Insurtech Revolution in India: Challenges, Regulatory Gaps & Future Trends

1. Introduction

The modern era is frequently referred to as the “information age,” with data and technology acting as the primary forces behind the major economic sectors, including the insurance industry. Numerous InsurTech (insurance and technology integration) startups have emerged in the insurance industry as a result of the advances in technology.

Although InsurTech is still in its infancy in India, it has replaced traditional insurance distribution channels to enhance client satisfaction. Despite changes in the insurance industry that emphasise customer satisfaction and accessibility as a result of technological breakthroughs, such changes represent substantial risks. Additionally, given that technology has not yet advanced to the point where it can entirely replace the conventional insurance model, it would be interesting to watch how InsurTechs integrate technology into the existing insurance paradigm

Furthermore, the problem is made worse by the lack of any specific regulations for insurtechs. The risks to data security and privacy are also major issues for the use of technology in the insurance industry. The authors of this paper have examined the influence and functions of insurance technology companies in India. The paper goes on to assess India’s regulatory framework for insuretech and if it is sufficient for such reforms.

2. Insurtech: Analysing The Brain Child Behind The Idea

The insurance sector, which is closely related to banking and finance and has recently given Fintech a lot of attention, has decided to support this business as it modernises, digitises and grows utilising new technology. The term “Insurtech” describes the commitment of the insurance sector to innovation and the development of new goods and services. Utilising cutting-edge technology to enhance and expand a sector’s business strategy is what it means by this. It is the result of the interaction between the insurance sector, digitization, and disruptive innovation techniques.[1]

The very latest adoption of cutting-edge methodologies like machine learning, artificial intelligence, or big data into the insurance sector, as well as the coming up of start-ups focused on offering this type of ideas to produce intrusive insurance products, have strengthened and consolidated Insurtech. Many of the aforementioned technologies are used by Insurtech companies. But by providing answers to customers’ problems, they all want to outdo established, big enterprises and gain a larger part of the market. Contrary to other businesses and products, many customers find the lengthy, slow procedures of traditional insurance models to be annoying. Insurtech startups are aware of this and want to do something about it.[2]

In traditional insurance business models, customers are grouped based on risk classifications. Some members will ultimately overpay for their insurance because of the broad nature of these groupings. Using actual data rather than statistical models, Insurtech enterprises are seeking to create more specialised risk categories. They can now more easily offer a price strategy that is more aggressive.

Customers demand more affordable insurance, but when Insurtech is implemented properly, there are additional benefits as well. These include products and systems that are speedier, simpler, and more customised. Fascinating developments are beginning to occur in spite of the fact that the insurance industry is a complicated, high in regulation with many legal requirements.[3]

The potential for increasing price competitiveness is the first scenario. The price of insurance shouldn’t be influenced by other people’s risk profiles. A person’s insurance can be tailored to take into account their particular finances, personal goals, lifestyle, and health. The industry has a chance to improve its infrastructure, handle claims more effectively, and put scenario-based insurance policies in place. The easier it is to obtain insurance, the better, as it is now a crucial tool for securing one’s financial future.

3. Insuretech: Whether There Exists Regulatory Gap?

The existence of regulatory gaps is one of the main obstacles to integrating technology into the heart of the insurance market. The Insurance Act of 1938 and current regulations issued by IRDAI for particular domains make up the majority of the regulatory framework for insurance in India.

The RBI and SEBI, among other Indian authorities, took action in 2019 to broaden the market’s acceptance of new technology, particularly in tightly regulated industries like financial services and insurance. IRDAI has recommended legislative amends to motivate the implementation of technology in the insurance industry, notably in the health and life insurance sectors.

