Skip to main content

General Insurance Discussion Paper - Insurance Data Transformation

APRA and ASIC letterhead showing the APRA and ASIC logos

Executive Summary

 

APRA and ASIC (the Agencies) are seeking to jointly build a more granular data collection for the general insurance industry through the Insurance Data Transformation (IDT) project. The aim of this project is to collect data that will enable regulators, policymakers, and insurers to undertake a more comprehensive assessment of prudential and conduct risks facing the industry. Publication of some of this data will also deliver clear benefits to consumers through enhanced understanding of insurers’ businesses, products and services.

Although existing data collections have generated a significant volume of valuable information on the general insurance industry, it is increasingly apparent to the Agencies that the aggregated nature of data can limit its usefulness. The Agencies regularly experience ‘insights gaps’ where the data are either inflexible or insufficient to effectively identify key issues and emerging trends that could lead to prudential and conduct risks and harms. Such limitations inhibit the Agencies’ strategic drive for data-enabled decision making.

Extending the timeline for IDT 

APRA is committed to its data change program that aims to both streamline requirements for industry and enrich data and insights for APRA, Government, peer regulators, its regulated population, and other stakeholders.  

As noted in our letter dated 31 July 2023, APRA now intends to embark on the first annual review of our data directions roadmap. This review will include reconsidering the pace, sequencing, and priorities of the roadmap, while also seeking to ensure APRA’s data and technology capabilities are aligned with our goals. We intend to provide further information on the outcome of the review in early 2024. 

Where to from here?

The Agencies will continue engaging with stakeholders to develop the proposed data scope and help shape a robust, workable data model that results in a mutually workable outcome. Consequently, the Agencies are planning to extend the timeline for the IDT engagement/discovery phase to further evolve collection design and approach. This will not require the industry to commence any major initiatives. The formal consultation phase, where the data model is incorporated in draft and then final reporting standards, will follow once the data collections have been shaped. 

Our ask of you

In this discussion paper, the Agencies have used the feedback from discussions held with stakeholders in late 2022 to refine some of our concepts and questions. We are now seeking further input through your responses to these questions which will help to further shape our thinking in relation to the depth and breadth of future data collections.

Ongoing stakeholder engagement/discovery will be essential to ensure the IDT project is set up for success. So, we want your input, we want your insights, and we want your ideas. We want you to help us ensure that the outcomes are beneficial for all stakeholders.

Chapter 1 – Response to industry feedback

 

In late 2022, the Agencies conducted early discussions with industry, consumer groups and other stakeholders on the IDT’s collection objectives, design, and implementation. The main themes coming out of these engagements include: 

  • the need for more clarity on objectives and use of the data; 
     
  • concerns about data privacy; 
     
  • the usefulness of pilot collections; 
     
  • advantages of forming technical working groups; and 
     
  • minimising the regulatory burden of the proposed data collection.

Feedback from these discussions has been considered and incorporated into this discussion paper. The Agencies’ responses to the issues raised are set out in further detail below. 

Data Privacy

The Agencies’ Response

Confidentiality and privacy: Industry shared concerns about confidentiality of the data submitted and privacy obligations they are required to adhere to.

Chapter 4 of this discussion paper outlines how the Agencies will address confidentiality and privacy concerns.

Stakeholder Engagement

The Agencies’ Response

Relevance and purpose of data collection: Stakeholders sought greater clarity on the Agencies’ objectives and intended use of the data collection.

In this discussion paper, we have outlined the objectives, intended outcomes and indicative use cases of the proposed IDT collection.

Reinsurers: Reinsurers expressed concerns about the level of granularity and frequency of data expected from reinsurers.

The Agencies will have a targeted engagement with reinsurers to clarify expectations for granularity and frequency and consider any other concerns.

Technical working groups: There was broad support for technical working groups comprising industry and APRA-ASIC members to work on specific topics.

 

 

The Agencies intend to work closely with industry to achieve a mutually workable data collection solution that will achieve the desired objectives best. At an appropriate time, the Agencies will consider the establishment of technical working groups to help develop and iterate the data collection

Engagement with other groups: Industry recommended engaging with other stakeholders.

The Agencies are actively engaging with a broad group of stakeholders and government bodies (including peer agencies, industry bodies and actuarial consultancies). Extension of the engagement period will allow incorporation into any formal consultation.

