Developments in technology are creating exciting opportunities across the financial sector. Regulators are considering how to support this, whilst ensuring sound regulation is in place.
The use of Artificial Intelligence (“AI”) and Machine Learning (“ML”) continues to grow across various sectors, including the financial sector. According to a survey by the Bank of England (“BoE”) and Financial Conduct Authority (“FCA”) published on 11 October 2022, 72% of financial sector firms that responded to the survey were using or developing ML applications.
Regulators recognise the benefits that the new technology presents to both businesses and consumers. However, in order to achieve the best outcomes for all involved, the development and use of the technology should be supported by clear and sound regulation. On 11 October 2022, the BoE and FCA published Discussion Paper 5/22, in which a call for evidence was made, inviting the public, including organisations using the technology, to submit evidence as to how the regulators’ objectives can be achieved without hampering the development of the technology. Responses are requested by Friday 10 February 2023.
Prior to this, in 2020, the FCA and the BoE set up the AI Public-Private Forum (“AIPPF”), with the aim of identifying and discussing challenges of using AI in the financial sector. It published its final report in February 2022 (here). Later the same year, the UK Government published a policy paper titled Establishing a pro-innovation approach to regulating AI.
Why the Supervisory Authorities have an interest in AI
As pointed out by FCA Chief Executive, Nikhil Rathi, at the UK Finance Annual Dinner in mid-November 2022 (link), the potential benefits of AI to both businesses and consumers in the financial sector are manifold. He drew attention to the Japanese insurer, Sompo Holdings, which in recent years has invested substantially in “Big Data” Analysis. The company is working towards utilising this to launch dementia prevention insurance packages, which will use AI to incentivise customers to make lifestyle choices that decrease the risk of developing the disease. Customers who subscribe to healthy lifestyles will be rewarded with lower premiums. This is but one example of situations where insurers and policyholders can attain mutually beneficial outcomes.
Other insurers have introduced similar business models. For instance, Beam Dental, a US dental benefits provider, uses AI solutions to offer better rates to customers who maintain a good dental hygiene routine.
The benefits of these tools are clear: using AI tools to predict, and thereby reduce, perils will decrease insurers’ financial risks. Customers also benefit by being given assistance to make lifestyle choices that improves their health and well-being. Claims cannot be eliminated, but in addition to reducing claims, AI technology is also expected to assist by streamlining claims processes. AI might, for example, be used to establish the cover period, and whether the claim made appears on a preliminary high-level basis to be covered (e.g whether disability insurance covers incapacitating injuries sustained while undertaking specific activities). The AI system may also suggest a preliminary reserve based on historical similar cases, and then refer the claim to the appropriate level of claims handler.
The Potential Pitfalls
Notwithstanding the many possibilities, AI does present a number of challenges, which regulators wish to address. Notably, issues have been identified in respect of consumer protection, as there have been cases where AI tools reach potentially discriminatory outcomes. Even if protected characteristics are excluded from the data fed to the AI, they might be correlated from other data points, for example, by reference to address. This issue was raised by Marcial Boo, Chief Executive of the Equality and Human Rights Commission in September 2022 (here) when he pointed out that “Many organisations may not know they could be breaking equality law, and people may not know how AI is used to make decisions about them.”
Risks may also arise in respect of competition. In January 2021, the Competition and Market Authority published a paper on the risk of harm to consumers posed by algorithms, by reducing competition (link), as algorithms may, for instance, be used to personalise prices in a way that is opaque to consumers.
One of the key issues for debate in the Discussion Paper is the extent to which AI issues may be covered under existing regulation, or whether new regulation is needed to ensure novel technologies are implemented in a way that is secure to consumers. New regulation may provide more clarity to a novel area, but it is also likely to require frequent review, to keep up with developments.
The Discussion Paper sets out three areas for debate in terms of regulation:
- Consumer Protection;
- Competition; and
- Safety and Soundness.
