Gesamtverband der Deutschen Versicherungswirtschaft e.V. (GDV)
The consultation is based on a traditional definition of advice. However, the current legal definition of advice in IDD and Mi-FID2 as well as its legal consequences have to be taken into account. After analysing the consultation’s results, the ESAs in-tend to decide if and to what extent they will adopt regulatory or supervisory measures – therefore, it is vital to consider these definitions and legal consequences. According to IDD, the re-quirements on advice apply equally for all distribution channels. Thus, the legal definition in Art. 2 (1)(15) IDD (which corre-sponds to the definition of advice in MiFID2) should be used for the insurance sector. Accordingly ‘advice’ means the provision of a personal recommendation to a customer, either upon their request or at the initiative of the insurance distributor, in respect of one or more insurance contracts. This definition ensures a clear identification of automated tools as advisory tools, regardless of whether they are already operating in the market or will be in the future.
In the discussion paper, a very high market penetration of au-tomated tools is assumed. The ESAs should take into account that human advice will remain necessary at least in short to me-dium term. In addition to that, the increasing market entry of online advisory portals and so-called FinTechs/InsurTechs also needs to be integrated in the analysis of automated advisory tools. In the German insurance market, they generally act as in-surance brokers and must therefore comply with the provisions under IMD and (in the future) IDD.
Modern online advice or pricing tools for insurance products can be used by customers without any help from administrators and/or advisors. As rightly pointed out in the Paper, this holds particularly true for non-life insurance products. However, there are typically so-called transfer or handover points allowing the customer to transfer the process to specialized administrators and/or advisors. As a matter of course, automated online advice within the meaning of IDD is based on appropriate algorithms al-lowing for the best possible fully automated advice, tailor-made for the customer’s individual needs.
19: Automated advisory tools are also used in life insurance. In cases where their use includes the processing of health data, they are currently subject to special requirements under the Data Protection Directive 95/46/EC and national legislation on data protection. In the future, the processing of health data will be regulated by the EU General Data Protection Regulation.
In our view, the relevant issues have been addressed.
i. what type of entity you are, e.g., long established, start-up, a product provider, an intermediary;
In their function as product providers, insurance companies are making use of automated advice tools. In addition to that, some insurers also provide their intermediaries with such tools.
ii. the service you provide (e.g. to what extent do you integrate human interaction in the tool you provide?);
iii. the nature of your clients;
Most clients using automated advice tools are private clients/consumers.
iv. your business model;
Traditional direct insurers are not the only actors in the auto-mation market. The discussions on omni-channel retailing have incited insurers who distribute their products via inter-mediaries to deal with automation also – hence, the issue is relevant for the entire market.
v. who developed the automated tool (i.e. an external company or developed internally?); and
vi. the size of your activity and/or forecast activity?
GDV only collects data on online distribution in general. The collected data includes direct distribution via telephone, as well as via comparison portals that are registered as insurance brokers and therefore not to be considered as agents of the product-providing companies.
As a general rule, the new legal provisions for the insurance sector introduced by the IDD also apply for automated advice. The rigid formal requirements under Article 23 are the most serious obstacle: According to this Article, all information is to be communicated on paper. Durable mediums other than paper or websites are only permitted under certain conditions (Art. 23 (2) IDD)) and only “if the customer has been given the choice be-tween information on paper and on a durable medium and has chosen the latter”. Providing the information by means of a website also depends on the customer’s prior consent. These rigid requirements are not suitable for the highly diversified business models in place. The requirements delay the conclu-sion of contracts or even put them at risk due to the resulting media disruptions.
The provisions of the EU General Data Protection Regulation might entail other obstacles. The Regulation includes a very wide definition of profiling which might also cover parts of the online advisory process. Where fully automated advice is classified as a profiling-based decision according to the definition in Art. 20 of the Regulation, measures protecting the rights and interests of customers must be taken. As a minimum, this includes the customer’s rights to obtain human intervention, to present his own point of view and to contest the decision. This requires organizational measures which might complicate the introduction of fully automated solutions.
B1-B4, B7: approval
B5: It is not possible to make a general statement about the quality of the results of online advice as opposed to personal advice, given that the product portfolio of insurance companies is very heteroge-neous, ranging from simple products to products requiring explana-tion and from products with very long durations and a very high im-portance for protection against existential risks to short-term insur-ance products designed to cover less significant risks.
Moreover, automated advisory tools come in many forms. In cases in which the customer is not satisfied with the result of online advice for qualitative or subjective reasons, it can be appropriate to include a specialized administrator and/or advisor in the process in order to make sure that the customer’s needs are analysed and met in the best possible way.
Fully automated online advice is particularly suitable for standard-ised insurance products and products with a simple design. The algorithms underlying automated advice can have different levels of complexity and customer orientation, e.g. with regards to the number of features checked and the amount and quality of collect-ed data as well as the detailed structure of decision trees, all of which would be discussed in personal advice, too. Hence, the qual-ity of the results of automated advice can differ depending on the instruments used. In particular, it must be taken into account that the “absolute objectivity”, which is often cited as a quality feature of automated online advice, depends on the quality and effectiveness of the underlying algorithms. Better advisory results will not be reached by pure standardisation based on stereotype features and data, without the option of recognising individual particularities and needs.
