Life Insurance Discussion Paper - Insurance Data Transformation
Executive Summary
APRA and ASIC (the Agencies) are seeking to jointly build a more granular data collection for the life insurance industry through the Insurance Data Transformation (IDT) project. The aim of this project is to collect data that will enable regulators, policymakers, and insurers to undertake a more comprehensive assessment of prudential and conduct risks facing the industry. Publication of some of this data will also deliver clear benefits to consumers through enhanced understanding of insurers’ businesses, products and services.
Although existing data collections have generated a significant volume of valuable information on the life insurance industry, it is increasingly apparent to the Agencies that the aggregated nature of data can limit its usefulness. The Agencies regularly experience ‘insights gaps’ where the data are either inflexible or insufficient to effectively identify key issues and emerging trends that could lead to prudential and conduct risks and harms. Such limitations inhibit the Agencies’ strategic drive for data-enabled decision making.
Extending the timeline for IDT
APRA is committed to its data change program that aims to both streamline requirements for industry and enrich data and insights for APRA, Government, peer regulators, its regulated population, and other stakeholders.
As noted in our letter dated 31 July 2023, APRA now intends to embark on the first annual review of our data directions roadmap. This review will include reconsidering the pace, sequencing, and priorities of the roadmap, while also seeking to ensure APRA’s data and technology capabilities are aligned with our goals. We intend to provide further information on the outcome of the review in early 2024.
Where to from here?
The Agencies will continue engaging with stakeholders to develop the proposed data scope and help shape a robust, workable data model that results in a mutually workable outcome. Consequently, the Agencies are planning to extend the timeline for the IDT engagement/discovery phase to further evolve collection design and approach. This will not require the industry to commence any major initiatives. The formal consultation phase, where the data model is incorporated in draft and then final reporting standards, will follow once the data collections have been shaped.
Our ask of you
In this discussion paper, the Agencies have used the feedback from discussions held with stakeholders in late 2022 to refine some of our concepts and questions. We are now seeking input through your responses to these questions which will help to further shape our thinking in relation to the future depth and breadth of future data collections.
Ongoing stakeholder engagement/discovery will be essential to ensure the IDT project is set up for success. So, we want your input, we want your insights, and we want your ideas. We want you to help us ensure that the outcomes are beneficial for all stakeholders.
Chapter 1 – Response to industry feedback
In late 2022, the Agencies conducted early discussions with industry, consumer groups and other stakeholders on the IDT’s collection objectives, design, and implementation. The main themes coming out of these engagements include:
- the need for more clarity on objectives and use of the data;
- concerns about data privacy;
- advantages of forming technical working groups; and
- minimising the regulatory burden of the proposed data collection.
Feedback from these discussions has been considered and incorporated into this discussion paper. The Agencies’ responses to the issues raised are set out in further detail below.
Data Privacy | The Agencies’ Response |
---|---|
Confidentiality and privacy: Industry shared concerns about confidentiality of the data submitted and privacy obligations they are required to adhere to. | Chapter 4 of this discussion paper outlines how the Agencies will address confidentiality and privacy concerns. |
Stakeholder Engagement | The Agencies’ Response |
---|---|
Relevance and purpose of data collection: Stakeholders sought greater clarity on the Agencies’ objectives and intended use of the data collection. | In this discussion paper, we have outlined the objectives, intended outcomes and indicative use cases of the proposed IDT collection. |
Reinsurers: Reinsurers expressed concerns about the level of granularity and frequency of data expected from reinsurers. | The Agencies will have a targeted engagement with reinsurers to clarify expectations for granularity and frequency and consider any other concerns. |
Technical working groups: There was broad support for technical working groups comprising industry and APRA-ASIC members to work on specific topics.
