Regulatory Acts

These acts are designed to set standards, protect consumers, and maintain a fair and competitive market. Comprehending the scope and implications of regulatory acts is vital for ensuring legal compliance and long-term success.

Executive summary

The insurance value chain offers big techs many opportunities to enter into the insurance market. The value chain spans product design, pricing, underwriting, marketing, sales and distribution, claims management and post-sale policy servicing. Big techs can leverage their technological advantages, for example in data analytics or artificial intelligence, and their access to large datasets to offer services in any part of the insurance value chain, either as licensed insurance entities, in partnership with incumbent insurers or as service providers. While this development can bring benefits to insurers in terms of operational efficiency or expanded market reach, and to consumers through improved customer experience and convenience, it can also give rise to new risks such as excessive market power or concentration in a handful of big techs. This paper provides an overview of big tech firms’ involvement in the insurance business and the applicable regulatory frameworks for the different activities they perform. It examines big techs’ involvement in the insurance sector as risk carriers, intermediaries or service providers. It is based primarily on publicly available information from 18 big techs in 14 jurisdictions and related regulatory issuances in those jurisdictions. Interviews with selected insurance regulatory authorities were held to supplement the publicly available information. Big tech entities that act as insurance risk carriers or underwriters are licensed as insurers, and are therefore subject to the same prudential and conduct rules as incumbent insurers. We identified five big techs that own and control licensed insurance companies, primarily operating in the non-life and health insurance sectors. Although these insurers are relatively small, both in terms of the big techs’ overall businesses and local insurance markets, they seem to be actively exploring growth opportunities. Apart from outright ownership of licensed insurers, some big techs have obtained supervisory approvals to hold substantial interests in licensed insurers. Big techs appear to leverage their insurance subsidiaries or shareholdings in at least three ways – seizing early opportunities to lead digital insurance in local markets, nurturing insurance entities to benefit their own ecosystems and experimenting with insurance innovation. Big tech entities that act as insurance intermediaries are typically registered or licensed as such and the relevant conduct rules apply. In our sample, all but two big techs have an intermediary registration or licence to sell insurance products, leveraging their core digital service platforms. The integration of insurance products or services into the customer journey of big techs’ businesses or platforms is a form of embedded insurance. Embedded insurance offered by big techs generally involves products that are closely linked to their non-insurance products or services. There is another set up that can be characterised as an “insurance marketplace”. This arrangement involves big techs partnering with a number of insurers to offer, through their one-stop online insurance shopping platform, a wide range of insurance products that are not directly linked to their other digital services. 1 Denise Garcia Ocampo ([email protected]), Jatin Taneja ([email protected]), Jeffery Yong ([email protected]), Bank for International Settlements and Julie Zhu ([email protected]), Insurance Authority of Hong Kong. The authors are grateful to Andres Lehtmets, Beatriz Romo, Gabriela Elizabeth Conde Vitureira, Gustavo Caldas, Hafizul Fahmy bin Mohd Fikry, Hanne van Voorden, Hon Shiong Hoo, Jessica Yeung, Johannes Ehrentraud, Juan Carlos Crisanto, Kenneth Koh, Mike Wong, Nobuyasu Sugimoto, Ryan Workman, Suzette Jeanne Vogelsang, Thiago Duarte, Tim Mullen and Tony Chan for comments. The authors are grateful to Marie-Christine Drexler and Theodora Mapfumo for administrative support. From clicks to claims: emerging trends and risks of big techs' foray into insurance 2 Currently, big techs’ largest footprint in the insurance sector is as service providers. They mainly offer four types of service – technology (eg cloud computing), data, healthcare and marketing services. Like other financial sector players, insurers rely significantly on big techs for technology services. Uniquely in insurance, given the prominence of data in core pricing and underwriting activities, some big techs may provide data to insurers from their vast consumer data pool as third-party data vendors. Healthcare is an area in which big techs and insurers intersect on health insurance, and more partnerships and market developments are expected to take place. Finally, big techs’ large customer base offers an enticing advertising or marketing opportunity for insurers or intermediaries even if those big techs are not involved in insurance selling. There is a noticeable difference in terms of the business focus of big techs in North America versus those in Asia. US big techs primarily operate as global service providers, while big techs in China focus on local markets, acting as insurers, intermediaries and service providers. In other Asian jurisdictions, big techs are expanding their activities as insurance intermediaries and insurers near their local markets. These regional differences can be attributed to a number of factors, including the level of development of the local insurance market, digital infrastructure and customer behaviour, the local regulatory environment, as well as big techs’ own business model. Insurance activities of big techs are covered under existing insurance regulatory requirements though none are specific to big techs. The requirements that apply to big techs’ insurance activities range from prudential and conduct requirements that apply to licensed insurers, to conduct rules that apply to insurance intermediaries, as well as operational resilience requirements imposed on insurers for their exposures to big techs as service providers. Certain jurisdictions have issued dedicated guidelines on the licensing of internet insurers and the operation of digital insurance, which may address areas of regulatory concern arising from big techs’ activities as digital insurers and intermediaries. Besides financial stability and prudential risks, such concerns include conduct risks due to the potential speed and scale of any mis-selling practices, and ambiguity relating to the accountability of different parties involved in such cases. As big techs’ regulated insurance activities (as risk carriers or insurance intermediaries) continue to grow, a new big tech-specific regulatory approach might be warranted. Big techs’ involvement in insurance and financial services more generally entails additional risks compared with traditional players. Potential risks to financial stability originate not only from the provision of financial services in combination with commercial activities but also from significant linkages with traditional financial institutions as service providers. Financial stability concerns also arise from big techs’ tendency towards excessive concentration in the provision of both financial and technology services. These risks are not fully addressed by existing sectoral financial regulations and a regulatory rethink is warranted. Given the global nature of big techs and their cross-sectoral operations, international standards to regulate big techs’ activities across the financial services sector in a comprehensive and coherent manner may be helpful to avoid any regulatory blind spots, as well as enhanced cooperation amongst financial sector authorities, competition commissions and data governance regulators. In the meantime, it is important for insurance supervisors to continue monitoring big techs’ insurance activities. A careful review of existing regulatory requirements, to determine whether they fit the nature and risk profiles of big techs, may become necessary. It is important to pay attention to the regulatory perimeter of marketing or distribution of insurance products by big techs and fair use of big techs’ data for insurance purposes. The increased complexity of service provisions and concentration risk may not be adequately addressed in existing outsourcing regulations and opaque tie-ups between big techs and insurers may pose challenges for supervision. From clicks to claims: emerging trends and risks of big techs' foray into insurance 3 Section 1 – Introduction 1. Technological developments are transforming the insurance business. Advances in digital technologies enable new ways for insurers to interact with customers (eg chatbots and robo-advisers) and to streamline processes across the insurance value chain2 (eg online distribution, digital claims submission and adjustment, and digital payments). In addition, technology can facilitate the tailoring of products to meet specific customer needs and preferences or improve existing products to incorporate mitigation and prevention services (eg telematics technology that can detect mechanical problems to prevent accidents) or to develop new and innovative products (eg cyber insurance). 2. The rapid growth of the digital economy together with the increased adoption of technological innovations in the insurance value chain are some of the factors that led big techs3 to enter the insurance business. In certain jurisdictions, consumers have rapidly embraced online platforms for e-commerce, while the increased availability of mobile telephones has expanded the accessibility of financial services to a broader range of consumers. Large technology firms were primed to take advantage of these developments through their access to and analysis of consumer data, combined with the deployment of cutting-edge technology and user-friendly apps. These advantages have also allowed them to provide a broad range of financial services – including payments, lending, insurance and wealth management – to underserved segments of society (Crisanto et al (2021)). 3. Big techs are expanding their footprint in the financial services sector to solidify their customer base. Bank for International Settlements (2020) explained that big techs’ business model is based on the “data-network-activities” (DNA) loop. 4 The more customers they bring in, the more benefits their other customers will enjoy. A distinct characteristic of big techs is that they offer a wide array of financial and non-financial services as long as those activities contribute to their DNA business model. As such, big techs are likely to enter into the insurance space to the extent that such activities reinforce their DNA business model. 4. Big techs’ involvement in insurance can be analysed from three main perspectives according to the activity they perform – as risk carriers, intermediaries or service providers. As risk carriers, big techs, through their licensed (re)insurers, are responsible for assuming the insured risks. As licensed intermediaries, they advertise, market and sell insurance products through their online platforms. They may also manage receipts of premium payments, transmit claims payments to policyholders or assist with the administration of policies by, for example, renewing expiring insurance policies. As service providers, big techs support insurers, intermediaries and insurtech startups by offering a wide range of financial and non-financial services (eg payments, process automation, data analytics or cloud computing services). 5. Big techs’ entry into the insurance market can bring benefits to consumers. Big techs can contribute towards closing the protection gap and to financial inclusion through efficient and low-cost distribution channels, improving customer experience via user-friendly digitalised interfaces and enhancing the digitalisation of insurance operations. In addition, they may offer innovative products to fill market gaps identified using their strong data intelligence on customer needs. 6. The entry of big techs into the insurance sector also poses a number of supervisory challenges that are similar to those posed by their involvement in other financial sectors. Their DNA 2 In this paper, we define the insurance value chain as: (i) product design and development; (ii) pricing and underwriting; (iii) marketing; (iv) sales and distribution; (v) claims management; and (vi) post-sale and policy management. 3 The Bank for International Settlements (BIS) and the Financial Stability Board (FSB) define big techs as large companies whose primary activity is digital services. See BIS (2019), Carstens et al (2021) and FSB (2019). 4 The business model of big techs is described in detail in BIS (2019); for regulatory issues, challenges for public policy and policy options see Carstens (2018, 2021), Carstens et al (2021), Crisanto et al (2022), Restoy (2019, 2021) and Shin (2019). From clicks to claims: emerging trends and risks of big techs' foray into insurance 4 business model creates competitive dynamics that could easily lead to the concentration of financial and non-financial services around a few dominant big techs. That process, in the context of the financial services sector in general, can also increase the vulnerability of the financial system (Carstens et al (2021)) through excessive reliance by market participants, including insurers, on a limited number of service providers, as well as increased risks arising from interdependencies between commercial and financial activities. From a supervisory perspective, Ehrentraud et al (2022) highlighted that big techs’ entry into financial services could also exacerbate operational, reputational and consumer protection risks. 7. The lack of a comprehensive source of information makes it challenging to understand big tech activities in insurance. Available information referenced in this paper includes annual reports (for listed big techs), websites and apps, and regulatory disclosures from their licensed insurers. Information related to big techs’ insurance activities is generally limited, probably because their insurance activities are immaterial to their overall business and as such are not included in detail in the annual reports. Some big techs have deconsolidated their financial arms from their listed groups, and the financial arms are therefore not subject to public disclosures (eg Alibaba, Baidu and JD). Such deconsolidation may increase the lack of public transparency of big techs, although this should not restrict insurance regulators’ ability to obtain relevant information. Insurance regulators often impose comprehensive regulatory reporting requirements on regulated insurance entities and these also apply to big techs’ insurance businesses. 