A 2017 proposal, IRDAI suggested changing the regulations governing auto insurance to accommodate telematics use while also safeguarding customer privacy from companies that rely on telematics for their operations.[4] IRDAI also established a working group in 2017 to investigate “the legal framework for allowing the use of wearable/portable devices in the insurance sector.”[5]

The approach used by IRDAI might be viewed as an effort to look into the legal loopholes and barriers that limit the adoption of technology in the insurance sector. Although the current legislative framework does not explicitly forbid using technology, it is a truth that doing so would be inconsistent with the technology’s rapid development. The legal system that controls the insurance industry in India was never intended to adapt to fast changing technology, therefore it is still unclear to what extent technology may be incorporated into the sector.

“IRDAI released an Exposure Draft of the IRDAI (Regulatory Sandbox Regulations, 2019” (Exposure Draft), to relieve public of the concerns relating to the legal framework and enable technology exposure to the Indian insurance market. Instead of overhauling the entire system to permit the insurance sector’s rabid modernization, the exposure approach was intended to encourage supervised testing of technology adoption.

3.1 What Sandbox Committee and Exposure Draft Has to Say

The working committee created for wearable technology suggested the notion of introducing technological innovation in India’s insurance industry. In response to this suggestion, IRDAI established a ten-person committee (the “Sandbox Committee”)[6] to examine potential plans for implementing a regulatory “sandbox” for the Indian insurance industry. In accordance with the exposure draught that IRDAI produced, the Sandbox supplied the core foundation for the regulatory sandbox.

The sandbox committee takes into account every regulatory aspect associated with the use of technology and the framework in other jurisdictions to ensure a legally sound approach to constructing the Sandbox.

The following are the recommendations the Sandbox Committee made:

• Testing both innovative and disruptive products and services that pose new regulatory difficulties should be done in the Insurtech Sandbox in order to determine the degree to which existing regulations need to be strengthened.
• A unique exemption, permission, or other temporary exceptions may be provided to the applicants testing their ideas. The IRDAI must, however, clearly state the legal requirements that all applicants must comply to. These could include “fit and proper” standards specified by IRDAI, rules against money laundering, requirements for secrecy, and protections for policyholders.
• Customers should be properly informed about their participation if they are to be a part of the Insurtech Sandbox.
• If necessary, a designated committed corporation should have the power to waive or modify any legal or regulatory restrictions in order to conduct the experiment under the supervision of technology. Additionally, the insurer should be held accountable for any losses the insured suffers as a result of a technology’s testing.

3.2 Analysing The Flaws in The Draft

The following are the exposure draft’s primary flaws as presented by the IRDAI:

• There are no specific “fit and proper” requirements: According to the Sandbox Report, every applicant interested in participation must meet the “fit and proper” requirements. However, neither a “fit and proper” requirement nor a duty to meet any such need are mentioned in the draft. Additionally, the Sandbox Committee report said that candidates needed to have a net worth of at least Rs. 25,00,000. However, this requirement was reduced to Rs. 10,000 in the Exposure Draft.

Furthermore, the exposure draft did away with the necessity that candidates submit their applications in a specific format in order to be considered for the Insurtech Sandbox. The reasons for their exclusion from the Insurtech Sandbox are unclear due to the lack of a precise definition of what “fit and proper” means and the amount of information that must be disclosed when applying to the IRDAI generate regulatory.

It may also render the IRDAI’s choices on whether to approve or deny applicants susceptible to a challenge based on arbitrary administrative exercise given the absence of regulatory certainty.

• Individual Exclusions: Individual access to the InsurTech Sandbox is prohibited, according to the Exposure Draught. It is perplexing why the IRDAI has proposed such an exclusion given the rise in insurance companies run and marketed by individual promoters. The Sandbox Report does not support this exclusion, either.
• No rationale is necessary for revocation: The IRDAI may stop allowing a proposal to be tested under the terms of the Exposure Draft if it decides that the proposal is unlikely to be successful in attaining its goal. This begs the question of whether the IRDAI will permit the participant to support the advancement of the proposal or make any adjustments that will aid in its achievement of its stated goal.

The participant would suffer because they would have put in money in the testing of their plan, and a decision to remove testing permission without giving the participant a meaningful chance to defend themselves would be unfair to them.

