Details
- Publication date
- 11 September 2024
Description
The importance of data analytics in insurance makes cloud computing and artificial intelligence (AI) key strategic technologies for the sector. These technologies are closely intertwined; integrated platforms from cloud computing service providers simplify and therefore accelerate the deployment of AI by insurance undertakings across the insurance value chain.
Most European insurance undertakings already use cloud computing, with the services commonly outsourced from large technology companies (commonly referred as “BigTechs”). According to EIOPA’s 2024 report on the digitalisation of the European insurance sector (hereinafter EIOPA’s Report), 80% of respondents already outsource cloud computing storage services from BigTechs.
Cloud computing service providers often cross-sell different services alongside data storage or basic compute capacity. As shown in EIOPA’s Report, Software as a Service (SaaS) is the most common service purchased from cloud providers by insurance undertakings. In addition to data storage services, SaaS packages typically include services such as IT security programs, marketing platforms, anti-money laundering (AML) screening tools, Customer Relationship Management (CRM) solutions and other data analytics services, including AI.
EIOPA’s Report shows that 50% of the respondents already use AI in non-life insurance and 24% in life insurance. An additional 30% and 39% of respondents expect to use AI in the next three years in non-life and life insurance, respectively. Furthermore, 66% of the reported AI use cases were developed in-house by insurance undertakings themselves, while the remaining 34% were outsourced from third-party service providers.
The expectation is that the use of both cloud computing and AI will considerably increase in the years to come in view of their significant benefits, including enabling the development of more efficient and automated processes or allowing insurance undertakings to generate value for their customers by offering them new products and services that are more tailored to their needs and characteristics.
But the adoption of modern technologies also entails risks, with cyber security and data privacy issues being the most material risks perceived by insurance undertakings that participated in EIOPA’s Report. The concentration of cloud computing within a reduced number of service providers can also raise relevant operational resilience issues.
The introduction of Large Language Models and Generative AI solutions, which are also typically developed by large technology firms and research institutions, introduces further complexities. These models bring new or amplified risks and opportunities and can make it more difficult for downstream users such as insurance undertakings and intermediaries to address these risks, while also requiring the up-skilling of staff and new governance approaches.
Insurers need to keep pace with these developments to remain competitive, yet the adoption of these technologies can pose organisational challenges. According to the insurers that participated in EIOPA’s Report, issues related to acquiring adequate talent and skills and the transition from old legacy systems to new platforms represent the most relevant constraints.
Regulatory frameworks also play a key role in this process. They should facilitate innovative data ecosystems, for instance by enabling access to relevant datasets as it is done under the Data Act, the Data Governance Act, or the proposal for a Regulation on a Framework for Financial Data Access (FiDA). Regulatory sandboxes and other innovation facilitators, such as those promoted in the AI Act, and which already exist in the financial sector for several years in line with the principle of proportionality recognised in Solvency II, can also be seen as a positive development.
In addition, while insurance legislation such as Solvency II or the Insurance Distribution Directive already regulate operational risks as well as the use of AI by insurance undertakings, new regulations such as the Digital Operational Resilience Act (DORA) and the AI Act aim to update the legislative framework for the digital age: by ensuring robust operational resilience frameworks against cyber-attacks and promoting the responsible use of AI systems that deliver fair outcomes to consumers. For example, the AI Act recognises the shared responsibility of the different actors throughout the AI value chain (developers, deployers, importers etc.), while insurers remain ultimately responsible for the critical activities they outsource under Solvency II.
Navigating the different regulations and their potential overlaps can be complex and not always straight-forward. EIOPA is committed to supporting the consistent and proportionate implementation of existing and new provisions as the regulatory landscape evolves, including by training supervisors in modern technologies through initiatives such as the EU Digital Finance Supervisory Academy. The aim is to ensure that stakeholders harness the benefits of digitalisation while safeguarding customer protection and financial stability in the markets.
Thanks to Julian Arevalo & Santiago Escudero Ossorio for their contribution to this article.