Life Insurance Discussion Paper - Insurance Data Transformation

Executive Summary

APRA and ASIC (the Agencies) are seeking to jointly build a more granular data collection for the life insurance industry through the Insurance Data Transformation (IDT) project. The aim of this project is to collect data that will enable regulators, policymakers, and insurers to undertake a more comprehensive assessment of prudential and conduct risks facing the industry. Publication of some of this data will also deliver clear benefits to consumers through enhanced understanding of insurers’ businesses, products and services.

Although existing data collections have generated a significant volume of valuable information on the life insurance industry, it is increasingly apparent to the Agencies that the aggregated nature of data can limit its usefulness. The Agencies regularly experience ‘insights gaps’ where the data are either inflexible or insufficient to effectively identify key issues and emerging trends that could lead to prudential and conduct risks and harms. Such limitations inhibit the Agencies’ strategic drive for data-enabled decision making.

Extending the timeline for IDT

APRA is committed to its data change program that aims to both streamline requirements for industry and enrich data and insights for APRA, Government, peer regulators, its regulated population, and other stakeholders.

As noted in our letter dated 31 July 2023, APRA now intends to embark on the first annual review of our data directions roadmap. This review will include reconsidering the pace, sequencing, and priorities of the roadmap, while also seeking to ensure APRA’s data and technology capabilities are aligned with our goals. We intend to provide further information on the outcome of the review in early 2024.

Where to from here?

The Agencies will continue engaging with stakeholders to develop the proposed data scope and help shape a robust, workable data model that results in a mutually workable outcome. Consequently, the Agencies are planning to extend the timeline for the IDT engagement/discovery phase to further evolve collection design and approach. This will not require the industry to commence any major initiatives. The formal consultation phase, where the data model is incorporated in draft and then final reporting standards, will follow once the data collections have been shaped.

Our ask of you

In this discussion paper, the Agencies have used the feedback from discussions held with stakeholders in late 2022 to refine some of our concepts and questions. We are now seeking input through your responses to these questions which will help to further shape our thinking in relation to the future depth and breadth of future data collections.

Ongoing stakeholder engagement/discovery will be essential to ensure the IDT project is set up for success. So, we want your input, we want your insights, and we want your ideas. We want you to help us ensure that the outcomes are beneficial for all stakeholders.

Chapter 1 – Response to industry feedback

In late 2022, the Agencies conducted early discussions with industry, consumer groups and other stakeholders on the IDT’s collection objectives, design, and implementation. The main themes coming out of these engagements include:

- the need for more clarity on objectives and use of the data;

- concerns about data privacy;

- advantages of forming technical working groups; and

- minimising the regulatory burden of the proposed data collection.

Feedback from these discussions has been considered and incorporated into this discussion paper. The Agencies’ responses to the issues raised are set out in further detail below.

Data Privacy	The Agencies’ Response
Confidentiality and privacy: Industry shared concerns about confidentiality of the data submitted and privacy obligations they are required to adhere to.	Chapter 4 of this discussion paper outlines how the Agencies will address confidentiality and privacy concerns.

Stakeholder Engagement	The Agencies’ Response
Relevance and purpose of data collection: Stakeholders sought greater clarity on the Agencies’ objectives and intended use of the data collection.	In this discussion paper, we have outlined the objectives, intended outcomes and indicative use cases of the proposed IDT collection.
Reinsurers: Reinsurers expressed concerns about the level of granularity and frequency of data expected from reinsurers.	The Agencies will have a targeted engagement with reinsurers to clarify expectations for granularity and frequency and consider any other concerns.
Technical working groups: There was broad support for technical working groups comprising industry and APRA-ASIC members to work on specific topics.	The Agencies intend to work closely with industry to achieve a mutually workable data collection solution that will achieve the desired objectives best. At an appropriate time, the Agencies will consider the establishment of technical working groups to help develop and iterate the data collection.
Engagement with other groups: Industry recommended engaging with other stakeholders.	The Agencies are actively engaging with a broad group of stakeholders and government bodies (including peer agencies, industry bodies and actuarial consultancies). Extension of the engagement period will allow incorporation into any formal consultation.

