The notion of paying out an annual stream of income can be traced back to the Romans. It’s a simple notion and one of the earliest forms of wealth management. Today, the simplicity of that notion has been replaced by the complexity of the annuity product. Rooted in a time way before the iPhone, the conventional annuity looks tired in the digital world. It’s an old world approach long overdue for a refresh and reinvention. To explore this further, Rick Huckstep spoke with Matt Carey, CEO and co-founder of Blueprint Income. It’s a different world now  The baby boomers are retiring. When they made their plans for the future, the world was analog. Individual advice was based on human judgment, the personal touch and “trusted, expert” relationships. This was how the world of wealth management worked pre-internet. However, today, for many U.S. boomers, the prospect of actually giving up work is still some way off. This recent U.S. study by the Insured Retirement Institute reported that as many as two in five of American baby boomers have nothing saved for their retirement. Increased longevity and the massive decline in employer pensions in the 21^st century are major factors behind the prediction that as many as half of Americans will not be able to maintain their current lifestyle. The point is that the baby boomer generation, and Gen X for that matter, have shifted from creating retirement wealth through a lifetime of work to protecting what they have for now. Which means that the wealth management target client has changed. It’s no longer a baby boomer market, or a Gen X market for that matter. Now it’s the millennials who are the core client (target) base for wealth management. With 40% of the global adult population under the age of 35 years old, this is a generation who has only known a digital world in adult life. Rise of the affluent millennial But it is more than a digital divide that separates the generations. Millennials’ attitudes and behaviors to creating their own wealth are different, too. These differences are shaped by factors such as: debt-funded education, greater levels of social conscience and engagement, a broader world view and higher levels of self-employment. Which is a challenge for the wealth management industry as it adapts to a different customer profile. Building a wealth management proposition for the millennial generation has to reflect the different demographics compared with baby boomers and Gen X. See also: How Insurance Fits in Financial Management There’s tons of research out there that reports how attitudes and behaviors have changed over the generations, even back to the silent generation. In this 2015 survey of more than 9,000 millennials across 10 countries by LinkedIn and IPSOS, they found;

• millennials expect to be financially able to travel and see the world,
• 60% expected to be wealthy (even though they earn about 20% less than the baby boomers,
• they do not rely solely on wages for their income (trader by day, Uber by night),
• and are more likely to carry debt than Gen X (repaying student debt has replaced saving for retirement),
• nine out of 10 millennials use social networks for input on financial planning,
• as well as being more likely to take advice from family members,
• and are heavily influenced by their peers,
• millennials are half as likely to be married compared with baby boomers at the same age,
• they are seven times more likely to share their personal information with brands they trust.

The financial literacy problem There is another dynamic that is important to consider when looking at how the wealth management industry serves the millennial generation. Financial literacy, or the lack of it! The millennial generation may be more informed than their predecessors, but not necessarily in everything. They are more likely to know who Kim Kardashian is than to understand the impact of inflation on their savings over time. In itself, there’s nothing new in this, but the fact is that the level of financial literacy in the U.S. has been dropping for years. According to survey results by U.S. regulator FINRA, the level of personal finance literacy has fallen every three years since 2009. They found that 76% of millennials lack basic financial knowledge. Which is hardly surprising when only 14% of U.S. students are required to take a personal finance class in school. See also: Raising the Bar on User Experience   The FINRA survey also reported a massive gap between the level of financial understanding and the desire to have one. The survey found that 70% of adults aged between 18 and 39 years old “know they will need to be more financially secure, they just don’t know how to get there.” What is clear from the survey is that this lack of financial literacy is causing stress and anxiety among millennials (who, remember, now account for 40% of the adult population). For the rest of the article, click here.

On Sept. 29, 2017, the Insurance Authority of Hong Kong launched the new insurtech Sandbox, with the objective to test insurtech applications by authorized insurers in a controlled regulatory environment. The infographic summarizes the main features of the initiative and provides insight on the potential benefits as well as the anticipated challenges for the players interacting in the Sandbox.

