Model Risk Management Insurance
The insurance industry has significantly increased the use of FinTech related to implicit and explicit models and modeling capabilities. This is helping the business tremendously from an efficiency perspective. At the same time, this introduces new risks. How to deal with these risks is still in its infancy with many insurance companies. Both because of internal recognition for the need for changing risk management as well as growing supervisory attention, the industry needs to prepare for implementing a proper Model Risk Management function.
Traditionally most modeling by insurance companies is done in actuarial calculations for liability risk, asset-liability management and capital management. The focus used to be mostly on the model itself and not so much on the governance and infrastructure. Regulations around these models, regulatory reporting requirements, and the Model Risk Management organization have increased substantially the last decade under Solvency II (DIRECTIVE 2009/138/EC). In insurers’ yearly Own Risk and Solvency Assessment (ORSA), this all comes together. These days modeling and reporting including the ORSA are supported by applications for Straight Through Processing (STP) reporting and applying consistency checks in data and reported figures.
Under Solvency II insurance companies have minimum requirements for the organization around their partial and full internal models (Articles 44 and 112-127). DNB uses the EIOPA “Guidelines on the use of internal models” for further detailing of this in their supervision of Dutch insurers. These are guidelines on model applications, model changes, model use tests, assumption setting and expert judgment, methodological consistency, profitability analysis, model calibration, model validation/audit, documentation, and the use of external models. In practice, small and medium-sized entities use the standardized approach, or the proportionality principle is applied. Therefore, the maturity of Model Risk Management organizations varies, which is justifiable and permitted. However, stricter enforcement of these guidelines is expected and hence most insurance companies need to improve the maturity of their Model Risk Management organization going forward.
With the rise of FinTech, Model Risk Management gets a whole new dimension. With improved technologies and computational power modeling is also used to improve efficiency and effectiveness of processes, introducing a specific type of model risk. This is recognized by DNB in the top 3 focus areas in their Supervisory Strategy 2018–2022, “Responding to technological innovation”.
Areas of FinTech development have been particularly operations and STP in underwriting, policy generation and claims management, as well as risk management, marketing and sales, with a data warehouse infrastructure and in the cloud solutions. Successful intermediaries have transformed into true FinTechs with white-label products and full STP processes, and successful insurance companies use a variety of APIs in their STP communication with intermediaries.
For many of these processes and activities, FinTechs apply Artificial Intelligence (AI) techniques. DNB and AFM write in their exploratory study “Artificial intelligence in the insurance sector” that insurance companies use both self-developed and externally acquired AI applications. Insurers’ own data, enriched with external data are inputs for these models. The use of AI they see within their supervisory domain is claims management, fraud prevention and detection, risk pricing, behavioral/dynamic pricing, customer acceptance, technical provisions, capital models, customer experience and risk selection. AFM and DNB have identified ten key considerations for the use of AI in the insurance sector in the areas governance and policies, data and model quality, ethics, the duty of care, and data privacy.
AI comes with additional requirements. This is because AI techniques often are less transparent than traditional models, making it more difficult to assess how the model will perform out-of-sample. It is less clear how the data used are transformed into an output, which may cause unconscious bias to arise (e.g. exclude individuals based on having a foreign name). Such bias in turn may ultimately lead to ethical issues and reputational damage. Furthermore, as a model for a specific client usually performs better the more client data is used, it is tempting to use all data that can be found in their own databases and using external sources. However, this may lead to data privacy issues. A healthy Model Risk Management organization also deals with these additional requirements.
To conclude: there are two important developments in the insurance sector in the last decade ask for the development of Model Risk Management capabilities. Significantly increased prudential and reporting requirements under Solvency II and the use of Artificial Intelligence techniques, caused model risk to increase and regulations to become stricter. We expect that insurance companies will need to take conscious action to enhance their Model Risk Management organization in the coming few years. This starts with creating solid governance around model risk, guided by policies and securing legal and ethical aspects, while still supporting the overall business case.