• Vague description of “Regulatory Sandbox”: According to The Sandbox Report, a regulatory sandbox is a real-world testing setting. However, the definition in the Exposure Draft does not include the term “Regulatory Sandbox”. Market players must rely on the Sandbox Report despite the fact that the IRDAI and the Sandbox Committee have comparable goals due of concealed restrictions.
• There are no safeguards for the insured’s protection: According to the Sandbox Report, the applicant using the Insurtech Sandbox is required to disclose to clients that they are taking part in an experimental testing phase and any risks involved. On the other hand, this is not mentioned in the Exposure Draft.

3.3 IRDAI (Regulatory Sandbox) (Amendment) Regulations 2022

The process of filing applications has been made continually in order to foster technological advancement and innovation in the insurance industry continuously. The duration of the experimentation was extended from “6 months” to “up to 36 months.” A provision to review rejected applications was also added, among other changes. A Committee on Regulatory Sandbox has also been established, with participation from business and academia. This committee will assess test designs, screen applications, and suggest applications for experimentation. The IRDAI Insurtech Team will serve as the Regulatory Sandbox secretariat and single point of contact for all applications submitted to the sandbox.

3.4 Recent Transformations

The regulator now places more emphasis on growth than regulations. The regulator has now established numerous internal committees to oversee various facets of insurance regulation. And a number of Insurtech business members have obtained places in these committees. They are able to better express their thoughts and opinions to the regulator thanks to this. On a regular basis, the IRDAI chairman and the team of members hold open-forum discussions with industry players. Founders who have participated in such sessions claim that new ideas and problems are discussed there.

The goal of providing insurance to everyone by 2047 calls for the extensive use of technology and the elimination of bureaucratic red tape. For instance, the regulator permits businesses to introduce products before submitting an application for approval. Given the scrutiny these draw and the time it takes to launch in the market, this is a significant reprieve for an industry that has historically shied away from developing innovative products.

Although incentives are the driving force behind the entire fintech industry, they are forbidden by the Insurance Act from the era before independence. According to the Act, no one is permitted to give a consumer a discount or any other kind of inducement. Therefore, incentives such as cashbacks or even a free service can be considered. Through the Insurance Law (Amendment) Act of 2023, the regulator has taken on the responsibility of updating the outdated regulations.[7]

The regulator altered the way commissions are structured for insurance agents in April. It placed a general cap on administration expenses for the insurer rather than limiting commission payments for various product categories. The agency has suggested a lifelong licensing for intermediaries rather than requiring yearly renewals. It has increased the number of partnering prospects for insurance marketing companies and corporate agents.

4. How Insurtech Creates the Difference in The Traditional Insurance Sector?

Technology-driven innovation is radically changing the insurance industry. New technologies like automation, telematics, machine learning and artificial intelligence, have changed almost every aspect of the insurance value chain while also improving multichannel customer experiences. However, the same might also entail certain difficulties.

Following are some of the primary implications of insurance technology:

4.1 Underwriting Through Artificial Intelligence

Insurance is the art of risk pricing. AI gives insurers who use it a competitive edge by increasing the accuracy and efficiency of the risk assessment process. Underwriting is the process by which insurers assess risk and determine rates to accept it. But is there any decision-making in underwriting that cannot be automated? In-depth consumer risk profile research is required for risk assessment and pricing. Due to this, manual underwriting takes a long time, is prone to errors, and could lead to pricing that is not appropriate. As a result, AI is an excellent fit for the risk-price and underwriting processes.[8]

Conventionally, insurance underwriting has involved acquiring a lot of data from various sources, organizing it, and then assessing it to make a decision. Traditional underwriting relies on historical data to create criteria for risk assessment. Forecasts made from historical data are sometimes inaccurate. Also, manually collecting new data on a regular basis is expensive. Underwriters must therefore decide whether to accept greater costs and the risk of losing clients in return for slower processing times, or whether to accept the risk of missing data in order to process submissions swiftly and inexpensively.

