@Insurance Snapshot: Regulatory Corner – Breaking Down Blockchain: Implications of Blockchain Technology for the Insurance Industry

As the decade comes to a close, new technologies are having a major impact on how insurance industry participants conduct their operations – especially how they collect, process, analyze, store and disseminate vast amounts of data – as well as how they interact with those with whom they do business. In recent years, blockchain technology has gained increased visibility as a type of innovative technology with the potential to transform the insurance industry. Although insurance industry participants have generally been eager to learn about the capabilities of blockchain technology, relatively few have begun the process of identifying ways to incorporate such technology into their business, preferring a more cautious “wait and see” approach instead. Similarly, insurance regulatory authorities, while generally curious about the nature of blockchain technology, have only started taking steps to ensure that the regulatory framework can keep pace with the potential changes accompanying this technology.

Yet change is on the horizon.  In 2018, the Vermont legislature mandated the Vermont Department of Financial Regulation (the “Vermont DFR”) to review the potential application of blockchain technology to the provision of insurance and banking and to make recommendations for potential adoption of blockchain technology and any necessary regulatory changes.  In January 2019, the Vermont DFR submitted its report and recommendations to the legislature: Blockchain: Implications for the Banking and Insurance Industries, Michael S. Pieciak, Commissioner Vermont Department of Financial Regulation, January 15, 2019.  In addition, the Vermont DFR announced a pilot program to explore the use of blockchain technology in digital recordkeeping practices for captive insurers domiciled in Vermont.

This article sets out a brief overview of blockchain and related technologies, potential obstacles for the use of blockchain, potential applications of such technology in the insurance industry and Vermont’s novel approach to assessing the impact on the regulatory framework.

The basics of blockchain

Blockchain is a type of distributed ledger technology (“DLT”) and is a system of maintaining records utilizing advanced encryption methods over a decentralized network of computers.  Generally, equal access rights are provided to all participants although certain data can only be accessed if a user has the proper encryption keys.  Blockchain organizes data into “blocks” of data.  Each block of data may contain information about a transaction and the parties involved in such transaction, although personally identifiable information is encrypted through a digital signature called a “public key”.  A user can only unlock the personally identifiable information in the block if the user also has the corresponding private key which the user can store offline or in a digital wallet.  Once a block is created, it then needs to be connected to the blockchain network.  This is done through attaching the block to another block that is already part of the network “chain”.  In order for a block to be added to the chain, the content of the data in the block must be verified by the network of computers on the blockchain through a complex algorithmic process.  Once the information in the block is verified as accurate, the block is added to the chain and given a unique “hash” to identify the block from other blocks.

This chain of blocks, or the blockchain, is stored on all computers in that particular blockchain’s network.  This collection of information, therefore, is decentralized as the data is not just stored in one location or by one user; the data verification process is also done on a collective basis.  Once a block is added to the blockchain, the block and the data on such block is technically permanent and cannot be changed because it has its own unique hash identifier and encryption keys.  Many forms of blockchains are public, permissionless systems which allow any individual to participate, contribute data to the system, and to receive identical copies of the records maintained on the system. While some blockchains impose, as a qualification for becoming a participant in the system, possession of a specified threshold level of computing power established by “proof of work” in solving a complex mathematical puzzle, many blockchains do not include any requirements for participation (beyond the minimum amount of computing power required to support the actual requirements of the system). A widely publicized example of a public blockchain is the DLT underlying the Bitcoin cryptocurrency.  Because this type of public blockchain is essentially a public database operated by anonymous, unauthenticated individuals (as opposed to a centralized database operated by known, trusted individuals), the participants in such a system must agree on protocols for determining how data may be published to or edited on the blockchain system.  In addition to public blockchains, there is a growing number of private blockchains which require participants to have been granted prior permission in order to gain access to the specific distributed ledger system.  The closed, restricted access nature of private blockchains may make them potentially a better fit for a highly regulated industry such as insurance.

Because blockchains are decentralized in nature, they rely on consensus in order to operate.  Indeed, a primary purpose of a blockchain is to allow for potentially adverse parties to collaborate on transactions without relying on other actors to process or otherwise manage the transaction.  Proponents of blockchain assert that the technology creates the potential to eliminate certain “intermediary” parties to transactions, such as insurance brokers, and thereby achieve increased efficiencies and reduced costs.  Additionally, as blockchains create permanent ledgers to which information can only be added but not deleted, the use of blockchains would create a complete audit trail, which would potentially reduce the risk of fraud.