The compliance and ethics functions within insurance organizations face continued regulatory pressure. But, nowadays, they must also deal with new threat vectors that are shaping a higher-stakes global compliance environment. More and more, investigative journalists are analyzing big data to spot fraud as well as compliance violations. Third-party agencies are increasingly using technology to identify incidents and monitor corporate behavior. Enforcement agency whistleblower programs are motivating employees to speak out about perceived violations. And, rapidly escalating grassroots campaigns, such as the #metoo movement, are making strong corporate culture and rapid-response capabilities even more critical. When these watchdogs form the genesis of a complaint, social media channels and the round-the-clock news cycle can rapidly increase awareness of the incident – in some cases even before the company itself is aware. Compliance functions need the agility to adjust to business changes and to the inevitable surprises inherent in a dynamic business climate. But, without a strong technological underpinning to help them operate efficiently in real time, it will be challenging, if not impossible, to get ahead of new threat sources and changing business dynamics. From dashboards for improved decision-making, to sophisticated tools for monitoring employee compliance, to training informed with data from compliance monitoring, technology-based capabilities are now cornerstones of effective compliance management. By using the best available tools and information to protect their organizations and to scan the horizon for new requirements, trends and risks, compliance functions can keep pace with their organizations’ changing compliance needs. But as a group, insurance sector compliance functions have some work to do on the technology front. According to the PwC 2018 State of Compliance study, only 41% of insurance organizations use policy management technology within the compliance department (compared with 44% across industries and 54% in banking, for example). Just 47% use technology to monitor employees’ compliance with ethics and compliance-related policies and procedures (compared with 50% across industries and 52% in banking). While progress is being made, it lags that of certain other industries. See also: How to Collaborate With Insurtechs   However, our study identified 17% of insurance survey respondents as “Leaders,” where executives were very satisfied with the effectiveness of their organization’s compliance program. This is on par with other industries in the study. The study’s overall Leader group shares a common denominator: Leaders take a more comprehensive and current approach to compliance risk management as enabled by technology. Leaders differ substantially from their peers in many of the operational aspects of compliance risk management, including executing differently in four key ways. Leaders invest in tech-enabled infrastructure to support a modern, data-driven compliance function. Technology helps organizations manage compliance in a dynamic and expansive risk universe. Leaders more often use data analytics tools, dashboards and continuous monitoring than their peers. More than half (54%) of Leaders in the study use data analysis tools, and nearly half have dashboards (49%) and engage in continuous compliance monitoring (48%). The effective use of cloud infrastructure, machine learning, advanced analytics and natural-language processors help organizations quickly analyze vast amounts of data and gain insights into business and customer behaviors, assess potential compliance issues and cost-effectively meet risk and regulatory challenges. Leaders increase compliance-monitoring effectiveness through the use of technology and analytics. Analytics, together with automation technologies, make the continuous monitoring of employee compliance across many areas of the business far more feasible. Two-thirds (66%) of Leaders use technology to monitor employees’ compliance with ethics- and compliance-related policies and procedures. And they more often use technology to monitor specific risk categories, such as fraud, gifts and entertainment, privacy, social media and trade compliance. Leaders are also gleaning more benefits from technology use in monitoring efforts - compared with their less effective peers, they are more responsive and even proactive in mitigating compliance issues. Leaders streamline policy management to increase responsiveness and boost policy and procedure effectiveness. Leaders take several steps to strengthen their policy management. They more often keep their codes of conduct, policies and procedures current and make them easily accessible across the organization. They also more often enable this streamlining through policy management technology, such as GRC tools, and measure the effectiveness of policies and procedures more comprehensively. Nearly two-thirds use technology to facilitate the policy management process. Leaders take advantage of information and technology to provide targeted, engaging and up-to-date compliance training. Leaders’ compliance training and communications are more comprehensive and current. They are often using multiple sources of information to inform and target their training and are thinking creatively about new ways to digitally engage employees in training activities. Leaders' approaches to training positively affect their organizations’ overall risk profile as they aim to minimize activities that potentially place the organization at higher risk. See also: Guide for Insurtech Work With Carriers   Effective compliance risk management must be grounded in strategy and business engagement. Establishing the right tone at the top, assessing compliance and ethics risks and building governance structures that provide high levels of confidence in regulatory matters are all critical to effective compliance leadership. But operational aspects of compliance are where the rubber meets the road. With multiple new, highly motivated watchdogs now providing their own forms of oversight, the case for strengthening compliance risk management through technology is strong. Technology is more critical than ever in building programs that boost compliance program value, better manage risks and drive cost-effective compliance.

Excerpted from MSA's Q1-2018 Outlook Report (June 2018) The insurance industry has been compared to the proverbial frog in the pot of ever hotter water. While things appear on the surface comparable to what they were like 10 years ago, perhaps with some nuanced variations, there appears to be little in the way of differences. Yes, mergers continue happening at the carrier level, and direct insurers are slowly gaining market share, but the band plays on. Industry associations continue holding conventions, insurers, reinsurers and brokers continue their traditions and year-end pilgrimages to London, Monte Carlo, Baden-Baden, NICC and the Aon Rendezvous, and the various other stations still welcome a familiar crowd. But signs that fundamental changes are afoot are becoming ever harder to ignore. In Ernest Hemingway’s 1926 novel, "The Sun Also Rises," there’s a snippet of dialogue that seems apropos: How did you go bankrupt?” Bill asked. “Two ways,” Mike said. “Gradually and then suddenly.” The primary driver of the change is technology. The less noticeable catalyst, but no less important, is changes in regulatory mindsets. Let’s tackle both. The two most influential market conduct regulators in Canada are readying themselves for technological disruption of the industries they oversee. Quebec’s regulator, the AMF, has publicly expressed that it is "open for business" in terms of insurtech/ fintech under CEO Louis Morisset and Superintendent of Solvency Patrick Déry. FSCO has recently moved to be more flexible within the tight bounds of its mandate, and its successor, FSRA, will be a modern independent agency purposely built for adaptability; it emerges from its cocoon under the guidance of a professional board and the stewardship of its CEO, Mark White, in April 2019. FSRA and the AMF are positioning themselves to allow experimentation via regulatory sandboxes, whereby players can test initiatives in the field. This sandbox methodology is modeled after the Ontario Security Commission’s LaunchPad initiative. See also: Global Trend Map No. 19: N. America (Part 1)   You may not have noticed it, but the regulatory ground in two of Canada’s largest provinces has shifted, and the stage is being set for ever-faster innovation in the Canadian insurtech space. In fact, in conversations with Guy Fraker, chief innovation officer at California-based Insurance Thought Leadership and emcee for the InsurTech North Conference in Gatineau in October, he advises that Canada is being looked at as a regulatory innovation hub by the global insurtech community. Even under the old FSCO regime, Canada’s largest insurer, Intact, pulled off what might be a master stroke in July 2016 when it issued a fleet policy to Uber, providing coverage to tens of thousands of Uber drivers when engaged in Uber activities. So, in one fell swoop, a single insurer swept up tens of thousands of drivers. Intact pulled another coup by partnering with Turo in Canada. Turo is a peer-to-peer car-sharing marketplace that is busy disrupting the sleepy and sloppy car rental industry. This again gives Intact access to thousands of drivers with the stroke of a pen. Further, Intact may be able to leverage the access it has to those drivers to provide full auto coverage and even residential coverages. When these risks are gone, they’re lost to the rest of the market. Striking deals with the likes of Uber and Turo changes the game. In the U.S., Turo partners with Liberty Mutual, and with Allianz in Germany. Uber partners with Allstate, Farmers, James River and Progressive in the U.S. Aviva has pulled off a similar deal in Canada with Uber’s nemesis, Lyft. Further afield, B3i, the industry blockchain initiative has been established with the support of 15 large insurers/reinsurers. It is just starting up, but its mission is to remove friction from insurer/reinsurer transactions and risk transfer. When friction goes, so will costs. It is starting out slowly, but things may change suddenly – reshaping whole segments of the market. In addition to the original 15, the initiative has been joined by 23 industry testers. In the U.S., The Institutes (the educational body behind the CPCU designation) launched a similar blockchain consortium called RiskBlock, which currently counts 18 members:

• American Agricultural Insurance
• American Family Insurance
• Chubb
• Erie Insurance
• Farmers Insurance
• The Hanover Insurance Group
• Horace Mann Educators
• Liberty Mutual Insurance
• Marsh
• Munich Reinsurance America
• Nationwide Insurance
• Ohio Mutual Insurance Group
• Penn National Insurance
• RCM&D
• RenaissanceRe
• State Automobile Mutual Insurance
• United Educators
• USAA

There is talk of establishing a Canadian insurance blockchain consortium, as well. You can hear from leaders of B3i, RiskBlock and parties involved in the Canadian initiative at the NICC in October. Even further afield, if one was to look for an industry that makes the insurance sector look futuristic, one need not look further than the global supply chain shipping industry, with antiquated bills of lading, layers of intermediation and massive administrative overheads. Well, that industry is getting a serious wakeup call thanks to determination and drive of the world’s largest shipping company, Maersk. The company is taking its industry by the scruff of the neck and pulling it into the future whether it likes it or not – long-standing tradition, relationships and methods notwithstanding. First, in March 2017, Maersk teamed up with IBM to utilize blockchain technology for cross-border supply chain management. Using blockchain to work with a network of shippers, freight forwarders, ocean carriers, ports and customs authorities, the intent is to digitize (read automate/disintermediate) global trade. More recently (May 28, 2018) and closer to home, Maersk announced that it has deployed the first blockchain platform for marine insurance called insurwave in a joint venture between Guardtime, a software security provider, and EY. The platform is being used by Willis Towers Watson, MS Amlin and XL Catlin (got your attention?). Microsoft Azure is providing the blockchain technology using ACORD standards. Inefficiencies, beware! Microsoft and Guardtime intend to extend insurwave to the global logistics, marine cargo, energy and aviation sectors. See also: How Insurance and Blockchain Fit   Insurers that find themselves locked out of these types of large-scale initiatives will be left out in the cold. We’re witnessing "SUDDENLY," and we’d better get used to it.

The National Safety Council reported a 14% increase in fatal auto accidents between 2014 and 2016, reaching the highest total since 2007. More accidents lead to more insurance claims, and thereby more payouts from insurers. As a result, insurers are striving to more accurately measure and stratify the risk associated with their customer base to help lower claims and increase profits. Unfortunately, it’s difficult to accurately assess risk, and many insurers are stuck using traditional methods to determine rating policies. For years, insurers have used factors like credit score, age, gender and location to set rates, but these traditional factors are not adequate alone to accurately stratify the customer base by risk. When insurers began to use credit score, they were pleased because drivers classified in the riskiest decile based on credit cost two times more to insure than those in the lowest risk decile. Although a 2x lift may seem significant, it pales in comparison to what can be achieved using modern technology to directly measure driving behavior. In particular, data shows that, by using smartphones to measure distraction, at-risk speeding, harsh braking and other factors, smartphone telematics can provide a 17x lift from lowest to highest deciles in terms of crash risk. See also: Distracted Driving — an Infographic   Using smartphone sensor data – and thereby leveraging technology their customer base already possesses – insurers can more accurately measure and analyze driving behavior, and use this information to stratify risk and set pricing based on driving performance. This also aligns with what consumers want. A recent survey revealed that only 20% of respondents had full clarity on how their insurance providers set prices, which seems out of touch given consumers’ overall push for transparency across industries. What’s more, 73% of drivers surveyed want insurance rates based on how they drive, not traditional factors such as gender, age or income level. Despite the significant benefits of adopting a smartphone telematics program, some insurers have been hesitant due to concerns about customer adoption, user satisfaction and ease of implementation. For example, survey respondents indicated that only 22% had ever been offered such a program by their insurer. Considering that 75% of drivers said getting a discount from an insurance provider would motivate them to be a better driver, it is time for insurers to put their concerns aside and try offering a smartphone telematics program. See also: It’s Rush Hour in Telematics Market   Not only can these programs help insurers assess risk, but they can help build a loyal customer base dedicated to safer driving, because smartphone telematics apps offer a way to engage with customers through gamification features and real-time feedback. These features have been shown to help change driver behavior for the better: One insurer saw 74% of their drivers improve. Among these drivers, there were 47% fewer claims and 48% less-severe claims. By extracting behavioral risk factors from smartphones – a modern, ubiquitous technology - and combining them with traditional assessment factors, insurers can achieve better risk stratification, set more accurate rates, reduce the quantity and severity of claims and improve loss ratios. Also, by implementing a comprehensive smartphone telematics program, insurers obtain a direct channel to their customers, where they can engage to improve driving habits and increase loyalty to the insurers’ brand.