Data Availability	The Agencies’ Response
Underinsurance and overinsurance: Stakeholder groups highlighted the lack of data that can measure underinsurance and overinsurance.	The Agencies are seeking to collect data points that will help provide a greater understanding of underinsurance and overinsurance. Feedback is welcomed on the proposed data points and definitions released alongside this discussion paper.
Availability and accessibility of data: Stakeholders shared concerns around the availability and accessibility of data from other sources (e.g., superannuation trustees).	The Agencies will have targeted consultation to better understand and address the availability and accessibility of data. For insurance in super, we will work with the Superannuation Data Transformation (SDT) project to streamline areas of overlap.

Data Availability

The Agencies’ Response

Underinsurance and overinsurance: Stakeholder groups highlighted the lack of data that can measure underinsurance and overinsurance.

The Agencies are seeking to collect data points that will help provide a greater understanding of underinsurance and overinsurance.

Feedback is welcomed on the proposed data points and definitions released alongside this discussion paper.

Availability and accessibility of data: Stakeholders shared concerns around the availability and accessibility of data from other sources (e.g., superannuation trustees).

The Agencies will have targeted consultation to better understand and address the availability and accessibility of data.

For insurance in super, we will work with the Superannuation Data Transformation (SDT) project to streamline areas of overlap.

Regulatory Burden	The Agencies’ Response
Consistency and consolidation of data: Stakeholders conveyed the importance of consistency of data definitions and consolidation where there are overlaps with other reporting regimes.	The Agencies will consider other data collections and reporting regimes to ensure consistency. The Agencies have obtained data templates and definitions from other agencies as we strive to maintain alignment of definitions where possible. Feedback is welcomed on the proposed data definitions released alongside this discussion paper.
There was broad support from stakeholders to implement the IDT in stages rather than all at once (i.e., a phased approach).	The Agencies intend to adopt a phased approach to the data collection (as outlined in Chapter 3 of this discussion paper).
Regulatory cost and burden: Stakeholders conveyed the costs associated with submitting granular data.	The Agencies are mindful of the cost to industry in designing, building and maintaining the data collection. However, we also recognise the benefits of an industry-wide data uplift. The Agencies are committed to working with all relevant stakeholders to leverage synergies wherever possible.
Improve efficiency: Industry engagement to date increasingly noted the value of aligning IDT with the CALI experience study collection (administered by KPMG) which also collects granular information.	The Agencies intend to build IDT upon the CALI experience study collection (administered by KPMG) to improve efficiency and minimise the industry burden.

Chapter 2 – Insurance Data Transformation Overview

2.1 Objectives and outcomes of the Insurance Data Transformation project

The IDT data, once collected, aim to enable regulators, policymakers, and insurers to undertake a more comprehensive assessment of prudential and conduct risks facing the industry. The collection will inform and support data-driven policy, supervisory and industry decisions, with the ultimate objective of enhancing market integrity, financial stability and consumer outcomes.

The Agencies are aware that insurers, individually and collectively, are also pursuing richer data and improving their data capabilities to price risk better, manage profitability and make decisions informed by richer datasets. As insurers enhance their own data capabilities, the Agencies expect that the investment in data will generate clear benefits over the medium and longer-term. More granular data can drive greater understanding of, and inform decision making on, industry risks and challenges. This should ultimately enable earlier detection of issues of concern and monitoring of compliance obligations, which will result in improved risk management and governance.

The Agencies intend to improve the value of insights and publish more data from the new collections (subject to consultation), resulting in benefits for all stakeholders.

2.2 How the Agencies will use the collection

The IDT collection will support each agency’s regulatory mandate by providing important insights across the insurance life cycle. The Agencies’ aim is to develop deeper and broader collections that can be used flexibly.

Granular data collections can be used flexibly in a variety of ways by the Agencies and other stakeholders. The proposed granularity of these data collections allow for it to be ‘sliced and diced’ in different ways to answer different questions and provide new insights. This will include the identification of outlier insurers and products, comparisons against benchmarks and, over time, identification of changes or trends that indicate greater prudential and misconduct risks. This will also assist each agency evaluate the impact of interventions.

