Sunday, October 15, 2017

The Regulatory State in Practice: The Insurance Industry

People would have far less faith in the regulatory state if they saw how it works day-to-day. In this post I'll share some of my experiences with the regime I am familiar with: personal lines insurance regulation.

Sometimes I'll give my standard libertarian argument for limited government, and somebody will make a knee-jerk, unserious comment about how "Of course, we need some regulation. Otherwise unfettered greed will rule." I don't think so. Whether regulation in practice fetters greed or exacerbates it is really an empirical question. It depends on how good your institutions are, how observant and diligent the voting public is about disciplining the regulatory state, whether it's possible to align the incentives of the regulators with the interests of the public, the relative costs of free versus regulated markets, and lots of other things. I think in almost all cases the best regulation is market discipline without any government augmentation. But in this post I want to narrowly focus on the regulation of personal lines insurance and suggest that maybe some of these lessons generalize.

I am an actuary. Part of my job is to defend my employer's rate filings to regulators, who are always looking for reasons to reject them. First, a little bit about how this works. Personal lines insurance (home/renters and auto policies) is regulated at the state level by each of the 50 states, rather than being regulated at the federal level. Each state has a Department of Insurance, or "DOI". (A mean and immature joke is to pronounce that acronym out loud.) Each insurance company has a rate structure that is explicitly written down such that any two people who are identical on paper get exactly the same price. Prices can vary by rating territory (usually groupings of zip codes and/or counties), age, gender, marital status, credit history (surprisingly predictive of auto and home-related accidents!), and prior claim history. But the insurer has to specify exactly how this works in a rate filing, and has to use exactly those rates until it makes another filing amending that structure. Typically it's something like: $500 base rate for the rating territory you live in, times a factor of 2.0 for your age, gender, and marital status, times a factor of 0.5 for your good credit history, times 2.0 for having multiple prior accidents, so your rate is $500 * 2.0 * 0.5 * 2.0 = $1,000. (This is just an example; it would be an extremely simple rating structure that no insurer could actually get away with in today's marketplace.) I can't just say to this customer, "Been shopping around, eh? Can't find anyone else who will write you a policy at under $2,000, huh? That'll be...$2,000!" I have to charge this customer exactly what my rating algorithm calculates or I am in violation of state law. Any insurer found deviating from their filed rates would be severely fined. There might be some ambiguities about what rate to charge. Maybe the Postal Service redefines zip-codes mid year, and the customer's zip code doesn't map to any rating territory, so I have to place them in the most reasonable one. Or maybe their marital or credit status changes and my rate plan failed to specify how quickly I will reclassify them, such that a divorced person gets the "married" rate or a person with improving credit is temporarily being dinged for their poor past credit (or someone with deteriorating credit is temporarily benefiting from their good past credit, which is far more likely in my experience). But these ambiguities are a small part of the game. For the most part, the rate is spelled out clearly and unambiguously.

Typically, a company does a rate filing for every state at least once a year. This means an actuary has to write up a long report full of data (claims paid, premiums received, expenses incurred, investment income received, rate differentials by territory or classification) and submit it to the state DOI. Then a regulator at the DOI looks it over and either 1) approves it or 2) sends the insurer an "objection letter" stating the many things they don't like about the filing. There is a huge difference between state DOIs. Some are extremely lenient and will rubber-stamp approve almost any filing, as long as it's reasonable. Unless you're increasing rates by 100%, or implementing an explicitly racist class plan, these states will approve your filing very quickly. Bless them. (Typical overall rate changes are in the 5-10% range, usually just keeping up with inflation. And rating based on race is explicitly against the law in every state, and probably a violation of federal law, too.) Other states are extremely picky. Sometimes they are nettlesome for no particular reason. Sometimes the regulator does not have any statutory authority for their objection, but rather they are objecting to something that they just don't like. Most states have some catch-all statute regarding insurance regulation that reiterates the definition of an actuarially sound rate: A rate is reasonable and not excessive, inadequate, or unfairly discriminatory if it is an actuarially sound estimate of the expected value of all future costs associated with an individual risk transfer. Emphasis mine. Do you see a problem with this? "Unfair" is extremely subjective. A statute reiterating this principle basically gives the regulator carte blanche to object to anything they don't like. One state (a very, very northern state) will cite statutes in their objections, but when we look them up we always find that they refer to this boilerplate language about actuarially sound rate-making. It's almost never a reference to a law explicitly banning something in our proposed rating structure.