I’ve just returned from the ISPIM conference in Stockholm, where around 500 people spent several days kicking around the big questions of how to work successfully at the innovation frontier. A great feature of the conference is that it brings together researchers and academics, practitioners and policy makers, consultants and coaches – and there’s a willingness to share ideas, insights and concerns. It was also a conference taking place against a footballing background – and there were plenty of detours to local cafes to catch games of the World Cup. Watching footballers take the field for their tournament matches reminds you very quickly that these are not simply a group of 11 men tumbling out of the pub or roused from their Sunday afternoon armchairs. They are a trained and rehearsed squad, their performance the result of hours of strenuous effort. All that hard work doesn’t guarantee them success on the pitch, but it certainly helps. It’s also interesting to watch the surprising contenders – small countries like Switzerland or Belgium taking on their much bigger rivals. Success in a competition like this is about being agile, flexible, creative – and remembering that what worked in the past may not be enough to succeed in the future. Winning depends on the capacity for innovation – and for innovating our approaches to that challenge. In many ways, the drama being played out on the pitches in Russia was the same as that being discussed in the conference sessions. Innovation matters to any organization trying to deal with an uncertain and increasingly turbulent environment. And the evidence is clear – success isn’t an accident but rather the product of well-rehearsed and embedded behaviors. As with athletes training for the big event, success depends on a regime of practice and reinforcement to the point where these things become automatic.   Psychologists call these routines, and they define "the way we do things around here"; they become the culture of the organization. There’s no shortage of conferences like ISPIM at which companies share experiences to try to distill recipes for success. And there’s plenty more inspiration to take from a wide range of reports from consultancies mapping trends and identifying key innovation management practices. The dates and locations might change, some of the specific challenges might appear new, but the underlying message is surprisingly constant. And it’s backed by a wealth of research studies that have been trying to explore and unpack the DNA of successful long-running innovators. See also: 3 Myths That Inhibit Innovation (Part 2)   So what does it look like – what is "innovation fitness"? It’s not a single magic ingredient but rather attention paid to a set of principles and the behaviors that help the organization act on them. Anyone might get lucky once, but to sustain innovative performance requires something much deeper, and seven core principles stand out as being important:

• Innovation is not a magic moment – it’s not like the cartoon in which a bubble appears containing a bright idea. It takes place over time, and smart organizations map and manage the journey from idea to successful capture of value from that idea.
  • This doesn’t happen by accident; it’s a journey, and there are different stations on the way, different activities requiring different approaches
  • Smart organizations have a map for their journeys, create structures and policies, use tools and methods to help manage risk and uncertainty as projects proceed
  • They use this process to enable them to repeat the trick and build into it the capacity to stop or pivot projects as well as start them

• Innovation is not a slogan or a fashion accessory; it’s a strategic imperative
  • Innovation needs a road map for the future, spelling out clearly where and how change will take us forward
  • It depends on strategic leadership, providing a stretching vision and encouraging and empowering people to contribute their ideas and efforts toward realizing it
  • It requires commitment, not just words – strategic innovation leadership is about putting resources into play
  • People only buy in to strategy when they understand it, so it also requires mechanisms to communicate and engage them
  • Innovation is about scarce resources and risk, so it’s essential that it is monitored and measured, a key part of the organization’s high-level dashboard
• Innovation is all about change – smart organizations recognize that strategic advantage can come from change along multiple dimensions.
  • Change in what we offer the world – products or service innovation
  • Change in how we create and deliver that offering – process innovation
  • Change in the markets we address and our relationship to them
  • Change in the underlying mental model – business model innovation
  • Smart organizations explore all the innovation space available to them and build a balanced portfolio across these different types
• Innovation involves a portfolio of risk:
  • It involves a great deal of "do better" incremental innovation, exploiting what we already know – improving on what’s already there, tightening up processes, improving customer service, enhancing product offerings, etc.
  • But it also involves radical innovation, exploring new and unmapped space. This kind of "do radical" innovation is about step changes along the trajectories we work with, bigger bets around new technologies, entering new markets, shifting our approach, etc.
  • And from time to time it requires "do different" – reframing the game, looking with an entrepreneur’s eye on how to change the rules of the game or start a new one – disruptive innovation, co-evolving in an emerging new world
  • Organizations need different capabilities in each, allowing for experimentation, failure and above all learning and accumulation of experience for next time
  • And they need "ambidexterity" – being able to do all of this under the same roof, taking advantage of the leverage their resource base can offer. They find ways of integrating the learning around renewing the organization while balancing the tensions and internal challenges that different forms of innovation can set up.
• Innovation is a multi-player game – it’s an ecosystem of different actors who can become part of an innovation network
  • This has always been the case, innovation is about networks of knowledge. But in today’s knowledge-rich environment the challenge of open innovation begins with recognizing that not all the smart guys work for you
  • Smart innovating organizations spend a lot of time developing and managing their networks – seeking out and building new nodes, strengthening existing ones and pruning redundant ones
  • They recognize that users are a powerful source of knowledge, and work to engage lead users and user-innovators in processes of co-creation
  • They explore beyond the boundaries of the normal business frame, looking to develop peripheral vision to pick up on weak signals and emerging opportunities far from their core

See also: How ‘Not Invented Here’ Limits Innovation  

• Innovation is about people and smart organizations working to develop an active innovation culture.
  • Innovation not just as the province of specialists, so everyone can contribute to the innovation story
  • Needs enabling structures and tools, like collaboration platforms
  • Needs to tap into the natural creativity and entrepreneurship but also channel it
  • Needs to train and develop it – understanding innovation and acquiring and honing the skills to be innovative
  • Needs to recognize and reward it
  • Needs to tolerate ambiguity and failure
  • Needs to give people space, time, permission to play
• Innovation is a dynamic capability – organizations need the capability not only to adapt to a changing world but also the second-order capability to step back and reset their approaches. They need innovation model innovation.
  • Need for double-loop learning, adding and modifying and pruning the innovation routines – the behaviors embedded in structures, processes and policies.
  • Three key questions need to be regularly asked. Of the routines we use:
    • Which should we do more of, reinforce?
    • Which should we do less of, even stop doing?
    • Which new ones do we need to cope with new challenges?
  • Need for a core team to help with this, monitoring and reviewing, catalyzing and experimenting – an innovation management capacity
  The challenge, of course, is not just recognizing the need for these capabilities but actually acquiring them. And unfortunately there’s no substitute for the hard work and commitment to building them to the point where they become the way we do things around here. It’s about learning and practice – simply taking out a gym membership doesn’t build up the kind of high-performance athlete able to compete at world-class levels. So why put in the hard work? Because research evidence, reinforced by consulting reports and conference presentations, also shows that success does follow. Actively managing innovation makes a difference. Innovation isn’t a matter of luck, it’s a capability that can be built. Innovators are made, not born.

