The journey to an Open Insurance standard – part 2

Understanding the Risks and Challenges of Open Insurance

Written by Fouad Husseini, founder at Robosque and The Open Insurance Initiative

The first whitepaper of the Open Insurance initiative focused on the importance of securing open interfaces to protect the interests of consumers. Open Insurance reinforces consumers rights in sharing access to their data using a safe and secure consent-based mechanism.

To date, much of the focus on Open Insurance revolved around the benefits and advantages that open interfaces could introduce. For instance, reimagining the relationship between consumers and institutions, or improving consumers’ financial health and enhancing the productivity of SMEs.

Just as important as learning about the good side is, it is vital that the primary risks and side effects are also evaluated to galvanize our knowledge of open insurance adoption. Chiefly, as insurance APIs and ML proliferate, innovators must guard against and ensure that policyholders are fairly treated and appropriately protected when the implications of technological innovations are uncertain.

The first article in this series, was titled, Setting the Stage for Open Collaboration. It had discussed key components of Open Insurance and explored organizing at scale diverse stakeholders. This part will serve as a useful canvass for insurance providers as well as regulatory authorities in their exploratory phase and allows for comprehensive understanding of risks and challenges.

open insurance primary risks
The primary risks of open insurance


Digital platforms are an omnipresent phenomenon that challenges incumbents by changing how they configure and serve digital products and services. With change occurring at large scale, preparing for potential challenges begins with the conundrum of identifying primary risks.

Externally Induced Risks

Difficulty in establishing multi-party liability

In the event of fraud or mishandling of data, establishing who is liable and the extent of liability as a result of the multiplication of third-party service providers (TPSP) involved in a single transaction will become difficult to determine.

Does liability ultimately rest on the shoulders of the insurer? Or does it rest with who owns the customer relationship? How do you determine who owns the customer relationship?

Online dispute resolution (ODR)

We will see more collaboration/partnering in providing value across the network chain. Coordinating effective and speedy resolution of an issue, or achieving compliance across different TPSPs may become more automated involving more machine mediation. There is a risk that the customer may not receive adequate redress.

Emergence of new crime patterns

Aggregated service experience may make it harder to identify unusual or suspicious behaviors. This may involve significant additional costs for insurers to provide rigorous protection against emerging financial crime and risk.

Services will be rendered, and data will be shared through thousands of connection points and applications simultaneously. It is likely that we could witness new patterns of insurance fraud through data and software manipulation.

Systems overload

The technical performance and ability of systems to withstand a heavy load of on-demand services and transactions over a long period need serious attention.

TPSP impact on reputation

Insurers will have to monitor and manage reputational risk posed by data breaches and similar negative news events related to TPSPs accessing data and functionality

Uneven Regulatory playing field

If InsurTech and FinTech startups are not subject to the same regulatory scrutiny that insurers face, that would discourage insurers from transitioning to Open Insurance and will be less willing to provide easy or efficient access to customer data.


Data Sharing Risks

Wrong advice and failure in performance

Sharing of incorrect, inaccurate, or incomplete data due to infrequent updates may lead to the wrong coverage, advice or inappropriate underwriting and pricing decisions.

Data breach

Risk of data loss or manipulation due to systems vulnerability or poor compliance.

Misuse and breach of trust

Misuse (knowingly or unknowingly), fraudulent use and onward selling of data by unscrupulous users.

Discriminatory Biases

Data being treated or handled in a manner causing biases to occur resulting from the use of ML algorithms.

Data illiteracy

Consumers may not understand their rights or appreciate the value their data hold, how it could be used or what insights could be generated if mashed with data from other sources and the consequences thereof.

Lack of consumer data literacy may mean lack of trust in Open Insurance in why and how data would be shared.

Privacy premium

Disengaged customers may refuse to share data and as a result will receive lower levels of service. Fear of exposing sensitive information, or of being identified as financially vulnerable or anxiety of being rejected for reasons unrelated to insurance.

Create or reinforce existing disparities

Better data analytics may lead to exclusion of certain segments that otherwise would have been served. Potential customers may be assessed based on the actions of others with whom customers share some characteristics. Certain customers may unexpectedly experience a sudden rise in premium


Service and Performance

Product complexity barrier

Highly automated systems may lead to miss-selling if no form of insurance advice accompanies the sale. Some insurance covers should never be compared on price alone especially where protection and saving products are concerned.

Inadvertent weakened effectiveness of consumer choice

Customers may be overwhelmed by the variety and infinite options to choose from ranging from the simple to the overly complex, causing inappropriate selection of solutions (policies).

Products inhibiting the full benefit of elevated competition

Some insurance policies are long term, for example a 12-year endowment on a mortgage, would make consumers less interested in regularly reviewing alternatives.