Pilot collection: There was broad support for a pilot data collection. 

The Agencies will continue engagement on the usefulness, and optimal structure of a pilot data collection. For clarity, there are no plans to commence a pilot data collection this year.

Data Availability

The Agencies’ Response

Underinsurance and overinsurance: Stakeholder groups highlighted the lack of data that can measure underinsurance and overinsurance. 

The Agencies are seeking to collect data points that will help provide a greater understanding of underinsurance and overinsurance. This would align with the work on the general insurance climate vulnerability assessment, and Hazards Insurance Partnership where possible. 

Feedback is welcomed on the proposed data points and definitions released alongside this discussion paper.

National Claims and Policies Database (NCPD): Engagement to date has identified a desire for enhancements to this collection, with an emphasis on sharing more data

APRA recently released a report publishing additional NCPD data as well as key analytical insights.1 APRA will review, and continue engagement on, how best to incorporate improvements to the publication and collection of this granular dataset in conjunction with IDT.

Regulatory Burden

The Agencies’ Response

Consistency and consolidation of data: Stakeholders conveyed the importance of consistency of data definitions and consolidation where there are overlaps with other reporting regimes.

The Agencies will consider other data collections and reporting regimes to ensure consistency. The Agencies have obtained data templates and definitions from other agencies as we strive to maintain alignment of definitions where possible. Feedback is welcomed on the proposed data definitions released alongside this discussion paper.

There was broad support from stakeholders to implement the IDT in stages rather than all at once (i.e. a phased approach).

The Agencies intend to adopt a phased approach to the data collection (as outlined in Chapter 3 of this discussion paper).

Regulatory cost and burden: Stakeholders conveyed the costs associated with submitting granular data.

The Agencies are mindful of the cost to industry in designing, building and maintaining the data collection. However, we also recognise the benefits of an industry-wide data uplift. The Agencies are committed to working with all relevant stakeholders to leverage synergies wherever possible.


Chapter 2 – Insurance Data Transformation Overview

 

2.1 Objectives and outcomes of the Insurance Data Transformation project

The IDT data, once collected, aim to enable regulators, policymakers, and insurers to undertake a more comprehensive assessment of prudential and conduct risks facing the industry. The collection will inform and support data-driven policy, supervisory and industry decisions, with the ultimate objective of enhancing market integrity,  financial stability and consumer outcomes.

The Agencies are aware that insurers, individually and collectively, are also pursuing richer data and improving their data capabilities to price risk better, manage profitability and make decisions informed by richer datasets. As insurers enhance their own data capabilities, the Agencies expect that the investment in data will generate clear benefits over the medium and longer-term. More granular data can drive greater understanding of, and inform decision making on, industry risks and challenges. This should ultimately enable earlier detection of issues of concern and monitoring of compliance obligations, which will result in improved risk management and governance. 

The Agencies intend to improve the value of insights and publish more data from the new collections (subject to consultation), resulting in benefits for all stakeholders.

2.2 How the Agencies will use the collection 

The IDT collection will support each Agency’s regulatory mandate by providing important insights across the insurance life cycle. The Agencies’ aim is to develop deeper, and broader collections that can be used flexibly.

Granular data collections can be used flexibly in a variety of ways by the Agencies and other stakeholders. The proposed granularity of these data collections allow for it to be ‘sliced and diced’ in different ways to answer different questions and provide new insights. This will include the identification of outlier insurers and products, comparisons against benchmarks and, over time, identification of changes or trends that indicate greater prudential and misconduct risks. This will also assist each agency evaluate the impact of interventions. 

Broadly framed areas of regulatory focus include, but are not limited to:

Focus areas

APRA use case

ASIC use case

Products

Analysing how insurers are responding to affordability and availability challenges

Analysing whether products are designed to meet consumer needs and respond to availability and affordability issues.

Sales and retention

Analysing the drivers of affordability and availability issues and better understanding which policyholders are affected

Analysing whether products are sold fairly and appropriately and meeting consumers’ expectations

Claims outcomes

Analysing the impact of claims on affordability and availability issues 

Analysing whether claims are handled fairly and reasonably

Catastrophe Events

Analysing the impact on insurers of catastrophe events by geographic region 

Analysing consumer outcomes following a catastrophe event and identifying any areas of concern.