Broadly framed areas of regulatory focus include, but are not limited to:

Focus areas	APRA use case	ASIC use case
Products	Analysing how insurers design and price products to ensure sustainability. Analysing how insurers are responding to affordability and availability challenges.	Analysing whether products are designed to meet consumer needs and identifying features and attributes contributing to poor value. Assessing compliance with laws such as the Design and Distribution Obligations.
Sales and retention	Analysing the drivers of affordability and availability issues and better understanding which policyholders are affected over the lifetime of the policy.	Analysing whether products are marketed and sold fairly, appropriately, and meeting consumer expectations. Assessing compliance with laws such as the Design and Distribution Obligations.
Claims outcomes	Analysing the impact of claims outcomes on sustainability and profitability. Analysing claims handling timeframes and outcomes to monitor operational practices and risk culture.	Analysing whether claims are handled efficiently, honestly, and fairly. Analysing claim trends with different variables, and the impact on product value.

Focus areas

APRA use case

ASIC use case

Products

Analysing how insurers design and price products to ensure sustainability.

Analysing how insurers are responding to affordability and availability challenges.

Analysing whether products are designed to meet consumer needs and identifying features and attributes contributing to poor value.

Assessing compliance with laws such as the Design and Distribution Obligations.

Sales and retention

Analysing the drivers of affordability and availability issues and better understanding which policyholders are affected over the lifetime of the policy.

Analysing whether products are marketed and sold fairly, appropriately, and meeting consumer expectations.

Assessing compliance with laws such as the Design and Distribution Obligations.

Claims outcomes

Analysing the impact of claims outcomes on sustainability and profitability.

Analysing claims handling timeframes and outcomes to monitor operational practices and risk culture.

Analysing whether claims are handled efficiently, honestly, and fairly.

Analysing claim trends with different variables, and the impact on product value.

2.3 How other stakeholders could use the collection

Data could be used by stakeholders to further support their planning, monitoring and decision making:

Stakeholder	Use case
Insurers	The insurance industry will benefit by having more granular and higher quality data to better understand and respond to industry challenges, including in relation to the availability and affordability of insurance as well as underinsurance. Insurers also need good-quality data to support effective governance and risk management. The data will provide insurers with additional information to better monitor financial risks, prudential and conduct risks, benchmark business performance, improve pricing outcomes, understand sustainability challenges and profitability drivers, and ensure good consumer outcomes. Insurers could better demonstrate compliance through enhanced data collection, management, analysis and reporting.
Government/policy makers	The IDT collection should help government and policy makers develop deeper understanding of the insurance industry over time to support policy development, government initiatives, and regulatory reform, including in relation to the availability and affordability of insurance.
Consumers and small businesses	The publication of data and insights from the IDT collection¹ could enhance consumers and small businesses’ ability to compare and understand product offerings.

Stakeholder

Use case

Insurers

The insurance industry will benefit by having more granular and higher quality data to better understand and respond to industry challenges, including in relation to the availability and affordability of insurance as well as underinsurance.

Insurers also need good-quality data to support effective governance and risk management. The data will provide insurers with additional information to better monitor financial risks, prudential and conduct risks, benchmark business performance, improve pricing outcomes, understand sustainability challenges and profitability drivers, and ensure good consumer outcomes.

Insurers could better demonstrate compliance through enhanced data collection, management, analysis and reporting.

Government/policy makers

The IDT collection should help government and policy makers develop deeper understanding of the insurance industry over time to support policy development, government initiatives, and regulatory reform, including in relation to the availability and affordability of insurance.

Consumers and small businesses

The publication of data and insights from the IDT collection¹ could enhance consumers and small businesses’ ability to compare and understand product offerings.

Chapter 3 – Scope and implementation

3.1 Overview

The Agencies are proposing to design a collection with both ‘depth’ and ‘breadth’ components, primarily to support a phased implementation (rolling out collections in stages rather than all at once). This aligns with the approach undertaken in APRA’s SDT project.