8. This paper provides an overview of big tech firms’ involvement in the insurance business and the regulatory frameworks applicable to the different activities they perform. Its objective is to inform policy discussion on whether existing regulatory frameworks are adequate to address big techs’ involvement in insurance, and the extent to which they are future-proofed in dealing with potentially greater inroads by big techs in insurance. The paper covers the activities of 18 big techs 5 in 14 jurisdictions6 and is based on publicly available information as well as applicable regulatory frameworks in those jurisdictions. Section 2 describes big techs’ activities in the insurance sector. Section 3 reviews relevant international and national regulatory requirements that cover such activities. Section 4 offers some concluding remarks. Section 2 – Big techs’ activities in insurance 9. Digital technologies are transforming the insurance value chain. 7 They are changing the way insurance is designed, underwritten, priced, distributed and paid for. Emerging technologies such as the internet of things and advanced analytics are providing real-time information and extensive insights into customer needs, preferences and risk behaviour. These technologies can help insurers tailor their products and prices to specific customer profiles. For example, artificial intelligence (AI) – including machine learning applications such as chatbots, virtual assistants or virtual claim adjusters – can automate marketing, distribution, underwriting and claims management processes. Distributed ledger technology has the potential to raise efficiency, reduce costs and lessen reliance on intermediaries, whereas cloud computing services can be leveraged in both core value chain activities and back office operations. Graph 1 illustrates the digitalisation trend of the insurance value chain. 5 Big techs covered in this paper: Apple, Alibaba (Ant), Alphabet (Google), Amazon, Baidu, Didi, Goto, Grab, JD, Meituan, Mercado Libre (Mercado Pago), Meta (Facebook/WhatsApp), Microsoft, Rakuten, SEA, Tencent, Touch ‘n Go and Xiaomi. 6 Jurisdictions covered in this paper where the selected big techs have insurance activities: Argentina, Brazil, China, the European Union, Hong Kong SAR, India, Indonesia, Japan, Malaysia, Mexico, Singapore, the Philippines, the United Kingdom and the United States. 7 For a more elaborate review of the impact of digitalisation on insurance and supervisory considerations see IAIS (2022). From clicks to claims: emerging trends and risks of big techs' foray into insurance 5 Digitalisation of the insurance value chain Graph 1 Churn model refers to a predictive model that estimates, at the level of individual customers, the likelihood that they will cancel a service (in the case of insurance this is the likelihood that customers will cancel or not renew their policies with the insurance provider). Source: Authors’ elaboration. 10. Big techs have extensive technological capabilities that enable them to enter into the insurance business by participating in various activities in the insurance value chain. With the advantage of their superior technology, they can develop innovative insurance products, streamline underwriting and claims processes through data analysis and automation, and enhance customer experience through user-friendly digital platforms. 11. Depending on their role, big techs’ activities in the insurance value chain can broadly be categorised into three types (see Graph 2): (i) (re)insurers acting as the risk carrier/underwriter of insurance risks responsible for the whole value chain. Such big techs need to obtain an insurance licence and are subject to the full suite of insurance regulatory requirements in the same way as any other insurer – from capital adequacy rules to conduct of business requirements. (ii) insurance intermediaries distributing and marketing insurance products. Insurance products are heterogeneous and can have complicated terms and conditions. As such, the sale of most insurance products is done through professional intermediaries (such as agents and brokers). Insurance intermediaries are typically regulated with registration or licensing and conduct requirements imposed by insurance regulators. (iii) service providers of various types of service to insurers and insurance intermediaries for the different parts of the insurance value chain. These big techs do not directly perform insurance activities and therefore do not fall under the direct supervision of insurance regulators. Instead, their activities may fall under outsourcing and operational resilience rules imposed by insurance supervisors on insurers and intermediaries to manage the risks from such service providers. From clicks to claims: emerging trends and risks of big techs' foray into insurance 6 Big techs’ activities in the insurance business Graph 2 Source: Authors’ elaboration. 12. Big techs’ activities in insurance have different proximities to the perimeter of insurance regulation. Some big techs choose a more direct approach, acting as licensed (re)insurers or insurance intermediaries. They run most or all of the insurance value chain activities, taking on insurance risks and directly providing insurance services. They compete with existing market players and influence the market landscape. Other big techs may choose a less direct approach, providing services along the insurance value chain to support existing market players’ insurance activities, without being licensed themselves as an insurer or intermediary. The services offered are wide ranging, including critical services for insurers and insurance intermediaries, thus indirectly influencing the market. 13. In the following sections, we analyse big techs’ insurance activities in the value chain based on the three types of activity outlined above. Our analysis covers a sample of 18 big techs, with six Americas-based big techs (Apple, Alphabet (Google), Amazon, Mercado Libre (Mercado Pago), Meta (Facebook, WhatsApp) and Microsoft), seven China-based big techs (Alibaba (Ant), Baidu, Didi, JD, Meituan, Tencent and Xiaomi) and five other Asian big techs (Goto, Grab, Rakuten, SEA and Touch ‘n Go). An overview of the big techs, covering their market capitalisation, customer base, core business and revenue source information can be found in Annex 1. Big techs as insurers 14. Acting directly as underwriters provides big techs with a high degree of control over their involvement in insurance, but it comes with additional risks and regulatory burdens. Self-running an insurance company allows a big tech to directly control the whole value chain, better integrate with its DNA model and potentially deliver more disruptive insurance services. However, it also means that the big tech, as the risk carrier, is ultimately responsible to fulfil all insurance policy commitments. Given that such big techs take on insurance risks, they need to meet comprehensive insurance regulatory requirements, from licensing to capital to conduct. The high regulatory requirements, nature of insurance risks and From clicks to claims: emerging trends and risks of big techs' foray into insurance 7 stringent insurance supervision, as well as potentially low profit margin and long payback period compared with their core business, make this model unattractive to big techs. 8 15. Given these downsides, it is not surprising that within our sample of 18 big techs, only five have licensed insurance companies and they are generally small in size. Big techs hold more than 50% of the voting rights in these insurers and therefore constitute a party with sole or significant control. As summarised in Table 1, the insurers listed are still small, either by comparison with the big tech group or the market in which they operate. This is the case even for Alibaba and Rakuten, which have owned the insurers for a relatively long period (between five and 10 years). Big techs’ insurers – more than 50% ownership (ordered by annual premiums) Table 1 Big tech/insurer Market and business Year of establishment (E)/acquisition (A) Voting rights Annual premiums (USD m) Group share Market share Alibaba/Ant Cathay China non-life 2016 (A) 51% 700 0.5% 0.4% Rakuten Rakuten General Japan non-life 2018 (A) 100% 265 2.5% 0.4% Rakuten Life Japan life 2013 (A) 100% 245 2.3% 0.1% Alphabet Granular US health 2020 (E) 80% 27 <0.1% <0.1% Tencent Fusure Re HK non-life 2021 (E) 85% 4 <0.1% <0.1% SEA SEAInsure Life Indonesia life 2021 (A) 100% 2 <0.1% <0.1% SEAInsure General Indonesia non-life 2022 (A) 100% 0 0.0% 0.0% SEAInsure General Philippines nonlife 2021 (A) 100% 1 <0.1% 0.1% SEAInsure Life Philippines life 2022 (A) 100% – – – Figures that were disclosed in local currencies have been converted to US dollars at an exchange rate at the reporting date. The financials are as of 2021 or 2022 depending on the latest available public information as of April 2023. Annual premiums represent the annual gross written premiums of the insurer. Group share is the insurer’s annual premiums (major revenue source) to the big tech’s total annual revenue as a percentage. Market share is the insurer’s annual premiums to the total premiums of a particular market – eg China non-life, Japan non-life, Japan life, US health – as a percentage. Rakuten Life also includes its subsidiary Rakuten Microinsurance, which requires a separate type of insurer licence in Japan. Rakuten General includes its subsidiary Rakuten Pet Insurance, which is under the same licence as Rakuten General. SEA Insure Life in the Philippines was transformed in August 2022 from a non-life insurer (acquired by SEA in February 2022), therefore it has no premiums reported in 2022, according to the Insurance Commission of the Philippines’s quarterly statistics. Sources: Public disclosures by individual insurers and respective insurance regulators. 16. More big techs have obtained supervisory approvals to hold substantial shares in insurers, thus allowing them to gain significant influence. This is a model in which big techs act as major 8 European Supervisory Authority (2022) offered reasons for the limited presence of mixed activity groups (including big techs) in the European Union. The reasons include regulations, low profit margin, consumer preferences (more trust in incumbents) and lack of know-how about the insurance business. From clicks to claims: emerging trends and risks of big techs' foray into insurance 8 shareholders of insurers, thus exerting significant influence without having to fully underwrite insurance risks or being fully subject to regulatory requirements applicable to insurers. This makes it attractive to big techs given the balance of risks/costs and benefits. It also provides opportunities for big techs to partner with other shareholders (often incumbent insurers) and rely on their insurance expertise. 17. Big techs acting as major shareholders of insurers are subject to supervisory approval and the relevant supervisory requirements. Insurance regulators often have tight control over the approval of shareholders of insurers. This includes a threshold of much lower than 50% of voting rights triggering requirements for approval. This ensures that all shareholders with some material influence are fit and proper to manage an insurance company. As such, these big techs would still be subject to suitability assessments by insurance regulators. For example, supervisory approval is required for shareholders with control of more than 5% in China and India, and 15% in Hong Kong SAR. 9 The greater the control by big techs, the tighter the supervisory approval process will be, which is probably a reason why some big techs act as major shareholders rather than sole controllers. Table 2 shows examples of big techs approved by insurance regulators to act as major shareholders. Big techs’ insurers – major shareholder (ordered by annual premiums) Table 2 Big tech/ insurer Market and business Year of establishment (E)/acquisition (A) Voting rights Annual premiums (USD m) Market share Remarks Alibaba/Ant ZhongAn China non-life HK life 2013 (E) 10% 3,479 1.6% Co-founded with Tencent and PingAn, with Alibaba as largest shareholder. ZhongAn is China’s first digital insurer. Tencent ZhongAn China non-life HK life 2013 (E) 8% 3,479 1.6% Co-founded with Alibaba and PingAn. ZhongAn is China’s first digital insurer. Hetai Life China life 2017 (E) 15% 500 0.3% Co-founded by Tencent and seven other investors. Samsung China non-life 2022 (A) 32% 70 <0.1% Samsung General Insurance holds 37%. Blue HK life 2018 (A) 20% 50 0.1% Hillhouse Capital holds 80%. Blue is HK’s first life insurer solely distributing via the internet. JD JD Allianz China non-life 2018 (A) 30% 700 0.4% Allianz holds 53%. Amazon Acko India nonLife 2020 (A) 5% 114 0.6% Munich Re holds 5%, Swiss Re holds 2%. Didi 9 In China, any shareholding of insurance companies with voting rights of 5% or more would require supervisory approval. Entities holding 33% or more of the voting rights are deemed to be a controlling shareholder and those holding 15% or more are deemed to be a shareholder with significant influence (see CBIRC (2018)). In India, any cumulative shareholding above 5% would need prior supervisory approval (see IRDAI (2020), any shareholder with voting rights of 15% or more is deemed to be a controlling shareholder that requires supervisory approval (see HK Gov (2015)). From clicks to claims: emerging trends and risks of big techs' foray into insurance 9 Hyundai China non-life 2020 (A) 32% 97 <0.1% Hyundai Insurance holds 33%. Two insurers related to Alibaba are not listed in the table, for the following reasons: (i) Trust Mutual, the only mutual life insurer in China, with annual premiums of around $1 billion in 2022. It was founded by Ant Group in 2017 but without shareholder ownership. The company is a mutual insurer, owned and run by its policyholders. Ant Group provided 49.7% of Trust’s operational capital as a loan from Ant to Trust. (ii) YFLife, a life insurer in Hong Kong SAR, previously MassMutual Hong Kong, with annual premiums of around $1 billion in 2022. YFLife is controlled by YunFeng Financial Holding in which Alibaba’s founder Ma Yun has a material interest. YunFeng is disclosed as a related party of Alibaba but not directly under Alibaba/Ant’s umbrella. One insurer related to Alphabet is not listed in the table, for the following reason: Oscar Health, a large technology-based health insurer in the US, with annual premiums of $4 billion in 2022. Alphabet holds around 3% voting rights (class B shares). This level of voting rights does not require supervisory approval as the supervisory permission threshold is 10% in the US according to NAIC’s Insurance Holding Company System Regulatory Act. For sources, date of the financials and definitions, see Table 1. 18. Big techs appear to leverage their insurance subsidiaries or shareholdings in three ways. These are: (i) seizing early opportunities to lead digital insurance in the local market; (ii)) nurturing an insurance supplier for the benefit of its ecosystem; and (iii) experimenting with insurance innovation. • Seizing early market opportunities – Alibaba and Tencent seized an early opportunity in 2013 with the creation of ZhongAn (see Box 1). Amazon appears to be applying the same model in India as does SEA in Indonesia and the Philippines. ZhongAn is the largest insurer amongst the insurers identified in Tables 1 and 2. In 2013, it already had a mission to provide insurance embedded in large online platforms and ecosystems, and this was when the market had barely been touched. It has now grown to be the largest digital insurer and the ninth largest non-life insurer in China, 10 with expansion already undertaken in Hong Kong SAR and Southeast Asia. • Insurance supplier – Alibaba’s Cathay, Rakuten’s insurance subsidiaries and JD Allianz offer insurance products that directly support those big techs’ own ecosystems. Alibaba’s Cathay branded itself on its website as a one-stop insurance solution provider for e-commerce by providing protection against product defects, shipping insurance for returned purchases and for the loss of products during shipping or delivery. 