| The Agencies intend to work closely with industry to achieve a mutually workable data collection solution that will achieve the desired objectives best. At an appropriate time, the Agencies will consider the establishment of technical working groups to help develop and iterate the data collection. |
Engagement with other groups: Industry recommended engaging with other stakeholders. | The Agencies are actively engaging with a broad group of stakeholders and government bodies (including peer agencies, industry bodies and actuarial consultancies). Extension of the engagement period will allow incorporation into any formal consultation. |
Data Availability | The Agencies’ Response |
---|---|
Underinsurance and overinsurance: Stakeholder groups highlighted the lack of data that can measure underinsurance and overinsurance. | The Agencies are seeking to collect data points that will help provide a greater understanding of underinsurance and overinsurance. Feedback is welcomed on the proposed data points and definitions released alongside this discussion paper. |
Availability and accessibility of data: Stakeholders shared concerns around the availability and accessibility of data from other sources (e.g., superannuation trustees). | The Agencies will have targeted consultation to better understand and address the availability and accessibility of data. For insurance in super, we will work with the Superannuation Data Transformation (SDT) project to streamline areas of overlap. |
Regulatory Burden | The Agencies’ Response |
---|---|
Consistency and consolidation of data: Stakeholders conveyed the importance of consistency of data definitions and consolidation where there are overlaps with other reporting regimes. | The Agencies will consider other data collections and reporting regimes to ensure consistency. The Agencies have obtained data templates and definitions from other agencies as we strive to maintain alignment of definitions where possible. Feedback is welcomed on the proposed data definitions released alongside this discussion paper. |
There was broad support from stakeholders to implement the IDT in stages rather than all at once (i.e., a phased approach). | The Agencies intend to adopt a phased approach to the data collection (as outlined in Chapter 3 of this discussion paper). |
Regulatory cost and burden: Stakeholders conveyed the costs associated with submitting granular data.
| The Agencies are mindful of the cost to industry in designing, building and maintaining the data collection. However, we also recognise the benefits of an industry-wide data uplift. The Agencies are committed to working with all relevant stakeholders to leverage synergies wherever possible. |
Improve efficiency: Industry engagement to date increasingly noted the value of aligning IDT with the CALI experience study collection (administered by KPMG) which also collects granular information. | The Agencies intend to build IDT upon the CALI experience study collection (administered by KPMG) to improve efficiency and minimise the industry burden. |
Chapter 2 – Insurance Data Transformation Overview
2.1 Objectives and outcomes of the Insurance Data Transformation project
The IDT data, once collected, aim to enable regulators, policymakers, and insurers to undertake a more comprehensive assessment of prudential and conduct risks facing the industry. The collection will inform and support data-driven policy, supervisory and industry decisions, with the ultimate objective of enhancing market integrity, financial stability and consumer outcomes.
The Agencies are aware that insurers, individually and collectively, are also pursuing richer data and improving their data capabilities to price risk better, manage profitability and make decisions informed by richer datasets. As insurers enhance their own data capabilities, the Agencies expect that the investment in data will generate clear benefits over the medium and longer-term. More granular data can drive greater understanding of, and inform decision making on, industry risks and challenges. This should ultimately enable earlier detection of issues of concern and monitoring of compliance obligations, which will result in improved risk management and governance.
The Agencies intend to improve the value of insights and publish more data from the new collections (subject to consultation), resulting in benefits for all stakeholders.
2.2 How the Agencies will use the collection
The IDT collection will support each agency’s regulatory mandate by providing important insights across the insurance life cycle. The Agencies’ aim is to develop deeper and broader collections that can be used flexibly.
Granular data collections can be used flexibly in a variety of ways by the Agencies and other stakeholders. The proposed granularity of these data collections allow for it to be ‘sliced and diced’ in different ways to answer different questions and provide new insights. This will include the identification of outlier insurers and products, comparisons against benchmarks and, over time, identification of changes or trends that indicate greater prudential and misconduct risks. This will also assist each agency evaluate the impact of interventions.
Broadly framed areas of regulatory focus include, but are not limited to:
Focus areas | APRA use case | ASIC use case |
---|---|---|
Products | Analysing how insurers design and price products to ensure sustainability. Analysing how insurers are responding to affordability and availability challenges. | Analysing whether products are designed to meet consumer needs and identifying features and attributes contributing to poor value. Assessing compliance with laws such as the Design and Distribution Obligations. |
Sales and retention | Analysing the drivers of affordability and availability issues and better understanding which policyholders are affected over the lifetime of the policy. | Analysing whether products are marketed and sold fairly, appropriately, and meeting consumer expectations. Assessing compliance with laws such as the Design and Distribution Obligations. |
Claims outcomes | Analysing the impact of claims outcomes on sustainability and profitability. Analysing claims handling timeframes and outcomes to monitor operational practices and risk culture. | Analysing whether claims are handled efficiently, honestly, and fairly. Analysing claim trends with different variables, and the impact on product value. |
2.3 How other stakeholders could use the collection
Data could be used by stakeholders to further support their planning, monitoring and decision making:
Stakeholder | Use case |
---|---|
Insurers | The insurance industry will benefit by having more granular and higher quality data to better understand and respond to industry challenges, including in relation to the availability and affordability of insurance as well as underinsurance. Insurers also need good-quality data to support effective governance and risk management. The data will provide insurers with additional information to better monitor financial risks, prudential and conduct risks, benchmark business performance, improve pricing outcomes, understand sustainability challenges and profitability drivers, and ensure good consumer outcomes. Insurers could better demonstrate compliance through enhanced data collection, management, analysis and reporting. |
Government/policy makers | The IDT collection should help government and policy makers develop deeper understanding of the insurance industry over time to support policy development, government initiatives, and regulatory reform, including in relation to the availability and affordability of insurance. |
Consumers and small businesses | The publication of data and insights from the IDT collection1 could enhance consumers and small businesses’ ability to compare and understand product offerings. |
Chapter 3 – Scope and implementation
3.1 Overview
The Agencies are proposing to design a collection with both ‘depth’ and ‘breadth’ components, primarily to support a phased implementation (rolling out collections in stages rather than all at once). This aligns with the approach undertaken in APRA’s SDT project.