If regulatory overreach is one annoying problem, regulator incompetence is another. Often the regulator is not an actuary or is not otherwise technically savvy. Or sometimes they are actuaries who lack the specific technical expertise to understand the rate filing. Insurers are increasingly sophisticated in their pricing and using increasingly complex methods for segmenting risks. The industry standard for a long time has been the generalized linear model, or "glm". If you've ever found the "line of best fit" through a bunch of points in a math class, the glm is just a more sophisticated version of this, with an arbitrary number of dimensions (not just the two) and with different kinds of penalties for "missing" points on the scatter-plot. A glm is not all that complicated. Using one gives you a rating plan with multiplicative factors, as in my example above. The model tells you: "Multiply by 1.05 for male, 1.2 for unmarried, 0.90 for fair credit history, 1.00 for no prior incidents..." Simple as this is, I would say that most regulators are pretty clueless even when it comes to glms. But insurers are increasingly using things far more complex than these. Gradient boosted models (gbms) are insanely complex decision trees with thousands of branches. Neural nets are extremely complex systems of variable weights and triggering-thresholds. Increasingly these even more complicated models are being used to design (at least to inform) our rating plans, and yet many regulators are still perplexed by the relatively simple glms.

We try to do our best when it comes to justifying our glm results, but honestly most regulators wouldn't know what they were looking at if we gave them a filing exhibit spelling out everything in perfect detail. Sometimes they ask telling questions that betray their lack of understanding. I literally had an objection letter once that asked, "What is 'multivariate analysis'?" Perhaps it's a non-standard term, but anyone even remotely familiar with recent trends in the industry would know this is a reference to glms and related methods. It is in contrast to "univariate analysis", in which the mean for each group is calculated and the relative averages are used to set the rate differentials. For example, "Males cost 1.2 times as much as females to insure, so apply a 1.2 factor to males and a 1.0 factor to females." The "univariate" approach is wrong, because males could have other risk factors driving the difference. Maybe the average male customer for our company is younger, has worse credit, etc. A glm automatically accounts for these correlations between different rating variables. That is why we use them. None of this is terribly obscure, either. The reasons for using glms are described in detail and the methodology is fully fleshed out in several of the actuarial exams (grueling industry exams that people in my tribe have to take to earn our designation). Another typical question is something like, "How do you avoid double-counting if two rating variables overlap?" or "How do you adjust for correlations between rating variables?" The answer is that I don't have to, because I'm using a glm. A colleague once asked me how I answered such questions, and I said something like the previous sentence. We busted up laughing, because my blunt answer (which I would never really give to a DOI) points out how thoroughly the questioner is missing the point.

Another typical question is something like "Please provide the data used in this analysis." Once again, this betrays a complete lack of understanding. The underlying data in a glm is a gigantic table containing millions of records, probably in the tens of gigabyte range for a decent sized insurance company. The regulator doesn't actually want this, and probably doesn't have the technological capacity to even accept a file transfer of this size, and almost certainly could not perform an independent analysis if we sent it to them. At any rate, it would completely compromise our competitive position and (more importantly) our policyholders' privacy/security if we were to send around such a comprehensive database of our customers and their claims payments. (DOIs aren't always so diligent about security. I have seen pages from competitor filings marked with big red letters saying "CONFIDENTIAL", as in "The insurer marked this as confidential but the state DOI did not honor their wishes. They just published it with everything else, because they couldn't be bothered to separate out the 'public' from the 'confidential' files.") My best guess is that the person asking for "supporting data" is still in the univaraite mind-frame. They think they are asking for a few summarized tables showing, say, claim payments by gender (or age or credit), number of policies in each category (termed "exposures" in the industry), and a loss relativity, thus supporting the rating factor for each variable. Unfortunately there is no way to fairly "summarize" the data underlying a glm. The entire database goes in, and the rating factors come out. It's a sophisticated calculation that requires all the data at once.

