Remarks by Gerry Cross, Director of Financial Regulation - Policy & Risk

These remarks were delivered at a Central Bank of Ireland Insurance Industry Event on Responsible Use of Big Data and Related Technologies, 24 June 2024.

Good afternoon. You are all very welcome to our workshop today on the topic of Responsible Use of Big Data and Related Technologies in the insurance industry. We are pleased to bring together a diverse group of stakeholders, from a range of functions within insurance and reinsurance undertakings, academia, professional services firms and industry representative bodies. The range of perspectives and experience that you all bring to the topic will very beneficial in the discussions that we will all have on this topic today.

Our workshop today cuts across two main themes within the Central Bank’s Strategy; future-focussed and open and engaged.

Change, innovation and technology are a key part of the financial services landscape both today and in the future. We recognise the many potential benefits and opportunities that technology brings to financial services and consumers in Ireland and in Europe. It is important that these benefits can be realised, whilst also ensuring that the challenges are well understood and the risks managed.

Regulation plays a crucial role in the safe, and therefore enduring, adoption of innovation into the system and needs to be forward looking to support the rapid pace of change in this area.

We recently concluded our consultation on enhancing the Central Bank’s engagement with innovation. For a summary of the responses we received and our finalised proposals you can take a look at our recently published Feedback Statement which is on our website.¹

We have enhanced the functioning of our Innovation Hub which seeks to help innovators to gain a deeper understanding of our regulatory and supervisory expectations by sharing our perspective on innovation within financial services including with our subject matter experts.

We are establishing an Innovation Sandbox Programme. This new facility will be outcomes focused, providing regulatory advice and support for participants while adopting a thematic approach in relation to innovating technology. Its aim is to enhance and support innovative technology outcomes in line with the public interest, to facilitate the mutual understanding and development of new ventures, innovative business models, and new ways of serving customers and potentially expedite the deployment of substantially new technologies, new products, or new services across the ecosystem.

In this new sandbox we will bring together a focus on identified themes, structured programmes, regulatory expertise, and technological innovators in an effort to catalyse and support enhanced outcomes in the common good.

In tandem with our future-focussed theme and in the face of the rapid pace of change and a recognition of the benefits of understanding our stakeholders’ perspectives, we have adopted the strategic theme of being Open and Engaged.

Engagement with our stakeholders is a priority for us. We seek to listen and learn so that we can contribute to building trust in the financial system and foster a wider understanding of our role.

In recent years, we have been working to transform how we engage with our external stakeholders focusing on changing our culture of engagement, building dialogue and extending our reach to new groups of stakeholders. The establishment of the Financial Industry Forum and its sub-groups and our annual Financial System Conference, as well as other initiatives, have provided us with new and enhanced opportunities to engage with our broad range of stakeholders on issues that are affecting the financial system. Later this week we will publish our new Open and Engaged Charter for 2024-2026 which lays out our approach to effective engagement and ensures our stakeholders know what to expect when they engage with us.

In meeting you today, we are committed to learning from your experience and understanding of the use of Big Data and Related Technologies in Insurance to inform our work and to enhance our overall policy-making in this space.

Context and the Central Bank’s work to date on this topic

Turning to the context for our workshop today, this is one of a series of pieces of work on the broad topic of increasing digitalisation and use of Big Data within insurance specifically and more generally across the financial services industry.  It comes at a time when we have greater clarity around the EU AI Act and where we are seeing the application of AI and generative AI tools such as ChatGPT being adopted and used by insurers across a broad range of business processes. 

We have already engaged with a number of insurance firms in the recent past, in particular in relation to the research project on Data Ethics in insurance which was supported by DGREFORM and delivered in partnership with KPMG which aimed to further develop the Central Bank understanding of the nature and extent of the use of big data and related technology - which for ease I will refer to as BD&RT from here on - generally and across the insurance value chain.  We also carried out a Digitalisation in insurance survey to develop a high-level understanding of the adoption and impact of digitalisation across the insurance value chain.

So, what did this work tell us and why are we focused on further developing our views in this area; which will be hopefully enhanced and developed by the discussions and inputs today.

We already know that the insurance industry is inherently very data-centric - with data-led decision making at the heart of insurance risk assessment, underwriting, and claims management. The rapid and ongoing technological advancements present increased opportunities for, amongst other things, the collection and processing of more granular and personalised data to inform firms’ decision making and for more efficient business processes, which can result in benefits for consumers and firms.

However, with these benefits comes the potential for new or increased risks, including:

• The inappropriate use of data and technology, which could give rise to unfair treatment of, and negative outcomes for, consumers e.g. bias, inappropriate use of personal data, and data privacy concerns
• That digitalisation is not appropriately integrated, overseen or managed within the existing operational and organisational structure of the firm. 

As insurers acquire and analyse, store, process and create ever greater amounts of data about their policyholders and potential customers, the ethical and responsible use of data becomes all the more important.