Digitally challenged consumers

People that are digital averse or do not have access to smart hardware or the internet may experience financial exclusion. This could widen the trust gap.

Not enough friction!

Automated renewals could exacerbate the “loyalty penalty”. However, automated switching or better reminders of eminent policy expiry could counter act this phenomenon if appropriate friction is re-added to the customer journey.


Market Risks

Reduced differentiation

Increased product commoditization results in price focused competition and price erosion. This is not an entirely new risk as historically insurers struggled to differentiate their products. Differentiation on product alone will become more difficult. But it is also feasible that new options will be built around open standards in addressing new opportunities.

Risk of substitution

Open Standards reduce the risk to an organisation of being technologically locked-in allowing a user to replace existing software or apps with another. Similarly, modularity and interoperability within a marketplace would allow the platform owner (marketplace) to substitute the solution (for example, a web app) of one insurance provider with another, easily. It is a double-edged sword, as the power of substitution could also give rise to multi-homing where an insurance solution provider (for example a risk carrier) would be able to integrate the same solution into multiple marketplaces.

Loss of the customer interface

As products become unbundled and the direct interface becomes controlled by multiple specialist TPSPs, risk carriers are pushed further down the stack.

Evoke more competition

On the one hand, the existence of an open standard reduces the risk and cost of market entry, and so encourages multiple suppliers. On the other, there is the potential entrance of new players, some may be more dominant than existing players. Large insurance incumbents and Big Tech, for instance, Apple, Google, or Amazon could dominate the insurance market and annihilate smaller competitors thus reduce competition and narrow the options available

Revert to old practices

If insurers do not offer equal access to customer data and are selective in their partnerships with third parties, the market could revert to being insular rather than open.

Regulatory pressure

If providers (risk carriers in particular) do not come together to define open standards, there is a risk that policymakers could mandate open APIs. Such measure may arise to protect potential new entrants from being hindered but that could be at the expense and disadvantage of everyone resulting in additional regulation and compliance costs.

Two speed market

Open Insurance may appeal to players with large resources capable in investing in new tech and infrastructure. Similarly, it may only appeal to new, digital first entrants. This may signal a two-track progress to Open Insurance and may spell loss of market share by the small sized players.

New systemic risks

The cross sectoral interoperability between insurers and other markets will increase through products, organizational arrangements and markets giving rise to new systemic risks and vulnerabilities. These risks will affect insurers as much as reinsurers.

Loss in business focus

Incumbents may need to invest in upgrades to legacy systems, replacement systems, microservices architecture and API management platforms reducing focus on other areas of business.



OPIN is built around the concept of a community of businesses and subject matter experts from within the insurance ecosystem coming together to contribute their knowledge and time in building consensus leading for a common API standard.

Creating intelligent and sustainable communities to develop standards can lower costs, increase productivity, and accelerate development. In similarity to open source software, open standards development does come with risks while manageable are worth exploring by users.

Intellectual Property Infringement

The OPIN website includes a notification (proposal) that for all work carried out by the Open Innovation Lab in collaboration with the community of members the following licences will apply:

  • The Open Insurance Standard will be made available under a CC0 licence - effectively public domain - to allow for its use, reuse and distribution.
  • Open data in scope will be published under a CC0 licence, to avoid barriers to reuse and “licence chains”.
  • System software will be made available under an MIT Licence, allowing the software to be as permissive as possible to avoid difficulties when integrating with proprietary software.

Users and collaborators must understand their rights and obligations under proposed licenses. In some instances, there may be more inherent risk in open standards compared to proprietary standards. Risk for example, could manifest in a developer adding infringing code to an (open source) software.

Additionally, users may not enjoy contract protection against potential infringement nor the warranty protections customarily given for commercial products.

In contrast, not knowing what obligations are abiding can cause a developer to lose intellectual property or experience a monetary loss.

This article and others in the series aim to air and invite discussions. OPIN is taking a very studied approach in scrutinizing and understanding all technical and legal risks. The initiative will endeavor to introduce all necessary protection and compliance procedures, identify security vulnerabilities, testing and quality assurance, trouble shoot and support users to mitigate potential risks of the eventual standard.

Disincentivized Community

It is important to ensure the community is consistently active in managing the project, issues are resolved in expedient manner, and that the specification is regularly updated and improved, for example, version currency.

Using or distributing out of date, unpatched or unmaintained code could impact release capabilities, product (the standard) quality and users trust. Cultivating a vibrant community, improving, updating, and patching vulnerability issues as they become known is never easy.



There are numerous market studies highlighting that much of the data collected by businesses is not leveraged. In fact, on average, only 32% of data available is put to use and as much as 68% goes unleveraged. Given the characteristics of insurance as a product, there are pro-competitive effects for exchanging access to data by insurance companies, not only claims but also pricing data.

