Regulation of InsurTech: Is the Principle of Proportionality an Answer?

: In the view of the current discussion on how to regulate the emerging InsurTech companies, if at all, the author attempts to demonstrate that rather than automatically introducing new regulation, the principle of proportionality can, in most cases, help to adapt application of the existing rules and policy approaches to the InsurTech business models without incurring major regulatory changes. An example of peer-to-peer platforms is used to show how the speciﬁcity of each InsurTech company can be grasped by the three key criteria of proportionality: nature, scale and complexity.


Introduction
In recent years, the insurance industry has undergone a process of digitalization, and insurance undertakings have modernized their processes and implemented innovative solutions to respond to the changing needs of the society. Nevertheless, the insurance sector is not considered the most innovative and the impression of an old-fashioned, conservative approach on the part of insurance undertakings still persists. The untapped potential to innovate was noticed by technology companies, which started to develop solutions that would improve insurance services. Starting from supporting the traditional insurers in developing their business, the so-called 'InsurTech' startups began technological revolution on the insurance market and are becoming real competitors to the traditional insurance services. Insurtech is the term being used to describe the new technologies with the potential to bring innovation to the insurance sector and impact the regulatory practices of insurance markets (OECD 2017, p. 3). The term also describes technology-led companies emerging in the insurance sector, which are taking advantage of new technologies to provide coverage to a more digitally savvy customer base. This paper focuses on the latter.
Obviously, the increase of InsurTech has triggered regulatory concerns. There was no doubt that alongside the benefits, the new technology also brings new potential risks and, for this reason, the use of new technology in insurance should be controlled. Ideally, the InsurTech companies would be subject to the existing regulation and no major changes, or a separate regime would be necessary. However, a natural question that follows is whether the existing insurance regulation is adequate enough to accommodate the use of new technology and new entrants. The discussion in this field focuses mainly on how to make the regulation 'technologically neutral' and to reduce the entry barriers (see e.g., Tereszkiewicz 2020; Marano 2019).

Materials and Methods
With a view to the above, this paper attempts to address the question of whether the principle of proportionality can be considered a helpful tool in adapting the existing regulation to the specificity of InsurTech companies, and if, so, whether it is sufficient. The principle of proportionality is already present in insurance regulation and serves to adjust the regulation to the specificity of different market participants. Hence, the question seems valid.
We start by showing the examples of InsurTech companies (Section 4.1). To this end, the paper consults the existing literature on InsurTech and websites of selected InsurTech companies. This part serves to demonstrate how the new technology changes traditional business models and what is the added value. Following such a description, Section 4.2 attempts to identify the regulatory issues that the InsurTech companies' activity entails. Because insurance regulation aims to accommodate different interests (policyholders protection, enhancing competition) and, therefore, the outcome should be a compromise between these interests, the problem is tackled from two perspectives: InsurTech companies and national supervisory authorities. The InsurTechs' perspective is presented based on the results of the surveys conducted among the market players and shows how the current regulatory environment inhibits development of their business. The perspective of the supervisory authorities is represented by the International Association of International Insurance Supervisors. It is focused on the risks that the InsurTechs' activity may pose to customers and policyholders. Presentation of the regulatory issues from both perspectives demonstrates the areas where insurance regulation should be improved and/or should address.
Having understood the problem, the second part of the paper moves to address the research question. To see if the identified regulatory issues can be tackled by the principle of proportionality without imposing any radical regulatory changes, we will look first at the function of proportionality (Section 4.3). To this end, two main EU insurance directives, Directive 2009/138 of the European Parliament and of the Council of 25 November 2009 on the taking-up and pursuit of the business of Insurance and Reinsurance (Solvency II) and Directive (EU) 2016/97 of the European Parliament and of the Council of 20 January 2016 on insurance distribution (recast) (IDD), are analyzed to determine how they implement proportionality. The choice of the Directives is justified by the fact that these are the legal acts that cover the regulatory issues identified in the first part. Subsequently, the theoretical analysis of proportionality is tested with the regulatory issues identified in Section 4.2. The last Section concludes.