The main considerations from our research relating to the use of BD&RT within the insurance sector include;

• As part of its overall governance and risk management framework, insurers’ boards should carefully consider the deployment of BD&RT and clearly assign responsibility for its use and deployment.
• Where firms use BD&RT to support decisions that have an impact on consumers, they should do so in a manner that complies with all relevant prudential and conduct requirements and the use of BD&RT should not result in negative consumer outcomes.
• That new prudential or consumer risks may arise and crystallise, or existing risks may be amplified through the use of BD&RT. 
• That the potential drivers for these risks are poor data management, ineffective model management and ineffective governance.

There is a need for a proportionate approach in relation to the use of Big Data and Related Technologies and we recognise that not all uses pose the same level of risk to prudential or consumer outcomes. Insurers will adopt differing degrees of use of BD&RT and it is important that the supervisory approach is proportionately aligned with this use. For example, a use of BD&RT to automate internal processes in order to drive efficiency within an insurer may not be as potentially impactful from a prudential or consumer context, as a use of BD&RT in pricing and underwriting.

An important further thought is that existing regulatory frameworks, covering prudential and conduct requirements, as well as regulations in relation to insurance distribution and data protection, set out principles and requirements that are equally applicable to the use of BD&RT by insurers as they are to other significant activities or risks they face. On that basis, it is important for insurers to assess and consider the relevance of these requirements in the context of their use of BD&RT.  A Geneva Association paper from last year on the Regulation of Artificial Intelligence in Insurance: Balancing consumer protection and innovation illustrates this reality well:

Even in the absence of AI-specific regulation, AI in insurance is not in a vacuum; for example, it is already subject to data-protection and insurance-distribution regulation. When developing their approach to AI in insurance, policymakers and regulators should leverage and build on these regulations in order to strike the right balance between protecting consumers and enabling innovation.

This is the balance that we need to strike, to ensure that we build on the existing regulatory framework to guard against new or exacerbated prudential or consumer risks arising, while at the same time providing an environment where innovation can flourish and be facilitated for the benefit of insurers, policyholders and broader society.

Our involvement in European and International work

At a European level, we are engaged with the broader work on digitalisation, data ethics and Big Data, in particular in the various projects and work plans that are led by EIOPA.  In particular as we move through 2024, there will be increased focus on the AI Act and how it will be relevant for the insurance sector, in particular in light of the high-risk use cases identified within the Act.  We are pleased to be joined today by our colleague Julian Arevalo from EIOPA to provide an update on the AI Act and the insurance-specific programme of work planned for 2024 and onwards in order to support insurance undertakings and competent authorities alike in addressing the requirements set out in this important legislative package.

At an international level, we are also active participants in the work on AI and Big Data led by the International Association of Insurance Supervisors.

Consumer Protection Code Review

We need to also look at the topic of responsible use of BD&RT in the context of the Consumer Protection Code review. Within the updated Code, we are proposing to introduce new provisions on digitalisation. These seek to ensure that firms are able to take the opportunities provided by digitalisation in ways that are consistent with their responsibilities to their customers. They are required to deploy a customer focus in the design and implementation of digital services and delivery channels. In line with securing customers’ interests, they should ensure that the use of technology is not applied in a way that would seek to exploit the behaviours or habits of customers where it has the potential to cause customer detriment. Importantly, firms transitioning to a digital-based business model must carefully consider customer impacts of the changes and identify appropriate mitigants.

IAF 

It is timely to mention the Individual Accountability Framework. The IAF is designed to improve governance, performance, and accountability in firms providing financial services to individuals and businesses by establishing a framework of enhanced clarity as to who is responsible for what within firms. Specifically, given the Senior Executive Accountability Regime takes effect this day next week, those firms subject to the Regime will be setting out the responsibilities of each executive PCF in their Statement of Responsibilities and have developed a Management Responsibility Map for the firm documenting key management and governance arrangements.

Today’s workshop

Today, as part of our workshop discussion with all of you, we will set out the Central Bank’s thinking on a number of broad themes in relation to the use of Big Data and Related Technologies. Specifically, we will aim to elicit your views and feedback on a range of good practices that could be put in place to mitigate against the risks posed by the use of Big Data and Related technologies, from a prudential and conduct perspective.

In conclusion, you can hopefully get a sense from my remarks as to the extent of the interconnectedness between the responsible use of BD&RT with a number of the Central Bank’s other key strategic initiatives.  In the workshop today I would encourage your active participation; please give us your views and feedback – all opinions and views are welcome and will help us jointly shape our policy thinking on the exciting challenges and opportunities that BD&RT bring. Thank you for your attention and enjoy the workshop this afternoon.

¹Press release, Central Bank of Ireland announces plans to establish Innovation Sandbox Programme in 2024, 4 Jun 2024