In the film Spartacus - at least, I think it’s Spartacus - there is a scene in which two gladiators are forced to fight each other, tied together by a rope. If either one cuts the rope, he will be executed; whoever looses will, naturally, die. So, they fight.
For a while the two circle, equal terror in each other’s eyes. Pulled by one gladiator, the rope brings the two together; swung by the other, it separates them, though only so far. As they pull and swing, slash and stab, the baying of the crowd rises as the fight develops yet the sound also seems to recede as the struggle intensifies towards its climax. After many faints, lunges and much grunting, one gladiator is gorily victorious. The lights go out in one set of eyes, the terror is replaced with manic triumph in the other’s.
I know this doesn’t sound much like the introduction to a post about insurance but bear with me...
I haven’t seen too much gladiatorial behaviour in insurance negotiations but there have been times when I have watched either a buyer or a seller (and in one case both) look like they thought they were something like gladiators; the urge to vanquish (it was quite a big claim...) as intense as any film might portray.
The point I am making is that gladiatorial behaviour represents one end of a spectrum of possible insurance buyer/seller behaviours. The gladiatorial is just the most extreme manifestation of the inevitable consequence of the adversarial system - in economic terms, where both sides seek to optimise their situation relative to the other - under which insurance buying and selling currently operates. The other end of the spectrum, which I have witnessed more often, involves both buyer and seller genuinely eager to establish and maintain a partnership of mutual trust; both see benefits in a transparent dialogue that recognises each others’ needs and expectations from the transaction. The rope between the gladiators is, of course, a metaphor for the utmost good faith (uberrima fides) that determines the rules of engagement between buyer and seller.
To understand disclosure is first to define it and, as mentioned in the previous post in this series on digital risk, context is everything. For example, in journalism disclosure means to reveal the interests of the writer which may bear on the subject being written about; in accounting it refers to a company providing information about its past financial performance, future forecasts and current operations; and in psychology it means talking to others about one's feelings.
In the current insurance context, in the contract negotiating stage, utmost good faith requires matching disclosures. The buyer must give sufficient detail about the nature of the risk to be transferred to allow the seller to make an informed risk selection, pricing and acceptance decision. The seller must disclose if the product they are offering does not meet the needs of the buyer as disclosed by the buyer.
Although what should be disclosed is somewhat clear, the richness of the disclosure depends on the choices made by the individual buyers and sellers. This in turn can be informed by many things such as individual buyer and seller ‘styles’ and the corporate, professional or national environments from which they come.
In addition to these personal and external influences however, I have come to believe that the strongest influences affecting buyer and seller are the result of the nature of the transaction itself.
In the buyer’s mind, ‘cost/promise uncertainty’ means that more buyers are likely to under than over-disclose. Cost/promise uncertainty is the uncertainty of the buyer who thinks that he has to pay for a promise that he probably won’t need because he probably won’t have a claim and even if he does, it probably won’t be covered (for who knows what reason) and even if it is, he will have to fight for every penny. The natural temptation, if you believe your under-disclosure will go undiscovered and it saves premium to do so, is to under-disclose to under-pay for coverage.
The seller is perfectly aware of this and factors under-disclosure into his technical rate. Nonetheless, he still suffers from “portfolio/cost uncertainty’, his uncertainty about whether his portfolio will achieve critical mass, whether it might contain unanticipated risks, unexpected volatility or even systemic exposure and how much his competitors will force him to ignore his technical rate to the point that he is under-paid even for his expected losses - the losses he knows he will have to pay. The obvious temptation, if you believe you will be systematically underpaid and your survival depends on it, is to over-charge and under-cover whenever you can.
This post isn’t about market cycles, which these behaviours encourage, but about how the insurance market’s core feature - uncertainty - leads to under-disclosure and under-paying by the buyer and over-charging and under-covering by the seller. The standard explanation for this state of affairs is information asymmetry.
As Wikipedia puts it (with thanks for this and other references I haven’t fully cited):
As Wikipedia puts it (with thanks for this and other references I haven’t fully cited):
In economics and contract theory, information asymmetry deals with the study of decisions in transactions where one party has more or better information than the other.Information asymmetry therefore has three elements - two parties, a purpose (decision) and some information. Acknowledging that information asymmetry was the reason uberrima fides had to be invented, I have always struggled to understand information asymmetry in the context of uberrima fides for two of these elements and recently, the third has started to cause problems too.
The element I used to accept was the purpose - to transfer risk; so far so good.
But two parties? Not so good but then it never was. If insurance is about the premiums of the many paying the losses of the few, the portfolio of risk of which one risk is a part cannot be ignored. Ignoring for now the composition of the portfolio (more on that another time), I have never really understood why we talk of a one-to-one relationship between insurance buyer and seller when we use portfolio theory to manage insurance risk; portfolio management makes insurance a one-to-many relationship.
