In May this year, WannaCry ransomware shut down operating systems in May of this year, crippling organizations such as Britain’s National Health Service along with thousands of smaller businesses. The next big attack could target fintechs, and insurers are hoping to cash in on the need for coverage – but they are finding it difficult to convert this into real business.
Fintech companies are considered at risk because of the nature of their businesses.
“I’m now spending more than half my time on cyber,” Jason Kelly, head of liabilities and financial lines at AIG Asia Pacific, told DigFin.
How big is the risk? Perceptions of fintechs as a vulnerability are rising. On December 11, the Depository Trust & Clearing Corporation released a semi-annual survey of financial market participants that saw 15% of respondents say fintech may pose a significant risk to financial stability. (DTCC didn’t say how many people participated).
More generally, 36% named cyber risk as the biggest threat to the global economy.
“Fintechs will need insurance,” said Murray Wood, head of financial specialties for Asia at Aon Risk Solutions, speaking at the Singapore Fintech Festival in November.
Fintech companies deal with a mix of customer data, transactions and access to money just like a big financial institution – but without a bank’s I.T. security or risk management.
This makes them juicy targets, even small ones. But they may struggle to afford traditional insurance, because they also lack an established institution’s claims history or record of dealing with losses, factors that contribute to pricing risk.
There is no evidence that fintechs are buying protection against cyber crime in any great measure. Data is sketchy. Aon Risk Solutions says in 2017, the global insurance industry sold $1.5 billion to $4.5 billion in cyber-insurance premiums, but there is no breakdown of customers by sector.
According to Allianz, 90% of these sales have been in the U.S. Aon estimates annual premiums will reach $20 billion by 2020 (other estimates say that figure won’t be reached till 2025).
The big one
The fear among insurers is that one big cyber event could wipe out all of those premiums. They specifically worry about ‘accumulation’, when a cyber event impacts many companies at once, as WannaCry did. If a private cloud service suffers an outage, it could generate losses of up to $53 billion, says Aon. “That’s equivalent to the largest natural catastrophe,” Wood said.
The insurance industry will survive 2017, with its hurricanes, floods, earthquakes, fires and other calamities, because the property & casualty business is well capitalized and enjoys strong earnings – and because governments are prepared to backstop the industry with emergency measures.
The same isn’t true of cyber. “$53 billion is a big number for an insurance market in its infancy,” Wood added.
In other words, the insurance industry can’t deal with an outlier event in cyber, not so long as accumulation remains a big risk.
Waiting for government
“I don’t think we’ll do much cyber until governments decide to back it, just like they do for natural disasters,” said an executive at a global reinsurance company. He told DigFin that the numbers he had seen among the reinsurer’s primary clients suggested not a lot of cyber is getting underwritten.
The U.K. has been proactive. Its Financial Conduct Authority is mandating fintechs purchase professional liability insurance. Insurers are responding by developing cyber products that incorporate aspects of traditional coverage for smaller businesses.
Singapore’s Monetary Authority hasn’t yet taken the same step but industry officials say it is mulling the idea. Aon says more insurers are coming to Singapore for cyber-related business.
For example, Markel International, a subsidiary of U.S.-based Markel Corporation, is taking its U.K. cyber product to Singapore, says Simon Moi, Asia head of professional and financial risks.
He says U.K. authorities are worried about peer-to-peer networks and crowdfunding, where trading activity could lead to breaches. “Many fintechs think they don’t carry any risk,” Moi told DigFin, adding Markel is targeting businesses with a maximum turnover of $5 million.
Desirables and deplorables
AIG, Markel and others are offering coverage against data breaches, data security liability, and network interruption. Extras include bundles with traditional small-business protections, consulting to prevent hacks, forensics in the wake of attacks, and ransom coverage.
Less clear is whether any of these insurers will provide full cyber coverage to big financial institutions. And they are avoiding large technology companies like the plague. No one has figured out how to price a breach or outage at an Alibaba, an Amazon or an Uber, so these companies have to rely on their (large) balance sheets to pay for any problems.
It is possible that insurance brokers or consortiums such as Lloyd’s will find a way to pool such risks. “But it’s hard to understand the risk when these new companies are growing so fast and expanding into new markets,” AIG’s Kelly said.
Another set of untouchables: crypto-currency companies, including blockchain players. The volatility of bitcoin and other crypto assets, and their dodgy reputations as facilitators of crime, make these fintechs uninsurable.