- Breadth focus refers to a core set of data points collected at the transaction level across all products to provide a high-level overview of the industry.
- Depth focus refers to a product-specific collection that builds upon the breadth collection by collecting additional data points tailored to the relevant product.
Phase 1 is comprised of the product performance collection and the modernised Life Claims and Disputes data collection (LRS 750). Future phases may include deepening the product performance collection for other risk products and the collection of some data at an aggregated level.
3.2 Phase 1 scope
As part of the product performance collection, we are proposing to formalise the Individual Disability Income Insurance (IDII) pilot collection, which collects data on a ‘best endeavours’ basis, with additional breadth on other risk products for key data items (e.g.earnings and benefits).
LRS 750 is currently collected on an aggregated basis from all direct writers of risk products. The Agencies propose to add depth to LRS 750 in three ways: collecting more granular data at a policy and claim record level, extending the collection to reinsurers and adding a number of data points to enrich the collection. We are open to considering the relative prioritisation of these aspects of Phase 1.
3.3 Reducing regulatory burden
To reduce regulatory impact, the Agencies will review data in other collections and align definitions wherever possible. With the stated aim to ‘collect once and share’, the Agencies are also reviewing data sharing with other agencies to avoid duplicate requests and reduce the need for ad-hoc collections.
3.4 Frequency of collection
To balance between more timely data versus industry burden, the Agencies are considering options for collecting data on a quarterly, half-yearly or annual basis. Note that frequency could vary between different tables (e.g. quarterly for the financial data and half-yearly for the policy and claims information).
Discussion questions – Scope and implementation |
---|
|
Chapter 4 - Confidentiality and Privacy
4.1 Data Security
As the data collecting agency, APRA regards maintaining the security of entity data as the highest priority.
APRA is governed by the Protective Security Policy Framework, which outlines required governance, protective, detective and response security capabilities. A security risk management practice is in place to assess cyber security risks, covering the availability, confidentiality and integrity of data and systems.
APRA applies the Australian Cyber Security Centre Information Security Manual (ACSC ISM), which includes the Essential Eight mitigation strategies. The ACSC ISM provides guidance for cyber security roles and incidents, procurement and outsourcing, security documentation, physical security, personnel security, communications infrastructure, communications systems, enterprise mobility, evaluated products, ICT equipment, media, system hardening, system management, system monitoring, software development, database systems, email, networking, cryptography, gateways and data transfers.
4.2 Determining data to be non-confidential
Under section 56 of the Australian Prudential Regulation Authority Act 1998 (APRA Act), non-public data reported to APRA under the Financial Sector (Collection of Data) Act 2001 (FSCODA) is therefore subject to statutory secrecy obligations . Section 57 of the APRA Act permits APRA following appropriate consultation to make a determination that data provided in a particular reporting document, which has been submitted in accordance with a reporting standard made under FSCODA, is non-confidential.
In keeping with APRA’s focus on greater transparency, APRA will continue to consult on data that can be made non-confidential, and entities can expect an increase in the amount of data and analysis that is made public as a result.
Specific proposals on the confidentiality of life insurance data in Phase 1 of the IDT will be included in APRA’s formal consultation, giving the industry the opportunity to comment on confidentially in respect of each area of the data collection.
4.3 Publication of data
As mentioned in section 4.2, APRA intends to make as much data as possible publicly available. This aligns with APRA’s strategic priority to increase the transparency of the data it collects, as well as the Australian Government Public Data Policy Statement.2
Specific publication proposals for the proposed data collection are intended to be subject to a separate formal consultation which will be undertaken ahead of the effective date of the collection.