Results
As will be apparent in the coming section, the above-described analysis allows claiming that the principle of proportionality is an adequate and sufficiently flexible (Marano 2017, p. 14) measure to embrace the activity of the InsurTech companies (Marano 2017, p. 14;Marano and Siri 2021). A correct application of proportionality based on an understanding of how the InsurTech companies operate and what is required to make their innovations work as planned can serve as a remedy for most of the identified regulatory issues and thereby prevent from incurring more radical regulatory changes. Nevertheless, the analysis shows that where the regulation becomes more prescriptive or rule-based there is little that proportionality can help with. This is because proportionality comes into play only where a requirement can be applied with different intensities. If a requirement is not designed to be applied proportionately to the undertaking's risk profile, products sold, nature of distributor, or type of the activities pursued, it must be applied to all undertakings equally. Now, if such a requirement creates an obstacle for InsurTechs to operate, proportionality cannot help in overcoming the obstacle. The requirement should be either repealed or changed in a legislative process in a way that would accommodate InsurTechs' business models.

InsurTech Companies in Insurance Distribution-Selected Examples
Among the myriad of different InsurTech start-ups there are companies which pursue activities falling into the scope of insurance activity (Lemonade, HavenLife, Ottonova) and insurance intermediation (Friendsurance, Teambrella, Laka).
Perhaps the best-known 'digital insurer'-an InsurTech company holding an insurance license is Lemonade. Lemonade improves the traditional insurance business model by offering homeowners' and renters' insurance powered by artificial intelligence and behavioral economics. Lemonade is different from traditional insurance in that the customer experience is improved (the claims handling process is fully digitalized and requires no paperwork, the insurance is offered via IA app), the insurance premium is more precisely calibrated to the client's risk exposure (calculation of the insurance premium is based on many detailed factors, including risk prevention measures put in place) and it is registered as a public benefit corporation (a portion of the Lemonade's underwriting profits is donated to charity projects chosen by the customers) (Moodie 2017). The improved customer experience is also a main feature of Ottonova and HavenLife providing life and health insurance respectively. Besides these differences, the core of these InsurTechs' insurance activity is the same as the traditional one (OECD 2017, p. 159;Braun and Schreiber 2017, p. 159).
Many more InsurTech companies turn to the insurance intermediation proposing new distribution alternatives for traditional models. The most distinct one is known as peer-to-peer where the focus is put on the risk mitigation through the peer pressure (Marano 2019, p. 12). Typically, the customers of peer-to-peer InsurTechs are provided with the platform where they register and create group of peers (users). Peers within one group share the same needs or are interested in using the same insurance product. The bond between the peers can be even stronger if they are connected personally or through mutual business. Upon joining the group, each peer pays a premium which is then split in two parts. One part is paid to the cash back pool and the other is transferred to a partner insurance company. The loss is primarily paid from the money collected in the cash back pool, however, when the loss exceeds the agreed capped limit, it is paid by the partner insurance company. The traditional insurer will also step in if the cashback pool is exhausted. At the end of the year, if the overall amount of the paid claims is low, the peers may decide if they want to receive a cashback payment or keep the remaining money in the cashback pool to renew the coverage (Ziemiak and Ostrowska 2020, p. 35). This peer-to-peer arrangement may be organized by an insurance company, an insurance intermediary, e.g., Friendsurance (usually broker) or 'self-governing' platform acting as a purely technical service provider, e.g., Teambrella (in this case the platform cannot perform any insurance or insurance distribution activities) (EIOPA 2019, p. 26).
Another example of an innovative distribution model is Laka, provider of insurance coverage for cyclists where the consumer makes payments at the end of the month, based on the exact cost of claims settled during that period (Laka Ltd. registered in London, UK, authorized and regulated by the Financial Conduct Authority). The premium will never be more than the personal cap of the customer. It seems that the model resembles peer-to-peer arrangement, at least in part. Laka offers the customers an option to join a collective (peers group). If the policyholder is part of the collective and the collective has no claims in a month, the members of the collective are not charged a premium that month (Laka Ltd. n.d., p. 8).
The innovations of the above models are created around the reduction of the premium, alternative risk mitigation techniques, increase of trust (through transparency about the company's earnings, clarity of the policy wording) and change of the customers' perception of insurance and insurance industry (insurance as a social good rather than a necessary evil).