The new edge for fintechs?
Even if governments don’t follow the FCA and make professional liability insurance mandatory for fintechs, having coverage will become a competitive necessity, particularly in the B2B space. Financial institutions don’t want to be exposed to a fintech’s risks. Big tech companies such as Google already insist on small tech partners being insured, so banks may well follow.
“Fund managers [in Singapore] need to have professional liability insurance,” said Moi. “Maybe fintechs will too?”
The European Union is going to make indemnity insurance mandatory for financial institutions, and it’s not a leap to imagine Brussels adding cyber crime to the list. Nor is it hard to imagine venture capitalists start to consider insurance in their investment decisions.
Cigna reboots with WhatsApp/chatbot mashup
The U.S. firm is leveraging WhatsApp business API and A.I. to get a leg up in Hong Kong health insurance.
Cigna is the first insurer in Hong Kong to deploy
WhatsApp Business API allows an enterprise to manage one-to-one communication with customers using the messaging app. With over 1.5 billion monthly active users, WhatsApp is the largest messaging platform in the world. In markets such as Hong Kong, it is the dominant messenger (see chart*).
What’s the importance of APIs? Applied program interfaces connect two different networks. A Cigna customer would normally need to log into the company’s app or website to receive service. But Cigna has now linked its server to WhatsApp, the
WhatsApp built its Business API service for large businesses to easily handle big volumes of notifications. For example, Booking.com and Wish use WhatsApp API to send booking confirmations and shipping information to individuals.
Cigna took this a step forward. It has hired Hong Kong
Its first use case is to help customers find a doctor.
Yuman Chan, Cigna’s CEO for Hong Kong, says the company routinely gets such inquiries, and it wanted a way to automate the process. It was also an easy way to begin working with artificial-intelligence tools.
It chose Clare.AI because of its local-language capabilities and its reliable natural language recognition, says Johnson Wong, Cigna’s senior manager for transformation.
“For some other [vendor] solutions, if I asked a question a bit differently from the standard question, they can’t answer – especially if it’s in Cantonese,” said Wong.
Bianca Ho, co-founder of Clare.AI, says security and compliance are also important components to providing chatbots to financial institutions.
Clare.AI doesn’t keep or use data with personal information. It uses aggregate data to provide analytics.
WhatsApp’s messages are encrypted end-to-end. Therefore only the two parties in
For Business API, the data is stored on the servers of the corporate client (Cigna).
“It’s the consumer and Cigna and Cigna’s database that have the information,” Ho said.
Cigna launched its WhatsApp chatbot in April, and since then it has handled about 1,000 queries a week related to “find me a doctor”. The company is working to build out more functionality over the messenger, including claims submissions for both individual and group customers.
Wong says Cigna has the infrastructure ready for the automated process.
“If you ask about your claims, we can easily retrieve the data from the back end to the top. We’ve built the core already,” Wong said.
Its WhatsApp chatbot will then help it collect data based on customer questions, said Chan. For example, if customers ask about particular doctors, they could potentially be added to the insurer’s panel of clinics.
Cigna is also working with a Hong Kong telemedicine company called Doctor Now. This began as a voluntary service created by local doctors for elderly people. Cigna is the first insurance company to work with the service and commercialize it.
The idea is to let patients receive a consultation from licensed doctors via the app at home, instead of having to go to a hospital and wait in a queue. They can also get medicine shipped to their residence.
The business model is similar to Ping An Good Doctor, while Cigna aims at the health-insurance market for local, Cantonese-speaking residents.
Good Doctor is huge in mainland China, where it provides teleconsulting, appointment bookings, and medicine home deliveries. The app serves 265 million users, as of December.
The unit behind Good Doctor, Ping An Healthcare and Technology, listed in Hong Kong last year; the app is now available in Hong Kong and
WeChat’s parent, Tencent, has its own healthcare app in China called WeDoctor, or
Of course, in mainland China, Ping An and Tencent have built digital health empires on the back of poor traditional healthcare infrastructure, vast reservoirs of people (=data), and looser data privacy rules.
Hongkongers have access to doctors already. Its public hospitals have some of the same problems: with an aging population, doctors can be overwhelmed. But the system functions and is widely available. Cigna is a relatively small player in this market: according to Insurance Authority statistics (most recent data available only for 2017), it ranked 23rd in gross premiums. ( For direct medical business, it was ranked sixth in 2018).