Sometimes there are "filing forms", which are lists of questions that we have to answer in our filing which are the same each time we file. At least the DOI is telling us ahead of time what it wants, rather than asking for several rounds of clarification after-the-fact. In theory, this can be a time saver and allow us to preempt questions and get the filing approved more quickly. In practice, these are a waste of time and can open up the insurer to further rounds of questioning because they DOI doesn't understand the answer to the question it asks. ("Give me a statistics lecture! Mmm hmm. Mmm hmm. And what is this 'multivariate analysis' you speak of?") These filing forms frequently betray a lack of understanding. One that I helped fill out recently asks about a "test for homoscedasticity." Homoscedasticity means that the points are evenly distributed around the best fit line; they aren't closer to the best fit line for small values and further from the best fit line for large values (or vice versa). The question betrays ignorance about glms, because in a glm you explicitly relax this assumption. A traditional linear model insists on normally distributed residuals with a constant variance; a glm allows one to choose a gamma or poisson or some other kind of error structure, which allows the variance to be a function of the mean (the y-value of the best-fit line). If that's all very confusing, don't worry about it. What's happening here (I think) is that someone copied and pasted a few lines of text from a linear modeling textbook without understanding what they were copying. Many filing forms ask about the R-squared or adjusted R-squared, and ask if the residuals are normally distributed (essentially reiterating the "homoscedasticity" question without realizing they've asked the same thing twice!). Once again, they are failing to understand the very basics of a glm, a standard insurance industry tool. These questions apply only to traditional linear modeling and don't apply to the glm world.

Don't mistake me as saying that regulators should develop a sophisticated understanding of these models so they can really grill insurers about how they are being used. Some moderately sophisticated regulators do ask reasonable questions about methodology. ("Did you control for geography? Did you offset with your limit and deductible factors?") The problem here is that there are a thousand "right" ways to do something. One modeler might think it's absolutely necessary to "offset" your model with your coverage limit factors (which are more appropriately calculated outside of the glm; this is the 50/100/25 or 100/300/50 that you see on your insurance policy in your glove box). Another might think it's okay to not offset, so long as you have the various limits in your model as a control variable. Another might think it's okay not to even bother with this control variable, because every time she's ever done this in the past, she got the same factors with and without controlling for limit. It would be a mistake for a regulator to assemble a list of "best practices" from the actuarial literature and start grilling every insurance company about whether they're complying with those standards or not. (And "Why not!?") I've talked to very senior glm builders, gurus for the profession, who have very different ways of building these models. It's a mistake to think there's a "right" way of doing things. It would be wrong to waste time and resources demanding that a company show the results if the model were built some other way. At best, the technically competent regulator should see their role as a guiding hand, perhaps gently suggesting that an unsophisticated insurer might get a better result if they built their model some other way. But they shouldn't be grand-standing on their checklist of best practices and holding up someone's rate filing.

Regulators vary in their level of rudeness. Some are extremely boorish. I guess they figure you aren't really a "customer." You have to deal with them and accede to their demands. I guess they figure that if courtesy takes any effort at all, it's not worth it. Fortunately, most of these people turn back into human beings once you get them on the phone and they have to talk to you. (Most.) But even in the case of a "polite" regulator, this person is often asking for lots of unnecessary busy-work.  This person wields the power of the state, and can use it to uphold your filing. The resulting busy-work can result in hundreds of man-hours of labor and tens or hundreds of thousands of dollars in lost revenue due to unnecessary delays.

Sometimes incentives are poorly aligned. Many states use outside consulting agencies to review all rate filings. Many of these agencies are paid by the hour, or awarded for each "infraction" they find. So they have an incentive to create busy work to create billable hours and find "infractions" no matter how trivial. A company I worked for once got fined after a "market conduct exam" because our rating manual said we would surcharge customers who paid late, but we never did surcharge them. I think it was just a matter of us wanting to have something to threaten late-paying customers with, but not actually wanting to annoy them every time they paid late. So we never put in place the process to actually surcharge them, or we had a process but never pulled the trigger on it. It's the kind of reasonable latitude that companies grant their customers all the time, but these regulators saw an opportunity to fine us and they pounced.

Every state has an insurance commissioner, who generally oversees the state's DOI. Some are elected and some are appointed. Elected commissioners might face different political incentives than appointed ones. Appointed commissioners usually are older insurance professionals who have some interest in public service. They might be more technically savvy. They typically understand that prices have to go up to keep up with inflation, that price differentiation is necessary to a functioning insurance market, that locking in low rates will make insurance less available, etc. These people may understand things about the realities of insurance pricing that the voting public doesn't. Elected commissioners, on the other hand, might campaign explicitly on a platform of "I will not approve any rate increases." A populist back-wind may allow these commissioners to behave incredibly irresponsibly and compromise the insurance market in their state. They end up not approving reasonable rate increases, or placing unreasonable caps on rate increases, or holding up rate filings for months before finally relenting when things aren't going well.