An additional technological development facilitated by the use of blockchain technology has been the creation of “smart contracts.”  A smart contract is a programmable, code-based contract, which is stored in the blockchain system itself and which automatically executes upon the occurrence of specified conditions that have been previously agreed upon by the parties – for example, upon the payment of the consideration for a transaction.  Use of smart contracts, particularly in conjunction with distributed ledger technology, would theoretically reduce the need for intermediaries, lower costs and increase transparency.  It should be pointed out, however, that most of these smart contracts rely on an impartial, arm’s-length third party (the so-called “oracle”) to verify the occurrence of contractual conditions. At this early stage, smart contracts are best suited for simple, straightforward, standardized transactions with clear, unambiguous parameters that can be readily verifiable, rather than for complex, customized transactions that are inherently ambiguous because a number of variables may be involved.

Potential stumbling blocks for blockchain

Blockchain will need to successfully address some fundamental challenges if its potential for increased accuracy, efficiency, security and privacy is to be realized in the insurance industry.  While there is always room for improvement, currently insurance transactions are generally conducted efficiently, securely and privately by established institutions which operate in a well-structured, professional manner within a clearly defined regulatory framework.  Blockchain’s overarching challenge is to demonstrate that it is potentially a significantly better alternative in terms of cost savings, improvement in customer experience and prudential regulation of insurance companies for the protection of policyholders.  Among the specific challenges that blockchain faces are technological constraints and regulatory uncertainty.

From a technological perspective, two key issues limit the growth of blockchain technology.  First, in their current stage of development, blockchains are limited in their ability to grow.  For many public blockchains, each party or “node” must process every single transaction (to affirm compliance with the protocols in place) and then maintain a copy of the entire revised ledger of records. As a consequence, a blockchain is constrained in the number of transactions it can process in a set period of time.  Presently, for example, blockchains have a fraction of the transaction-processing capacity of established centralized transactions and data processing entities such as VISA.  Second, the amount of storage space and computing power required for blockchain technologies to operate in a timely manner is quite high and results in massive energy consumption issues, which is neither cost-effective nor environmentally friendly from both enterprise and community perspectives.  In this regard, the growth of blockchain technology may benefit from the ability of such systems to interact with one another.  While hundreds of blockchain systems currently exist, each operates independently from the others.  The ability to share information between blockchain systems as well as within such systems may allow participants to derive greater value from their use of such systems.  Blockchain technology is still in the early stage and advances are currently being developed to improve the number of transactions that can be processed per second and interconnectivity of different blockchains.

From a regulatory perspective, blockchains largely remain unaddressed, with most regulators preferring to remain on the sidelines. As a practical matter, blockchain technology has yet to penetrate the insurance industry in a meaningful way, so at this stage there is simply not much for insurance regulatory authorities to regulate about blockchains.  However, public blockchains would, in their current form, likely present major problems under the California Consumer Privacy Act and the European Union’s General Data Protection Regulation, as concerns would be raised regarding the safeguarding of confidential information of individuals to protect their privacy, and the difficulties with correcting, compartmentalizing or deleting data once it is placed onto the blockchain system itself.  While private blockchains have been developed that restrict viewing, publishing and editing privileges to a subset of participants – thereby facilitating compliance with data privacy regulations – it is not clear that such private blockchains are significantly better than existing centralized platforms in terms of security, efficiency, security and regulatory compliance.

In addition, data privacy laws and laws regarding enforceability of self-executing smart contracts on a blockchain network are not uniform across jurisdictions.  The decentralized nature of the blockchain, where computers and data are potentially located across many jurisdictions, poses potential challenges to a consistent application of blockchain’s potential benefits to the insurance industry.  Although digital signatures are recorded and stored in blocks on the blockchain, accessing personal user data attached to such data blocks may not be easily obtainable by insurance regulators.  For example, an insurance regulator concerned about market conduct practices that may be harmful to certain vulnerable groups may not be able to obtain such information very easily under current pure form decentralized block chain structures.

Applications for insurance

Blockchain technologies, speedbumps notwithstanding, could have major applications for insurance industry products that require accurate and secure recordkeeping, are self-executing and require a high volume of data to be shared and used by a large collective group.  This potential cannot be ignored.

Several large insurance companies have formed consortia to study and further develop blockchain for the insurance industry such as B3i, R3 and the RiskBlock Alliance.  The American Association of Insurance Services has announced the use of a permissible blockchain to help insurers and regulators share information with each other in an efficient and secure manner.  These collaborative efforts among insurance industry players show that the insurance industry is taking the potential benefits of blockchain seriously – even if it is just to ensure that the insurance industry does not lag too far behind such other industries as financial services, health care and general retail in the use of innovative technology.

In the near term, the marriage of smart contracts with private blockchain systems holds out the prospect of significant efficiency and an enhanced user-friendly interface for simple, well-defined insurance products with clear and objective parameters.  Examples include crop insurance, hurricane insurance and flight delay insurance, where events and losses can be easily verified through reliable interconnected databases and other information.  Closer cooperation with insurance regulators will encourage and foster innovation in this important market segment.  For example, flight delay insurance is by its very nature short duration and time sensitive.  This in turn means narrow windows for mandated notice periods with respect to insurance policy review and cancellation.  Current regulatory requirements are geared to insurance products that are longer duration and therefore provide for notice periods that may not be realistic or practical – 45 days for flight delay insurance when flights are usually booked very close to departure dates will simply not work.  Proactive regulatory involvement can address such anomalies between the nature of the insurance product and the regulatory framework.