In a 2011 article in Insurance and Technology, Kathy Burger enumerated several big technological changes in the insurance industry since 2001, including the rise of big data, the ubiquitous nature of cell phones and social media and an increased emphasis on data security and privacy. Seven years later, these once-big innovations are par for the course. P&C insurers and insurtech companies are now positioned to use these tools — which scarcely existed in 2001 and which were only beginning to be broadly embraced in 2011 — as the foundation for the next wave of major changes in the insurance industry. Now, let’s look at some of the biggest rising insurtech trends today to get an idea of where they’re likely to take us 10 years from now. Auto Insurance In July 2015, Jayleen R. Heft published an article at PropertyCasualty360 with the provocative title, “Will the auto insurance industry be obsolete in 20 years?” Heft cited the work of Deutsche Bank research analyst Joshua Shanker, who argued that by 2030 self-driving cars and ride-sharing services would occupy so much of the automotive market that setting rates based on driving data would no longer be necessary. Instead, the companies behind these vehicles and services would simply “insure their cars like any other product,” Heft said. While self-driving cars and ride-sharing services like Uber and Lyft are already shaking up the auto industry, predicting the demise of auto insurance by 2030 — or by 2028, even — may be premature. Pay-per-mile auto insurance is gaining popularity. Spearheaded by companies like Metromile and Esurance, the pay-per-mile model charges a base rate, plus a specified rate for each mile driven. “Each mile usually costs a few cents,” Craig Casazza explains in an article for ValuePenguin. “So if you drive 200 miles per month at a rate of five cents per mile, you would be charged $10.” In addition, Metromile only charges drivers for the first 250 miles driven in any given day in most states. Tracking Mileage With Telemetrics Both Metromile and Esurance use telemetrics to track miles driven to calculate each month’s rate. Metromile calls its program the “Metromile Pulse,” and it uses the car’s OBD-II port to track mileage. Other insurance companies have experimented with telemetrics for a number of years but haven’t connected rates directly to miles driven. Instead, they use the vehicle’s data to adjust rates in a more complex, less transparent manner, Casazza says. See also: Future of P&C Tech Comes Into Focus   The pay-per-mile model is increasingly popular with younger drivers, who often have the option to abandon their cars entirely for the convenience of Uber or public transportation, but who are happy to keep the freedom of their own vehicle when they feel they can more directly control its costs. For these drivers, who include a growing number of those currently under age 40, auto insurance may survive into the 2030s — although it may operate in a very different way. Shanker’s prediction that auto insurance will fade into product liability insurance over the next decade, however, may be prescient. In an October 2017 article in Business Insider, Danielle Muoio explored Tesla’s partnership with Liberty Mutual to sell insurance as part of the purchase price of the company’s vehicles. The plan, called InsureMyTesla, factors in the car’s autopilot feature while setting rates and comes up with a lower cost than other insurance plans as a result, Muoio reports. Insuring Shared Rides Similarly, while ride-sharing company Uber currently requires drivers to carry their own auto insurance coverage while also providing supplementary insurance, the company may switch to providing all insurance coverage on its cars as it continues to move into the self-driving vehicle market. Given Uber’s bumpy ride in producing self-driving vehicles, however, the company’s total abandonment of conventional auto insurance expectations for human drivers may be more than 10 years out, Tech Radar’s Leif Johnson and Michelle Fitzsimmons said in May 2018. Adding Value and Processing Claims “Digital technology destroys value,” warned a March 2017 article by Tanguy Catlin, Johannes-Tobias Lorenz, Christopher Morrison, and Holger Wilms at McKinsey & Co. According to the authors, “although digital technology propels some companies to become clear market winners, for many more its impact depletes corporate earnings and the overall value of an industry. Consumers, not companies, are often the ultimate winners.” To stay relevant, the authors said, insurance companies must “meet customers’ expectations, which have been transformed by digital technology.” In 2018, insurance companies seeking to stay ahead of the curve often accomplish this task by breaking down their own silos and presenting a quick, clean digital interface that makes it easy for customers to interact with the company and for staff to understand customers’ needs and provide clear, consistent answers. Bridging Human and Automated Workflows By 2028, companies are likely to have struck a balance between automation and human intervention — a balance that many insurers are currently struggling to find, Rick Huckstep writes in an article in The Digital Insurer. Automation offers both the opportunity to improve claims response and the challenge of providing the “human touch” that customers also demand, as Roger Peverelli and Reggy De Feniks put it in a December 2017 piece for Insurance Thought Leadership. The goal will be to use automation in a way that doesn’t feel automated. As AI technology continues to develop, this goal may be fully realized within 10 years. The automation of many of the current day-to-day tasks faced by insurance agents will, in turn, change agents’ jobs. Some commentators are already predicting that today’s field agents will be obsolete by 2023, replaced by “bionic agents” who have fully integrated digital tools, including AI and machine learning, into their work. How Automation Influences Customer Expectations Customers are already demanding the knowledge and flexibility a bionic agent exemplifies. As Jason Walker writes at PropertyCasualty360, “Consumers today want the ability to conduct insurance business anytime, anywhere for simple transactions, while at the same time be able to have a relationship with a professional to discuss complex policy questions or walk them through the claims process.” As this option becomes ever more normalized for customers, the demand for the same experience in insurance will rise. as well. The result? By 2028, “digital natives” won’t only be insurance customers — they’ll also be insurance agents who leverage technology not only to serve customers but to demonstrate real value in the insurance process. See also: Key Strategic Initiatives in P&C   Automation and Claims Processing Field agents aren’t the only insurance industry professionals who will see their work change dramatically by 2028. The ways insurance companies process claims will change, as well, driven in large part by customer expectations. For instance, Ben Rossi writes at Information Age that about a fifth of young adult customers (ages 18–24) expect insurance companies to use drone technology to survey property damage and gather information for claims. This idea “would have been unthinkable as recently as a couple of years ago,” Rossi says. Ten years from now, sending a drone to a damaged building or factory site may be as commonplace as sending a human adjuster has been for the past 10 years. For many of us, 2008 feels like it was yesterday. In 2028, our memories of 2018 will feel the same — yet the insurance industry is poised to be eons ahead of where it currently stands, and insurtech will lead the way.

