Thoughts On The Potential For P2P Insurance

Some interesting discussions these past few weeks about the potential for innovation and 'disruption' in the insurance markets. As ever, there are stark differences between areas that industry players see as ripe for innovation/disruption and the opportunities outsiders see...

A signficant source of this disconnect - and a great source of opportunity for outsiders - is the tendency for established institutions to view the market through the narrow lens of their own existing products and activities, rather than from the customer's standpoint. To really solve a customer's problem, a supplier has to understand the end-to-end activity in which that customer is engaged; and has to consider that it might need to collaborate with other suppliers in the process.

For instance, as a consumer of car insurance, it's important to understand that you don't simply drive you car. You drive it from A to B in the course of some other activity. Is it a one-off journey, or a commute? Does it involve both city streets, motorways and/or rural roads? What time of day is it? Are the road conditions always the same, often wet or sometimes extreme? Why couldn't I switch insurers, policies and/or premiums as these variables change? Could my car be covered by household insurance while parked at home? The answer hardly requires advanced telematics.

Another problem for insurers is their preoccupation with managing short term financial performance within regulatory capital requirements. This favours cost-reduction at the expense of more strategic, long term business development. In fact some insurers may be better off admitting they are simply running-off their existing book. [Update on 26 March: FT coverage of RSA's rights issue underlines this point - it's all about cost-cutting and disposals, to which CEOs have tied some nice incentives].

At any rate, this tells me that insurers will end up reacting to changing demand, rather than reinventing insurance in any substantial way.

The same goes for the insurance industry's attitude to Big Data. While large insurers are quite sophisticated exponents of Big Data, the industry is merely dedicating itself to persuading customers to disclose more and more personal data about themselves for use in marketing extra products, reducing fraud or improving claims-handling.

This ignores the evolution of personal information management services that go in search of products that are right for you personally. Insurers argue that's what happens on price comparison sites already, and the Cheap Energy Club takes that a step further. But we have not yet seen the truly personal 'open data spider' that some of us have been dreaming about. In that machine-readable future, the challenge for insurers won't be to find customers, but to be able to instantly formulate policies in response to customer devices directly peppering their systems with requests for tailored cover.

To be fair, there are also plenty of mistaken assumptions by outsiders about how insurance actually works (or doesn't) today, and which elements of the value/supply chain that are ripe for improvement or disintermediation. For instance, people forget the key role of reinsurers and reinsurance brokers in diffusing the risk of loss across many sources of capital.

So before disrupting today's insurance markets, it's worth pausing briefly to understand the nature of insurance and how the markets operate.

In layman's terms, insurance is a way for you (the 'insured') to transfer to someone else (an 'insurer') the risk of loss, in return for payment (a 'premium'). 

But it's not quite that simple. In legal terms, that 'risk of loss' translates into 'a defined event, the occurrence of which is uncertain and adverse to the interests of the recipient'. The practice of pooling risks also lies at the heart of modern insurance, such that premiums paid for insuring lower risks are used to fund payouts on higher risks. This of course presents a significant moral hazard, and the scandals involving payment protection insurance and so-called 'identity theft' insurance illustrate how the industry has tended to seek out customers who don't actually face a genuine risk that is adverse to their interests and/or would never be able to make a claim (even if they were aware they'd bought the insurance).

Which brings us to the main problem with insurance markets today - they are highly complex and heavily intermediated, often by players who have little or no interest in seeing a genuine risk is insured appropriately.

Modern insurance can be traced to the need to insure property against the risk of fire after the Great Fire of London (and some might say little has changed since then in the way non-retail insurance business is transacted!). The need to spread the exposure to other risks of loss has created markets around certain types of other events, businesses and property. Reinsurance markets have developed to enable insurers to insure themselves against the risks they underwrite. In each of these markets, the distribution, marketing and sale of insurance is heavily intermediated by brokers and others who take their own cut from the gross premium that you pay (the net premium being what the insurer receives in return for underwriting the risk). Insurers also must invest their premiums in order to help fund payouts and ensure they have enough capital to cover their exposures. So there are strong links between global markets for insurance and other financial products, which brings with it hidden costs and fees, the risk of re-concentrating risk in suprising places and exposure to global financial crises...

Rolling all of these issues together, it seems to me that the real purpose of an insurance business is to find people who genuinely face adverse consequences from specific events, the occurrence of which are uncertain, and then to diffuse that risk across as many different sources of capital as possible, as efficiently as possible. 

Some would say that this amounts to concentrating the risk of loss, since those who don't genuinely need insurance would be excluded (but allowed to buy it if they genuinely do just want it for 'peace of mind').  But that only means we should cease pooling risk and find another way to spread it, such as the peer-to-peer marketplace model that is at work in many other industries.

Peer-to-peer insurance would involve the operator of an electronic platform enabling direct insurance contracts between each insured and many investors (whether traditional insurers or not), each of whom would receive a small portion of the overall premium yet only have to pay out small sums in the event of loss. In this way, the risk of loss could be diffused amongst many investors who would only provide insurance as part of a widely diversified portfolio.  In common with the impact of the P2P model in other industries, removing all the middlemen would cut the margin between net and gross premium to a transparent fee for running the platform, leaving the lion's share of the difference with the market participants.

