No company is willing to discuss the breakdown of costs but the same McKinsey paper says even selective upgrades can consume up to two thirds of the digitisation budget of a financial sector company in any one year
Could an “outage” like the one that happened at HDFC Bank rock one or more of the insurance
companies too? We do not know the details of the three incidents at the HDFC Bank that prompted the Reserve Bank of India to bar on December 3 India’s largest bank by market cap from launching new digital products, including credit cards, after complaints that customers had faced outages in internet banking in the past two years. If it could happen to the bank with one of the largest tech budgets, the implications for lesser padded insurance
companies are serious.
Banks and insurance
companies have similar reasons to deploy information technology. As a recent McKinsey paper pointed out, fintech companies and NBFCs are winning market share and serving customers at about a third of the costs of legacy banks. The same trend applies to the insurance sector, with first year premiums of Rs 29,4406.14 crore (as of November 2020) under their belts, too. New digital-based companies such as Acko, Go Digit and even PolicyBazaar, which does not write insurance policies but is an online market for insurance products, are recording much faster rates of growth than the insurance companies.
For an Amazon or Walmart, digital systems give them an edge but they still have to supply the commodity the consumer has asked for. But in the financial sector, the digital operations are becoming a substitute for physical cash. In just in a few years, the tech system of a financial company has changed from a support service to the key service offered. When the lockdown began, payments via the United Payments Interface or digital money crossed cash drawn at ATMs for the first time in India. That trend has deepened in the six months to September.
It is here that legacy insurance companies face a challenge. While the disturbance created by Covid-19 has created the sense of urgency to offer more and more digital offerings all round, many companies are using the building blocks in which they have invested to expand their digital offerings instead of taking the bold gambit of installing a new operating system. The challenge is that the latter costs money. No company is willing to discuss the breakdown of costs but the same McKinsey paper says even selective upgrades can consume up to two thirds of the digitisation budget of a financial sector company in any one year. According to a Boston Consulting Group research report of November 2020, the insurance industry is one of the least digitally mature industries.
Parthanil Ghosh, President, Motor Business, at HDFC ERGO General Insurance, told Business Standard that the entire claims experience for the motor business has been made digital after trying for more than a year. Similarly in the life insurance business, even for premium collection, 53 per cent of the total received by the private sector is through banks as partners, riding on tech platforms. An outage at one or more places in these links could impose significant costs for customers.
The consequence of this can be seen from the experience in the US and other mature markets. In those geographies, 2019 had set a record abroad in theft of health records of clients from insurance and third party administrators. From 15 million records stolen in 2018, the number jumped up to 41.4 million. An agency to track such thefts, Protenus Breach Barometer, noted that those thefts exposed social security numbers of clients made possible by “increasing creativity” of those involved.
Insurance companies are vulnerable because they deploy a patchwork of systems bought often from different vendors as they have upgraded their systems from paper to IT-enabled to finally IT-based ones over approximately the past 20 years. According to a Boston Consulting Group research report, the insurance industry is one of the least digitally mature industries.
Despite Covid-19, this hasn’t changed much. It is true for most banks, too. Some of the state-owned banks, for instance, which run on the popular Finacle operating systems, use version 7 for their customer interface while their treasury operations may have graduated to the latest Finacle 10. Ever wondered why you can rarely use a bank-run ATM machine, for instance to make digital payments, something that is so easily possible on the net? It is this mismatch showing up.
So while the leading insurance companies have used this pandemic to gather digital speed, their offerings are not unique. Kayzad Hiramanek, head of operations & customer services at Bajaj Allianz Life Insurance, agreed the extensive digitalisation of operations the company has undertaken this year can be easily replicated by a rival. He qualified this by stating that it may not be easy since his company will be continuously bringing in deeper digital support for all outlets.
The offerings from both Ghosh and Hiramanek are built on off-the-shelf software available in-house, which the companies have tweaked. For instance, all companies operate on the industry standard 128 bit SSL encryption that is virtually impossible to hack. But are those standards maintained when they are shared with third party administrators? There are cost aspects, obviously. New medical technology, a Forbes article notes, is responsible for up to half the rise in cost of health care in recent years. Additional insurance administration costs could spike those even more. Yet the midway digital house can be breached as some of the banks are finding out.
The insurance regulator has written in stiff cyber security guidelines for the sector since 2017. These, issued by the Insurance Regulatory and Development Authority of India, have laid out data security rules for all five phases of the data lifecycle (that is data at source, in motion, in use, at rest and at destruction). They include regulations on sharing data with third parties such as how a surveyor can share client data on her car with the company or, more significantly, health data. But the rules are more or less what the RBI has mandated for banks. In any case, a regulator can only go so far.