It might be adding a feature similar to Ping An’s playbook but its real target looks to be gaining
*None of the internet companies release statistics but Hootsuite graphics and unattributable Reddit opinions suggest WhatsApp leads in Hong Kong thanks to a longer history and a local English-friendly culture, but WeChat is catching up and Japan’s Line also has traction.
Citi, Mastercard vouch for digital coupons
Mojodomo, a Hong Kong fintech, is helping insurers and banks engage directly with consumers.
Financial institutions are digitizing their product design, sales and operations, in order to cut through middlemen and reach end users. But one fintech is working with insurers and banks via their marketing departments.
Mojodomo is a Hong Kong-based company that digitizes coupons and vouchers, like gift certificates. Citi and Mastercard are introducing it to their B2B customers. The company is now raising an initial seed round of funding to help it expand to other regional markets.
“The Citi virtual card account lets us offer a redemption-based payment model to clients using our loyalty voucher platform,” said Dennis Shi, CEO of Mojodomo.
The insurance use case
The best way to understand what this startup does is to take one of its current use cases: insurance.
Enterprises, including insurers, banks and other corporations, pay hundreds of billions of dollars per year in coupons and vouchers, as a means of winning or rewarding consumers.
An insurance company may, for example, hand out supermarket coupons or vouchers for holiday mooncakes. Insurers might do so via their tied agents, as an incentive for agent networks.
We offer a redemption-based payment model to clientsDennis Shi, Mojodomo
But agents are also middlemen who own the customer relationship – an arrangement that insurance companies are keen to sidestep, particularly if they can avoid spooking the agents they depend on for revenues. Hence the vouchers as one way to engage with end users.
This activity is paper-based. It is based on pre-paid vouchers (the insurer buys loads of them from the mooncake shop), with no quantifiable return on investment. The insurer hands out the vouchers to its policyholders, but has no means of knowing who spent them. Many vouchers go unredeemed, or customers give them away to others.
Adding the retailers
Tyrone Lynch, chief investment officer at Mojodomo, says the company’s platform allows insurers to issue vouchers in the form of credit, with each tied to a token, similar to a credit-card number. Insurers can issue these digitally – perhaps as an incentive to get people to download their app – and they only pay the retailer when a voucher has been redeemed. With everything tracked, the insurer’s marketing team can get a precise hold on what’s working and who’s cashing in.
The mooncake shops would lose out on giant, up-front bulk sales. They’d only get paid for vouchers that redeem. But the payment would be instant, via Mastercard and the banking system, versus having to wait for the insurance company to send them the money owed. Today, retailers have a cumbersome audit requirement to report the vouchers they do receive, whereas there’d be no need with a digitized process.
We’re using digital tools to move into an open-loop platformTyrone Lynch, Mojodomo
Lynch says the company is in a proof of concept with a global insurance company in Hong Kong that wants to connect with its most lucrative policyholders, particularly when an independent sales agent quits. It is also working with mainland Chinese banks. These institutions can issue a voucher either directly via SMS, or from their app.
“They were getting only about 50% utilization of their prepaid vouchers, but now they’re redeploying their marketing budget and getting realtime feedback on their clients,” Lynch said.
Revenues from marketing budgets
Mojodomo is more of a marketing business than payments, at least in its revenue model. Instead of charging the merchants (the mooncake shop) like a credit-card company, it charges the marketers at the insurance company or bank 8% of the value of redeemed vouchers.
That’s a large fee – but Lynch says it’s worth it to marketing departments that need to deploy their budgets but haven’t been able to find reliable ROI measurements.
“Most enterprises are simply digitizing their paper-based vouchers,” he said. “They’re still operating in a closed loop. We’re using digital tools to move into an open-looped platform.” A closed-loop means customers can only convert with the issuer itself: like using a Starbucks voucher. But open-loop is based on credit, using a B2B payments model, so that now the retailers or other third parties are part of the circle.
Mojodomo’s tech itself is not unique: it’s raising money now to be first into various Asian markets, such as Taiwan and Singapore, while relying on partnerships with Citi and Mastercard to get introductions to clients – such as the global insurer in Hong Kong and the banks in mainland China. Citi has also provided a credit line, while it is relying on Mastercard’s virtual card and payments rails.
In the case of the Chinese banks, part of its selling appeal is digitizing vouchers that customers can redeem overseas, using QR codes at participating retailers. Using Mastercard, the company is giving Chinese banks a means of issuing loyalty points that customers can use abroad. The fintech is still working on a mechanism for foreign exchange.
