liability and insurance prudential regulations that were created pre-IoT are likely to come under scrutiny.
We believe that insurers and brokers taking a cautious “watching” approach in this interconnected world risk being overtaken by new kids on the block if they do not embrace the inevitable change technology will bring to the industry. But those that embrace change will also need to keep a weather eye on regulatory oversight which will inevitably get tougher.
5. More will seek coverage for business interruption from cyber attacks
Historically, companies have focused on potential losses arising from cyber events impacting personally identifiable information. The nature of this dialogue has begun to change with catastrophic losses suffered as a result of the 2017 ransomware attacks, and in particular the Petya and non-Petya attacks. Global ransomware damages are expected to exceed US$5 billion in 2017, and to increase in 2018.
Extortion demands stemming from ransomware attacks are typically very small – less than $5,000, and oftentimes even less than $500. Rather, the majority of losses resulting from ransomware attacks comprise the cost to restore/recover the data and income loss suffered while the company is trying to restore its data. Even if a company pays the ransom and obtains the decryption key, restoring data is oftentimes a messy and time-consuming process, and we are seeing more situations where a company’s data cannot be fully restored.
Given that most companies are highly dependent on electronic information and computer systems, business operations are oftentimes severely impacted during the data restoration process, with some companies’ operations coming to a grinding halt. Downtimes of one to two weeks, which are not uncommon in the ransomware world, could have a meaningful impact on a company’s bottom line. We expect more companies, in particular companies which do not have significant amounts of personally identifiable or sensitive customer information, to begin to buy cyber insurance not for the data breach coverage, but for business interruption coverage.
6. Cladding will cause problems for insurers
We predict that the widespread use of combustible cladding on the exterior of high rise and commercial buildings in Australia will create difficulties for property, public liability and professional indemnity insurers in 2018. Regulatory audits to identify buildings with unsafe cladding are well-advanced in most Australian states, with the results of those audits expected to start being released in early 2018. Where unsafe cladding is detected, building owners, particularly strata corporations for high rise residential towers, will be looking to claim cladding replacement costs from the builders, design consultants and certifiers involved in the design and construction of the buildings. The property and public liability insurers of such buildings will face increased risks of claims until the cladding is replaced. There will also be increased claims by building professionals under their professional indemnity policies.
7. Insurers will face regulatory scrutiny of their algorithms
Insurers are increasingly turning to data science, using algorithms to automate personal lines underwriting and assist their underwriters with more complex risks. Some are also using them to analyse claims.
Usually these systems work well and yield meaningful results. But if they are inadvertently fed with skewed data, then they can give biased outcomes.
The risk is much greater when the algorithm is developed through machine learning rather than explicitly programmed, because then the system itself determines what weighting to give to certain factors. If the resulting algorithm is a “black box” that cannot explain how it arrives at its decisions, that can be problematic. This is already causing concern in areas such as the US criminal justice system, where some courts use algorithms in setting sentences.
When GDPR comes into force in May 2018, it will require companies (wherever they operate around the world) to give EU citizens “meaningful information about the logic” of automated decision-making processes. The ICO and equivalent data regulators around the EU expect companies to find “simple ways to tell the data subject about the rationale behind, or the criteria relied on in reaching the decision without necessarily always attempting a complex explanation of the algorithms used or disclosure of the full algorithm”.
We make two predictions for this year: (a) Insurance regulators will pay more attention to insurers’ use of algorithms; and (b) As insurers become increasingly dependent on the few specialist InsurTech businesses that provide this technology, regulators will have to start thinking about how InsurTech itself is best regulated.
8. Professional services firms will continue to embrace technology
As the impact of AI on professional services firms continues to expand, firms, clients and insurers will be grappling not only with the potential ramifications for workforces, but also with how liability and risks should be allocated and insured in this brave new world.
An examination of the root causes of professional liability claims often reveals that the same familiar errors are to blame – most commonly administrative/organisational errors rather than technical issues. However, professional practices, and risk-management tools, are changing with the shifting sands of modern business.
AI is already changing the way that firms operate and the benefits are clear. AI has the potential to operate as a “risk reducer” and can be utilised to automate document/data-heavy work in an efficient and, usually, accurate way. The resultant streamlining and redeployment of staff should allow professionals to focus on more complex and intellectually stimulating tasks.
However, legal issues will inevitably flow from these new methods of service delivery. Some will be familiar, such as ensuring that software providers preserve client confidentiality and data security. Others may be more novel, such as the standard of care owed when a task is carried out quickly and cheaply using AI, how professionals should ensure the quality of the work product and where responsibility lies for errors arising from defective software or failures in understanding how best to use it.
Overall, there is a sense that the professions are at the start of a dramatic shift in how they operate. Those involved in risk and liability may face some challenges along the way if they are to stay ahead of the curve.
9. Wearable technology will impact personal injury litigation
Fitness trackers and smart watches provide a new avenue for discovery of damages in litigation, and we have only just begun to see the possibilities for its use in the courtroom.
Collecting personal health data from wearable technology is increasingly simple as employers and health insurers are implementing incentive programmes for employees and customers to use fitness trackers. To enjoy the incentives, users must submit their fitness data to employers/health insurers.
Litigators can request fitness tracking data directly from a claimant or their health insurer by subpoena via written authorisation from the claimant that should effectively eliminate any burdensome or privacy objections. The use of this data can support a claimant’s case or completely undermine their claims by showing that their injuries are not as serious as claimed and maybe even prove fraud.
For example, in Canada, two court opinions reference Fitbit data to support the conclusion that the petitioners were entitled to disability benefits. Fitbits use a combination of a heart rate monitor and motion detectors to identify and measure different sleep stages. In both cases, Fitbit data was used to support claims of insomnia.
Wearable technology incentive programmes are still in their infancy, so it will take time to see major dividends from these requests. However, with the growing number of programmes and growing use of wearable technology in general, litigators will take advantage of this very telling data.
10. Insurers will look to avoid unintended “silent cyber” exposures
For several years now, non-cyber insurers have been examining their portfolios to identify and estimate possible exposures arising from cyber incidents. Cyber exposures to “traditional” policies such as property, marine and casualty policies are recognised as potentially meaningful exposures which could cause unplanned risk aggregation and accumulation, not accounted for previously.
(Re)insurers have been focusing on catastrophic events that could cause worst-case risk accumulation to these traditional policies. Insurers will continue to examine and attempt to quantify their potential cyber exposures to traditional insurance policies and programmes. Insurers are also expected to start to more affirmatively address the “silent cyber” issue by clearly excluding or sublimiting coverage or by including coverage for cyber exposures in non-cyber, traditional policies. M
Contributed by Clyde & Co Team: Mr Peter Hodgins, Dubai; Mr Andrew Holderness; Mr Nigel Brook, London; Mr Tom White and Ms Rosalind Greenwood; Ms Helen Bourne, London; Ms Joan D’Ambrosio, San Francisco; Ms Christina Terplan, San Francisco; Mr Fred Fein, Miami; and Mr Marcus O’Brien, Melbourne.