There are some interesting examples that are headed in this direction. Friendsurance, for example, goes part of the way by enabling a crowd of people to fund the excess on each of their insurance policies. I'm also aware of jFloat (yet to launch), which some have suggested is an application of the P2P model. But I understand that it will still involve pooling risk on a kind of mutual basis, whereas I'm talking more about a 'pure' P2P model.

Presumably, this is not what today's insurers, brokers, reinsurers, reinsurance brokers and other established industry participants want to hear. But they too could benefit in the longer term (if they can afford to think that far ahead) by setting up their own platforms or contributing their own capital and expertise.

It's okay, everyone, I'm not holding my breath...

The Change Curve

To help a friend, I was searching for a better image of the 'change curve' than the one I first used here in 2009.  Back then they were surprisingly tough to find online. Now there are tons of them, adapted to countless different scenarios. This would seem to suggest that a vast number of people have got beyond the 'depression' phase since then ;-)

At any rate, here's a useful overview of various models that help make sense of change, based on Elisabeth Kubler-Ross's five stages of grief, care of Warwick University.

I've posted a few of the better images from the pile that turned up.

Want Virtuous Banking? Start By Splitting Banks Into More Than Two Pieces

Yesterday I was engaged in a discussion about 'virtuous banking' which seemed to stick on the definition of 'banks' and 'banking'.

No one does 'banking' - not even 'banks'. What we call 'banks' are actually giant corporate groups that carry out a vast range of quite distinct activities. Some are listed here, for example, and some were discussed by John Kay in his report on "Narrow Banking". These group activities tend to be broadly classified as either retail (utility) banking or wholesale (proprietary trading). But some of their activities arguably span this distinction, including the banking groups' role in creating money (by making loans with a central bank as lender of last resort) and money transmission (by co-operating in various payment systems). And of course wholesale business units often provide one or more services to retail business units within the same group. 

Those group activities also face into different national and international markets, with differing levels of profitability, growth, customer needs etc., and require management and staff with wildly different skills and levels of remuneration. But working capital will be allocated to the business units where it will generate the most return for the group as a whole, not according to the needs of, say, small business customers in the UK. And outdated IT systems in areas of low profitability, for instance, might only be replaced or upgraded if they actually fall over rather than to keep pace with the technological innovation. What might appear virtuous to one set of customers may not appear so to others. Taxpayers may not be materially impacted either way, or the impact may be so long term as to avoid detection. But banks are ultimately motivated by solving the problem of group profitabilty at their customers' expense (which makes them 'institutions' rather than 'facilitators', in my view).

Accordingly, figuring out what is 'good' and 'bad' behaviour on a day-to-day basis across a banking group is not only an extremely complex task, but also an archaelogical one. Regulation and internal policy only catches up with bad outcomes once they and their causes are identified. That process is painfully slow. A decade will have passed before any real regulatory changes related to the global financial crisis take effect in the UK, for example. Enforcement lag also means that fines and compensation bills come far too late to be factored into the main board's assessment of the likely return on capital across business units. They just end up as the the group's general 'cost of doing business'.

At any rate, regulation is a poor basis for assessing virtue. In the current framework, direct regulation only addresses some of a banking group's existing bank products and activities, not all of them; and is based on how banks do things, rather than on the activities and needs of customers. Some indirect regulations, like capital adequacy controls and accounting rules, are aimed more generally at how a banking group operates for the public good, but these are open to very broad interpretation in terms of how they impact specific products and activities. Market forces were previously thought to act as a control on behaviour. But the banks' conduct both before and during the global financial crisis has disproved that hypothesis. And they have few genuine competitors because complex regulation, the state guarantee of their liabilities and other subsidies intended to make the banking system safer have merely protected the banks from competition and innovation.

So it seems we can't even begin to be assured of 'virtuous banking' unless we are able to make and enforce that assessment for each business unit within a banking group independently. On that basis, splitting the banks in two is just a start.

Will You Share Your NHS Records?

You may have received a letter from your local NHS trust, giving you the chance to opt out of the NHS plan to share your health records with Big Pharma and others. 

I've found the process incredibly light on detail about how your data will actually be used, and I don't see how it can be said that any consent you give this way is fully-informed. You can't be expected to give a single 'yes' or 'no' for all your records in such a wide variety of circumstances. 

The issue of consent is not only a question of privacy, but also a question of the value that Big Data derives by exploiting your data without recompense, as explained here. The NHS scheme is just another Big Data play that takes a free ride on your data, and nowhere near the kind of mutually beneficial and trustworthy ecosystem that it's possible to construct today.

For instance, with your own data account you would be able to receive a request to use some of your health records for each specific project. You might choose to 'donate' some of your anonymised data to help find a cure that will be available to everyone at cost price. But you might put a high price on your data if it is to be mined by Big Pharma to create a premium branded drug. 