2.3 How other stakeholders could use the collection 

Data could be used by stakeholders to further support their planning, monitoring and decision making:

Stakeholder

Use case

Insurers

The insurance industry will benefit by having more granular and higher quality data to better understand and respond to industry challenges, including in relation to the availability and affordability of insurance as well as underinsurance.

Insurers also need good-quality data to support effective governance and risk management. The data will provide insurers with additional information to better monitor financial, prudential and conduct risks, benchmark business performance, improve pricing outcomes, understand sustainability challenges and profitability drivers, and ensure good consumer outcomes.

An improved ability to demonstrate compliance through enhanced data collection, management, analysis and reporting.

Government/policy makers

The IDT collection should help government and policy makers develop deeper understanding of the insurance industry over time to support policy development, government initiatives, and regulatory reform, including in relation to the availability and affordability of insurance.

Consumers and small businesses

The publication of data/insights from the IDT collection2 could enhance consumers’ and small businesses’ ability to compare and understand product offerings.

 


Chapter 3 – Scope and implementation

3.1 Overview

The Agencies are proposing to design a collection with both ‘depth’ and ‘breadth’ components, primarily to support a phased implementation (rolling out collections in stages rather than all at once). This aligns with the approach undertaken in APRA’s Superannuation Data Transformation project.

  • Breadth focus refers to a core set of data points collected at the transaction level across all products to provide a high-level overview of the industry.
     
  • Depth focus refers to a product-specific collection that builds upon the breadth collection by collecting additional data points tailored to the relevant product. 

Phase 1 is comprised of an initial ‘depth’ collection for the priority product lines and a ‘breadth’ data set across the remaining product lines. Future phases are still being considered but may include ‘depth’ collections across additional product lines. 

3.2 Phase 1 scope

It is proposed that home insurance and public and products liability insurance will be the first products in scope for the ‘depth’ collection. They have been selected as a priority to assist with work being progressed on availability and affordability issues, and to align with current industry strategic focus areas.

This diagram shows the proposed phasing of IDT. Phase 1 consists of a broad data collection across all insurance products with more granular collections in Household and Public liability insurance.  Phase 2 extends the more granular collections across all insurance products.

For public and products liability insurance, APRA already collects data via the NCPD collection. Stakeholder engagement to date has increasingly noted the value of modernising this collection to enhance data categorisation and segmentation and fill some data gaps. APRA is currently exploring this within the scope of the IDT project. 

3.3 Reducing regulatory burden

To reduce regulatory impact, the Agencies will review data in other collections and align definitions wherever possible. With the stated aim to ‘collect once and share’, the Agencies are also reviewing data sharing with other agencies to avoid duplicate requests and reduce the need for ad-hoc collections.

3.4 Frequency of collection

To balance between timely data versus industry burden, the Agencies are considering options for collecting data on a quarterly, half-yearly or annual basis. Note that frequency could vary between different tables (e.g. quarterly for the financial data and half-yearly for the policy and claims information). 

Discussion questions

  1. Over what timeframe would it be feasible for your entity/industry to prepare for ‘breadth’ and ‘depth’ collections respectively? 
     
  2. Does your entity have any comments regarding the proposed scope of products being prioritised, specifically: 

    a.    Are there any benefits or drawbacks about home insurance and public and products liability being the initial ‘depth’ collections?
     b.    Do you have any suggestions around modernisation of the NCPD data collection? Should this be prioritised?
     c.    Are there any products for which it would be more challenging to provide transaction-level data? 
     d.    Are there any data points that should be added or amended to better meet the objectives/use cases outlined within this discussion paper?
     
  3. Feedback received to date indicated a preference for the proposed phased approach. Please indicate if you have a different view and prefer the data collection changes to be introduced concurrently and if so, why.
     
  4. Are there any concerns regarding the proposed definitions in the appendix, specifically: 

     a.    the clarity and consistency with existing definitions
     b.    any items not defined.    
     
  5. What would be a suitable frequency to submit these returns? Please provide an estimate of the cost for quarterly, half-yearly and annual submission. 
     
  6. Within what timeframes would data be able to be submitted? For example, half yearly data submitted 2 months after the end of the reporting period. 
     
  7. In terms of the data extraction, please provide:

    a.    the estimated size of the dataset that your entity would submit
    b.    the estimated time required to extract the data.
     