B6: The benefits for consumers described under B6 depend on the specific design of the online tools and particularly the integration of current market data. However, some online tools, e.g. tools making use of highly complex application environments, are not processing market-relevant data in real-time.
See comments on question 6.B5
On B8: Automated advisory tools can contribute to cost efficiency. However, the maintenance efforts involved should not be underes-timated, e.g. regarding updates of new products and services, us-ability improvements or the integration of new technology and technical enhancements intended to increase attractiveness to customers. In addition, the permanent need for technical mainte-nance is binding resources. It also needs to be taken into account that, for the foreseeable future, the majority of market participants is likely to consider an omni-channel approach to match customer wishes best. Hence, online tools are not going to replace, but com-plement other advisory channels.
On B9-B11: no comments
R1: For customers with additional need for information, many busi-ness models include personal advice by specialized staff, particu-larly via telephone hotlines and/or online chats, skype etc. If the relevant business model includes no such option, the customer must find another way to answer open questions. The customer is free to terminate the chosen advisory process and choose a differ-ent provider.
R2: The insurance industry avoids this problem by targeted ques-tioning (if necessary, including explanations) requiring the customer to give unambiguous answers.
R3: As far as automated advice tools used by insurance companies are concerned, there are no conflicts of interests as described under R3, since the insurers offer their own products only. IDD in-cludes provisions for the handling of conflicts of interests. Given that most automated solutions include the option of contacting a human advisor, there is no risk of customers not being able to get answers to their questions. This does not hold true for online com-parison portals and so-called FinTechs/InsurTechs, which generally act as “digital brokers“ in the market. However, customers often do not perceive them as brokers due to their market appearance. Online comparison portals and FinTechs/InsurTechs are no market participants sui generis: At least in the insurance sector, they are always intermediaries (predominantly brokers). Therefore, they need to comply with the provisions under IMD and, in the future, IDD.
R4: The problems described under R3 do not arise with regards to automated advisory tools of insurance companies under IDD. The advisory process includes specific questions regarding the cus-tomer’s wishes and needs. Recommendations based on the cus-tomer’s answers to these questions are individualized. Moreover, IDD introduces a suitability and appropriateness assessment for insurance-based investment products. Due to their need of expla-nation, such products are rarely recommended by automated ad-vice tools. Moreover, the risk that a solution does not match cus-tomer needs exists in non-automated advice, too: It is not a specific problem of automated solutions. Comparative tests, e.g. in mag-azines, are also subject to the problem that consumers are only presented with one test case based on which various products are being compared, without taking the individual situation of the cus-tomer into account. Hence, this risk affects both automated and non-automated solutions.
R5: The IDD includes various information requirements intended to ensure that the consumer understands who is providing advice. Thus, the risks described are not realistic as far as automated ad-visory tools of insurance companies are concerned. Multiple-agents and brokers using automated advisory tools should take particular care that the customer is aware of their intermediary status.
R6: The risk of a lack of clarity regarding the potential use of data can be considered as relatively low. The customers are being in-formed about the reasons for gathering and processing their data in accordance with the high data protection provisions. This infor-mation must be provided when the customer starts using the au-tomated advice function and explain the type, scope and purpose of gathering and using personalized data. The information can be provided to the customer e.g. via data protection declarations.
The German insurance industry does not use personalized data for other purposes than announced without informing the customer. Any misuse of data by unauthorized third parties is prevented due to the insurance industry’s high standards for the use of personal data (cf. answer to question 18, R 14).
Moreover, this risk affects non-automated advice to the same de-gree as automated solutions.
R7-R11: As described above in question 6 (B5), it is not possible to make a general statement on the quality of advice. This also holds true for the risk that advice turns out to be incorrect or of poor qual-ity. However, the risk described under R10 is not a risk in itself, but only emerges due to quality problems arising elsewhere.
R10: Unfortunately, the fact that non-automated advice may also give rise to conflicts of interest is not taken into account.
R12: Insurance products are usually stable products with a long-term perspective. Thus, policy holders are usually long-term orien-tated and do not cancel an insurance contract in the event of mar-ket shocks. For policy holders it is more important that the insur-ance undertaking could handle all market crises by an effective risk management. Solvency II requires all insurance undertaking to im-plement such an effective risk management. Therefore insurance products are less dependent on single market events or other short-term triggers. For that reason a „herding risk“ is not relevant in the insurance sector and plays a stronger role in the banking and especially securities sector.
R13: Due to the number of products which need to be explained to the consumer, there will always be human advisors in insurance distribution. There is no need to worry: In Germany, more than 150,000 self-employed and 40,000 employed intermediaries are working in insurance distribution.