11 Rakuten stated on its website that its insurance business focuses on offering insurance products for more than 25 businesses and services across the Rakuten Group. 12 One of JD Allianz’s major premium revenue streams is from return shipping insurance provided to JD’s shopping platform. Through this approach, big techs can control the insurance product development and pricing to best fit their needs and maximise the mutual benefit within their ecosystems. • Experimenting with innovation – Alphabet’s Granular and Fusure probably fall within this category. Granular targets the health insurance stop-loss market in the United States, where it offers employers who self-fund healthcare costs stop-loss insurance that covers medical costs above a certain threshold using a new data-informed risk prediction model. Granular is wholly owned by Verily, Alphabet’s life science function focusing on human health science. Swiss Re is a strategic investor in Verily with 20% of its shares. Granular leverages Verily's core strengths in hardware, software and data insights on human health, and Swiss Re's risk knowledge and distribution capabilities in the stop-loss market. 13 Fusure is building a technology-based reinsurance platform, aiming to provide insurers with data-based insights for product 10 On annual premium terms in 2022. 11 See 12 See 13 See From clicks to claims: emerging trends and risks of big techs' foray into insurance 10 development, pricing and risk management. Targeting the reinsurance business may enable it to have much wider exposure to the insurance market. It will be able to partner with many more insurers on underwriting compared with running its own insurers (ie Hetai, Samsung or Blue), and will be able to offer insurers more services than it would acting as their insurance intermediary (ie Wesure). 14 Embedded insurance refers to the integration of insurance products or services into the customer journey of non-insurance businesses or platforms. It involves offering insurance coverage as an add-on or bundled service within the products or services of other industries. For details, see Box 2. 15 Estimate based on online health insurance premiums in 2021, disclosed by the China Insurance Association. Box 1 ZhongAn – a creation of big techs growing to become an independent large tech ZhongAn was co-founded by two big techs – Alibaba and Tencent – as well as PingAn (one of China’s largest insurers) in October 2013, as the first digital insurer in China selling insurance on the internet only. It claimed to be the first digital insurer in the world. The company has a diversified shareholding structure with no shareholder having overall control. When it was established, Alibaba was the largest shareholder with 20% of the shares, followed by Tencent and PingAn with 15% each. Alibaba appeared to have led ZhongAn’s establishment, having appointed ZhongAn’s CEO as its head of insurance function (this is still the case currently). Starting with embedded insurance An early pioneer of embedded insurance14 on a big tech platform, the company was set up with a mission to provide customised innovative insurance products to digital ecosystems. The first embedded insurance it innovated was insurance for return shipping, a product that covered customers’ shipping costs for the return of any goods purchased on Alibaba’s shopping platform. Even though the premium was low, less than CNY 10 per policy, the product earned ZhongAn a total premium income of CNY 613 million in 2014, rising around eightfold in eight years, to CNY 5,039 million in 2022. In its early years, ZhongAn relied heavily on Alibaba’s return shipping insurance for income, but it has now become much more independent with expanded product offerings, more partnerships with other ecosystems and platforms, and the growth of its proprietary sales channel (mainly business accounts on big techs’ social media platforms eg those of Bytedance and Tencent). Success in health insurance ZhongAn achieved a substantial milestone in 2016, successfully launching a new health insurance product that provided coverage of up to CNY 1 million medical expense protection and was priced very attractively. The product was a huge success and turned out to be a must-have product for almost every health insurer in the market. It lit up an insurance market called “Million Dollar Medical”, that now contributes annual premiums of around CNY 9 billion to ZhongAn and approximately CNY 80 billion15 in total to the market, a major segment of health insurance in China. According to Iresearch and ZhongAn (2021), several factors contributed to the success of this product: (i) successfully filling a market gap for mid-level health insurance, with much reduced premiums compared with the sum assured, enabled through a new deductible design; (ii) more accurate pricing by using big data and effective risk control models; (iii) lower costs due to online underwriting and distribution; (iv) targeted reach to low-risk young customers through online distribution; and (v) rapid product upgrades after launch to meet market needs, with a technological system supporting quick product design, pricing and regulatory product filing. After the Million Dollar Medical product, ZhongAn continued innovating with respect to its health insurance product offerings (eg health insurance for people with chronic diseases that are not often insured by traditional insurers), and building up its own internet “hospital” and pharmacy to provide services, including online medical advice and medicine delivery as a closed-loop health ecosystem. Growth in technology Having started by embedding a very large number of low-premium insurance products on digital platforms, ZhongAn needed a highly flexible IT system to connect with its platform partners and process a huge number of policies. As early as 2014, with the support of its big tech shareholders, ZhongAn claimed to be the From clicks to claims: emerging trends and risks of big techs' foray into insurance 11 16 Data recorded on 11 November 2017, with transactions peaking on Alibaba’s shopping carnival day on 11 November, as published on ZhongAn’s website. 17 Including insurers like Sompo, Sumitomo, AIA, NTIC Income, Generali, Zurich and internet platforms including Grab, Carro, OVO, Klook and PayPay. 18 Crisanto et al (2022) describe ecosystem binders as applications and tools that facilitate and promote the use of the entire ecosystem, such as super apps and loyalty schemes. 19 Mutual aid programmes in China involve tech companies using platform technology to create a risk pool for participating individual members to cover certain risks, often medical costs. Participants are typically users of internet social network platforms or e-commerce platforms. See paragraph 19 for details. first financial entity in China with core systems fully built on the cloud. It currently manages more than nine billion insurance policies, with the ability to process 32,000 policy applications per second. 16 It has exported this technology to other parts of the financial sector, including insurers, insurance intermediaries, banks and securities firms, and offers systems for use in online marketing and advertising, insurance administration, brokerage and business infrastructure for high-frequency processing, amongst others. It now has around 700 clients including a material number of clients from overseas markets. 17 Outreach to overseas markets ZhongAn started to expand into overseas markets in 2019 following rapid growth in mainland China. As a result of the encouraging environment for fintech in Hong Kong SAR, ZhongAn obtained a virtual bank licence in 2019 and a virtual life insurance licence in 2020. All of its services are offered under the “ZA” brand through a single website that is a gateway to its own ecosystem. It has created a number of ecosystem binders in insurance, 18 including: (i) bancassurance whereby ZA Bank sells ZA Life and other insurers’ products; (ii) an insurance marketplace – it obtained an insurance broker licence and established ZA Insure Select, which offers travel, home and digital goods protection online provided by insurers including Zurich, Generali and MSIG; (iii) ZA Health Pass – an annual membership service for clinical services that can be connected to health insurance policies; and (iv) ZA Care – a digital crowdfunding service that can be used as a tool to raise risk awareness, thus providing insurance education to the population, with the potential to have a similar effect to big techs’ mutual aid programmes. 19 It appears that ZhongAn is creating a big tech-like ecosystem in Hong Kong SAR, with a wider scope than it has in mainland China. In Singapore, it also created a joint venture, GrabInsure, 20 with the Singaporebased big tech, Grab, to sell insurance in various Southeast Asian countries. ZhongAn, following its initial public offering in 2017, is growing more independently to become a large regional tech with its big tech shareholders gradually reducing their holdings. 21 Nevertheless, its success can be attributed to “genes” inherited from the founding big techs, leading to its breakthrough in insurance using simple insurance products and efficient technologies, as summarised in the table below. ZhongAn’s insurance revenue trend Unit : CNY million 2014 2016 2022 Ecosystems embedded Newly established PreIPO Latest Gross written premiums 794 3,408 23,700 - Health - 205 9,230 Own channel, ecosystem partners - Return shipping 613 1,193 5,039 Large e-commerce platforms - Credit guarantee 108 518 4,052 Large consumer lending platforms - Accidental 44 982 1,723 Large travel booking platforms - Other 29 510 3,656 Premiums from Alibaba 733 1,795 na % of premiums from Alibaba 92% 53% na From clicks to claims: emerging trends and risks of big techs' foray into insurance 12 19. Big techs have made several attempts to venture into the insurance business, but with limited success. This may highlight the challenges they face in running and innovating within this industry. • Haven in the US. Amazon, Berkshire Hathaway and JPMorgan Chase jointly created Haven, a nonprofit healthcare-focused entity, in 2018 and disbanded it in 2021. The entity's stated goals were to improve healthcare services with lower costs for employees of the three groups and provide insurance benefits that are easy to understand. Haven is not a commercial insurer but is essentially a self-insurance provider to the three groups. With access to Amazon’s data on people’s lifestyles, JPMorgan Chase’s knowledge on customer transactions and credit profiles, and Berkshire Hathaway’s access to driving data that may reflect certain health or lifestyle conditions, analysts had expected Haven to have sound knowledge of the health status of its target group, enabling it to adopt an “anticipate-prevent” model to reduce costs. 22 However, this did not come to be. Alphabet’s Granular now appears to be continuing this experiment. • Mutual aid programmes in China. Mutual aid healthcare programmes were very popular in China in the 2010s but gradually closed by 2021. 23 The fees or sharing costs of such programmes were initially much lower than premiums for similar insurance products. As a result, they attracted a large number of participants who viewed them as a substitute for insurance. With wide social attention, such programmes could probably have had a positive impact by improving insurance awareness in the society. However, the programmes were essentially insurance without actuarial pricing, underwriting, capital requirements or comprehensive risk governance and controls, ie they were unregulated insurance businesses. The fees charged significantly increased at a later stage due to the anti-selection of participants 24 and payout increases. The programmes were understood by the public as cheap “insurance” but they were essentially much riskier for customers than regulated insurance. Because of both the sustainability of the programmes and regulatory concerns about the scale of such non-regulated insurance businesses all of the programmes were closed in 2021. At closure, many of these programmes encouraged their participants to buy insurance policies to replace the coverage. 20. Big techs seem to have the potential to achieve significant and rapid growth in insurance business. Their insurance businesses could pick up rapidly if they manage to achieve breakthroughs. Market analysts predict that Apple will partner with a major insurer to launch health insurance in 2024, leveraging its vast health data from Apple Watch. 25 It is unclear whether it may set up its own insurer with its partner (like Alphabet and Swiss Re setting up Granular), or whether it will only serve as data provider 20 GrabInsure Insurance Agency Pte Ltd is registered with Singapore’s General Insurance Association Agents’ Registration Board to act as an insurance agent for distributing general insurance products in Singapore. 21 See 22 See 23 Alibaba, JD, Baidu, Meituan and Xiaomi all ran mutual aid programmes before their closures by 2021. Alibaba/Ant ran the largest mutual aid programme, Xianghubao, in China from 2018 to 2021, with more than 100 million participants. The programme was a pool of participants to share critical illness medical costs. Alibaba’s programme used certain technologies, including blockchain-based decentralised financing. As cited in Ant Group (2020b), the programme relied on: (i) the use of Alipay’s Zhima Credit Score for participant selection and risk control; (ii) the use of blockchain technology to authenticate claims; (iii) AI-based claims document assessment to prevent fraud; and (iv) online jury mechanism for claims disputes (eg one disputed claim was adjudicated online by around 800,000 members). 24 In this context, anti-selection can result from higher risks posed by less healthy participants due to the lack of underwriting and proper pricing leading to higher payouts from those programmes. 25 See From clicks to claims: emerging trends and risks of big techs' foray into insurance 13 to the partner. Big techs providing similar wearables have the same potential in health insurance, eg Google’s Fitbit and Xiaomi’s Smart Band. Other big techs with driverless car and assistive technologies in automobiles, eg Google’s Waymo, Amazon’s Zoox, Baidu’s Apollo and Didi’s Autonomous Driving, have the same potential to expand into motor insurance and may act as motor insurers. Didi already has a nonlife insurer in China that can leverage its autonomous driving data pool. 21. Big techs, as insurers, appear to be more active in Asia than in other regions. One insurer in our sample is based in the United States and the rest are in Asia. The latter are not only active in China but also in India, Japan and Southeast Asia. These regional differences are probably due to the level of insurance market development, digital infrastructure and customer behaviour, and the regulatory environment. Regional differences will be further explained at the end of this section. 