There is no doubt that there are enormous potentials for the insurance sector to exploit blockchain, but like any new technology, it will also lead to further legal risks.
The Bank of England defines blockchain as
“a technology that allows people who don’t know each other to trust a shared record of events“.
The main peculiarity of the blockchain is the existence of a shared record, a ledger, distributed to all the participants allowing multiple parties to transfer and store information in a space that is secure, permanent and easily accessible.
The McKinsey Panorama Fintech database currently registers over 200 blockchain-related solutions, of which about 20 provide use cases for insurers that go beyond payment transactions – either as specific applications or as base platforms. Also, even traditional insurance companies, such as AXA and Generali, have started to invest in blockchain applications and Allianz has just recently announced its successful pilot of a blockchain-based smart contract solution to automate catastrophe swap transactions.
Automate underwriting and claims handling, but also fraud detection
The most common usage of blockchain in the insurance sector is in the automation of underwriting and claims handling. Indeed, if applications for insurance policies, contract terms and claims are recorded in a blockchain, a so-called “smart contract” can automatically
- select the applications that should be accepted and the applicable terms, including pricing,
- pay premiums on the occurrence of the conditions set out in the contract,
- identify frauds and
- potentially profile customers/claimants in much more detail.
The above can be achieved, relying on data that can be obtained through the sensors of telematics devices and/or public and private sources. Internet of Things technologies can, for instance, enable to have a full understanding of the reasons leading to an accident in an industrial plant or involving a car and, if such data is recorded on a blockchain, the payment of the premium can be almost instantaneous.
But if the same IoT technologies can record on a blockchain the information obtained from public and private sources about the loss of a luggage during a flight, a customer might receive the payment of the premium from his travel insurance company even already at the exit from the airport, rather than after weeks or months.
Also, a blockchain where all claims from different insurance companies are recorded can help to identify frauds since, for instance, it can detect if more than one claim has been filed for the same accident or if a customer is “blacklisted.”
This scenario would be a revolution for the insurance sector, not only in terms of more efficiency for customers but also regarding cost savings as no liquidator would be involved since the process would be fully automated.
Privacy restrictions are not “friends” of full automation
One of the leading privacy issues that might derive from the usage of blockchain in the insurance sector is that the upcoming EU General Privacy Regulation provides that individuals
“shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her“.
Exceptions to such rule apply when an automated decision is either provided by the law, such as in the case of fraud prevention systems or is necessary to enter into a contract or is based on the individual’s prior consent. But, in the latter two scenarios, individuals will still have the right to obtain human intervention to express their point of view and to contest the decision which is commonly known as the right to receive a justification of the automated decision. Therefore a system which is 100% automated can exist, but a right of appeal to a human would be still possible.
Likewise, the deep automated profiling of individuals required to ensure the immediate action by the blockchain implies the need to collect personal information from different sources and this shall comply with the strict regime introduced by the EU General Privacy Regulation which provides sanctions up to 4% of the global turnover of the breaching entity or € 20 million, whatever is higher. A so-called “data protection impact assessment” and a privacy by design approach focused on data minimization and security of technical and organization measures implemented shall be put in place.
Lack of full control of blockchain might lead to legal risks for insurance companies?
But the above is not the sole risk associated with the usage of blockchain in the insurance sector. I already discussed the topic in this previous blog post “What is the liability deriving from the blockchain?” of the potential liabilities that could derive from the lack of control on a blockchain are very relevant. On the other hand, if insurance companies rely on a private blockchain, they might lose some of the benefits in terms of security and ability to collect data from different sources that are the strengths of such technology.
All in all, I still believe that blockchain will be a real “revolution” for the insurance sector, but the implementation of such technology will require a quite in-depth legal review to avoid potential risks.