  8. Please provide any suggestions on: 

    a.    how the collection can be streamlined to fit with other reporting regimes 
    b.    how to improve the efficiency of implementation. 
     
  9. What would be entities’ preferred approach to ensure data quality to APRA’s standard?

 

Chapter 4 - Confidentiality and Privacy

4.1 Data Security

As the data collecting agency, APRA regards maintaining the security of entity data as the highest priority.

APRA is governed by the Protective Security Policy Framework, which outlines required governance, protective, detective and response security capabilities. A security risk management practice is in place to assess cyber security risks, covering the availability, confidentiality and integrity of data and systems.

APRA applies the Australian Cyber Security Centre Information Security Manual (ACSC ISM), which includes the Essential Eight mitigation strategies. The ACSC ISM provides guidance for cyber security roles and incidents, procurement and outsourcing, security documentation, physical security, personnel security, communications infrastructure, communications systems, enterprise mobility, evaluated products, ICT equipment, media, system hardening, system management, system monitoring, software development, database systems, email, networking, cryptography, gateways and data transfers.

4.2 Determining data to be non-confidential

Under section 56 of the Australian Prudential Regulation Authority Act 1998 (APRA Act), non-public data reported to APRA under the Financial Sector (Collection of Data) Act 2001 (FSCODA) is protected information and therefore subject to statutory secrecy obligations. Section 57 of the APRA Act permits APRA following appropriate consultation to make a determination that data provided in a particular reporting document, which has been submitted in accordance with a reporting standard made under FSCODA, is non-confidential. 

In keeping with APRA’s focus on greater transparency, APRA will continue to consult on data that can be made non-confidential, and entities can expect an increase in the amount of data and analysis that is made public as a result. 

Specific proposals on the confidentiality of general insurance data in Phase 1 of the IDT will be included in APRA’s formal consultation, giving the industry the opportunity to comment on confidentially in respect of each area of the data collection.

4.3 Publication of data

As mentioned in section 4.2, APRA intends to make as much data as possible publicly available. This aligns with APRA’s strategic priority to increase the transparency of the data it collects, as well as the Australian Government Public Data Policy Statement.3

Specific publication proposals for the proposed data collection are intended to be subject to a separate formal consultation which will be undertaken ahead of the effective date of the collection.

4.4 Data sharing

As mentioned in 4.2, determining data as non-confidential could result in an increase in the amount of data shared across agencies. For clarity, APRA intends that all data collected under IDT would be shared with ASIC. APRA will continue to strengthen its partnerships with peer agencies in relation to data collection with the aim that data can be collected once and shared. The Multi Agency Data Committee (MADC) was established to promote a unified and strategic approach to data across financial sector government agencies and close common data gaps. Through increased collaboration and communication, the committee aims to increase data sharing between MADC agencies and help to reduce financial sector reporting burden whilst keeping all information safe and secure. Current membership consists of APRA, ASIC, ABS, RBA, Treasury and the ATO, although other agencies can attend as required. 

Hazards Insurance Partnership (HIP)

In October 2022, the Australian Government commenced the HIP and strategic insurance projects initiative to help reduce the cost of insurance in communities at risk of natural disasters and enhance mitigation measures. The Government is working in partnership with insurers to collaborate on affordability issues and reduce extreme weather risk. 

The HIP initiative aims to address rising insurance premiums and help communities be better prepared for disasters by:

  • identifying the most pressing insurance issues in areas prone to natural disasters;
     
  • targeting the best policy solutions to reduce risk and insurance costs; and
     
  • support better consumer outcomes via more affordable insurance and a better understanding of insurance products. 

The HIP’s work includes collaboration to support the development of a centralised data asset on insurance affordability and availability. As part of this, the Agencies are coordinating via Treasury with HIP members (including National Emergency Management Agency, National Emergency Management Agency, Australian Bureau of Statistics, Australian Climate Service, Insurance Council of Australia) to minimise duplication of effort and to foster consistency of data definitions. The Agencies aim, where possible, is to complement other data work to reduce duplication. 

Any data shared by APRA will be in line with the secrecy provisions in the APRA Act and additional conditions may be imposed on the recipient of the data.