Breadth focus refers to a core set of data points collected at the transaction level across all products to provide a high-level overview of the industry.
Depth focus refers to a product-specific collection that builds upon the breadth collection by collecting additional data points tailored to the relevant product.

Phase 1 is comprised of the product performance collection and the modernised Life Claims and Disputes data collection (LRS 750). Future phases may include deepening the product performance collection for other risk products and the collection of some data at an aggregated level.

3.2 Phase 1 scope

As part of the product performance collection, we are proposing to formalise the Individual Disability Income Insurance (IDII) pilot collection, which collects data on a ‘best endeavours’ basis, with additional breadth on other risk products for key data items (e.g.earnings and benefits).

LRS 750 is currently collected on an aggregated basis from all direct writers of risk products. The Agencies propose to add depth to LRS 750 in three ways: collecting more granular data at a policy and claim record level, extending the collection to reinsurers and adding a number of data points to enrich the collection. We are open to considering the relative prioritisation of these aspects of Phase 1.

This diagram shows the proposed phasing of IDT. Phase 1 consists of a broad data collection over time. LRS 750, record-level LRS 750, all products, product performance (IDII), product performance (other products) Future phases will focus on product performance and all other products: existing collection, planned collection.

3.3 Reducing regulatory burden

To reduce regulatory impact, the Agencies will review data in other collections and align definitions wherever possible. With the stated aim to ‘collect once and share’, the Agencies are also reviewing data sharing with other agencies to avoid duplicate requests and reduce the need for ad-hoc collections.

3.4 Frequency of collection

To balance between more timely data versus industry burden, the Agencies are considering options for collecting data on a quarterly, half-yearly or annual basis. Note that frequency could vary between different tables (e.g. quarterly for the financial data and half-yearly for the policy and claims information).

Discussion questions – Scope and implementation
How quickly can your entity/industry be ready to: a. apply and expand the IDII collection to other products? b. increase the granularity of LRS750 to policy and claims level? Do you have any comments regarding the proposed scope of products being prioritised, specifically: a. Regarding the challenges in providing policy level data for Group products, feedback received to date include: trustees, custodians of data, varying degrees of relevance, data quality checks and reinsurers. Are there any further key challenges in providing this data? b. Regarding the challenges in providing credible ‘secondary cause of claim’ data, feedback received to date include: validation, shifting of causes, system build and accuracy in reporting. Are there any further challenges in providing this data? c. Are there any challenges for reinsurers to provide the expected data? d. Are there any data points that should be added or amended to help provide more meaningful data? Feedback received to date indicated a preference for the proposed phased approach. Please indicate if you have a different view on the timing and order of these data collections and, if so, why. Are there any concerns regarding the proposed definitions in the appendix, specifically: a. the clarity and consistency with existing definitions b. any items not defined. What would be a suitable frequency to submit these returns? Please provide an estimate of the cost for quarterly, half-yearly and annual submission. Within what timeframes would data be able to be submitted? For example, half yearly data submitted 2 months after the end of the reporting period. In terms of the data extraction, please provide: a. the estimated size of the dataset that your entity would submit b. the estimated time required to extract the data. Please provide any suggestions on: a. how the collection can be streamlined to fit with other reporting regimes b. how to improve the efficiency of implementation. What would be entities’ preferred approach to ensure data quality to APRA’s standard?