Hell, for enough dough you might even add your name and a nice photo!

Such a system would not need to be created specifically for your health records, nor paid for by the NHS. In fact, given the NHS record on technology projects it would be best developed by others.

At any rate, I plan to opt out of sharing my health records until the NHS cooperates with a more flexible, user-centric system.

P2P Goes Cloud-to-Cloud

In Part 2 of my response to Google's 'computers vs people' meme, I explained that humans can win the war for economic control of their data by transacting on peer-to-peer marketplaces. That's because the P2P platforms don't derive their revenue primarily by using their users' data as bait to attract advertising revenue. Instead, they enable many participants to transact directly with each other in return for relatively small payments towards the platforms' direct operational costs, leaving the lion's share of each transaction with the parties on either side. This post covers some technological developments which move the P2P front line deep into Big Data territory.

Perhaps the ultimate way to avoid Big Data's free ride on the ad revenue derived from your data is to cut your reliance on the World Wide Web itself. After all, the Web is just the 'human-readable' network of visible data that sits on the Internet - just one of many other uses. As I've mentioned previously, having your own pet 'open data spider' that gathers information based on your data without disclosing it would transform the advertiser's challenge from using Big Data tools to target you with their advertising, to enabling their product data to be found by your spider as and when you need it.

But that would not necessarily solve the problems that arise where your data has to be shared.

Fortunately, all but the most hardcore privacy lobbyists have finally moved beyond debating the meaning of "privacy" and "identity" to realise two important things. First, 'personal data' (data that identifies you, either on its own or in combination with other data) is just one type of user-related data we should be concerned about controlling in a Big Data world. Second, it's critical to our very survival that we share as much data about ourselves as possible to the right recipient in the right context. The focus is now firmly on the root cause of all the noise: lack of personal control over our own data. 

Perhaps the leading exponents of this turnaround have been those involved in the Privacy by Design initiative. As explained in their latest report, they've become convinced by a range of pragmatic commercial and technological developments which together produce a 'personal data ecosystem' with you at the centre. You are now able to store your data in various 'personal cloud' services. 'Semantic data interchange' enables your privacy preferences to be attached to your data in machine-readable form so that machines can process it accordingly. Contractually binding 'trust frameworks' ensure data portability between personal clouds, and enable you to quickly grant others restricted access to a subset of your data for a set time and revoke permission at will. The advent of multiple 'persistent accountable pseudonyms' supports your different identities and expectations of privacy in different contexts, allowing for a lawful degree of anonymity yet making your identity ascertainable for contractual purposes. You can also anonymise your own data before sharing it, or stipulate anonymity in the privacy preferences attached to it, so your data can be processed in the aggregate for your own benefit and/or that of society.

All that's missing is a focus on determining the right value in each context. I mean, it should be a simple matter to attach a condition to your data that you are to be paid a certain amount of value whenever Big Data processes it. But 'how much'? And are you to be 'paid' in hard currency, loyalty points or cost savings?   

The ability to put a value on your data in any scenario is not as far away as you might think. The Privacy by Design report notes that the personal data ecosystem (PDE) is "explicitly architected as a network of peer-to-peer connectivity over private personal channels that avoid both information silos and unnecessary “middlemen” between interactions."

Sound familiar?

As explained in the previous post, P2P marketplaces already enable you to balance your privacy and commercial interests by setting a value on your data that is appropriate to the specific context. Your account on each platform - whether it's eBay or Zopa or one of many others - is effectively a 'personal cloud' through which you interact with other users' personal clouds to sell/buy stuff or lend/borrow money on service terms that leave most of the transaction value with you and the other participants.

The wider developments in semantic data interchange, trust frameworks etc., that are noted in the Privacy by Design report enable these clouds or marketplaces to be linked with other personal clouds, either directly or through the 'personal information managers',  as envisaged in the Midata programme. 

Ultimately, we could use one or two personal information managers to host and control access to our data and derive income from the use of that data by transacting on different P2P platforms dedicated to discrete activities. Not only would this make it simpler to understand and verify whether the use of our data is appropriate in each context, but it would also enable us to diversify our sources of value - a concept that is just as important in the data world as it is in financial services. You don't want all your data and income streams (eggs) in the one cloud (basket).

The Privacy by Design report claims that "all these advancements mean that Big Privacy will produce a paradigm shift in privacy from an "organisation-centric" to a balanced model which is far more user-centric".

I agree, but would add a cautionary note.

In the context of the 'computers vs people' meme, I'm concerned by references in the report to "cloud-based autonomous agents that can cooperate to help people make even more effective data sharing decisions". Has Privacy by Design been unwittingly captured by the Singularity folk?

I don't think so. Such 'cloud-based agents' are ultimately a product of human design and control. Whether the technologists at the Singularity University choose to believe it or not, humans are in fact dictating each successive wave of automation. 

At any rate, we should take advantage of technology to keep things personal rather than submit to the Big Data machines.