22. Big techs are notably more active in non-life and health insurance than in life insurance. This may be because: • Non-life and health insurance are more closely linked to big techs’ ecosystems, eg property, liability and home insurance for e-commerce, health insurance connected to big techs’ data related to health and motor insurance connected to big techs’ data on driving patterns. • Non-life and health insurance products are shorter term, have relatively lower premiums and a higher frequency of purchase, making it easier to pay the premiums online. • Life insurance policies are often longer term, have complicated features, involve large premiums and therefore often require long consultations and decision-making processes rather than just a few clicks online. • Life insurance involves long-term risk bearing (eg whole life policies) and long-term investment capabilities by insurers. Conduct of business regulatory requirements (eg customer suitability assessments) also apply to more complicated life products, making it difficult to distribute them online. Big techs as insurance intermediaries 23. Running insurance intermediaries is a much lower risk and lower cost model for big techs compared with acquiring a licence as a risk carrier. Though insurance intermediaries still need to register or obtain a licence from the insurance regulator, the requirements are simpler and the ongoing supervisory requirements are less intense. Big techs could gain a foothold in insurance as an intermediary by linking external insurers’ products and services to its ecosystem, earning a stable income from commissions but with no responsibility for underwriting risks or large capital commitments. Despite the advantages, there are challenges in that big techs need to negotiate with the insurer partners to obtain appropriate insurance products that fit their platforms. 24. In our sample, except for Microsoft and Meta, all big techs have obtained an intermediary licence for insurance product distribution, and some are material in size. Financial information on insurance intermediaries is often not publicly available and therefore it is difficult to verify their materiality to the big techs or to the insurance market in which they operate. Alibaba’s Ant Insurance, the largest online insurance marketplace in China, disclosed in its IPO attempt in 2020 that it intermediated around $7 billion in gross written premiums annually, 26 around twice the value of ZhongAn’s gross written premiums in 2022. This contributed around 8% to Ant Group’s total revenue and 8% of its net profits. In terms of its size as a percentage of the total market, Ant Insurance accounted for around 10% of China’s 26 See Ant Group (2020a), total gross written premiums as of June 2020 for the past 12 months. From clicks to claims: emerging trends and risks of big techs' foray into insurance 14 internet insurance market27 and 1% of China’s total insurance market, 28 which can be considered a material presence in the market. 25. Big techs as insurance intermediaries rely heavily for marketing and distribution on offering insurance products on its core service platform, which is known as a form of “embedded insurance”. Box 2 provides an explanation of the general concept of embedded insurance as well as big techs’ roles in it. 26. Big techs in our sample are generally involved in insurance distribution in two ways – by embedded insurance and insurance marketplaces. Embedded insurance involves selling insurance products provided by other insurers that are closely tied to a big tech’s non-insurance products or services. On the other hand, insurance marketplaces involve the creation of a one-stop insurance shopping place embedded in a big tech’s online platform. This may involve partnerships with multiple insurers to offer a wide range of products. While embedded insurance is directly linked to big techs’ existing services, insurance marketplaces serve as an additional offering to expand big techs’ financial offerings. As shown in Tables 3 and 4 below, big techs are active in both embedded insurance and marketplace models. 27 Ant’s gross written premiums disclosed in 2020 as a percentage of China’s internet insurance market in 2021 (China Insurance Association (2022a,b)). 28 Ant’s gross written premiums disclosed in 2020 as a percentage of China’s total insurance market in 2021 (National Financial Regulatory Administration disclosure) see . Box 2 Embedded insurance – a game-changing approach to marketing and distribution in the digital economy Embedded insurance refers to the integration of insurance products or services into the customer journey of noninsurance businesses or platforms. It involves offering insurance coverage as an add-on or bundled service within the products or services of other industries. This can include e-commerce platforms, fintech apps, ride-sharing platforms or travel booking websites. Embedded insurance is designed to provide a seamless and convenient experience for customers by offering insurance at the point of sale or as part of the overall user experience. For example, when purchasing a smartphone, customers may be offered the option to buy device insurance coverage. Similarly, when booking a flight, travellers might be presented with an opportunity to purchase travel insurance during the booking process. The rise of big techs, such as Amazon, Google, Apple and others, has played a significant role in the growth of embedded insurance. These companies possess extensive customer data, digital infrastructure and a large user base, which gives them a unique advantage in integrating insurance offerings into their platforms. They can leverage their existing customer relationships, user interfaces and technology to seamlessly introduce insurance products or services. Big techs have been actively exploring partnerships with insurance providers or obtaining insurance licences to offer their own insurance products. They use their technological capabilities, vast user data and advanced analytics to offer personalised insurance recommendations, streamlined underwriting processes and efficient claims handling. This enables the provision of a more user-friendly insurance experience, often characterised by simplified applications, faster approvals and automated claims settlements. By venturing into the insurance sector, big techs aim to diversify their revenue streams, enhance customer engagement and loyalty, and capture a share of the lucrative insurance market. Additionally, their ability to integrate insurance into their existing platforms allows them to capitalise on their vast user base and increase the overall value proposition of their services. From clicks to claims: emerging trends and risks of big techs' foray into insurance 15 Big techs’ embedded insurance Table 3 Big tech Market Insurance product Apple UK, EU, US Product insurance (AppleCare+) for accidental damage and/or theft and loss of Apple devices (underwritten by AIG). Amazon UK, EU Product insurance (Amazon Protect) for goods purchased on Amazon. Amazon India Travel insurance through Amazon Pay’s train ticket booking services. Meituan China • Liability insurance coverage against liabilities relating to food safety in food delivery services; employer liability coverage for Meituan’s partners that employ riders/drivers for Meituan’s goods delivery service; and coverage against liabilities arising from hotel stays. • Accident insurance for riders/drivers in food/goods delivery services; and customers of flight/train/bus/hotel/event booking services. • Property insurance for properties in physical warehouses and service stations. • Health insurance to cover the cost of medicine in its online pharmacy service. • Others: flight delay, food delivery delay, return shipping and order cancellation insurance for various services. Alibaba China • Return shipping, property and liability insurance for purchases on its shopping platform (Taobao/Tmall etc). • Return shipping insurance for purchases on its shipping and logistics platform (Cainiao). • Travel insurance offered through its trip booking platform (Fliggy). • Food safety insurance offered through its food delivery platform (Elema). • Account security insurance for Alipay account (Alipay). Tencent China • Return shipping insurance for purchases on its shopping platform (Weidian). • Account security insurance for WeChat Pay, QQ wallet and credit card payments. JD China • Return shipping, shipping delay, pet and mobile screen protection insurance for purchases on JD. • Property and liability insurance for third-party sellers on JD. Xiaomi China Property and liability insurance package for Xiaomi physical stores. Grab Singapore Malaysia Indonesia Philippines Vietnam • Ride delay guarantee and accident insurance for rides on Grab. • Travel insurance for Grab consumers. • Accidental, income protection, critical illness and auto insurance for e-hailing drivers. Mercado Libre Argentina/ Brazil Insurance coverage for ATM theft, withdrawal, purchase and transfer under duress, bank card loss and theft, in-app transactions after loss or theft of a mobile device, contactless transactions and property protection (underwritten by Cardiff, on Mercado Pago). Mercado Libre Mexico Property damage insurance (underwritten by Cardiff, on Mercado Pago). Product warranty or protection is treated as an insurance product to customers in some countries (eg European Union and United Kingdom) but not in others (eg China and India). AppleCare+ has to be underwritten by a licensed insurer in the European Union and the United Kingdom, but it is not generally treated as an insurance product in China and India. Sources: Public disclosures on insurance intermediaries’ websites; partnered insurers’ websites; big techs’ annual reports. Big techs’ insurance marketplace Table 4 Big tech Market Platform Insurance product coverage Amazon UK Amazon Insurance Store Standardised Amazon home insurance from Ageas, Co-op, LV= and Policy Expert. Amazon India Amazon Pay Car and bike insurance, currently from Acko only. Amazon US AWS Cyber Insurance Cyber insurance for AWS cloud service, currently provided by cyber insurers Cowbell and Resilience, and insurance broker Marsh. Alphabet India Google Pay Health insurance, currently from SBI General only. Alibaba China Ant Insurance All types, including health, non-life, life insurance and annuity, 400+ products from 50+ insurers. Tencent China Wesure All types, 300+ products from 30+ insurers. From clicks to claims: emerging trends and risks of big techs' foray into insurance 16 Tencent China Tengnuo Non-life insurance and annuity, five products from four insurers, especially serving its wealth management service platform. Tencent China Waterdrop All types, 300+ products from 30 insurers. JD China JD Finance All types, 100+ products from 50+ insurers. Baidu China Du Xiaoman All types, 100+ products from 40+ insurers. Didi China Didibao Travel, accidental and auto insurance for drivers and passengers, from eight insurers. Xiaomi China Xiaomi Finance Home, health and accidental insurance from eight insurers. Rakuten Japan Rakuten Insurance General Info Center Life, pet, health, home, car and bicycle insurers for Rakuten’s insurers only. Grab Indonesia GrabKios Phone screen protection, property, health, personal protection and education insurance for merchants and customers on GrabKios (Indonesian digital good selling/re-selling platform). Goto Indonesia GoSure/PasarPolis Gadget, auto, motorbike, travel, home, phone screen, health and life insurance from 50+ insurers. Touch ‘n Go Malaysia GOprotect Auto, travel, home, e-wallet and health insurance from seven insurers. SEA Thailand SEAInsure Broker Property, liability, marine, car and group insurance from 28 insurers. Mercado Libre Argentina/ Brazil Mercado Pago Life, personal accident insurance from Prudential only currently. Mercado Libre Mexico Mercado Pago Life insurance from Prudential only currently. Tencent owns 20% of the shares in Waterdrop and has 8% of the voting rights. Waterdrop is one of the largest online insurance marketplaces in China, a US listed company with annual premiums of around $2.4 billion in 2021. Waterdrop is a Chinese insurtech focusing on digital crowdfunding and insurance brokerage. Alphabet/Google ran an insurance marketplace for motor and travel insurance, Google Compare, between 2011 to 2016 in the US and European markets. However, it reportedly exited the market to shift focus to their advertising business. Mercado Pago has a local insurance agent/broker licence in all jurisdictions in which it distributes insurance products except in Brazil where it distributes insurance products from Prudential as “estipulante” (policyholder that is a group representative acting for the group as an administrative manager of the account). Sources: Public disclosures on insurance intermediaries’ websites; big techs’ annual reports. 27. Embedded insurance can offer insurers unique new market opportunities and, at the same time, enhance a big tech’s core services. Each big tech has its unique ecosystem that can create unique new insurance needs. Taking product protection insurance as an example, AppleCare and Amazon are probably pioneers in embedding insurance in their product selling processes. Another example relates to travel, accidental, health and liability insurance offered by Meituan. Meituan, as an all-in-one lifestyle service super app in China, sells over 200 insurance products embedded in its core services, from food delivery, goods delivery, travel and event booking to an online pharmacy. Alibaba and Tencent offer similar embedded insurance in their various services, although these are less substantial compared with Meituan, in terms of the number of products offered, as they seem to be focusing more on the insurance marketplace model. In the early stage, some of the big techs (Alibaba and Tencent) also attached credit guarantee insurance to their online microlending products to provide credit enhancement. They no longer offer such insurance and this is likely to be because they now have greater capabilities to assess the credit risks of those to whom they are lending and are therefore less reliant on insurance guarantees. 