Any tools can have deficiencies, in particular if they have not been thoroughly tested. As a general rule, however, the described ad-vice-related risks are more likely to be caused by the individual ad-visory needs of the customer, which can only be met by supple-menting the advice tool with human advice or by refraining from automated advice altogether – see comments on 6.B5
R14: The activities of the internal control functions (e.g. compli-ance, internal audit) are too narrowly defined with regards to auto-mated financial advice. In practice, companies monitor compliance with appropriate standards during the development process of new software and before the actual implementation in production, i.e. they monitor compliance with the procedures of development, test-ing, approval and release. The appropriate design of these pro-cesses makes sure that the software actually meets the technical requirements. This holds true for both applications developed in-house and applications purchased from third party providers. From a risk perspective, an actual review of algorithms carried out by the control functions will most likely only be required in specific cases.
Any inaccurate and inadequate advisory service leads to a loss in reputation. Therefore, it is in the best interests of any insurance company never to use any tools that have not been thoroughly as-sessed and tested.
It is particularly problematic if providers that are independent from insurance companies (e.g. comparison portals) recommend the wrong insurance products due to an incorrect or insufficient selec-tion of features (e.g. insufficient recognition of individual policy terms). In the event of a claim, the insurance company is blamed for the disadvantageous policy terms and may suffer a loss in repu-tation.
Individual German insurance companies and the insurance industry as a whole are putting enormous efforts into increasing IT security and avoiding cyberattacks. The most prominent example: the Crisis Response Centre for IT security of the German Insurance Industry, which has been founded by the German Insurance Association in 2010.
R15: The economic risk of consumers overusing the offer of en-gaging with a human advisor has to be addressed by the providers themselves. They are free to adapt their business model anytime.
R16: The description of risks in recital 83-85 does not take into consideration that Solvency II sets a strict regulatory framework for the outsourcing of functions or insurance-specific tasks, stipulating that the insurer’s regulatory responsibilities cannot be delegated to the end provider or other actors involved.
In addition to the risks described, we also see the risk of sanctions imposed by supervisory authorities.
Besides, we see operational risks in the use of complex automated advice tools (e.g. risks of malicious software, incorrect advice due to wrong algorithms or oversimplification, incorrect user inputs). In addition, there are special operational risks by offering automated financial advice via internet/ websites (e. g. cyber-attacks, data breaches). The Solvency II regulation already requires for adequate measures of insurance undertakings to manage these risks e. g.
• Economic risk-based solvency requirements for all relevant risks (including operational risks),
• Extensive provisions for an adequate risk management pro-cesses and an adequate business organization (governance),
• Annual undertaking-specific assessment of risks (including current and perspective focus) in the own risk and solvency assessment. That process requires significant resources within the undertaking to the identification, measurement, manage-ment and reporting of risks,
• Extensive quarterly and annual supervisory reporting and dis-closure of relevant risk data.
Considering the risks it is important that all providers which offer automated insurance advice (e. g. FinTechs/InsurTechs) are subject to comparable regulation.
R16: Some insurance contracts have a very long duration (30 years and more). To ensure an audit trail over such a long time is a big challenge for insurance undertakings and connected with risks (e.g. data leakage or misuse, lack of updates). The new framework “Solvency II” already includes the necessary long term perspective. The level of the solvency capital requirement under Solvency II en-sures that the likelihood of an insurer being ruined is 1 in 200 years. The new rules require insurers to deal with any future de-velopments, such as the possibility of catastrophic events or opera-tional risks which might affect their financial situation. All providers of automated advice in the insurance sector should be expected to deal with this long-term perspective.
Consumer magazines have repeatedly criticized the fact that, due to an incorrect or insufficient selection of features, comparison por-tals advise customers to purchase products that sometimes turn out to be inappropriate for their needs.
The Consultation Paper puts a strong emphasis on the different levels of online usage in individual EU markets (p. 30f). Due to the different development of markets, currently still underdeveloped markets are likely to catch up – therefore, a comparatively high (harmonised) European level can be expected.
IDD has introduced provisions for an adequate balancing of risks between insurance distributors and customers which can serve as a solid basis. There is no need for further restrictions. In particular, the IDD requirements regarding advice are the same for all distri-bution channels. Advisory services dealing with insurance-based investment products (usually not distributed via automated advisory tools) have to meet the more far-reaching requirements of the suitability test. In order to guarantee legal certainty and clarity, it is particularly important that potential regulatory measures are based on the legal definition of advice according to IDD and MiFID2 (cf. question 1 above).
The consultation is also a welcome opportunity to adapt the rigid formal requirements to the on-going digitalisation of advisory pro-cesses (cf. answers to question 5).
The future insurance market will increasingly be facing short-term, small-scale insurance solutions (e.g. accident insurance with low cover and a duration of 24 hours) – demanding decisions around the clock. Hence, there will not only be a need for fundamental de-cisions relevant in the long run, but also for short-term solutions requiring fast decision-making - which can only be ensured by au-tomated advisory tools. After all, human advisors are usually not available at such short notice, let alone 24/7.
In addition to that, automated tools will actively inform customers and provide them with insurance recommendations before they even identified any specific insurance needs. Examples for such recommendations include the adjustment of cover in existing poli-cies and the conclusion of new short-term contracts.
Gesamtverband der Deutschen Versicherungswirtschaft e.V. (GDV)