One notable example was commitments made by seven motor insurance providers in the UK to share pricing data by subscribing to a particular market analysis software. The agreement however, had raised the alarm at the Office of Fair Trading (OFT) resulting in an investigation during 2010-2011 for fear of price coordination. The OFT had allowed the insurers to share their data on prices, albeit historical ones only.  This was based on consultations finding that such agreement or commitment could be pro-competition and beneficial to consumers.

The benefits of sharing claims data are better understood than that of prices (premiums). A discussion over the benefits of sharing claims data versus pricing data is beyond the scope of this study.

On this occasion, we will focus on the risks of NOT allowing customer permissioned access to premium information.

Consumer outcomes do not improve

Without competitor price visibility, insurers could continue to apply unjustifiable higher margins, if they exist. The market would function less efficiently with reduced outcomes for consumers.

Internal in-efficiency unchecked

With better visibility, insurers could also re-examine their cost base and operational efficiency to match that of competitors and therefore be able to compete more effectively.

Pricing inaccuracy

Insurers lose the opportunity of monitoring and pricing their portfolio more accurately. Insights gained from other insurers could mean a reduction or an increase in premiums by allaying or confirming fears over certain underwriting decisions.

Loss of new markets

Where a new product is concerned, and there are many product innovations and much experimentation these days, uncertainties are magnified in cases where there is little data on which to estimate risk or the risk is specific to a small segment of consumers. The insurer or the InsurTech startup lacking the necessary experience of underwriting the risk could underprice the risk risking financial ruin or of over-pricing risking loss of market opportunity.

Faulty commercial strategy

Incubated startups with poor claims history and imperfect information on which to base their risk assessment may dissuade potential investors and VCs from supporting the new venture.



Open Standards offer increased opportunities through promoting interoperability (Ghosh, 2005). Many organizations, especially startups, would simply not have existed without infrastructure and systems based on open standards or open source software.

Digital modernization is a complex and costly exercise for most well established companies.  Also, APIs and data driven insurance are completely new to the sector.

Insurance operators will have to up-skill and invest in technologies that will require significant resources to install necessary infrastructure and support processes.

Lessons and hindsight from the Open Banking experience can be useful. A recent survey shed some light on the economic costs and how investment is distributed.  We need though to be mindful of the scale that banks operate at compared to insurance providers, and is therefore reflected in the modernization budget required which has a median of between €50 and 100 million. What is more relevant though, is the indication that pure IT costs represented 28% of total modernization budget, followed by product costs (25%), compliance and risk (24%) and operations (23%).

The Economic Cost on Insurance Providers

It would be hard to estimate in figures the typical modernization or API adoption costs as it would depend on many factors in particular the underlying core systems and the internal approach to digitization.

There will be one off implementation costs involved in improving IT infrastructure, improving databases, data quality, real time access, security and compliance. Costs are likely to be the largest for big, multi-national insurers who may be relying on multiple systems.

There may well be additional costs relating to staff recruitment, contracted out work and consultant/s fees.

The Cost of Releasing an Open API Blueprint

The effort of producing an open insurance standard could be smaller than that needed for introducing open banking because open banking has had to address the complexity of payments, high-volume transaction data and digital identity among other elements.

Rather than follow the CMA9 example of Open Banking implementation, OPIN advocates the setup of an OPIN Working Group composed of insurance stakeholders in partnership with technology vendors and other commercial organizations.

Additionally, there are assets and capabilities now available because of open banking that can be used to further lower the costs of implementing Open Insurance. This includes compliant APIs (FAPI), and Client Initiated Backchannel Authentication (CIBA).

The Open Banking Implementation Entity (OBIE) has started work on commercial APIs which is a direction which should be further investigated by OPIN. Steps could be taken to assist commercial API development which would allow for long-term recuperation of investment in labour and infrastructure.



The use of data with the enablement that APIs provide is undoubtedly improving the lives of under served communities in areas such as employment, education, health, local and regional services. Many insurance companies have already begun their adoption journeys by deploying APIs internally and that is usually the precursor for experimenting with external APIs and could help institutions to reduce costs by recycling code externally.

Beyond the feasibility of maintaining coordination between insurance stakeholders, creating an always evolving open standard also requires setting up the right stimulus to collect feedback and contributions.

Insurance operators have a choice of either playing an active part in the development of open insurance APIs and impacting regulation around openness, or risk being the last in line in adoption of open standards.

Having explored in this article many of the risk vectors, the next article in the series will focus on how Open Insurance could unlock better opportunities, our goal for long term change and we discuss whether regulation can force markets to innovate.

Robosque is a change maker. If you would like to be notified of next published article or to stay in the loop and follow our adventures, subscribe now to the API and Ecosystem Navigator™.