29 28. Insurance marketplaces can range from basic platforms that provide partnered insurers’ product information only to comprehensive online shopping platforms. Ant Insurance is probably the most comprehensive marketplace in our sample. It covers the full insurance value chain to the fullest extent as an insurance intermediary, handling product distribution, development, pricing and claims management: 29 Credit guarantee insurance for microlending is still one of the major premium sources for ZhongAn. See Box 1 for details. From clicks to claims: emerging trends and risks of big techs' foray into insurance 17 • Product distribution and marketing – Ant Insurance provides a cost-efficient channel for insurers to access its extensive customer pool. Consequently, it has attracted major insurers in the market to sell products on its platform. Ant Insurance claims that its intelligent decisioning system is able to identify customers’ needs in different scenarios. It also offers customers useful tools for insurance education and product selection, such as AI-based product comparison, product rating and robo-advice tools. • Product development – Ant Insurance partnered with PICC, China’s largest non-life insurer, to introduce a novel insurance product called Haoyibao, providing policyholders with guaranteed renewals of Million Dollar Medical insurance. Ant Insurance has launched various versions of Haoyibao including accepting customers with pre-existing conditions like hypertension or diabetes. In addition, it entered the life insurance market by launching Quanminbao, the first online simple annuity savings product. These product innovations are branded or whitelisted as Ant’s products instead of the insurers and sold only on Ant’s platform. • Product pricing and underwriting – Ant Insurance leverages its customer insights and offers insurers intelligent customer selection tools during the product marketing stage for use as a form of input for insurers’ underwriting decisions. • Claims management – Ant Insurance offers centralised claims filing, assessment and payment interface on its platform, providing a fast and automated claims process using technology solutions (eg optical character recognition is used to assess the authenticity of scanned medical records quickly and accurately, natural language processing technology is used to analyse and interpret text in medical records to detect fabricated information). 29. Big techs may partner with insurers and intermediaries to offer end-to-end solutions for their core services. As part of its Cyber Insurance Partner programme,30 Amazon Web Services (AWS) partners with selected specialist cyber insurers and an insurance intermediary to offer AWS customers a streamlined process in order to obtain a quote for cyber insurance cover within two business days. Staff of those insurance companies have been trained by AWS security experts to assess the cyber risk exposure of an AWS client based on a standard cyber security report that AWS provides via its Security Hub. AWS clients that follow its best practice security posture can benefit from higher coverage limits or lower premiums for their cyber insurance policies. The insurers and intermediary can help AWS clients assess their cyber postures and recommend improvements, not only for their underwriting purposes, but also as an advisory service to AWS clients. This is an example of how big techs can offer end-to-end solutions (in this case, a secure, resilient and insured cloud platform) by partnering with insurers and intermediaries to enhance their core technological services. Going forward, AWS plans to partner with other non-insurance entities that may provide various cyber services (eg professional services) in order to grow their ecosystem with insurers and mutual customers of such entities. 30. In some of the examples above, big techs operating as insurance intermediaries appear to have stronger market power when partnering with insurers than traditional insurance intermediaries. Insurers are attracted to big techs’ platforms to leverage their huge customer base, customer data, brand influence and the unique embedded insurance value proposition. To benefit from these features of big techs, insurance products have to be customised to be suitable for big tech. For example, in China, the largest non-life insurers in the market (eg PICC), when selling on Ant Insurance’s platform, allow Ant to drive the product design and branding. Amazon Insurance Store in the United Kingdom has established a standard product feature for insurers offering home insurance cover on its platform. EIOPA (2021) noted the market power imbalance between big tech intermediaries and insurers, calling it “reverse-outsourcing” from intermediaries to insurers. 30 See From clicks to claims: emerging trends and risks of big techs' foray into insurance 18 31. Big techs as insurance intermediaries appear to be more active in Asia and Latin America, compared with Europe and the United States. Their embedded insurance product offerings appear to be more widespread in Asia and Latin America than in Europe and the United States. Most insurance marketplaces are in Asia. These regional differences are probably due to several factors, as explained at the end of this section. 32. Although big techs’ activities as insurance intermediaries currently focus more on non-life and health insurance products, there is the potential for growth in life insurance. The large online insurance marketplaces in China provide term life, whole life and annuity products with non-investment (non-participating and non-investment linked) features. It may be the case that life insurance will be the next target of big tech intermediaries when competition in non-life and health insurance becomes more intensive. The sales of life and annuity products online might also become easier than before, with increased familiarity and affinity with online insurance by customers. Big techs as service providers 33. Big techs as service providers support insurers and insurance intermediaries without performing actual insurance activities. Big techs as service providers are not subject to licensing or direct supervisory requirements by most insurance regulators. As such, this avenue could be an attractive proposition for big techs to tap the insurance market without being subject to direct insurance regulatory oversight. Nevertheless, insurers or insurance intermediaries engaging with those big techs are subject to supervision and regulation on risk management, anti-money laundering, fraud, outsourcing and the use of critical services. These regulations typically require insurers or insurance intermediaries to properly manage risks arising from service providers, including big techs. 34. In our sample, we noted four general types of service provision – technology services, data services, healthcare services and advertising/marketing services. Technology services 35. Like other financial sectors, insurers are reliant, to a significant extent, on big techs for technology services. Following the digitalisation trend, financial institutions have come to rely heavily on cloud computing and data analytic services from big techs (Crisanto et al (2022)). This is the same in the insurance world. All digital insurance services that big techs are involved in (both in their roles as insurers and as insurance intermediaries), as well as traditional insurers’ digital infrastructure, rely on cloud-based solutions. Such technology services are often concentrated among a few leading big techs. Amazon Web Services, Microsoft Azure, Google Cloud and Alibaba Cloud control around 70% of the global market across all sectors. 31 In China, Alibaba, Tencent, Baidu and JD are also major cloud service providers for the financial sector. 32 36. Similar technology services are offered in all major insurance markets. Some examples of technology services provided in different parts of the insurance value chain include: • Product distribution – Google Cloud supports HDFC ERGO General Insurance in India to build an online platform for selling insurance. 33 ZhongAn offers internet insurance distribution systems to insurers and digital platforms in various countries in Asia. 31 See Crisanto et al (2022). In addition, from annual reports in 2022, they have a global market position with annual revenues of $80 billion (Amazon), $75 billion (Microsoft), $26 billion (Alphabet) and $12 billion (Alibaba). 32 See 33 See From clicks to claims: emerging trends and risks of big techs' foray into insurance 19 • Product pricing and underwriting – big techs provide: o core business systems – Microsoft Azure has helped Allianz to move the core components of its global insurance platform to the cloud; 34 o risk prediction models – Microsoft has partnered with Swiss Re in creating a Digital Market Centre using Microsoft’s data analytics and AI capacities that will improve how risks are predicted, managed and insured; 35 o investments – Alibaba/Ant, as the largest online investment service platform in China, offers insurers investment platforms with AI-based intelligent selection of investment products within pre-defined risk tolerance levels; 36 and o financial management – insurers’ actuarial models require greater computing power to generate business results under various bases and scenarios, and a major actuarial software company, FIS, has partnered with Amazon Web Services for such services. 37 • Claims management – it is now relatively common for insurance claims to be submitted online with automated verification. Claims can also be paid using AI-powered assessments. For example, flight delay insurance can be automatically paid to affected policyholders based on real-time flight information. Microsoft has helped Swiss Re to create such a digital platform for automatic reimbursements for delayed flights. Microsoft has also helped Munich Re to develop a digital suite to reduce the workload of underwriters and physicians, and improve claims processing times. 38 Google Cloud provides health insurers with software called Claims Data Activator that can help speed up medical procedures by accelerating the processing of paperwork at hospitals and healthcare providers. 39 • Customer services – big techs’ payment platforms, for example Alipay and WeChat Pay in China, are very commonly used by insurers for premium or claims payments. Tencent’s WeChat acts as a major customer interaction tool for all retail business, including insurance. Amazon Pay India and Google Pay India have developed dedicated sections in their apps for insurance premium payments for policies issued by various insurers. Meta’s WhatsApp provides insurers with a chatbot for interacting with customers. 40 Data services 37. Other than technology services, big techs sometimes act as a data vendor to insurers. Data are probably more critical to insurance businesses than for other financial services as they are the main basis for insurers to set a price for insured events. Big techs, with valuable and vast customer data, in many cases establish their own insurers and/or insurance intermediaries to retain this data advantage within their own ecosystem. However, when they cannot use such data for insurance purposes internally, they may still serve as an external data provider to insurance entities. Baidu has partnered with Swiss Re on 34 See 35 See 36 Ant disclosed an assets under management balance of CNY 4 trillion as of 30 June 2020 and claimed to be China’s largest online investment service platform. See Ant (2020a). 37 See 38 See 39 See 40 See From clicks to claims: emerging trends and risks of big techs' foray into insurance 20 auto data analysis, whereby Baidu’s autopilot driving data is used by Swiss Re for pricing car insurance. 41 Similar data services can be provided based on data collected from big techs’ digital home devices (eg Amazon Alexa, Google Nest and Xiaomi Xiaoai) for home insurance, or health data collected from big techs’ wearables (eg Apple Watch, Xiaomi Band and Smartwatch) for health insurance. Big techs providing such data would need to fulfil all prevailing data privacy requirements (eg customer disclosure and consent) that apply to all of their businesses (Crisanto et al (2021)). Insurers accepting and using such data for pricing or underwriting are required to use only legally acquired data. Healthcare services 38. Big techs’ significant involvement in wearables and healthcare allows them to offer health related services that are closely linked to health insurance. These services include: • Provision of wearable devices – many insurers have initiated healthy lifestyle programmes that offer policyholders a wearable device (eg an Apple Watch) to encourage a healthy lifestyle, as well as collect health data for risks analysis. • Provision of medical services – many health insurers wish to have a closed healthcare service loop from pharmacy and hospital to insurance, in order to have a direct handle on claim costs, gain health risk insights relating to the insureds and provide seamless medical services as a selling point for their health insurance businesses. Big techs with health technology or digital healthcare services can provide such services to their own insurers or to other insurer partners. o In the United States, Amazon has teamed up with the insurer Florida Blue which uses Amazon Pharmacy as home delivery service provider for medical prescriptions. Amazon Pharmacy provides Florida Blue’s policyholders with comparative pricing information on medications.42 o In China, Alibaba, Tencent and JD are developing their digital health services, with linkages already established with insurance. Alibaba Health has adopted a business strategy with “cloud-based infrastructure” as the foundation, “cloud-based pharmacy” as the core and “cloud-based hospital” as the engine, to provide affordable online healthcare services. In 2022, it generated revenue of $3 billion from around 110 million customers for healthcare services, with approximately 300,000 health consultations per day. In insurance, ZhongAn has partnered with Alibaba Health and launched several innovative products to customers with chronic diseases (eg diabetes, hepatitis and epilepsy), in which Alibaba Health provides healthcare and health management services to these customers. Advertising/marketing services 39. Big techs, even though they are not involved in licensed insurance sales or distribution activities, can still provide useful advertising or marketing services for insurers or intermediaries. Big techs with huge customer bases are good advertising platforms. We have noted the following examples of big techs providing a platform for insurers or intermediaries to advertise their services without needing to be licensed as insurance intermediaries: • Amazon Seller Insurance, whereby Amazon US partnered with insurance broker Marsh to establish an Amazon Insurance Accelerator website to help sellers buy insurance that fulfils Amazon’s 41 See 42 See From clicks to claims: emerging trends and risks of big techs' foray into insurance 21 requirements. Amazon is not part of the insurance transaction and does not take commission from the insurers. • Grab in Indonesia partnered with insurance broker, Bling, which allows Grab’s users to join Bling from the Grab App and become its insurance “partner” by referring insurance products to their friends or inviting their friends to be new partners in order to earn cash and reward points. • Microsoft partnered with US cyber insurance provider, At Bay, to offer cyber insurance discounts to policyholders that adopt Microsoft’s enhanced security tools. 43 • Alipay Hong Kong has a dedicated section in its app called “insurance” that lists insurers’ and brokers’ websites. It does not provide any insurance product information, rather it simply directs customers to those websites. 