The fintech is currently seeking a $2 million seed round but expects to immediately follow up with a $15 million Series A round early next year. The proceeds are to go to building a presence in multiple markets, including credit lines. To date the company’s founders have bootstrapped it by about $500,000.
MSIG’s Asia offices file separate claims to digital strategy
The insurance company is pursuing digital transformation, but that means different things to different local teams.
“Insurers are late adopters of fintech”, said Mack Eng, Singapore-based executive vice president of Japanese insurer MSIG. So insurers bring in third-party fintechs to help speed up their transformation.
MSIG’s claims system alone involves three partners: DBS Bank, NCS (a robotics company) and Laserfiche (enterprise software). Their services may overlap, but MSIG is open to explore with different partners.
MSIG’s example is in line with industry trends. Sanjay Varma, director for Asia Pacific at vendor FIS, says financial institutions in the region are increasing the number of third-party collaborations.
FIS just issued a report that says only 47% of Asian companies with clear leadership in digital transformation say their technological capability is sufficient to meet their growth plans.
Varma says the pattern is for companies to hire outsiders who bring change to the corporate culture; then they build internal digital platforms; and finally they bring in third parties to fill the gaps.
Singapore goes robo
MSIG has travelled down a similar road. Eng was hired in 2018 just after the insurer embarked on a digitalisation campaign for Asia. “It’s critical that leaders set the right tone,” Eng said, to ensure the urgency of the task is communicated to all levels.
Since then the company has built a foundation for a new generation in core infrastructure, and followed by partnering with outside players.
MSIG’s regional strategy has been based on robotic process automation (RPA), deploying computerised tools to handle simple, repetitive, time-consuming tasks, in order to save on human costs and reduce processing errors.
Business units can select what is most relevant for themMack Eng, MSIG
NCS, a subsidiary of Singtel, has tailored two bots for MSIG. One is called Zac, which processes travel claims submitted online, giving customers immediate emails back to acknowledge when a claim’s been filed. It cuts processing time of claims submissions from 14 minutes to 3 minutes, a time savings of 70%.
The second bot is called Velma, which enters details about automobiles for policies covering fleets. The time to log vehicle information has been slashed from about two minutes to 40 seconds.
Hong Kong’s holistic approach
Zac and Velma have been introduced to MSIG’s Singapore and other regional markets, although not yet to Hong Kong. That market has taken a different path: “Business units can select what is most relevant for them,” Eng said.
MSIG Hong Kong works with Laserfiche, which provides software that manages the overall flow of information through the enterprise (this is known as enterprise content management, or ECM; Oracle and IBM are industry leaders in this space).
ECM analyzes all kinds of information, including emails, documents, and images, in order to redesign workflows (as opposed to RPA, which simply improves existing processes but doesn’t change their function).
“It’s starting from scratch,” said Alan Yue, MSIG’s I.T. leader in Hong Kong. “We digitize our claim service to make it basically into a clean sheet.”
Hong Kong customers can now upload their supporting information instead of mailing hard copies when submitting a claim. The firm says 80% of online customers have used this channel. The software now also confirms submissions instantly via email or SMS, and it can forward them immediately to authorized insurance brokers or agents.
It’s starting from scratchAlan Yue, MSIG
ECM, in theory, should be a more strategic solution than RPA since it paves the way for artificial intelligence and cloud computing. ECM help companies transform data sourced from many places (including social media) into data that is structured, and therefore machine-readable for analytic purposes.
API -the payments piece
Finally, MSIG has partnered with DBS to enable real-time payments for claims that are approved. MSIG is the first user of DBS’s RAPID program, which launched in 2017. DBS customers can buy an MSIG policy on the bank’s website and enjoy real-time payment of claims, with DBS’s payment API integrated into MSIG’s claims process.
Having onboarded partners, MSIG now needs to make sure it stays on top of other relevant solutions in the market – not a simple task, given the ever-growing number of insurtechs and other tech providers. MSIG became a founding partner of startup accelerator Plug and Play’s insurtech platform in Singapore. Back in MSIG’s home market of Japan, other institutions are also joining this network, including Japan Post Insurance.
Eng says membership keeps the firm on top of emerging companies as well as mature vendors. MSIG has set up dedicated teams in Asia and Silicon Valley to manage its Plug and Play relationships.