Discussion questions – Scope and implementation

How quickly can your entity/industry be ready to:
a. apply and expand the IDII collection to other products?
b. increase the granularity of LRS750 to policy and claims level?
Do you have any comments regarding the proposed scope of products being prioritised, specifically:
a.    Regarding the challenges in providing policy level data for Group products, feedback received to date include: trustees, custodians of data, varying degrees of relevance, data quality checks and reinsurers. Are there any further key challenges in providing this data?
b.    Regarding the challenges in providing credible ‘secondary cause of claim’ data, feedback received to date include: validation, shifting of causes, system build and accuracy in reporting. Are there any further challenges in providing this data?
c.    Are there any challenges for reinsurers to provide the expected data?
d.    Are there any data points that should be added or amended to help provide more meaningful data?
Feedback received to date indicated a preference for the proposed phased approach. Please indicate if you have a different view on the timing and order of these data collections and, if so, why.
Are there any concerns regarding the proposed definitions in the appendix, specifically:
a. the clarity and consistency with existing definitions
b. any items not defined.
What would be a suitable frequency to submit these returns? Please provide an estimate of the cost for quarterly, half-yearly and annual submission.
Within what timeframes would data be able to be submitted? For example, half yearly data submitted 2 months after the end of the reporting period.
In terms of the data extraction, please provide:
a. the estimated size of the dataset that your entity would submit
b. the estimated time required to extract the data.
Please provide any suggestions on:
a. how the collection can be streamlined to fit with other reporting regimes
b. how to improve the efficiency of implementation.
What would be entities’ preferred approach to ensure data quality to APRA’s standard?

Chapter 4 - Confidentiality and Privacy

4.1 Data Security

As the data collecting agency, APRA regards maintaining the security of entity data as the highest priority.

APRA is governed by the Protective Security Policy Framework, which outlines required governance, protective, detective and response security capabilities. A security risk management practice is in place to assess cyber security risks, covering the availability, confidentiality and integrity of data and systems.

APRA applies the Australian Cyber Security Centre Information Security Manual (ACSC ISM), which includes the Essential Eight mitigation strategies. The ACSC ISM provides guidance for cyber security roles and incidents, procurement and outsourcing, security documentation, physical security, personnel security, communications infrastructure, communications systems, enterprise mobility, evaluated products, ICT equipment, media, system hardening, system management, system monitoring, software development, database systems, email, networking, cryptography, gateways and data transfers.

4.2 Determining data to be non-confidential

Under section 56 of the Australian Prudential Regulation Authority Act 1998 (APRA Act), non-public data reported to APRA under the Financial Sector (Collection of Data) Act 2001 (FSCODA) is therefore subject to statutory secrecy obligations . Section 57 of the APRA Act permits APRA following appropriate consultation to make a determination that data provided in a particular reporting document, which has been submitted in accordance with a reporting standard made under FSCODA, is non-confidential.

In keeping with APRA’s focus on greater transparency, APRA will continue to consult on data that can be made non-confidential, and entities can expect an increase in the amount of data and analysis that is made public as a result.

Specific proposals on the confidentiality of life insurance data in Phase 1 of the IDT will be included in APRA’s formal consultation, giving the industry the opportunity to comment on confidentially in respect of each area of the data collection.

4.3 Publication of data

As mentioned in section 4.2, APRA intends to make as much data as possible publicly available. This aligns with APRA’s strategic priority to increase the transparency of the data it collects, as well as the Australian Government Public Data Policy Statement.²

Specific publication proposals for the proposed data collection are intended to be subject to a separate formal consultation which will be undertaken ahead of the effective date of the collection.

As mentioned in 4.2, determining data as non-confidential could result in an increase in the amount of data shared across agencies. For clarity, APRA intends that all data collected under IDT would be shared with ASIC. APRA will continue to strengthen its partnerships with peer agencies in relation to data collection with the aim that data can be collected once and shared. The Multi Agency Data Committee (MADC) was established to promote a unified and strategic approach to data across financial sector government agencies and close common data gaps. Through increased collaboration and communication, the committee aims to increase data sharing between MADC agencies and help to reduce financial sector reporting burden whilst keeping all information safe and secure. Current membership consists of APRA, ASIC, ABS, RBA, Treasury and the ATO, although other agencies can attend as required.

Any data shared by APRA will be in line with the secrecy provisions in the APRA Act and additional conditions may be imposed on the recipient of the data.