40. In our sample, the most prominent footprints of big techs in insurance are probably in service provision. With the digitalisation of the insurance industry, it appears that big techs are becoming more omnipotent in service provision, covering every part of the insurance value chain, from small to critical support, via various forms of cooperation with insurers and intermediaries. Specialisation in the insurance value chain has always existed, 44 but increased specialisation via more service providers, more complex service scopes or forms of partnership could increase the fragmentation of the value chain, and create more blind spots for supervisors (EIOPA (2021)). Regionally different modalities 41. By summarising big techs’ activities in insurance, as identified above, material regional differences are noted. We illustrate such differences by looking at the aggregated footprints of four selected leading big techs – two US-based (Amazon and Alphabet) and two China-based (Alibaba and Tencent), as shown in Graph 3. 43 See 44 For example, product distribution is carried out by licensed insurance intermediaries, and pricing and underwriting can be supported by reinsurers. From clicks to claims: emerging trends and risks of big techs' foray into insurance 22 Insurance footprints of selected four big techs Graph 3 US-based Amazon Alphabet/Google Asia-based Alibaba/Ant Tencent Source: See details in Section 2. 42. US big techs are more internationally active in insurance than big techs in other regions, although mainly as a service provider rather than running insurers or as insurance intermediaries. With the insurance digitalisation trend, technology services are needed in all of the markets that big techs serve, covering every part of the insurance value chain. These services probably provide a good source of income to US big techs that are very strong in technology services in many major markets globally. Directly competing with existing insurance market players as insurers or insurance intermediaries may not be very attractive compared with their core businesses. The US big techs have conducted some trials running From clicks to claims: emerging trends and risks of big techs' foray into insurance 23 insurers or insurance intermediaries, but not on a large scale. Another reason for their reluctance may be past failures in Europe and the United States (Amazon’s closure of Haven in the United States in 2021 and Google Compare’s closure in Europe and the United States in 2016). In India, US big techs appear to be more active in investing in digital insurers and introducing insurance services on their payment apps. 43. Chinese big techs focus on local markets, and are active in both service provision and running insurance intermediaries and insurers. Big techs’ embedded insurance and insurance marketplaces in China are at a larger scale with wider influence in the insurance value chain (eg more influence on product branding, design and claims processes). They also control or invest in several insurance companies to better support their insurance offerings. This model of active engagement exists not only in China, but also more widely in Asia, including in India, Japan and Southeast Asia. Big techs in China, when taken together, have a larger aggregate insurance footprint than the US big techs. Although they are not yet dominant players in the local insurance market, the aggregate risks have prompted regulators in China to issue several policy responses. Chinese big techs’ further growth in insurance depends on the potential for digital insurance growth in the market as a whole and on competition from traditional players that are also digitalising very quickly. 44. The regional differences are probably driven by factors45 such as the: • Level of maturity of the insurance market – insurance markets in Europe and the United States are more developed and saturated than in Asia or Latin America. 46 With strong traditional players, comprehensive product offerings and high insurance penetration, direct competition in these developed insurance markets would be more difficult and less attractive. Developing high-growth markets in Asia and Latin America offer more opportunities due to unfilled product needs and large, underserved populations. However, they may also present challenges arising from potentially less professional traditional insurance intermediaries. • Digital infrastructure and customer behaviour – in addition to their technology advantage, big techs can benefit from their huge customer base, frequent interaction with customers and numerous service scenarios that can be linked with insurance. It appears to be the case that big techs in Asian countries have more super apps with such features, and their customers are very much used to looking for information and buying many items on such super apps, including financial products. 47 Insurance as an additional financial service appears to be more easily accepted and welcomed by consumers in Asia than in other markets. • Regulatory environment – FSB (2020) observed that regulations in emerging markets create a more favourable environment for financial services; 70% of survey respondents thought that financial regulation in their jurisdictions were supportive of big techs’ financial services activities, including in the insurance sector. For example, China established a virtual insurer licensing and regulatory framework to promote digital insurance as early as 2013 (thus the establishment of ZhongAn), and undertook several follow-up measures to encourage the use of technology in the insurance sector and its digitalisation. 48 Hong Kong SAR is also actively encouraging digital insurance by offering fast-track licence applications to virtual insurers 45 European Supervisory Authority (2022) similarly observed that the limited presence of big techs in the European Union was due to regulatory requirements, low profit margins, consumer preferences/trust in incumbents and lack of insurance knowhow, among other reasons. 46 The relative insurance density and penetration rates across different regions reflect the relative level of market coverage. See Swiss Re (2022). 47 Eg Alibaba in China provides retail services covering almost every aspect of daily life, including online shopping for food and goods, online pharmacy, food delivery, trip and ticket booking, map and e-hailing services, logistics, digital media, digital payment and wealth management, which makes people “live” on their apps. Tencent in China, Rakuten in Japan, and Grab and SEA in Southeast Asia have similar features. 48 See China National Council (2015), CBIRC (2019), NFRA (2022) and People’s Bank of China (2019). From clicks to claims: emerging trends and risks of big techs' foray into insurance 24 since 2017. 49 Malaysia published an exposure draft on the licensing and regulatory framework for digital insurers and takaful operators for public consultation in 2022. 50 Although these regulatory encouragements are not specifically targeted at big techs, taking up these licenses to leverage their existing digital advantages may be attractive to them. • Focus on core business – probably because of all the reasons listed above, big techs in Europe and the United States focus more on their core e-commerce businesses and other technology-related services. Big techs in Asian countries are becoming more diversified in terms of business lines (super apps with various services) and are more active in offering new services. Section 3 – Prudential and conduct regulatory and supervisory approaches 45. While existing regulatory requirements are applicable to various insurance-related activities of big techs, there is no financial or sectoral regulation specifically targeting these entities. This is probably because of the limited footprint that big techs have in the insurance sector. Moreover, existing regulatory requirements are applicable to various activities of big techs such as requirements relating to group-wide supervision, the digital distribution of insurance products and third-party service providers. 46. The potential scale and speed of big techs’ entry into the insurance sector deserves policy attention. In the European Union, European Supervisory Authority (2022) highlighted the need for a holistic approach to the regulation and supervision of the financial services value chain and ensuring effective regulation and supervision of mixed activity groups (including big techs). The report highlighted that digital finance has unlocked new synergies between financial and non-financial activities that could potentially introduce systemic risk. Therefore, it is important to manage prudential risks posed by mixed activity groups (including big techs) performing financial and other services. Insurance Commission of the Philippines (2014) highlighted that the ease and speed with which insurance providers (which could include big techs) can market products via the internet may expose consumers who are unfamiliar with such platforms to various risks. The regulator stressed the importance of consumers and insurance providers being informed and having awareness of their rights and obligations in an electronic marketplace. 47. The regulatory requirements applicable to big tech activities in insurance can be grouped into three categories. These are requirements related to insurance underwriting, digital distribution and service provision (see Graph 4), which are described in more detail below. 49 See 50 See Central Bank of Malaysia (2022). From clicks to claims: emerging trends and risks of big techs' foray into insurance 25 Big techs’ activities in insurance and the applicable regulatory requirements Graph 4 Source: authors’ elaboration. Insurance underwriting 48. The international standards on insurance supervision, the Insurance Core Principles (ICPs), are broad and can be applied to cover sectoral risks arising from big techs’ involvement in insurance. 51 In the aftermath of the Great Financial Crisis, global regulatory reforms broadened the scope of the regulatory perimeter. This was to address risks from non-regulated entities that were part of global financial groups and that had proved to be systemic in nature. To close this regulatory gap, the International Association of Insurance Supervisors (IAIS) established a Common Framework for the Supervision of Internationally Active Insurance Groups (ComFrame). The IAIS has also revised its ICPs to cover risks from non-regulated entities. 49. In practice, rather than relying on specific guidance or requirements, insurance regulators apply existing rules to oversee big techs’ activities in insurance. They rely on existing rules, depending on the activities concerned. This may be a sensible and proportionate approach given the limited market share of big techs in underwriting or distributing insurance products. It may also reflect the effectiveness of existing principles-based regulatory frameworks that can be tailored to capture the changing insurance landscape, and in this case, the increasing presence of big techs. Nevertheless, insurers’ heavy reliance on big techs as technology providers (eg cloud computing) may warrant greater supervisory scrutiny, although this is not a regulatory perimeter issue. 50. Big techs’ involvement as insurance underwriters is subject to well established licensing or shareholding requirements, depending on the nature of their entry into the insurance market. ICP 4 (Licensing) outlines licensing requirements that should apply to the legal entity within a big tech that plans to underwrite insurance policies. In general, licensing requirements are the same for any entities, regardless of whether they belong to a big tech or otherwise. ICP 6 describes rules that insurance 51 See Annex 2 for a list of ICP standards that are relevant in addressing risks from big techs’ involvement in insurance. From clicks to claims: emerging trends and risks of big techs' foray into insurance 26 supervisors should put in place for the acquisition of significant ownership or interests in an insurer, including by big techs. As described in Section 2, some big techs have entered into the insurance market by acquiring significant ownership of incumbent insurers. Where such acquisitions shift the control of an insurer to a big tech, supervisors are expected to ascertain that the control arrangements are subject to conditions similar to the licensing requirements. The new big tech owner should be subject to suitability of persons requirements. Supervisors should be able to reject such acquisitions if the resulting structure does not allow for effective supervision or is detrimental to policyholders’ interests. 51. ICP 23 (Group-wide supervision) calls for insurance regulators to have broad-ranging powers that can encompass big techs’ activities in insurance. Specifically, ICP standard 23.3 states that “The group-wide supervisor and other involved supervisors do not narrow the identification of the insurance group or the scope of group-wide supervision due to lack of legal authority or supervisory power over particular legal entities.” In addition, the ICP guidance calls for supervisors to take account of risks that emanate from the larger group when supervising an insurance group. Applying this to the business model described in Section 2, in which a big tech owns an insurance subsidiary, means that insurance supervisors may need to draw a group-wide supervisory perimeter that encompasses the broader big tech group. In practice, this means that, even though an insurance supervisor may not have the legal authority to supervise a big tech holding company, it needs to identify and address risks to the insurance entities that are part of the group arising from various parts of the big tech. 52. Big techs and their activities in the insurance sector may be subject to conglomerate-type regulation in some jurisdictions. In China, large commercial groups that include two or more financial institutions of different types (including insurers) are required to group their financial activities under a financial holding company (FHC), which would be responsible for meeting prudential and other requirements on a consolidated basis for the resulting financial subgroup. 52 The National Financial Regulatory Administration (NFRA) has responsibility for group-wide FHC regulation and supervision, while sectoral financial regulators are in charge of regulating financial institutions controlled by FHCs. 53. Cross-sectoral financial supervisory cooperation is critical to avoid regulatory blind spots in addressing prudential and conduct risks from big techs. Within the financial sector, insurance supervisors may need to coordinate closely with their counterparts responsible for supervising the banking, payments and asset management sectors. There could be a blurring of regulatory responsibilities due to the highly integrated nature of ecosystem binders of big techs. For example, a failure in the payments services of a big tech to transmit premium payments for an insurance policy may leave a policyholder uncovered for a particular risk. Should the insured event occur and the policyholder is not compensated, it is unclear if the payments or insurance part of a big tech should be held responsible. 54. Cross-border supervisory cooperation may be helpful in anticipation of growing insurance activities by big techs spanning multiple jurisdictions. Regulations imposed by a regulator in one jurisdiction may have unintended consequences in another. For example, in an extreme case, a financial regulator with legal authority over the holding company of a financially distressed big tech group may ring-fence its funds to protect domestic clients at the expense of foreign customers. Digital distribution of insurance products 55. The sale of insurance products through big techs’ digital platform generally falls under insurance distribution requirements.53 Such requirements can take the form of specific regulations 52 See People’s Bank of China (2020). 