With all this regulation, what benefit does the insurance customer actually see? Surely they get a rate that's, say, 10% lower, right? No. That would be an absolutely intolerable rate inadequacy and no insurer would stay in that market for long. Insurers actually have higher insurance premiums because of regulation. We have to hire teams of people to stay informed and up-to-date on regulations and various law changes. We occasionally have to physically fly representatives to rate hearings in other states. We have staff dedicated to preempting and responding to regulatory actions. All of this is ultimately paid for by the insurance customer. There is no one else to pay it! The regulatory lag I mentioned above may not actually cost the insurer any revenue. More likely, the insurer assumes this lag in its business process. They either start the process of the rate filing earlier, or they take a slightly higher rate increase to account for the lag. (If my rate filing will take three months of regulatory approval time, for example, I will build in three months worth of inflation into my calculation indicating how much rate to take.) There is also labor on the regulator side. Someone has to pay for the staff or the state's department of insurance, to keep the lights on and to keep the building heated and cooled. This may be paid for with insurance taxes, or it may come from a general state revenue. Either way it comes out of the pockets of insurance customers. And what do they get for all this? At best, maybe some insurers get a 10% lower bill, but at the cost of someone else paying 10% more. Regulation doesn't result in overall lower insurance costs. It just means that some customers pay slightly more and some others slightly less. If a state DOI managed to truly hold down overall prices in their state, insurers would start to exit that state's insurance market.

For an example of insurers exiting the market completely, see the Florida market for homeowner's insurance. Most of the cost of Florida homeowners insurance is due to infrequent but catastrophic hurricanes and other tropical storms. Historical losses will not be truly indicative of future expected losses, so insurers need to use simulations to estimate their actual exposure to hurricane risk. Computer simulations of thousands of storms are run, and the resulting damage to existing homes is estimated based on these simulated storms. The Florida Office of Insurance Regulation is extremely picky about what what kind of hurricane model you can use. The regulation of these models is so onerous as to be punitive. Florida's regulation of hurricane models is an example of regulators being relatively sophisticated but still not adding any value to the insurance market. (Well, adding negative value, in that they've driven insurers out of the state.)

I try to view this all charitably. Maybe even though every action taken by regulators looks like a waste of time and resources, market discipline would totally collapse without them? The marginal action of a regulator looks silly, but maybe the overall effect of regulation is a positive one? It could be, but I find this hard to swallow. There is fierce competition in the market for personal lines insurance. You can get dozens, even hundreds, of quotes if you only have the time to shop around. There are thousands of insurers. It is a very thick marketplace. Some insurers will advertise their financial strength, others will give you a lower price because they lack the reputation of major industry players. Some will sell based on strong "customer service", while others will have no-frills service with a corresponding low-expense and lower premiums. Some will never deny a reasonable claim (thus costing more), and some will fight every marginal claim and even some reasonable ones (thus costing less). I don't think regulation has much of a role to play in such a thick market. Customers know they are taking a chance when they buy from a no-name insurance company with cheap premiums. They also know they can find a better price if they shop around a little. Most customers don't bother. They may complain about their insurance rate going up, but they can't be bothered with the minor annoyance of getting quotes from a few competitors. Oh, some certainly do. And insurers are paranoid about policyholder attrition. Insurers are often trigger-shy on taking the rate increases they need to, because even a necessary rate increase would threaten customer retention. They implicitly feel the discipline of the market when deciding how to set the price. They pour over competitor rates, customer retention statistics, and new customer acquisition numbers. The regulator adds no value to this process.

I don't think any of this is necessarily unique to insurance. I would imagine other industries have similar problems regarding regulatory incompetence and regulatory overreach (or perhaps forbearance). Fundamentally, government just doesn't have much to offer us in terms of market regulation.

6 comments:

  1. As someone with 30 years experience in designing, building, underwriting and filing rating plans across 50 states in every personal line, I echo everything written in this post. This is exactly my experience of the situation and my take on its (imaginary) benefits.

    ReplyDelete
  2. Market regulation didn't arise out of nowhere, and while the government-as-mafia meme has some merit it's ahistorical to think that market regulation has no function.

    In insurance I can see a very obvious function for government regulation--ensuring that insurers maintain adequate reserves.

    Much of the tenor of this post makes me think of Nassim Taleb. Taleb recommends that in general regulations be as simple as possible. This, obviously, would rule out even attempting to regulate the actuarial models employed. Provided there is competition (antitrust, while often legally complicated, is conceptually simple), no need to bother diving into the nitty gritty details.