Consumer Protection and Competition
In July 2022, the FCA published PS22/9: A new Consumer Duty, which sets out rules that come into force in respect of products or services that are for sale or renewal on 31 July 2023. One of the objectives of the new rules is to enhance the onus on firms to ensure good solutions for consumers. Under these rules, companies may still price-differentiate, for instance by way of risk-based pricing, but they must ensure the price charged is reasonable. The Regulators expect firms to be able to justify prices offered to different groups of customers. As such, to the extent AI models are used to set prices, insurers are expected to monitor this, and be able to explain any differences in price and value for different cohorts of customers.
The FCA currently has powers to conduct market studies and, if necessary, introduce market-wide or firm-wide remedies if it identifies any adverse effects to consumers. These competencies are likely to be used in circumstances where AI solutions result in unfair outcomes to customers.
Safety and Soundness
Data security is an important consideration of the Discussion Paper, as data processing is one of the key features of AI. Risks already exist in respect of poor data, which may pollute the process. However, AI is expected to accelerate the use of data, thus enhancing the associated risks. This creates risks of UK GDPR breaches and potential penalties that could potentially impact regulated companies. Moreover, insurers may face financial security risks, for instance when calculating reserves, if flawed data is not identified and dealt with. Various organisations have already introduced guidelines to counter this: Rule 4.3 of PRA Rulebook: Solvency II Firms: Conditions Governing Business Instrument 2015 stipulates a firm “must have internal processes and procedures in place to ensure the appropriateness, completeness and accuracy of the data used in the calculation of its technical provisions”. Likewise, Rule 12.1 of PRA Rulebook: Solvency II Firms: Technical Provisions Instrument 2015 states “Firms must ensure that the data used in the calculation of their technical provisions is appropriate, complete and accurate”.
Clearly, the internal processes and procedures that firms must have in place under current rules must be appropriate to cover AI data solutions, if such technologies are being used by the company. The Discussion Paper suggests model validation and independent reviews of AI models as important tools to ensure algorithms are adequately tested and monitored in order to validate the outcomes. This has previously been addressed in PRA’s Supervisory Statement SS5/18 on Algorithmic Trading, which sets out minimum standards in respect of risk management, which PRA expects firms to abide by.
We are currently approaching a technological turning point, where AI, following years of research, is becoming primed for widespread adaptation by businesses. As such, it is natural that Regulators are now considering how this is to be regulated in a way that allows users to utilise the technology’s full potential, whilst proportionately safeguarding consumers.
The FCA has outlined in broad terms areas of risk which may require regulation. However, it is still considering whether this may be achievable by fine-tuning the existing regulatory approach and provide guidelines as to how this is to be interpreted in the context of AI and ML. Where any gaps are identified, it must also assess whether a new regulatory approach would be advisable.
At the same time, the Regulators are also inviting regulated entities to take a proactive approach to ensure use of AI is developed in such a way that its use in the insurance sector is transparent, fair, and accountable, and does not discriminate against certain groups of people. To some extent, the FCA is relying on financial service providers to develop and keep under review policies and procedures for the management of AI-related risks, in order to comply with their obligations. The Regulators’ aim is to support development of agile and dynamic regulation that will support continued development of technologies throughout.
The Regulators appear to be responsive to financial institutions’ views on regulated issues, taking into account regulated companies’ views when considering proportionate and sound regulation. For example, insurers were recently involved in the proposed new Consumer Duty Regulations. The FCA is asking insurers to consider issues relating to AI and ML, and supply their responses to the Discussion Paper by Friday 10 February 2023.
If you have any questions regarding the issues highlighted in this article, please get in touch with Helen and Lisbeth.
T: 0203 697 1910
M: 0750 182 5588
European Qualified Lawyer
T: 0203 697 1905
M: 07832 467563
You can review a range of articles on similar insurance and reinsurance related topics in the Publications section of our website.
If you did not receive this article by email directly from us and would like to appear on our mailing list please email email@example.com
“This information has been prepared by Carter Perry Bailey LLP as a general guide only and does not constitute advice on any specific matter. We recommend that you seek professional advice before taking action. No liability can be accepted by us for any action taken or not as a result of this information, Carter Perry Bailey LLP is a limited liability partnership registered in England and Wales, registered number OC344698 and is authorised and regulated by the Solicitors Regulation Authority. A list of members is available for inspection at the registered office 10 Lloyd’s Avenue, London, EC3N 3AJ.”