4.5 Data privacy

Additionally, APRA is bound by the Privacy Act 1988 (Privacy Act) and the Australian Government Agencies Privacy Code 2018 (Privacy Code). This includes a Privacy Impact Assessment (PIA) process that is used by APRA to assess initiatives undertaken in terms of the potential impacts these initiatives may have on the privacy of individuals involved. As part of this PIA process, a compliance assessment is conducted against the 11 Australian Privacy Principles (APPs) to which APRA is bound which are as follows:

  • Open and transparent management of personal information (APP 1);
     
  • Anonymity and pseudonymity (APP 2);
     
  • Collection of solicited personal information (APP 3); 
     
  • Dealing with unsolicited personal information (APP 4);
     
  • Notification of the collection of personal information (APP 5);
     
  • Use or disclosure of personal information (APP 6);
     
  • Cross-border disclosure of personal information (APP 8);
     
  • Quality of personal information (APP 10);
     
  • Security of personal information (APP 11); 
     
  • Access to personal information (APP 12); and 
     
  • Correction of personal information (APP 13). 

APRA will undertake a PIA for the data points outlined in the appendix of this paper. 

The Privacy Act imposes obligations on APRA regarding the collection, use, storage and disclosure of personal information. APRA will continue to comply with its obligations under the Privacy Act. 

Any proposed publication of this data will equally consider privacy implications, such that where personal information could be disclosed, or deduced APRA will apply measures to protect this data (such as masking or aggregation of the data) so that individual records cannot be identified.

Discussion questions – Data security and privacy

10.  Do you have any data security and/or privacy concerns with:

    a.    The provision of data at a transaction level    
    b.    Any of the specific data points
    c.    Any elements of APRA’s proposed approach in handling data. 
    If so, what are these concerns and what steps might be feasible to address these.  


Chapter 5 - Feedback sought

5.1 Feedback on this discussion paper

The Agencies invite written submissions on the discussion questions set out in this paper by 22 December 2023, and consider requests to provide submissions after this date on a case by case basis. They should be sent to dataconsultations@apra.gov.au; and addressed to the General Manager, Macro and Industry Insights, Australian Prudential Regulation Authority.

The Agencies have included a range of questions throughout the paper. They are to guide, but not limit, industry responses. Submissions can also indicate whether there are any aspects of the proposals that could be improved to reduce compliance costs, or if there are particular data items which would be more difficult to provide.

5.2 Important disclosure notice – publications of submissions

All information in submissions will be made available to the public on the APRA website unless a respondent expressly requests that all or part of the submission is to remain in confidence. Automatically generated confidentiality statements in emails do not suffice for this purpose. Respondents who would like part of their submission to remain in confidence should provide this information marked as confidential in a separate attachment. 

Submissions may be the subject of a request for access made under the Freedom of Information Act 1982 (FOIA). The Agencies will determine such requests, if any, in accordance with the provisions of the FOIA. 

Information in the submission relating to the affairs of any APRA-regulated entity that is not in the public domain and that is identified as confidential will be protected by section 56 of the Australian Prudential Regulation Authority Act 1998. Protected information is exempt from production under the FOIA.

 

Appendix

Data dictionary

The data dictionary includes draft data points and definitions in respect of the following proposed data collections:

  • Breadth Collection
     
  • Depth Collection – Householders
     
  • Depth Collection – Public and products liability

The proposed definitions are in draft form. The Agencies are working closely with industry to ensure the proposed collection is practical and fit for purpose. As such, these draft data points and definitions are subject to change as feedback is received from industry and other stakeholders.


Footnotes

1  National Claims and Policies Database analysis report.

2  Confidentiality/Publication of any data collected under IDT will be subject to formal consultation.

3  Australian Government Public Data Policy Statement - blog.data.gov.au.


Disclaimer Text

While APRA and ASIC endeavour to ensure the quality of this publication, they do not accept any responsibility for the accuracy, completeness or currency of the material included in this publication and will not be liable for any loss or damage arising out of any use of, or reliance on, this publication.

© Australian Prudential Regulation Authority (APRA) and Australian Securities and Investments Commission (ASIC)

This work is licensed under the Creative Commons Attribution 3.0 Australia Licence (CCBY 3.0). This licence allows you to copy, distribute and adapt this work, provided you attribute the work and do not suggest that either APRA or ASIC endorses you or your work. To view a full copy of the terms of this licence, visit https://creativecommons.org/licenses/by/3.0/au/