However, AI has made it possible to improve insurance underwriting by the following ways:

• Economical pricing: When underwriters have a greater understanding of risk, they are better able to select fair and profitable pricing that matches risk profiles. Using machine learning algorithms, insurance companies can price risk more reasonably. AI-driven technology can potentially provide a dynamic pricing structure based on real-time data. Profitability can be increased through refining procedures, setting more competitive prices, accelerating time to market, and assuring customer satisfaction and loyalty.
• Organized application handling: AI can significantly speed up the review of applications. Underwriters may automate data collection, data extraction, form filling, and other time-consuming, repetitive tasks. These technologies can assist underwriters obtain and organize vital information without the need for them to personally review each document from conventional or non-conventional sources.
• Better risk assessment: By using machine learning models and other analytical techniques, underwriters can better understand the risk associated with a client’s profile. By incorporating information from internal and external sources, such as third parties, location, etc., these models may be able to learn from the past and predict the risk profile of new submissions. Underwriters may save a significant amount of time often spent on data analysis and can therefore make better informed decisions because computer models are better than humans at finding patterns in large datasets.

4.2 Product Flexibility

It’s important to be flexible. Customers demand options, so insurers must be able to deliver them. Most insurance companies are increasingly considering more individualized, modular solutions. The modular approach is crucial for giving customers the most flexibility available. Insurtech is prepared to offer the necessary flexibility for the future growth of these insurers.

The primary business systems that insurance companies utilize frequently have computational resources that are fixed but have a propensity to expand and decrease quickly. The systems are not able to effectively meet the constantly changing resource needs of Internet services, in particular cause of the long scaling-up times and lack of flexible approach. By relying on AI’s virtually limitless processing power, insurance companies may quickly deploy resources to optimize company operations in the face of extremely time-sensitive, varied, and fragmented computing resource needs.

The following are a few of the main effects of the same:

• Improved claim processing: It is the most crucial insurance procedure. Chatbots may direct policyholders in documenting the damage with photos and videos, automating first notice of loss. Automating the investigation of initial claims: AI is used to interpret handwritten materials. As a result, insurers save time by not having to gather information from police records, consumer reports, and policy provisions that include information about the claim. Additionally, by automating payment arrangements, chatbots can tell clients about payment arrangements.
• Tools for customized insurance: A segmentation-based approach to risk assessment (such risk categories) is no longer required for insurance businesses. Customized risk assessment facilitates the provision of individualized services.
• Improving customer services: Chatbots reduce the price of customer care by automating it. As a result, insurance companies could use their employees to perform manual tasks that are still too complex for being automated.
• Greater customer satisfaction: Customers like quick response times. This has an effect on the insurance industry by progressively getting rid of middlemen like brokers and agents and helping customers buy protection straight from the insurance provider. With better data interpretation skills, insurers can assess risk more quickly and provide insurance services. This guarantees pleased customers.

4.3 Data Protection and Privacy

Understanding the data is the first step in determining the impact of insurance technology. AI systems are used by businesses to analyses data and discover trends and insights. The operational effectiveness of a corporation can then be improved using these revelations. The enormous amount of data that insurers are today creating, keeping, and analyzing is referred to as “big data.” Because big data and AI have been integrated, insurance companies can now understand their customers better. Big data and artificial intelligence are used to personalize messages more and make them more successful.

Today, privacy is a key concern while making transactions online. Although it can be sensitive, providing health-related information is necessary for obtaining and using health insurance. There is evidence that customers feel more comfortable utilising technology than people, but the increased use of AI may change this. Big Tech platforms have had a number of big issues involving the improper or defamatory use of user data, typically by unidentified third parties. Insurance businesses must ensure they are adhering to all rules governing data security and privacy so that to to keep the trust of their clients.