4.4 Data sharing
As mentioned in 4.2, determining data as non-confidential could result in an increase in the amount of data shared across agencies. For clarity, APRA intends that all data collected under IDT would be shared with ASIC. APRA will continue to strengthen its partnerships with peer agencies in relation to data collection with the aim that data can be collected once and shared. The Multi Agency Data Committee (MADC) was established to promote a unified and strategic approach to data across financial sector government agencies and close common data gaps. Through increased collaboration and communication, the committee aims to increase data sharing between MADC agencies and help to reduce financial sector reporting burden whilst keeping all information safe and secure. Current membership consists of APRA, ASIC, ABS, RBA, Treasury and the ATO, although other agencies can attend as required.
Any data shared by APRA will be in line with the secrecy provisions in the APRA Act and additional conditions may be imposed on the recipient of the data.
4.5 Data privacy
Additionally, APRA is bound by the Privacy Act 1988 (Privacy Act) and the Australian Government Agencies Privacy Code 2018 (Privacy Code). This includes a Privacy Impact Assessment (PIA) process that is used by APRA to assess initiatives undertaken in terms of the potential impacts these initiatives may have on the privacy of individuals involved. As part of this PIA process, a compliance assessment is conducted against the 11 Australian Privacy Principles (APPs) to which APRA is bound which are as follows:
- Open and transparent management of personal information (APP 1);
- Anonymity and pseudonymity (APP 2);
- Collection of solicited personal information (APP 3);
- Dealing with unsolicited personal information (APP 4);
- Notification of the collection of personal information (APP 5);
- Use or disclosure of personal information (APP 6);
- Cross-border disclosure of personal information (APP 8);
- Quality of personal information (APP 10);
- Security of personal information (APP 11);
- Access to personal information (APP 12); and
- Correction of personal information (APP 13).
APRA will undertake a PIA for the data points outlined in the appendix of this paper.
The Privacy Act imposes obligations on APRA regarding the collection, use, storage and disclosure of personal information. APRA will continue to comply with its obligations under the Privacy Act.
Any proposed publication of this data will equally consider privacy implications, such that where personal information could be disclosed, or deduced APRA will apply measures to protect this data (such as masking or aggregation of the data) so that individual records cannot be identified.
Discussion questions – Data security and privacy |
---|
10. Do you have any data security and/or privacy concerns with:
|
Chapter 5 - Feedback sought
5.1 Feedback on this Discussion Paper
The Agencies invite written submissions on the discussion questions set out in this paper by 22 December 2023, and consider requests to provide submissions after this date on a case by case basis. They should be sent to dataconsultations@apra.gov.au; and addressed to the General Manager, Macro and Industry Insights, Australian Prudential Regulation Authority.
The Agencies have included a range of questions throughout the paper. They are to guide, but not limit, industry responses. Submissions can also indicate whether there are any aspects of the proposals that could be improved to reduce compliance costs, or if there are particular data items which would be more difficult to provide.
5.2 Important disclosure notice – publications of submissions
All information in submissions will be made available to the public on the APRA website unless a respondent expressly requests that all or part of the submission is to remain in confidence. Automatically generated confidentiality statements in emails do not suffice for this purpose. Respondents who would like part of their submission to remain in confidence should provide this information marked as confidential in a separate attachment.
Submissions may be the subject of a request for access made under the Freedom of Information Act 1982 (FOIA). The Agencies will determine such requests, if any, in accordance with the provisions of the FOIA.
Information in the submission relating to the affairs of any APRA-regulated entity that is not in the public domain and that is identified as confidential will be protected by section 56 of the Australian Prudential Regulation Authority Act 1998. Protected information is exempt from production under the FOIA.
Appendix
Data dictionary
The proposed definitions are in draft form. The Agencies are working closely with industry to ensure the proposed collection is practical and fit for purpose. As such, these draft data points and definitions are subject to change as feedback is received from industry and other stakeholders.
Footnotes
1 Confidentiality and publication of any data collected under IDT will be subject to formal consultation.
2 Australian Government Public Data Policy Statement
Disclaimer Text
While APRA and ASIC endeavour to ensure the quality of this publication, they do not accept any responsibility for the accuracy, completeness or currency of the material included in this publication and will not be liable for any loss or damage arising out of any use of, or reliance on, this publication.
© Australian Prudential Regulation Authority (APRA) and Australian Securities and Investments Commission (ASIC)
This work is licensed under the Creative Commons Attribution 3.0 Australia Licence (CCBY 3.0). This licence allows you to copy, distribute and adapt this work, provided you attribute the work and do not suggest that either APRA or ASIC endorses you or your work. To view a full copy of the terms of this licence, visit https://creativecommons.org/licenses/by/3.0/au/