    I often note that libertarians tend to ignore, or simply be ignorant of, the fact that private regulation can have some of the pernicious results of government regulation. This often arises from a ratchet effect--existing regulations are rarely removed, but new ones are added.

    I am in the electrical manufacturing industry and is an annoying burden--many standards have mushroomed ten-fold in size in the past twenty years without good reason.

    Does anything similar exist in insurance?

    ReplyDelete
  3. Private regulation can be bad, but I think the libertarian position is that government regulation is worse. That’s my position anyway, at least regarding this case. And I’ve found it to be generally true of every instance of regulation I’ve looked into.

    I didn’t touch reserve regulation, and I don’t deal with that in my profession. This is another area where there is a lot of judgment involved. One analyst can believe an insurer is insolvent, while another analyst using another method thinks it’s fine. And perhaps an insurer that looks borderline insolvent now ends up turning things around in the next few years, such that liquidating it would have been an unnecessary trauma to all stakeholders. I think it’s fine to have insurers with varying levels of financial stability, even venturing into the speculative/shady range. You can shell out extra for the financial strength of a State Farm, or you can scrimp and buy from Fly-by-Night-Co. Some companies will compete on price, others will compete on quality and financial stability. Like I said, there are over a thousand insurers, and they vary by every conceivable measure.

    I don’t necessarily see a “ratcheting” in insurance regulation. Some states are hands-off, and always have been. Others are extremely meddlesome and always have been. Regulations and new laws pile up, but a given regulator still will only ask a limited number of questions in their objection letters.

    ReplyDelete
    Replies
    1. Government regulation is usually worse than private regulation for obvious reasons, but it's worth noting there are exceptions. CE, the safety marking standard in the European Union, was established by the European Commission and is superior to the free market solution in America (UL, ETL, etc.) as it imposes lower costs on business.

      Studying the behavior of investors does not give me a lot of confidence in the ability of insurance customers, especially consumers, to assess the financial strength of insurers. People pile into markets at all time highs, go all cash at all time lows, or don't even bother saving money at all.

      And to actually assess the financial strength of an insurer, you'd need to scrutinize their balance sheet yourself...and rely on the fact that the balance sheet presented to you is accurate. You're just suggesting evaluating financial strength based on a brand name...you know, trusted names Bear Stearns or Lehman Brothers.

      Most people can't even get their 401k right let alone scrutinize the assets of their insurer, so that leaves relying on third party representations like those of AM Best. I'm not an insurance guy, so I have no idea whether or not the representations of AM Best are accurate.

      Enter, of course, the costs of regulation and the incentives of regulators, where you libertarians are on firm ground. You could have "successful" regulation of reserve requirements in insurance by imposing overly high reserve requirements at the cost raising insurance rates for everyone.

      This sort of regulatory "success" is very common in automobiles for instance--every new car starting next year has to have a backup camera because some bad driver but aggressive lawyer in New Jersey backed his truck over his daughter. This will add perhaps $300-1000 to the price of all new cars. Perhaps the cost will be justified in reduced accidents (including property accidents), but I am skeptical.

      I did use your insurance selection method myself, incidentally. I have GEICO for my auto and umbrella insurance. I can sleep soundly at night knowing that they are wholly owned by Berkshire Hathaway, which right now has $100 billion in CASH.

      But you (especially) and I are much better equipped to assess insurers than much of the population is. More than half of the population has a double digit IQ, and they're often mandated to purchase insurance for various reasons. In the event their coverage fails, it's not unlikely that they're driven into bankruptcy given the abysmal savings rates in this country.

      Insurance, like banking, is in the business of maturity transformation. Property, casualty, and credit insurers in particular are subject to uncertain future claims.

      In banking we can theoretically eliminate this problem by prohibiting fractional reserve banking, but I see no such solution in insurance.

      This makes reserves a very important matter, and potentially systemically important.

      Delete
    2. Companies sometimes fail. And yes, simple rules (like “recognizable brands are better than smaller companies”) sometimes fail. Points taken. These things happen, even in a very highly regulated market with a lot of government intervention.

      Delete
  4. Instant Karma, much appreciated. I'm sure I could get most of the actuaries at my company to endorse this post. The description of the details anyway, if not necessarily the implications. I've seen comments of a similar nature on Actuarial Outpost, so I know it's not just my small universe I'm describing here.

    ReplyDelete