4.5 Data privacy

Additionally, APRA is bound by the Privacy Act 1988 (Privacy Act) and the Australian Government Agencies Privacy Code 2018 (Privacy Code). This includes a Privacy Impact Assessment (PIA) process that is used by APRA to assess initiatives undertaken in terms of the potential impacts these initiatives may have on the privacy of individuals involved. As part of this PIA process, a compliance assessment is conducted against the 11 Australian Privacy Principles (APPs) to which APRA is bound which are as follows:

Open and transparent management of personal information (APP 1);
Anonymity and pseudonymity (APP 2);
Collection of solicited personal information (APP 3);
Dealing with unsolicited personal information (APP 4);
Notification of the collection of personal information (APP 5);
Use or disclosure of personal information (APP 6);
Cross-border disclosure of personal information (APP 8);
Quality of personal information (APP 10);
Security of personal information (APP 11);
Access to personal information (APP 12); and
Correction of personal information (APP 13).

APRA will undertake a PIA for the data points outlined in the appendix of this paper.

The Privacy Act imposes obligations on APRA regarding the collection, use, storage and disclosure of personal information. APRA will continue to comply with its obligations under the Privacy Act.

Any proposed publication of this data will equally consider privacy implications, such that where personal information could be disclosed, or deduced APRA will apply measures to protect this data (such as masking or aggregation of the data) so that individual records cannot be identified.

Discussion questions – Data security and privacy
10. Do you have any data security and/or privacy concerns with: a. The provision of data at a transaction level b. Any of the specific data points c. Any elements of APRA’s proposed approach in handling data If so, what are these concerns and what steps might be feasible to address these.

Discussion questions – Data security and privacy

10. Do you have any data security and/or privacy concerns with:

a.    The provision of data at a transaction level
b.    Any of the specific data points
c.    Any elements of APRA’s proposed approach in handling data
If so, what are these concerns and what steps might be feasible to address these.

Chapter 5 - Feedback sought

5.1 Feedback on this Discussion Paper

The Agencies invite written submissions on the discussion questions set out in this paper by 22 December 2023, and consider requests to provide submissions after this date on a case by case basis. They should be sent to dataconsultations@apra.gov.au; and addressed to the General Manager, Macro and Industry Insights, Australian Prudential Regulation Authority.

The Agencies have included a range of questions throughout the paper. They are to guide, but not limit, industry responses. Submissions can also indicate whether there are any aspects of the proposals that could be improved to reduce compliance costs, or if there are particular data items which would be more difficult to provide.

5.2 Important disclosure notice – publications of submissions

All information in submissions will be made available to the public on the APRA website unless a respondent expressly requests that all or part of the submission is to remain in confidence. Automatically generated confidentiality statements in emails do not suffice for this purpose. Respondents who would like part of their submission to remain in confidence should provide this information marked as confidential in a separate attachment.

Submissions may be the subject of a request for access made under the Freedom of Information Act 1982 (FOIA). The Agencies will determine such requests, if any, in accordance with the provisions of the FOIA.

Information in the submission relating to the affairs of any APRA-regulated entity that is not in the public domain and that is identified as confidential will be protected by section 56 of the Australian Prudential Regulation Authority Act 1998. Protected information is exempt from production under the FOIA.

Appendix

Data dictionary

Appendix - Life Insurance Discussion Paper Insurance Data TransformationPDF823.14 KB

Published 12 October 2023

The proposed definitions are in draft form. The Agencies are working closely with industry to ensure the proposed collection is practical and fit for purpose. As such, these draft data points and definitions are subject to change as feedback is received from industry and other stakeholders.

Footnotes

¹ Confidentiality and publication of any data collected under IDT will be subject to formal consultation.

²Australian Government Public Data Policy Statement

Disclaimer Text

While APRA and ASIC endeavour to ensure the quality of this publication, they do not accept any responsibility for the accuracy, completeness or currency of the material included in this publication and will not be liable for any loss or damage arising out of any use of, or reliance on, this publication.

This work is licensed under the Creative Commons Attribution 3.0 Australia Licence (CCBY 3.0). This licence allows you to copy, distribute and adapt this work, provided you attribute the work and do not suggest that either APRA or ASIC endorses you or your work. To view a full copy of the terms of this licence, visit https://creativecommons.org/licenses/by/3.0/au/