Zurich Insurance confirmed recently that it will be deploying artificial intelligence (AI) in deciding personal injury claims with the expectation of cutting processing times from an hour to seconds. As discussed at the recent PICG conference, other insurers will be following suit in the not too distant future. New tech driven companies such as Lemonade Inc. are also entering the market with promises to process home insurance claims in seconds and pay them in minutes.
It is interesting to consider for a moment how these changes might be affected by three other recent developments: the introduction into English law of the right of an insured to claim damages for the late payment of its claims, the increasing concerns about cyber security, the scope of the insurance cover available for cyber related losses and the coming into effect on 25 May 2018 of the General Data Protection Regulation or GDPR.
Under s.13A Insurance Act 2015, it is an implied term in all insurances entered into after 15 May 2017 that the insurer will pay claims within a reasonable time. If that term is breached by the insurer’s unreasonable delay, the insured can sue for any damages which it has suffered. The deployment of AI in the claims process is, of course, intended to speed up the settlement process and avoid delay. One wonders, however, what will happen if computer systems fail, either because of a technical ‘glitch’ or as the result of a virus or malware such as the recent ‘WannaCry’ bug. Failure of an insurer’s computer system and the consequent loss of claims information may well not qualify as ‘reasonable delay’ in the handling of claims, especially if not all the appropriate security measures had been observed by the insurer.
In addition, any damages that an insurer was obliged to pay as a result of such a failure may not be covered under a specialised cyber policy and could also be excluded from other classes of insurance. In circumstances where there is coverage, however, one can see that there is potential for a significant aggregation problem – particularly if, as with WannaCry, the malware hits a number of targets at the same time.
Defending against fraudulent claims is also likely to be an issue for AI claims handlers; complex algorithms are likely to be developed by fraudsters to trigger unjustified claims payments and no doubt the insurers will be building their own models to counter this activity. It is to be hoped that this process is not jeopardised by the requirements of the GDPR to control the processing of personal data and inform data subjects of the purposes for which their data is being used.
As Bob might have said if he had any interest in insurance:
If your claims to you
are worth savin’
Then you better start swimmin’
Or you’ll sink like a stone
For the times they are a-changin’