How should regulators address technology-driven insurance innovations that don’t fit well under existing rules? A “regulatory sandbox” might be the way forward, a panel of regulators said at the recent Global Insurance Symposium.

Moderator Andy Beal, COO and chief legal officer of the National Association of Insurance Commissioners (NAIC), described the “regulatory sandbox” concept as a potential response to rapid developments of technology-driven insurance innovations that did not fall neatly into existing categories of insurance regulation.

“Innovators can experiment or try out new products or processes, and [state insurance] commissioners would have discretionary authority to relax some [regulatory] requirements while maintaining consumer protections,” Beal said in his description of the sandbox metaphor approach.

Panelist Chlora Lindley-Myers, insurance director in Missouri, characterized her state as “a training ground for some of the sandbox ideas,” something she credited to initiatives of her co-panelist Doug Ommen, former Missouri insurance director and currently the insurance commissioner in Iowa.

In particular, Lindley-Myers cited Ommen’s introduction of the use of “no action letters” in Missouri.

Under that approach, insurance department staff and other stakeholders will meet with an insurer introducing an innovation to determine how the innovation can conform to the spirit and essential purpose of consumer protection regulation.

If satisfied that core regulatory objectives are addressed, the commissioner can issue a letter withholding enforcement action with regard to certain details of regulation.

“The sandbox approach gives the director more formalized opportunity and discretion on how [the insurance department] wants to operate within the market,” she said.

An Independent Path is Key

For his part, Ommen said “states ought to be independent in how we think about these issues.

“We ought to keep in mind our responsibilities for consumer protection and never lose track of requirements for solvency,” he said, “but there is also a place for states to offer opportunities for companies to do some experimentation.”

Traditional insurers typically welcome any move toward regulatory flexibility, but are concerned that they not be put at a competitive disadvantage to less-regulated competitors.

According to Michael Pieciak, commissioner of Vermont’s department of financial regulation, tension is arising as traditional insurers see “fintech” (financial technology) companies introducing disruptive innovations.

“A lot of our job is to explain to traditional insurers that [fintech enterprises] are well within the framework of our regulatory system,” he said. “They’re operating in ways that are appropriate. They’re just using technology in a way that is disrupting the business model, and it’s really sort of a wakeup call.”

Beal, the moderator, observed that “every regulator I talk with is very receptive to having dialogue and discussions with all the players, the startups and the legacy carriers. They’re more than willing to discuss new ideas, to consider how they will fit within the regulatory framework of the state.”

Pace and Scale

As it is, insurance regulators will be severely challenged to address the complexities arising from the pace and scale of change related to “Big Data,” the use of predictive analytics, and cyber security.

Ommen is the chairperson of an NAIC Big Data task force that is weighing whether to create a technical team within the NAIC to help individual state regulators review complicated filings using sophisticated predictive analytics.

“An individual state will not be in a position to do that easily, and some states will find it difficult to ever do it at all,” he said. While expressly promoting the state-based regulatory system, Ommen added that “we can also look to the NAIC central office as a resource.

“I don’t view [this initiative] as creating another regulator,” he said. “I view it as my responsibility in Iowa to protect our consumers here, but I also think that responsibility can carry into collaborative efforts with the NAIC.”

Regulators, too, will benefit from technological advances that are transforming insurance operations.

Eric Cioppa, superintendent of Maine’s insurance bureau, told the audience that “in our solvency regulation, we’re going to use big data more, we’re going to use predictive analytics more, and we’ll be reviewing the balance sheet as secondary.

“There’s going to be so much more we can do to regulate solvency. It provides incredibly powerful opportunities.”

As for cyber-security, Cioppa predicted that a carrier’s approach to protecting consumer data will become nearly as important as operating performance in the examination process.

“I think you’re going to see cyber rise to that level of importance,” he said, and the responsibility will extend through senior management to boards of directors. “Is the board actively engaged in cyber issues? Are they on top of it?” he asked rhetorically. “We need to see that upper management is taking it seriously.”

A company’s response to a cyber breach will be scrutinized at least as rigorously as its efforts to prevent one, added Pieciak of Vermont.

“Every IT professional and regulator would agree that it’s impossible to prevent a cyber-attack all of the time,” he said. “But fumbling the response to a data breach will exacerbate the problem.”