Chris Luiz is the Director of Solutions Architecture and Customer Success at Monitaur, a software company that provides auditability, transparency and governance for companies using machine learning software. Chris was interviewed by Andrew Daniels, Founder and Managing Director at InsurTech Ohio and COO at LISA Insurtech.
Chris, how are advanced analytics currently being used at insurance companies, and how might that change over the next five years?
“Analytics has been used in the insurance industry for a very long time. Until recently, the models were found in pricing and underwriting areas. These are actuarial models, and the advent of data science came with the availability of a lot of computer resources being available and new technical tooling that created something of a Renaissance in modeling not just within insurance, but it certainly exists here as well.
If you think about the ingredients of data science or advanced analytics organization and what it takes to do that, you have data, you have people and you have tools. The tools in this case are software products and compute. Insurance companies are sitting on piles of data, and they have been for a long time. They've been hiring smart, analytical folks for a long time. Many of the new folks that are coming out of university have experience with this new tooling, so it's only natural that they want to use it in the course of their profession.
So, we're talking claims, marketing, customer relationship management, new customer acquisition, all the places that you would expect they're rich in data. They don't carry the regulatory and compliance requirements of areas with filed models. There's a lot of work to do there. When you don't have to explain a model to regulators, you can use more sophisticated techniques than the GLMs (generalized linear models) they are using in actuarial models. Let me be clear in saying that I am not implying any bad action or nefarious goals on the part of the carriers - it’s simply easier to innovate around the edges of regulation.
As we look to the future, the rate at which models are built and deployed is going to accelerate dramatically. It's driven by better data management, better technology enablement and a corporate maturity around this function, but not everything is going to go, go, go. The NAIC (National Association of Insurance Commissioners) has indicated a clear interest in understanding what advanced models in these areas are doing and where they've been deployed.
As we move through these next few years, there will be both increased oversight and inquiry and regulatory changes around models and advanced modeling. Whether it will be a broad action via the FTC (Federal Trade Commission) or another non-insurance specific federal agency, or uptake of an NAIC model law by state DOIs (Department of Insurance) is yet to be seen, but regulation in some form is coming. Internationally, there is a European Commission (EC) draft Artificial Intelligence Act that is likely to pass this year. While the exact wording is yet to be determined, the current iteration classifies a number of areas of insurance modeling as ‘high risk’, including premium setting, underwriting and claims. High risk models will be subject to an array of compliance requirements.
The wild west for AI in insurance is over. Carriers need to think intentionally about how to meet these governance and compliance needs in the future.”
What will happen to insurers if the EU commission bill goes into effect?
“There's a number of high risk areas and some that are lower risk that'll be affected as well, but it's going to be pretty impactful to carriers that are operating in Europe. First, there's going to be a generalized panic for affected industries and companies to come into compliance. I’d guess that the allowed time to come into compliance is going to be a year or two. There is going to be a crunch to figure out how you do meet the compliance requirements in a market that really isn't mature yet.
Second, you can compare it to what happened with GDPR (General Data Protection Regulation) and California Consumer Privacy Act. So, European law around data management came out and what happened?
Well, there's a number of municipalities within the United States that looked at that law and said, ‘Ah, there's some things there that we like, we're going to adopt some of that language rather than spend the time drafting it ourselves’. I would expect some of the language from the EC bill finds its way into state and regional law in the United States, perhaps federal as well.
Third, insurance carriers with European exposure are going to be forced to put strong AI governance assurance and compliance practices in place to comply with the EC bill. They'll be in a strong position to translate their experience and meet the needs of the US market as it changes. This could be a strategic advantage for those carriers - they'll be able to continue to use the most valuable modeling techniques and be able to meet the governance and compliance requirements based on their experiences within Europe.”
Are there any other parallels in the history of insurance regulation compliance?
“We are a regulated industry, so you can probably draw parallels across a bunch of different things. If you look at the way the cyber security model law was drafted by the NAIC, and how it progressed, what was the process? I like that as a comparison because it's also something that regulators don't and shouldn't be expected to explicitly understand. This is a very technical topic, and you need specialists to understand it.
In this case, what they did is publish a set of principles around what good compliance could be. Then, model law followed after they talked to industry and brought in experts to help them figure out how exactly this might best fit. In the case of AI, while I don't expect any model law to come out this minute, I do expect the NAIC to be doing work this year. It's going to take a little bit longer, but the parallels are really tight. It's going to have to use industry experts to help inform the language and make sure the language is not overly restrictive of innovation but also protects the customers.
There are four things that I think you could expect to come out of there that also came out of cyber. Proactive identification and mitigation of risk, ongoing monitoring and reporting, the responsibility for third parties and certification of compliance to regulators. We at Monitaur think of these as the points, really rolling up to what we think of as good practices versus a prescriptive approach. Not, ‘you must do X using Y’. More of how are you showing that you're managing to these principles and showing the regulators that you're doing the job that we've asked you to. We believe that's the way that it's going to go.”
What have you learned about community building, and why is it so important?
“This is something that I really love, regardless of the amount of time I end up putting into it. There are a few common threads I believe help contribute to strong communities. One is providing value for everyone, and part of that is being inclusive with people. It's not just what the people look like or where they came from, it's the industry and what you're talking about. I think it's important to be inclusive to people that are just curious, make it accessible. Those folks bring a perspective that you wouldn't otherwise have.
Another is I like helping people build new connections, and I try to support doing so in a couple of ways. Sometimes that presents as introducing junior folks to folks that may want to hire them, or typical networking - bilateral introductions for fold with common background, interests or goals. I also intentionally choose events and venues that bring people together and create an environment where people that don't know each other well talk to each other. It's great to have a meetup once a month or happy hours every once in a while - social events are helpful and valuable for communities. Mediums like Slack channels where members can interact and ask the community questions in a more informal way are great. Meme sharing can go surprisingly far in fostering a sense of shared experienced”
How will new complex models being submitted to regulators change the industry?
“Right now, the most sophisticated modeling techniques in rate filings are assembled with GLMs. The insurance industry has used them to great effect for a long time, but there are a lot of more sophisticated models out there. I think there's an opportunity here for a forward-thinking carrier to influence a single state, to use a more effective modeling technique and open the flood gates.
It could provide a strategic advantage for that company in that state, and set some precedent around how it might happen. I don't think this is going to happen until the NAIC communicates its expectations around models, AI in particular. Once that's in place, there’s a natural path to saying these are the things we're doing. You're telling us that you trust these things because we're meeting all of the guidelines. How can we take the next step? I'm really excited to see how the industry moves.”