53 ICP 19 (Conduct of business) sets out requirements for insurers and intermediaries to treat customers fairly, both before a contract is entered into and through to the point at which all obligations under a contract have been satisfied. From clicks to claims: emerging trends and risks of big techs' foray into insurance 27 related to internet or digital insurance (eg in China, Malaysia and the Philippines)54 or more general insurance distribution rules (eg in Indonesia and the United States). A common feature of such requirements is that they are institution-agnostic, applying not only to big techs but also to other types of insurance intermediaries. 56. Big tech entities that distribute insurance products are usually subject to licensing requirements, like any other insurance intermediaries. • NFRA (2020) outlines a comprehensive set of rules governing internet insurance business that also applies to big techs’ insurance intermediation activities. The rules require big techs in China to be licensed as an insurer or insurance intermediary in order to offer insurance on their selfoperated digital platforms. Comparator websites or applications must also be licensed as an insurance intermediary. • In Indonesia, insurers must obtain approval from the financial authority, Otoritas Jasa Keuangan (OJK), before they engage with a non-bank business entity (including a big tech) to distribute insurance products though websites, social media or digital applications (OJK (2020)). Additionally, such intermediaries must have a 24 hours a day, seven days a week customer service centre to respond to customer queries or complaints. They must also register as an electronic system operator with the Indonesian Ministry of Communication and Informatics. • In the European Union, big techs’ insurance distribution activities are subject to the same rules as other insurance intermediaries. Nevertheless, European Supervisory Authorities (2022) recommended that the existing rules may need to be updated to make them fit for the digital age. It recommended the enhancement of consumer protection and conduct of business rules to address risks of mis-selling and overcome potential weaknesses in complaints handling processes. • In the Philippines, insurers and insurance intermediaries (including big techs) are required to obtain approval from the Insurance Commission 55 before they use mobile applications to distribute insurance products. In addition, at least 14 days prior to rolling out an electronic commerce platform, they must submit relevant information to the regulator such as their customer charter and privacy policy, as well as the products and services that will be offered and internet security arrangements. • In the United States, the National Association of Insurance Commissioners (2005) requires any person or entity engaged in selling, soliciting or negotiating insurance to hold an insurance producer licence. This would apply to any big techs moving into these activities. 57. Conduct of business rules that require insurers and insurance intermediaries to treat customers fairly apply to insurance products sold through big tech channels. NFRA (2020) requires insurers or insurance intermediaries to respect the rights of customers when selling internet insurance. It emphasises the importance of ensuring fair pricing of insurance products sold through the internet, providing clear and accurate marketing materials that are not misleading, as well as making timely claims payments. It also requires proper recording of the full sales process and record-keeping. Insurance Commission of the Philippines (2014) requires insurers and insurance intermediaries to provide consumers engaged through electronic platforms the same level of protection as those engaged through other channels, in accordance with fair business, advertising and marketing practices. Insurance providers must disclose adequate information about the products offered so that consumers can make an informed decision on whether or not to purchase those products. Financial Conduct Authority (2023) bans opt-out selling practices to prevent firms defaulting customers into products for which they may or will be charged. 54 See Annex 3 for a high-level comparison between three selected digital/internet insurance regulatory issuances from NFRA (2020), Central Bank of Malaysia (2022) and Insurance Commission of the Philippines (2014). 55 See Insurance Commission of the Philippines (2014). From clicks to claims: emerging trends and risks of big techs' foray into insurance 28 This approach is helpful to avoid consumers unknowingly purchasing add-on embedded insurance products. 58. Insurance regulatory frameworks may permit only “simple” types of insurance product to be sold through digital channels. This is consistent with general conduct of business rules in insurance, which typically require extensive customer suitability assessments in the marketing and sale of complex insurance products that are characterised by the inclusion of investment components. From a regulatory perspective, ensuring a similar level of customer protection between offline and online insurance offerings could pose a challenge for complicated life insurance products that may require extensive customer suitability assessments. NFRA (2020) recommends products sold through the internet be simple in terms of the nature of coverage and the contractual terms and conditions. NFRA (2021b) stated that life insurance products with participating features56 or investment-linked features are currently not allowed to be sold as internet insurance. The requirement in Otoritas Jasa Keuangan (2015) that mandates that online distribution of investment-linked products be concluded in person makes it difficult for big techs to offer such products through their digital platforms. 59. Proper disclosure is particularly critical when big techs distribute insurance products. There should be clear disclosure of the actual insurance underwriter together with ways to file a complaint. NFRA (2020) requires insurers or insurance intermediaries selling internet insurance to establish a dedicated section on their websites to fulfil disclosure requirements related to their internet insurance activities. Big techs (and other insurers or insurance intermediaries) engaged in internet insurance must disclose information such as their regulatory licence, the name and website of their self-operated network platform, the list of internet insurance products they offer, and customer service and complaints channels. Importantly, details of the actual insurance underwriter must be clearly disclosed in any marketing or distribution materials. Similarly, Insurance Commission of the Philippines (2014) requires insurers and insurance intermediaries offering insurance products through electronic platforms to clearly disclose information such as the identity of the insurance underwriter, communication channels for consumers and the dispute resolution process. 60. More broadly, the increasing use of social media and digital platforms to market insurance products brings heightened risks of misleading advertisements being propagated more widely and rapidly. To mitigate such risks, the Monetary Authority of Singapore issued a Consultation paper on enhancing safeguards for proper conduct of digital prospecting and marketing activities in April 2023.57 The consultation proposes enhanced requirements in the existing advertising regulations. In the European Union, Joint European Supervisory Authority (2022) recommended active monitoring of the use of social media in financial services to assess if further regulatory responses are warranted to supplement existing applicable rules. It noted that, with a new generation of consumers that increasingly or even predominantly responds to communication and information circulated on social media, supervisors need to become better acquainted with different types of social media. 61. Market dominance of big techs as insurance intermediaries may pose conduct risks if big techs exert their influence on insurers to the detriment of consumers. Such dominance could potentially create distribution channel monopolies, high commission costs, and a disconnection between insurers and their customer data for necessary risk analysis. In China, the NFRA’s regulatory requirements on internet insurance aim to address such issues, for example requiring distribution platforms to provide sufficient customer data to insurers for proper underwriting and setting upper limits on distribution expense assumptions in the pricing of certain internet insurance products. More digitisation of traditional players and their increased share of online distribution may improve the balance. 56 Participating life insurance policies offer policyholders discretionary or non-guaranteed returns that are determined at the discretion of an insurer based on its profits arising from underwriting or investment experience. 57 See From clicks to claims: emerging trends and risks of big techs' foray into insurance 29 Requirements related to service providers 62. Regulatory treatment of big techs as service providers to both insurers and insurance intermediaries are mostly expressed in outsourcing and cloud computing guidelines. 58 Such guidelines typically apply to all types of outsourcing arrangements and not just to those with big techs. Examples include: • In China, NFRA updated its outsourcing guidelines in 2021 (NFRA (2021a)) to address new risks arising from rapid digitalisation and greater usage of technology services in the financial sector. In particular, it recognised that there are various forms of models of cooperation between insurers and third-party service providers, which may not all fall within the definition of outsourcing and thus may not be captured under outsourcing requirements. Hence it extended the scope of its outsourcing guidelines to apply to any cooperation models that involve the processing of key business data by insurers or personal data of customers. • In the European Union, outsourcing requirements are specified in Solvency II and, in addition, EIOPA issued guidelines on cloud outsourcing in 2020 (EIOPA (2020)). It also performed a thorough analysis of third-party involvement in the insurance value chain in 2021 and identified potential regulatory gaps (EIOPA (2021)). More generally, the European Union’s Digital Operational Resilience Act (DORA) will address information and communication technology risks in the financial services value chain. 59 • The Hong Kong Insurance Authority (HKIA) has implemented its Guideline on outsourcing, 60 which outlines the key considerations and controls that authorised insurers should adopt when engaging in business activity outsourcing. The guideline requires insurers to inform the HKIA of any significant outsourcing arrangements, including the outsourcing of information system management, which may involve cloud computing services. Furthermore, in recognition of advancements in technology and the growing role of third-party technological services, the HKIA will periodically update its regulatory guidelines to address emerging risks, such as those related to the use of third-party services involving cloud computing, within its cyber security and outsourcing guidelines. • Monetary Authority of Singapore (2018) outlined supervisory expectations on financial institutions, including insurers on how they should manage risks arising from their outsourcing arrangements. The guidelines specify criteria for the determination of “material outsourcing arrangements”, which include arrangements that involve customer information whereby unauthorised access or disclosure and loss or theft of customer information may have a material impact on an insurer’s customers. This criterion may cover technology services provided by big techs to insurers such as data analytics services. MAS also issued an advisory to financial institutions on technology and cyber security risks associated with public cloud adoption. The advisory sets out the common key risks and control measures that financial institutions should consider before adopting public cloud services.61 58 The IAIS outlined issues related to insurers’ operational resilience, including supervisory approaches on IT third-party outsourcing (see IAIS (2023)). Certain authorities may focus on specific services, such as AI or third-party administration that can be provided by big techs. In the United States, the NAIC (2020) outlined principles on AI that apply to insurers and other entities including third parties eg big techs. NAIC (2011) is a model law on the licensing of third-party administrators that include entities providing services (including big techs) such as claims adjustment and settlements in connection with predefined lines of business. 59 Nevertheless, Joint European Supervisory Authority (2022) recommended that a holistic approach is taken to the regulation and supervision of fragmented value chains. 60 See Hong Kong Insurance Authority (2017). 61 See Monetary Authority of Singapore (2021c). From clicks to claims: emerging trends and risks of big techs' foray into insurance 30 63. Even without direct regulatory powers over big tech groups as a whole, insurance supervisors may exert their influence on licensed insurance entities in order to address big techrelated risks. For example, the Central Bank of Malaysia 62 imposed technology risk management requirements on regulated financial institutions, including insurers. The policy document places obligations on insurers to ensure that any insurance service provider and intermediary they may engage (including big techs) comply with the risk management requirements. 64. Concentration risks posed by big techs as technology providers raise financial stability concerns. IAIS (2023) highlighted that both supervisory requirements and financial institutions' risk management processes are less advanced in terms of the ongoing management of risks arising from concentration in the provision of critical IT services by third-party service providers. EIOPA (2020) and NFRA (2021a) require insurers to take responsibility in assessing and managing concentration risks. These authorities monitor concentration risk from both a sectoral and jurisdictional perspective. Joint European Supervisory Authorities (2022) highlighted that over-dependence on certain critical third-party providers may present risks not captured in current and envisaged legislation, and gaps may present a risk to financial stability. Similarly, IAIS (2023) stated that, in theory, such concentration risk could become systemic. Other requirements 65. Beyond the financial sector, insurance supervisors need to collaborate with regulatory authorities in charge of competition, data privacy and cyber security, amongst others. This is another area that is unique in relation to the supervision of big techs’ regulated activities. Unlike other financial conglomerates, big techs’ operations are comprised of a mix between non-financial/commercial and financial activities. Their activities are highly interrelated, which can expose one area to vulnerabilities in other areas.63 For example, an insurer that uses a big tech’s cloud-based AI underwriting tool may be exposed to the big tech’s cyber vulnerabilities from its cloud infrastructure. At the same time, the potential misuse of personal data to train an AI model may result in an insurer breaching data privacy laws or ethical codes of conduct. Another distinguishing feature of big techs compared with financial conglomerates is their market dominance in specific products or services, which can give rise to anti-competitive practices. As such, specific regulatory attention to address such anti-competitive behaviour is needed. 