Consumers may not be knowing that their data is used to calculate insurance rates, according to a recent research report.[9] In the context of insurance contracts, the “datafication” of insurer operations may encourage excessive data collecting, posing a serious danger of harm. With the development of AI and Big Data, insurers may be able to gather information from non-traditional sources like social media, transaction history, wearable fitness trackers, telematics in cars, and customer loyalty programs.

There have been several recent ideas[10], such as refraining from using external data, limiting data use to only particular criteria, and mandating transparency. Enhancements to privacy regulations include stronger requirements for privacy policies and notifications as well as a cap on the amount of personal data that can be collected, used, and shared.

In our country, data privacy and protection were till now governed by the Information Technology Act and rules on good security procedures until the passing of DPDP Act 2023. The business community is beginning to understand how data breaches can expose companies to legal action, legal repercussions, and public criticism.

4.3.1 DPDP Act 2023[11] And The Indian Insurance Sector

India is now the 19th member of the G20 to have complete personal data laws thanks to the passage of the DPDP Act. The GoI shall announce the operational effective dates for each section of the Act. The Data Protection Board of India (DPBI), a new regulatory body, is created by the statute. In the usual course of business, the insurance sector gathers and processes client data pertaining to identity, biographic information, financial health, physical health, employment data, academic data, and property data.

There are some characteristics of the sector that are top of mind thoughts or challenges even though it is still early and industries are still trying to understand the new law:

• Consent Management: The DPDP Act requires that customers’ express, specific consent be obtained. For instance, data is gathered, examined, and processed in the realm of health insurance. Customers contribute raw data, but are there any restrictions on processed knowledge or insight? How should instances involving health portability be handled? What happens when the youngster turns into a major? Parental consent is required for health information pertaining to minors. When purchasing health insurance, the proposer provides information on behalf of the family. Is each member’s permission required as the information is personal? Can the act of renewal by the customer potentially be seen as a tacit consent for the future? What happens to the existing policies that have been renewed and continuing for years? For some of these issues, the sector will need regulations to serve as guidelines.
• Contractual responsibilities: The insurance sector works with a variety of service providers, both regulated and unregulated, including surveyors, TPAs, investigators, the legal system, forensic scientists, etc. The contracts must accurately describe each party’s obligations, both exclusive and shared. Such contract provisions ought to be standardised across the sector to allow for consistent application, interpretation, and comprehension.
• Nomination Rights: The nominee for obtaining personal data may differ from the nominee for financial purposes, whose right may result from a financial arrangement. Insurance companies will need to upgrade their systems to clearly record the nominations.
• Data Responsibilities: In the insurance sector, brokers act as customers’ representatives and are trusted with data to assist clients in selecting insurers, goods, and coverages. The Act places a heavy burden on brokers because they are the first point of data repositioning, and it extends to all insurers to whom they provide the data. Will the compliance obligation for data in each of these situations be divided or passed to both parties? Data submitted by clients to open marketplace systems appears to have an exception from a simple reading. Is there any arbitrage as a result?
• Data Retention: The DPDP Act allows customers to withdraw their consent, have their data erased, and receive confirmation; nevertheless, the IRDAI regulations, the Companies Act, and other Acts/Regulations require that data be retained for years. To enable the development of mechanisms for data inventory and policy for data erasure, requirements must be aligned with standards for precisely specifying the distinction between customer data and transaction data.
• Products for PAYD and PHYD telematics: Customers give their approval for changing driving profiles by purchasing the vehicle equipped with equipment. With the insurers acting as data processors, the OEM assumes the role of data fiduciary. In contrast to PHYD, where the driving profile is a personal data to which the risk-appropriate premium is applied, PAYD might be claimed to not share any personal data. Then, how are PHYD programmes to be run?

5. Conclusion

India’s insurance sector is being penetrated by Insurtech, which will eventually open the door for new business models and improvements to the status quo from both the demand-side and supply-side perspectives. Although technology will undoubtedly transform the insurance industry in India and provide insurers the advantage to assess risk effectively, the country’s legal framework’s gaps present substantial obstacles to the adoption of technology in the industry.