Further, the role of the insurer is akin to that of a portfolio manager because losses are expected to be paid out of the sum of the buyers’ premiums. Only if premiums are inadequate and reinsurance is exhausted is the insurer’s capital called upon to keep the seller's promise to the buyer. So, if buyers pay for the seller’s promise, the volatility and performance of the portfolio is central to that promise. On this basis, it would make sense for the buyers to get to know each other and to be selective about who joins their club...
And the information? Even less good. Although a buyer may have (if they choose to) as good an understanding of their risk as their resources will allow, few buyers have anything like complete knowledge. And although a seller may have a strong understanding of the nature of the risk in general terms, few underwriters are expert in every facet of the risks they cover - there is too much to know. And however expert they may be, they can only know what the buyer is first able and then willing to disclose.
Even if the two party’s information were combined, and bearing in mind risk disclosure is currently one way so it isn't now, buyer and seller knowledge would still be incomplete because of the dynamism of digital risk - the speed with which new threats and vulnerabilities emerge.
Even if the two party’s information were combined, and bearing in mind risk disclosure is currently one way so it isn't now, buyer and seller knowledge would still be incomplete because of the dynamism of digital risk - the speed with which new threats and vulnerabilities emerge.
Now, the definition of information asymmetry doesn’t say that the combination of the information known between the two parties is all the information that can be known. But wouldn’t it help both parties if what was known was as complete as it could be? And further, wouldn't it help if both had the same, even if incomplete, information? It wouldn’t eliminate the uncertainty of the underlying risk but it would eliminate the uncertainty about disclosure and the resulting under-payment and under-coverage. It would also allow both to redirect their energies towards reducing the uncertainties of the underlying risk.
I have a friend in New Jersey who, about now, is saying - “OK Tim, but what’s in this knowledge sharing business for the buyer?” I would answer from the buyer’s point of view.
“I am giving the insurer my money to pay losses; they might be my losses but they are more likely to be other peoples' losses. That being the case, I want to know that the other buyers who might get my money are managing their risk as well as I am and are being reimbursed for genuinely fortuitous losses, not losses caused by, for example, incompetence or laziness - it’s my money after all... I don’t have the time or expertise to understand all the details so I am happy to forego the insurer's uncertainty costs and associated behaviours if they will support risk management standards and so reduce my overall costs.”
To offer this value proposition, insurers would need to operate in digital risk time, where disclosure is no longer just about what and when disclosure takes place but specifically how quickly the right information is disclosed. The network security industry operates according to a philosophy of ‘full disclosure’. This means that the full details of a security vulnerability, including how to detect and exploit it, are fully disclosed publicly soon after the vulnerability is identified - see here. The theory runs that, by releasing vulnerability information immediately, the window of exposure, the length of time a vulnerability is open to attack, is reduced because vendors are forced to respond to protect their own systems and reputations.
A quick aside; this concept is not new. It originates from a locksmithing controversy in the 19th century - a debate about whether the weakness of certain locks should be kept secret within the locksmithing community or revealed to the public. It was decided that ‘rogues’, the 1850’s equivalent of crackers, knew all about the weaknesses anyway and publicity allowed people to protect themselves by changing the weak locks.
The question then arises about how readily available is the information necessary for insurers to perform this role? Specific threat and vulnerability data is already available as noted above but consider too, the volume of information now available through Google and other information networks plus the richness of information potentially available on LinkedIn, Facebook and other social networks. The former scarcity of information, which led to the development of uberrima fides rules to govern disclosure, has now been replaced by an abundance of information that makes almost inevitable exposure, rather than selective disclosure, the operative environment in which the insurance industry now functions.
Although these resources already exist, the insurance transaction has not changed. For example, though the duty of disclosure is different in different jurisdictions, in most insurance placements including network security policies, disclosure by the buyer only occurs up to the point the contract is bound. While a buyer is expected to maintain their security posture in the event of compromise, further disclosures during the policy are only required about major corporate events (takeover/merger etc.) and when the buyer needs to notify a claim.
The existence of these capabilities, combined with the better alignment of incentives that would result from their application, is what now suggests to me a new purpose for insurance. If the new information abundance and collaborative technologies were combined to eliminate (or at least significantly reduce) disclosure uncertainty and the associated costs, a re-defined purpose for insurers could be developed where insurers delivered not just risk transfer but also undertook an integral role supporting the development and dissemination of risk management knowledge and the deployment of targeted expertise.
Because the capabilities and expertise are already available, the issue is one of placing insurance far more directly into new interactions with different value chains than is the case today.
But more on that another time...
No comments:
Post a Comment