Research firm Forrester’s “Global Business Technographics Security Survey, 2016” found that 49% of decision-makers interviewed had experienced at least one cyber breach during the past 12 months. Of these respondents, 55% had suffered an internal incident involving an employee or a third-party business partner. The survey also ranked top external cyber attack methods: software vulnerabilities, user interaction (phishing, malicious link or email attachment) and use of stolen credentials (logins, encryption keys). These statistics – and countless others – demonstrate the need for businesses and consumers to address the fundamentals of cybersecurity. Without an effective combination of people, processes and governance implemented alongside technology solutions, organizations are at an increased risk of sustaining significant financial damage. Other areas of the business – such as brand, human resources, operations and regulatory compliance, among others – could also take a hit. While leading companies operate more mature cyber risk programs, organizations that lag behind often subscribe to a number of commonly held myths about where to focus their security efforts. These myths prevent the accurate assessment of risk and exposures and hamper the implementation of measures that can protect critical assets and successfully manage a breach when it occurs. Myth 1: Cyber Is Merely an IT issue The information technology (IT) department works full-time to implement, update and maintain technology for the company. However, the same department is often expected to manage the risks associated with that technology, as well. As cyber threats continue to increase, IT departments can easily become overwhelmed. The responsibility for managing cyber risk should lie principally with information security practitioners, regardless of whether the organization has a full-time chief information security officer (CISO). Reality: Cyber Preparedness Starts at the Top and Affects the Entire Organization Taking a comprehensive view of how cyber risk affects the business across various functions is the responsibility of the entire organization—with the C-suite playing an important role. Executives, inclusive of the board of directors, must be familiar with the specific risk issues that affect their organization’s security posture, especially regarding its most critical assets, or “crown jewels,” and then ensure the right departments are involved in devising a comprehensive strategy. This way, security is not only aligned with IT but also tied to the business and the executive leadership team. Many companies conduct cyber-threat “tabletop” exercises to simulate specific scenarios that would play out in a real-life cyber attack or breach – and are increasingly involving the executive team and board of directors. More mature companies with effective governance and risk management processes believe it is imperative to include these senior business executives in these situations. In fact, these exercises are most successful when concentrated on scenarios involving a company’s crown jewels, which enables them to prioritize their efforts toward their most critical assets. Setting the tone at the top helps create buy-in at the highest levels to assess the company’s exposure to cyber risk. This perspective also helps teams implement the necessary remediation and proactive cyber security programs to guard against worst-case scenarios in the event of an attack. Further, information security teams will have the backing to enforce better training and awareness programs, policies and procedures across the organization. See also: Global Trend Map No. 12: Cybersecurity   Myth 2: Technology Solutions Are a “Silver Bullet” While technology is clearly an integral part of effective cyber risk management, investments in technology alone will not fix the problem. If a company focuses its efforts purely on technology designed to detect external threats and perpetrators, it may overlook the impact of human behavior – malicious or otherwise – on cyber security. Research shows that of the businesses that experienced data breaches in 2016, insiders (that is, people with access to the organization’s systems and information) were responsible for 43% of data loss. Whether it is simply employee curiosity or carelessness, these blind spots are often the weakest links in a company’s armor. Increasingly, malicious tactics are designed to bypass sophisticated security technologies and exploit simple human error. Reality: Technology Can Be a Part of the Solution – But It’s Not the Entire Solution Companies need to not only verify that their technology profile is up to date but also implement and maintain their technology effectively. To minimize “insider risk,” for example, organizations should steer clear of allowing everyone to gain access to the most critical and sensitive information and systems. Any access to the company’s critical assets must be governed by strict processes and procedures based on the principle of granting privileged access. Prioritizing programs geared to employee awareness, education and training is also an important step to address common, human-related vulnerabilities, such as malicious attachments in emails, phishing and social engineering tactics and weak passwords. Ensuring the entire organization exercises good “cyber hygiene,” such as better password management practices, should be a priority. Security technologies are a critical part of any program, but they can be potentially circumvented without the appropriate expertise and processes to implement, run, monitor and maintain them. This effort includes installing relevant antivirus software and regularly updating hardware. With cyber security tools – often seen as a silver bullet in a security program – configuration and maintenance should focus on minimizing false positives on security alerts and ensure the appropriate resources are in place to analyze them. From IT to legal, compliance, human resources, business innovation and other departments, it’s critical to create a multidisciplinary team that can assess, manage and respond to risks within different departments and functions. Ultimately, even with the most sophisticated and advanced technology, a culture of security must penetrate the organization. Myth 3: Regulatory Compliance Equals Security As seen most recently with the European Union’s General Data Protection Regulation (GDPR), regulators are stepping in to address consumer privacy and data concerns. While compliance with these regulations is necessary to avoid fines, class action lawsuits and other issues, compliance alone will not address cyber attacks or security compromises. For example, a company may be compliant with the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the Payment Card Industry Data Security Standard (PCI DSS) and other regulatory measures or requirements and still experience a breach. Compliance provides a mere snapshot into a company’s security profile at a certain point in time, whereas effective security is a continuous process of improvement. Reality: Regulatory Compliance Is the Bare Minimum While regulators design regulations with effective security in mind, compliance requirements should be viewed as a baseline to support due diligence in cyber security. However, compliance should not be seen as the end goal in cyber security but as an opportunity to improve overall data hygiene on a continuing basis. Investing in compliance with cyber security regulations is also a chance to create additional security wins. For example, companies can identify – or reclassify – critical assets and prioritize protections against them. Compliance is also a chance to work with key stakeholders across the organization to define the organization’s tolerance toward risk, which helps the security team navigate cyber security decisions. Myth 4: Only Industries That House Sensitive Data Are Under Direct Threat Companies that hold sensitive data, including personally identifiable information (PII), healthcare data, credit card data and personal health information, are obvious targets for cyber attacks. As such, certain industries, such as financial services or healthcare, have traditionally been more heavily regulated. However, many industries must protect trade secrets, intellectual property and sensitive data. For example, the convergence of the physical and digital worlds through the Internet of Things (IoT) means companies face risks beyond data breaches. For example, in the manufacturing, oil and gas and automotive sectors, cyber attacks can result in severe business disruption. Far-reaching regulations can also affect sectors such as education. Reality: Companies of All Sizes Across All Industries Have Vulnerabilities Gartner predicts that, by the end of 2018, there will be twice as many employee-owned devices as company-owned devices used for work. Last year, businesses alone had more than three billion connections with IoT – introducing myriad risks. Aside from the sheer growth of technology and increased entry points for breaches, malicious cyber actors have also shifted their focus. Increasingly, as recent ransomware attacks have demonstrated, attackers are exploiting vulnerabilities with the specific aim of disruption – as well as financial gain. For example, ransomware demanding a few hundred dollars from users is designed to wreak havoc, not necessarily extract the highest payments possible. Every organization – regardless of size or industry – should be thinking about their specific exposures to cyber risk and putting a plan in place to improve their overall resilience. See also: Insurance Industry Can Solve Cyber   Myth 5: Companies Can Outsource a Function Along With the Responsibility and Risk Companies of all sizes outsource regulated processes, such as their handling of payment card industry (PCI) transactions. The rationale is that the process of evaluating and verifying compliance is expensive and does not make economic sense, especially if the company is not handling a vast amount of transactions. When an organization outsources a function in this way, it often has the misperception that the responsibility for compliance is also outsourced to the third party. Reality: Companies Ultimately Own the Risk Even when outsourcing transactions and management of any regulated data, a company is still responsible for that data in the event of a cyber attack. In the case of PCI, the company that processed the credit card will be responsible for ensuring proper practices are in place to protect the data collected in the transaction. This ownership is true even if the responsibility for the breach lies with someone in the call center of the third party that processes all of the company’s credit card transactions. In many cases, that third party may also be outsourcing part or all of a function to a “fourth party.” This scenario is just one example that demonstrates the need for organizations that outsource any functions to implement effective third-party risk due diligence processes to ensure that all their vendors are compliant. Cyber is evolving rapidly, so identifying where the risk lies can be a moving target. That’s why companies must remain vigilant. By separating the myths from the realities, companies can be in a better position to mount an effective defense against cyber threats. You can find this article originally published here.

