The Kentucky Legislature has passed the first state law in the U.S. providing a comprehensive framework for an insurance regulatory “sandbox” for insurance technology products. The new regulatory sandbox, which will be administered by the Kentucky Department of Insurance (DOI), allows for private-sector flexibility while preserving necessary consumer protections.
This development comes on the heels of a lucrative first quarter of 2019 for the insurtech space. There we at least 1,540 insurance technology companies in the United States with $23 billion in funding by over 1,400 hundred investors, according to technology research firm Venture Scanner. Willis Towers Watson reported 85 insurtech deals with a value of $1.42 billion were announced in Q1 2019.
“We’re working to transform our state and we want you to come here if you’re looking to invest in innovative insurance products, processes or technologies,” Kentucky House Banking & Insurance Chairman Bart Rowland said in regards to the new legislation, House Bill 386.
The new law strikes a balance between innovation and regulation by creating a two-part regulatory safe harbor or “sandbox.” The statute provides regulations for participating in both an initial “Beta Test” and, upon further review, it permits an extended period of relief from regulation. Governor Matt Bevin signed the law May 20 and it takes effect on June 27, 2019. The sandbox is open until December 2025.
“Implementation of the regulatory sandbox will establish the Commonwealth of Kentucky as a safe space for entrepreneurs to test and launch insurance-related innovations and programs not yet contemplated by the Insurance Code,” said Secretary Gail Russell of the Public Protection Cabinet. “Insurance innovation can lead to cost savings on all types of insurance for Kentucky businesses and consumers.”
The new statute is very detailed and companies wishing to participate in the sandbox must apply to the DOI for admission. An applicant must explain the product’s innovation, value to customers and demonstrate financial stability. This article summarizes the key features of both steps and identifies some issues that would be of interest to any insurtech company considering an application.
Application to Play in the Sandbox
The first part of the statute describes the application to “play in the sandbox,” which requires a fair amount of information.
The major requirements of the application include an explanation of how the innovation will:
- Add value to customers and serve the public interest;
- Be economically viable for the applicant;
- Provide suitable consumer protection; and
- Not pose an unreasonable risk of consumer harm.
These last two requirements will be of critical importance to success because these are of primary concern to any insurance regulator.
Beyond a description of the innovation, the applicant must describe the regulatory burden created by traditional regulation. The statute mandates that the application provide a detailed description of the statutory and regulatory issues that may limit the innovation.
The law also requires an applicant to describe “a description of how the innovation functions and the manner in which it will be offered or provided.” If the innovation involves the use of software, hardware, or other technology developed for the purpose of implementing or operating it, a technical white paper setting forth a description of the operation and general content of technology to be utilized, including:
- The problem addressed by that technology; and
- The interaction between technology and its users.
This part of the application (and others) will implicate important provisions of the statute that cover confidentiality. Under the statute, all information in the possession or control of the DOI that is disclosed “and that relate to the financial condition of any person shall be confidential and shall not be subject to public disclosure pursuant to the Kentucky Open Records Act.”
Unfortunately, the scope of this language is unclear because it suggests that only financial information – not other proprietary material in the application – is protected. Before any application that involves disclosure of a proprietary innovation is submitted, the scope of protection needs to be clarified with the DOI.
For the same reasons, attention must be paid in advance to the text of any “no-action letter” as confidentiality does not extend to “information relating to the insurance innovation necessary to clearly establish the safe harbor of the extended letter.” This is of critical importance because the results of any Beta Test and any no-action letter must be published on the DOI’s website.
The timing of the application is also important. The application requires a statement by an officer of the applicant certifying that no product, process, method, or procedure substantially similar to the innovation has been used, sold, licensed, or otherwise made available in Kentucky. Depending on how the DOI interprets this rule, there may be the need to act quickly before an insurtech or another insurance competitor jumps to the head of the line.
Climbing Into the Sandbox
Kentucky’s director of insurance innovation is responsible for the review of sandbox applications.
All sandbox participants must report key data to the DOI for ongoing evaluation and oversight. Sandbox products and processes that prove to be successful and provide benefits to Kentuckians will serve as powerful evidence for reforming the state’s insurance code.
The director must review all applications and issue a notice of acceptance or rejection within 60 days unless time is extended for an additional 30 days. If no timely action is taken to accept or reject the applications, it “shall be deemed accepted.”
During the process “the commissioner may request from the applicant any additional material or information necessary to evaluate the application,” including but not limited to:
- Proof of financial stability
- A proposed business plan
- A pro-forma financial statement
- Executive profiles on the applicant and its leadership demonstrating insurance or insurance-related industry experience and applicable experience in the use of the technology
Playing in the Sandbox
If an application is accepted, the acceptance and a no-action letter will permit a “Beta Test” of the innovation within one year and will describe how the Beta Test will be evaluated. A Beta Test is defined as “the phase of testing of an insurance innovation in the regulatory sandbox through the use, sale, license, or availability of the insurance innovation by or to clients or consumers under the supervision of the department.”
Under the statute, the commissioner reviews the results of the Beta Test to determine whether the data presented shows the innovation’s utility and benefits to consumers. The review also considers what regulatory barriers prevent use of the innovation. Within 60 days of completion of the Beta Test, unless the time period is extended an additional 30 days, the commissioner is required to issue an extended no-action letter or a notice declining to issue it.
If the letter is issued, it will describe the insurance innovation and the specific conduct permitted by the extended letter in sufficient detail to enable any person to use the innovation or a product, process, method, or procedure not substantially different from the innovation within the safe harbor of the extended letter. The letter will also describe any certificate of authority, license, or permit the commissioner determines is necessary to use, sell, or license the innovation.
The “no-action” safe harbor expires after three years following the date of issuance unless a shorter time is specified.
“We look forward to promoting Kentucky as a place for insurance innovation,” said Kentucky Insurance Commissioner Nancy Atkins in a statement. “Insurance products and distribution are rapidly evolving with our ever-changing economy. This legislation establishes a framework to allow Kentucky to encourage product development for the future of risk management.”