Every underwriter relies on having good quality information about its clients in order to assess the risk they’re presenting. Yet the way in which such client information is obtained, and then used and protected, raises some of the most fundamental ethical questions about insurance underwriting.
Clearly, the exchange of information between insurer and policyholder is an absolutely necessary task and will always be so. Yet information asymmetry between the two parties can often make this a fraught process. This year has seen the Consumer Insurance (Disclosure and Representations) Act come into force, moving personal lines insurers away from a reliance on utmost good faith and towards pro-actively acquiring what they want to know.
This seismic change for insurers comes at a time when the scope of what insurers want to know about you has expanded considerably. A lot of new data sources are being sought to bring in that new information. These two trends are combining to create an ethical minefield around the whole question of privacy and the ways in which data is being used. We’ll touch on some of the key issues here; for more detail, you should refer to my ebook, ‘Privacy: 5 Sources of Ethical Risk for Insurers’, available as a free download from my consultancy website.
Let’s look at the types of questions that an underwriter should consider, under these three headings.
There are two themes to watch out for when it comes to seeking out underwriting information. Firstly, look at what you’re asking of the policyholder directly. Are all the questions you’re asking necessary for underwriting, or are you taking advantage of the conversation to build up a better marketing profile for them? Are the questions you’re asking clear and straightforward, or might they confuse some policyholders and result in incorrect disclosures being made?
Secondly, is the data you’re buying in about policyholders from an absolutely reliable source? Does it come with full details of provenance and the level of consent? Does the data quality of what you’re buying match the in-house standards for the business process into which you want to integrate that data? If there’s a difference, have the ramifications of this been properly thought through, for example around the decision making on renewals and claims that will hang off it.
Here are some questions to consider when thinking about how you use information gathered for underwriting purposes. Are you able to record issues like provenance, data quality and consent within your information management systems, so as to alert downstream users to any limitations? Does the use to which you’re putting the information fall within the consent provided by the policyholder, either directly to your own firm or to the firm from whom you bought the information? What controls are you using to maintain the coherence of what those different datasets say about each policyholder? Does the reliance your underwriting model places upon such aggregated data match the thoroughness with which issues like privacy and fairness have been addressed? And finally, how streamline are your processes for allowing policyholders to check the information behind the identities you’re building up for them?
Protecting the information entrusted to you by the policyholder, as well as information obtained by other means, is the third strand for the underwriter to consider. What standards do you apply when it comes to protecting that information? If not ISO27001, then why not? And how transparent are you with policyholders about how their information is being protected? Has policyholder consent influenced the way in which that protection has been designed. And if your firm says it won’t sell policyholder information, what controls and oversight does it bring to how such data is then anonymised and subsequently sold?
These points touch on some of the main themes that underwriters need to consider when looking at information about policyholders. I’ve explored several of them in greater detail in other blog posts, such as this one about anonymisation and this one about aggregation. The privacy of client information will, I believe, turn into one of the main ethical challenges facing the insurance sector over the next five years and it will be the decisions taken by underwriters that will figure large in whether that challenge is easily met or not.