An interesting segment of the insurance industry where private blockchain technology could be useful is the potential market for customized and personalized insurance products that reflect different patterns of user behavior.  For instance, how an individual operates a car can be monitored electronically in real time, and a customized driver’s insurance policy can be designed with appropriate pricing.  Such policies may induce drivers to modify their driving habits to reduce the cost of their insurance – clearly a benefit for not only insurance users and providers, but also the community if translated into lower accident rates.  Of course, privacy issues with respect to such personal data would need to be addressed – but this is an existing issue, not a new one.  Another facet of customization involves the possibility that disruptive new entrants who share a mutual interest in a specific type of insurance coverage might group themselves together and form a blockchain system for such a purpose.  Clearly, to the extent that such an initiative addresses an underserved insurance niche, this may be quite useful.

Over the longer term, the specter of significant disruption looms large over the title insurance industry.  For example, land and vehicle title insurance is critically dependent upon concurrent entries of the same data by different parties to the same transaction.  Currently, the recording of ownership title to land property (real estate in general) and for vehicles (moveable personal property in general) is highly fragmented, use disparate and incompatible electronic and manual systems, and are prone to error and fraud.  In the United States, land and vehicle ownership titles typically are recorded at the local level using computer or paper-based documentation. The report on blockchain by the Vermont DFR indicates that nationally nearly 30% of title insurance losses related to real estate are attributable to fraud.  Obviously, the current state of affairs is far from satisfactory.  Blockchain technology has an opportunity to demonstrate that it offers a better alternative than the present system.  Whether it can rise to this challenge remains to be seen.

The Vermont example

The Vermont DFR has recognized the potential benefits of blockchain technology and has launched an initiative to gain a better understanding of the potential impact of this technology for the insurance industry.  On January 9, 2019, the Commissioner of the Vermont DFR and the Vermont Secretary of State jointly entered into a memorandum of understanding to collectively examine the use of blockchain technology in the digital recordkeeping practices of the captive insurance industry in that state.  The two officials have jointly issued a request for information to identify vendors to help the Secretary of State register captive insurers utilizing blockchain technology.  Depending on the outcome of the pilot program, blockchain technology could be utilized in other state regulatory processes.

The “closed” nature of captive insurance within the structural framework of affiliated companies provides a built-in protection against fraud, minimizes the use of third-party intermediaries, and facilitates compliance with regulatory reporting and capital adequacy requirements.  Electronically connecting insurance regulators to such private blockchain systems of captive insurers could enhance transparency and timeliness – a major “win-win” for captive insurers and their regulators.

As noted above, on January 15, 2019, the Vermont DFR submitted a report to the state legislature reviewing the strengths and weaknesses of blockchain technology generally.  While the report expressed the view that blockchain-specific regulation or legislation is not currently needed for entities regulated by the Vermont DFR, it recommended a “regulatory sandbox-type approach” to evaluate platforms and products which may include blockchain technology.  To support such innovation, the Vermont DFR requested that the state legislature specifically codify the regulatory agency’s ability to grant variances, waivers or no action letters to applicants who wish to test products or innovations that would not otherwise be permitted.  In such instances, the Vermont DFR would grant waivers or variances on a case-by-case basis with respect to specific laws and regulations for limited periods of time.  The Vermont DFR expressly stated that certain laws and regulations, including solvency and capitalization requirements, would not be subject to waiver.  The Vermont DFR also committed to actively engage with each entity testing a new product to both ensure the protection of Vermont consumers and gain insight into how such products could affect existing regulatory frameworks.  It is unlikely that the Vermont initiative will prove to be an evanescent, sui generis blip in the regulatory landscape.  What is more likely is that the Vermont experiment will be replicated, albeit with variations, by other regulatory authorities in the United States.  Accordingly, the insurance industry will have to remain alert and be prepared to shift to a more proactive mode.


Blockchain technology has the potential to improve customer experience and lower operational costs of data-intensive businesses.  Other industries are beginning to develop blockchain technologies and applications, which are starting to change customer expectations of the marketing and delivery of products and services.  If companies in the insurance industry want to participate in these new blockchain innovations, they will need to continue to advance the technology to tailor blockchain technology to insurance while concurrently addressing regulatory concerns about data management, data privacy, enforcement of smart contracts and market conduct compliance as new blockchain applications are rolled out to consumers.

Mayer Brown partners David L. Beam, Paul P. Chen, Lawrence R. Hamilton and associate Sanjiv J. Tata report on the new guidance and highlight areas of interest in this Legal Update.

Related Content