Along with limiting insurers’ use of technology, regulatory loopholes in the insurance industry also leave consumers with unanswered questions about data protection and privacy. To lessen privacy concerns, the IRDAI can also put in place ad hoc rules that guarantee customers a secure data environment. It will be interesting to watch how the various Regulators interpret the DPDP ACT 2023’s operational environment and the rules the Data Protection Board of India establishes for its administration.

However, if the IRDAI intends to continue offering a testing environment for insurers’ technology, it can first remedy the deficiencies in the Sandbox Regulations to build an ecosystem for technology adoption in the insurance sector. Additionally, even if the IRDAI decides that the market is all set for the introduction of technology, it should only do so gradually in a manner that would protect insurers. Overall, the recent shift of focus of IRDAI from hard and fast attempt of regulating the Insurtech sector to contributing more to its development and growth is something which can be seen in a positive light for a bright future of the Insurtech industry in India.

[1] Shakil Ahmad and Charu Saxena ‘Mapping of Insurance Technology (Insure-Tech) Research A Bibliometric Analysis’ (17 September 2023), Proceed 39-42.

[2] Charvi Devprakash ‘Scope of Embedded Insurance in Redefining the Indian Insurance Sector’ SSRN.

[3] Suryavanshi, U. “The Insurtech Revolution in Insurance Industry: Emerging Trends, Challenges and Opportunities”. International Journal of Management and Development Studies, vol. 11, no. 08, Aug. 2022, pp. 12-19 <doi:10.53983/ijmds.v11n08.002>

[4] ‘Discussion Paper- Telematics and Motor Insurance’ (IRDAI, 03 August 2022) <https://www.irdai.gov.in/ADMINCMS/cms/whatsNew_Layout.aspx?page=PageNo3208&flag=1> accessed 27 September 2023.

[5] ‘Constitution of a Working Group to examine ‘Innovations in insurance involving wearable / portable devices’ (IRDAI, 07 December 2017) <https://www.irdai.gov.in/ADMINCMS/cms/whatsNew_Layout.aspx?page=PageNo3333&flag=1> accessed 27 September 2023.

[6] ‘Constitution of Committee to evaluate applications filed under IRDAI (Regulatory Sandbox) Regulations. 2019’ (IRDAI, 25 October 2019) <https://www.irdai.gov.in/ADMINCMS/cms/whatsNew_Layout.aspx?page=PageNo3936&flag=1> accessed 27 September 2023.

[7] Pratik Bhakta, ‘IRDAI on transformational journey to tech insurance to masses’, The Economic Times <https://economictimes.indiatimes.com/tech/technology/irdai-on-a-transformational-journey-to-take-insurance-to-masses/articleshow/102618563.cms?from=mdr> accessed on 28 September 2023.

[8] Pawan Kumar, Sanjay Taneja, ‘Digital Transformation of the Insurance Industry’ (2023), Chapter 6 <https://doi.org/10.1002/9781394167944.ch6>

[9] Dorfleitner, G., Hornuf, L. & Kreppmeier, J. Promise not fulfilled: FinTech, data privacy, and the GDPR. Electron Markets 33, 33 (2023) <https://doi.org/10.1007/s12525-023-00622> accessed on 29 September 2023.

[10] Deepak Bhuvneshwari, ‘How the government initiates have optimised the Insurtech ecosystem in India’ (27 March 2023) The times of India <https://timesofindia.indiatimes.com/blogs/voices/how-the-government-initiatives-have-optimised-the-insurtech-ecosystem-in-india/> accessed 27 September 2023.

[11] The Digital Personal Data Protection Act 2023.

***

Authors:	Oshi Shrivastava	Krishna Lohia
Academic Year:	4th year BBA LLB students	4th year BBA LLB students
University:	National Law University Odisha	National Law University Odisha
Email:	20bba032@nluo.ac.in	20bba019@nluo.ac.in