Do you want to own 100% of a grape or 10% of a watermelon?

That intriguing question was posed recently in an email forum on healthcare by ITL thought leader Dave Chase but applies broadly to the approach that incumbents take to innovation. Are they satisfied with owning all of their historic market, or will they go after a smaller share of a vastly larger market and give themselves a chance of winning big?

The latest analysis of the data from our Innovator's Edge platform, by our Paul Winston, suggests that incumbents had better think big, because startups certainly are.

As described in detail in this article, early-stage tech companies raised nearly $115 billion—that's "billion," with a "b"—in the first half of 2018. 

The fund-raising covers a whopping 6,420 deals—and those are just for the companies that provided numbers. A further 3,194 companies raised money but didn't specify how much.

The funding covered a wide variety of technologies, a global focus on innovation (with a heavy representation in Asia, especially China) and attempts to innovate at certain strategic points in the value chain. 

Paul's piece is the most revealing I've seen in a long time on insurtech. Please read and ponder.

Have a great week.

Paul Carroll
Editor-in-Chief

As explored in two prior posts, there are a number of classes of myths surrounding insurance innovation. In Part I , we looked at how a lack of urgency caused by multiple factors leads to strategic complacency. Part II discussed how that lack of urgency combined with concerns about the financial impacts of innovation efforts make it easy to postpone those initiatives until a "better time." Process Myths In this final installment, we will touch on a a number of the myths that inhibit a company from starting an innovation project or, worse, stall a project that is in flight. The post on financial myths explored the conflict between current IT and new efforts. The waters are further muddied by the uncertainty surrounding what constitutes innovation.

• Does innovation only represents those game-changing efforts that revolutionize an industry?
• Conversely, are all those projects that are on the IT road map innovation?