66. It is important that insurance supervisors understand the interplay between such noninsurance specific regulatory regimes (eg competition, data privacy and cyber security) with their prudential and conduct objectives. For example, big techs may exploit their competitive advantage over incumbent insurers in a way that could lead to unfair treatment of policyholders. 64 Similarly, data privacy safeguards, including how insurers may use data obtained from big techs, are important to avoid unfair treatment of policyholders that can result from biased pricing or underwriting terms. 62 See Central Bank of Malaysia (2023). 63 See Crisanto et al (2022). 64 Financial Conduct Authority (2022) pointed out that competition risks may emerge if data gathered by big techs is negatively used in insurance underwriting which results in excluding specific cohorts of consumers. This risk could be heightened if big techs use data from their wider businesses, putting incumbents and potential entrants at a disadvantage to the detriment of competition and consumers. From clicks to claims: emerging trends and risks of big techs' foray into insurance 31 Section 4 – Concluding remarks 67. As big techs continue their expansion in insurance and other financial services there are compelling reasons for insurance supervisors to stay vigilant. At present, their involvement in insurance, as risk carriers or intermediaries, is limited and financial services overall represent a relatively small part of big techs' activities. Yet, this can change quickly through the DNA loop and big techs’ ability to leverage their wide customer base and strong technological underpinning. Insurance supervisors may therefore wish to intensify their existing monitoring efforts in order to safeguard the interests of policyholders and the stability of the insurance market. 68. Although existing regulatory frameworks can be applied to big techs’ insurance activities, there seem to be practical challenges to overseeing big tech entities as a whole. Existing applicable insurance requirements include licensing requirements for insurance risk carriers, underwriters and intermediaries. Their role as technology service providers is addressed through outsourcing or operational resilience guidelines. More generally, the ICPs require supervisors not to narrow the scope of group-wide supervision due to lack of legal authority or supervisory power over particular legal entities. This means that risks posed by big techs to their insurance entities must be monitored and understood by supervisors. In practice, this may prove challenging as supervisors may not have regulatory authority over the holding companies of big techs, or the resources or expertise to assess their risks. 69. In addition, the interrelationships between big techs’ financial and non-financial activities warrant close supervisory monitoring. Given the close relationship between big techs’ financial and non-financial businesses, risks can transmit easily and quickly from their non-financial to financial activities. The lack of supervisory powers to monitor big techs may exacerbate the problem as supervisors may not have visibility of potential risk transmission channels from big techs’ non-financial activities. As such, continued vigilance of the regulated entities of big techs will be important to detect any potential contagion from their non-financial activities. In addition, consideration might be given to enlarging the scope of group-wide supervision, if warranted, to encompass material non-financial activities of big techs. 70. A further challenge arises as big techs may operate on the boundaries of regulatory perimeters. Areas of potential concern include: • Marketing and product distribution – leveraging their highly popular online platforms, they may advertise, market or even distribute insurance products in a way that escapes regulatory requirements. This can occur through an unclear definition of insurance intermediation activities or through complex sales techniques or procedures. As such, insurance regulators may need to review existing product distribution and marketing guidelines to ensure they remain fit for purpose to capture big techs’ foray into this space. • Data use – big techs may use aggregated data (eg for customer selection or more granular pricing), which may not be well captured by data privacy rules. Data sharing arrangements between big techs, insurance intermediaries and insurers are also potential areas of risk, which may warrant regulatory attention to pre-empt any detrimental impact to customers or policyholders. • Service provision – with a greater variety of services provided by big techs to the insurance sector, and with more complex forms of cooperation or partnership between insurance players and big techs, the provision of such services could become more complicated and more opaque and thereby more difficult for insurance regulators to understand and supervise. Some forms of cooperation or partnership may not directly fall within existing outsourcing requirements and thus pose regulatory blind spots. Insurance regulators may need to keep the relevant requirements updated to cater to new trends in service provision by big techs. From clicks to claims: emerging trends and risks of big techs' foray into insurance 32 71. While the insurance activities of big techs may not be significant in some markets, their material presence as intermediaries and technology service providers requires oversight to mitigate disruption and protect the interests of policyholders. Existing regulatory requirements cover most aspects of big techs' insurance activities, but there are potential regulatory blind spots in areas such as marketing and product distribution, data use and service provision. Insurance regulators may need to review and update guidance to reflect the evolving role of big techs and ensure that consumers continue to be protected within the regulatory framework. 72. The existing regulatory framework was not formulated with big techs in mind. In the context of big techs, potential risks to financial stability originate not only from the provision of financial services in combination with commercial activities but also from significant linkages with traditional financial institutions as service providers. Financial stability concerns also arise from big techs’ tendency towards excessive concentration in the provision of both financial and technology services. 65 These risks are not fully addressed by existing sectoral financial regulations. While insurance supervisors may rightfully focus on the prudential and conduct implications for big techs’ insurance clients (policyholders and insurers), a more holistic approach is needed. 73. Addressing big tech risks requires a regulatory rethink. There is a clear case to consider the development of specific rules for big techs active in finance, including insurance. These rules could take the form of a new entity-based regulatory framework that allows authorities to control risks emerging from the combination of financial and non-financial activities.66 Given the global nature of big techs, international standards to regulate big techs’ activities across the financial services sector in a comprehensive and coherent manner may be helpful to avoid any regulatory blind spots. In addition, international coordination of policy and supervisory responses can facilitate consistency of approaches. References Alibaba Group Holding Limited (2023): Fiscal Year 2022 Annual Report. Alibaba Health Information Technology Limited (2023): Fiscal Year 2022 Annual Report. Alphabet Inc (2023): Annual Report 2022. Apple Inc (2023): Annual Report 2022., Inc (2023): Annual Report 2022. Ant Group (2020a): Hong Kong initial public offering prospectus, October. ——— (2020b): White paper on online mutual aid programs. Baidu Inc (2023): Annual Report 2022. Bank for International Settlements (BIS) (2019): “Big tech in finance: opportunities and risks”, Annual Economic Report 2019, Chapter III, June. ——— (2020): Annual Economic Report 2020, June. Carstens, A (2018): “Big tech in finance and new challenges for public policy”, keynote address at the FT Banking Summit, 4 December. 65 Carstens (2023). 66 A concrete proposal in this respect was put forward by Ehrentraud et al (2022), echoed in Carstens (2023). From clicks to claims: emerging trends and risks of big techs' foray into insurance 33 ——— (2021): “Public policy for big techs in finance”, introductory remarks at the Asia School of Business Conversations on Central Banking webinar “Finance as information”, Basel, 21 January. ——— (2023): “Big techs in finance: forging a new regulatory path”, speech at BIS conference “Big techs in finance – implications for public policy”, Basel, 8-9 February. Carstens, A, S Claessens, F Restoy and H S Shin (2021): “Regulating big techs in finance”, BIS Bulletin, no 45, August. Central Bank of Malaysia (2022): Discussion paper on licensing framework for digital insurers and takaful operators, January. ——— (2023): Risk management in technology, June. China Banking Regulatory Commission (CBIRC) (2018): “Regulation on Shareholding of Insurance Companies”, March. ——— (2019): Guiding opinions on high quality development of banking and insurance sector, December. China Insurance Association (2022a): “Internet insurance report of life insurance companies 2021”. ——— (2022b): “Internet insurance report of non-life insurance companies 2021”. China State Council (2015): Guidance on promotion of "Internet+" initiative, July. Crisanto, J, J Ehrentraud and M Fabian (2021): “Big techs in finance: regulatory approaches and policy options”, FSI Briefs, no 12, March. Crisanto, J, J Ehrentraud, M Fabian, A Monteil (2022): “Big tech interdependencies – a key policy blind spot”, FSI Insights on policy implementation, no 44, July. Didi (2023): “Annual Business and Social Responsibility Report 2022”. Embedded Finance & Super App Strategies (2022): “How and why insurers should increase investment in embedded insurance 2.0”, Embedded Insurance Peer Group Report, June. Ehrentraud, J, J Evans, A Monteil and F Restoy (2022): "Big tech regulation: in search of a new framework”, FSI Occasional Papers, no 20, October. European Insurance and Occupational Pension Authority (EIOPA) (2020): Discussion paper on the (re)insurance value chain and new business models arising from digitalisation, April. ——— (2021): (Re)insurance value chain and new business models arising from digitalisation: feedback statement to the discussion paper, May. European Supervisory Authority (2022): Joint European supervisory authority response, January. Financial Conduct Authority (2022): The potential competition impacts of big tech entry and expansion in retail financial services, October. ——— (2023): “Conduct of business obligations”, Conduct of Business Sourcebook, Chapter 2, August. Financial Stability Board (FSB) (2020): Big tech firms in finance in emerging market and developing economies, October. Grab Holdings Limited (2023): Annual Report 2022. Hong Kong Government (HK Gov) (2015): Insurance Ordinance, December. Hong Kong Insurance Authority: (2017) Guideline on outsourcing, June. International Association of Insurance Supervisors (IAIS) (2022): IAIS report on fintech developments in the insurance sector, December. ——— (2023): Issues paper on insurance sector operational resilience, May. From clicks to claims: emerging trends and risks of big techs' foray into insurance 34 Insurance Commission of the Philippines (2014): Guidelines on electronic commerce of insurance products, November. Insurance Regulatory and Development Authority of India (IRDAI) (2020): Transfer of shares of the insurance companies, July. Iresearch and ZhongAn (2021): White paper on China’s million dollar medical market., Inc (2023): 2022 Annual Report. Meituan (2023): 2022 Annual Report. MercadoLibre, Inc (2023): 2022 Annual Report. Meta Platforms, Inc (2023): 2022 Annual Report. Microsoft (2023): Annual Report 2022. Monetary Authority of Singapore (2018): Guidelines on outsourcing, October. ——— (2023): “Consultation Paper on enhancing safeguards for proper conduct of digital prospecting and marketing activities” April National Association of Insurance Commissioners (NAIC) (2005): Producer Licensing Model Act, January. ——— (2011) : Registration and regulation of third party administrators, October. ——— (2020): NAIC principles on artificial intelligence (AI), August. National Financial Regulatory Administration (NFRA) (2020): Rules on internet insurance business, December. ——— (2021a): Rules on information technology outsourcing risk management, December. ——— (2021b): Additional rules on internet life insurance business, October. ——— (2021c): Advisory on addressing the technology and cyber security risks associated with public cloud adoption, June. ——— (2022): Guiding opinions on banking and insurance industry digital transformation, October. Otoritas Jasa Keuangan (2015): “Surat peraturan Otoritas Jasa Keuangan nomor 23/POJK.05/2015 tentang produk asuransi and pemasaran produk asuransi”, November. ——— (2020): “Surat edaran Otoritas Jasa Keuangan Republik Indonesia nomor 19/SEOJK.05/2020 tentang saluran pemasaran produck asuransi”, December. People’s Bank of China (2019): Fintech development plan (2019–2021). ——— (2020): Rules on financial holding companies, September. Porter, M (1985): The competitive advantage: creating and sustaining superior performance, The Free Press. PT GoTo Gojek Tokopedia Tbk (2023): Annual Report 2022. Rakuten Group, Inc (2022): Corporate Report 2021. Restoy, F (2019): “Regulating fintech: what is going on and where are the challenges?”, speech at the ASBABID-FELABAN XVI Banking public-private sector regional policy dialogue on “Challenges and opportunities in the new financial ecosystem”, Washington DC, 16 October. ——— (2021): “Fintech regulation: how to achieve a level playing field”, FSI Occasional Papers, no 17, February. Sea Limited (2023): FY 2022 Annual Report. From clicks to claims: emerging trends and risks of big techs' foray into insurance 35 Shin, H S (2019): “Big tech in finance: opportunities and risks”, speech on the occasion of the BIS Annual General Meeting, June. Swiss Re (2022): “Sigma No 4/2022 Word insurance: inflation risks front and centre”, July. Tencent Holding Limited (2023): Annual Report 2022. Xiaomi Corporation (2023): 2022 Annual Report. ZhongAn Online P&C Insurance Co Ltd (2017): Global offering. ——— (2023): Annual Report 2022