Game-Changing Innovation Often when innovation is discussed, the focus turns to the biggest, most successful projects, which had multibillion-dollar impacts. Most folks will have heard of the successes and have opinions one way or another. Too frequently, the belief that innovation is only these big successes turns executive teams off to the possibility of leading their organization to innovate. The concept of the lighting-strike idea is ingrained in modern lore. Although this big bang process does happen, it is the exception rather than the rule. More often, disruptive innovation is the process of hard work and iteration rather than a single "Aha!" moment. In fact, the initial form of products that disrupt markets is generally less capable than current solutions and addresses the least desirable segments of the customer base. Over time, those products are refined and move up into more desirable customer segments. Innovation concepts are also seen as unicorns: only discovered by unique individuals. Organized innovation efforts should cast a wide net for ideas. Creative solutions to existing problems exist today in your organization. The challenge is to align the organization appropriately, focus efforts and develop a culture that embraces the challenge. We will explore the organization-based myths in a bit, but first a look at another form of innovation will add color to the picture. Sustaining Innovation At the other end of the innovation continuum, away from the lightning strike, is the concept that any development or product improvement efforts are innovation. Unfortunately, not all projects are innovation. Organizations that believe that any improvement efforts are innovative are likely on a dead end road. Maintenance is not innovation, no matter how urgent. A project to upgrade versions of AIX on your policy admin system is decidedly not innovation. A similarly sized effort to investigate and deploy a new claims-focused chatbot probably is. While not unique or novel, it could be classified as incremental or sustaining innovation. Sustaining innovations are those that are undertaken to improve products to existing markets, rather than to address new markets or value chains. Harvard Professor Clayton Christensen describes it this way: “A sustaining innovation targets demanding, high-end customers with better performance than was previously available. Some sustaining innovations are incremental, year-by-year improvements that all good companies grind out. Other sustaining innovations are breakthrough , leap-beyond-the-competition products.” Most organizations have a significant portion of their efforts and budgets targeted at sustaining innovations. The CB Insights State of Innovation survey results determined that 78% of innovation portfolios are focused on this type of innovation effort. Therein lies the challenge. You’re doing it; so, too, are your competitors. Any improvements provide competitive advantage only for a short period until others catch up, and the cycle repeats. See also: How ‘Not Invented Here’ Limits Innovation   An organization should commit to a range of innovation efforts, both sustaining, breakthrough and game-changing, sometimes called "ambidextrous innovation." A good rule of thumb is that the corresponding ratio of investment would be 70%, 30% and 10%. This breakout allows for continuous efforts at sustaining innovation while encouraging investigating "moon shots." If innovation runs the gamut from incremental to industry-changing, how does an organization create a culture that embraces and pursues it on a regular basis? Innovation Culture While large, well-funded innovation labs get a lot of press, most innovation starts with small teams. But even getting the culture right for those small teams is critical to their success. Most organizations recognize that effective and successful innovation efforts must be led from the C-suite. Often, after a decision to initiate an innovation effort, the CEO announces that she will personally will take charge. The implementation may need more finesse. Although the buck generally stops on the CEO’s desk, having her lead the day-to-day may actually impede progress. One of the reasons is that open communication can be inhibited if there are too many organization layers between the participants. A second reason is more nuanced. As a project moves through the various stages of the innovation process, close coordination with legal and finance may be required. Having the project report into a senior executive in one of those disciplines often helps. Regular updates into one or both of these areas, along with those business units having a vested interest in success, can fast track a project. Another myth is that once a team is set on task, the hard organizational work is done. “Innovation will drive the culture” is an oft-heard mantra. Unfortunately, in many instances the reverse is more accurate: Culture drives the innovation. Some cultural issues need to be addressed up front. Insurance is inherently a conservative business, and saying “No” is rightly part of the culture. Individuals build careers around never making a mistake. Thus, no can be an ingrained habit. Innovation on the other hand is all about saying “YES.” That shift can be difficult for some conservative organizations. Encourage participants to first find the value in every concept. Positivity is contagious and will lead to increased participation. One major myth is that there are too few good ideas. On the contrary, there are lots of good ideas. A key to success is rigorously soliciting, collecting, evaluating and filtering them. In the early stages of the innovation process, many ideas should be explored. So, solicit participation from your entire organization. Often, innovation and creativity are seen as someone else's responsibility. But by extending participation to the entire organization, you may find that insights may come from unlikely departments and individuals. With many valuable ideas and opportunities, prompt evaluation and selection must be a core principle. This is where constraints come into play. Both time- and expense-based constraints focus mind and project. The last myth that should be addressed is the notion that the goal of innovation efforts is to launch. In some instances, the launch is immediately successful, but, in most cases, further modifications are required to perfect the new product and processes. Pilots are worthwhile and often necessary. However, the final goal is widespread adoption across multiple relevant business units. Frequently, pilots reveal how the process can be improved. To encourage widespread adoption, implementation must be streamlined, benefits clearly articulated and internal support built. The ultimate measure of success should be returns on investment of 5X to 10X in two to three years. This level of success will obviate financial concerns of cannibalization and build support for follow-on projects. See also: Digital Innovation in Life Insurance Long Story Short Consumer behavior has changed dramatically in the past 10 years. While traditional insurance practices sufficed to allow continued success, both incumbents and new entrants are working hard to change to meet new expectations. Even though the industry has weathered many storms, and successfully repelled outsiders in the past, this time is different. Twenty-years ago, the auto line was revolutionized with the introduction of credit-based underwriting. Today, there are pioneering efforts in a dozen areas with the potential to have effects of the same magnitude. Couple those industry changes to the changing expectations of insurance buyers, and the potential for one or more industry revolutionizing innovations grows every quarter. This is not the time for complacency. Financial performance rightly concerns senior executives and must be part of any decision-making process. The problem to avoid is allowing financial considerations to be a primary gating factor. Financial analysis can be a valuable addition to the project definitions by providing guidelines as to the magnitude of the returns given the potential impacts of the innovation project. Success depends on an organizational commitment to change. This requires culture shift, buy in and support from middle management, and widespread participation. Although there are any number of moving parts to an integrated innovation strategy, implementation is fairly straightforward, and well within the capabilities of any well-managed insurance organization.