Identification of the Regulatory Issues
Innovations are generally a positive development and there is a common consensus that they should be supported. An important factor influencing development of innovations is regulation which may be either open to innovations, thereby accommodating new business structures or obsolete and too stiff. Clearly, the latter would be seen as a serious obstacle for the InsurTech startups discouraging them to enter the insurance industry, regardless of the services they would provide. Consequently, such a regulation would inhibit the overall development of insurance as well as the competition in the insurance market. All of that is to the detriment of the customers.
Considering the potential negative consequences of an obsolete regulation, it is in everybody interests (customers, insurance undertaking and intermediators, and other InsurTech startups) to make insurance regulation InsurTech friendly without compromising on the main objectives of the regulation (customers/policyholders protection, financial stability, undistorted competition). To do so, it should be first identified whether, and if so why, the currently binding insurance regulation is unaccommodating to the InsurTech companies.

The InsurTech Companies' Perspective
The Geneva Association's survey carried out among insurers shows that the InsurTech companies' concerns regarding the regulation concentrate mostly around three issues: default paper requirements (insurance document delivery), medical exam requirements or absence of the provisions of telehealth, insurance distribution regulation (The Geneva Association 2021, p. 12). In another survey on InsurTech carried out by EIOPA, Insurance Europe indicated the following legal barriers to InsurTech in the existing European insurance legislation: default paper requirements (especially in IDD Directive and PRIIPs Regulation), unnecessary, burdensome reporting requirements, overly strict requirements in case of outsourcing of key functions, requirement to carry out appropriate product testing, licensing requirements (Insurance Europe 2018, pp. 1, 3, 4).
The compulsory use of paper appears as a legal barrier in both surveys. As demonstrated in the previous section, the innovations employed by the InsurTechs rely heavily on the paperless contact with the customers. The whole process of choosing insurance coverage, entering into an insurance contract and subsequent execution of the contract is digitalized. It fastens insurance acquisition and claims handling but, most importantly, it improves the customer's experience which is key for the InsurTech business. Whenever the regulation sets out a requirement of a compulsory use of paper (e.g., Article 23 of the IDD Directive), the requirement kills the innovation.
Another challenging requirement regards product testing. IDD Directive requires insurance undertakings to carry out appropriate product testing before bringing that product to the market or significantly adapting it, or in case the target market has significantly changed (Article 25(1) of IDD Directive and Article 6 of the Commission Delegated Regulation (EU) 2017/2358 of 21 September 2017). When assessing the methods of product testing, the NSAs look at the structures that are in place within an organization in respect of product testing (i.e., what product testing looks like on paper) and whether the product testing processes and procedures are fully embedded within an organization (i.e., how product testing is implemented in practice) (EIOPA 2020, p. 12). The Insurance Europe notices that considering most InsurTech related products are tested in real-time and quick reaction to market needs is key for innovation to work, compliance with the product testing requirements may become troublesome as it lengthens the time to bring innovate products to the market (Insurance Europe 2018, p. 4).
For those InsurTech companies which wish to become an insurer or an insurance agent/broker already the licensing requirements themselves may become challenging. There are potentially prohibitive capital and fit and proper requirements (Insurance Europe mentions cases in the Netherlands where InsurTech companies applying for licenses ran into difficulties regarding certain licensing requirements (e.g., management should have a certain experience in the industry and/or consist of a number of persons when scaling up) (Insurance Europe 2018, p. 2) which could turn out to be a barrier to enter (OECD 2017, p. 29). Finally, even though an InsurTech company obtains the insurance license, the requirements on the insurance activity may turn out to be overly burdensome and eventually make the business unprofitable. For instance, an overwhelming number of reporting requirements which are criticized for being overly complex or for the fact that they duplicate, or overlap are a real burden to most of the traditional insurance undertakings (European Commission 2018, pp. 7, 10). If the supervisory reporting is considered costly and complicated by those market participants who run insurance business for years, have resources and well-developed business, obviously, compliance with the supervisory reporting will be even more difficult for the new InsurTech entrants. Further to this, there are also requirements on outsourcing of functions and insurance activities which are considered overly strict. Typically, InsurTechs entering the insurance business are small-sized and do not have enough appropriately qualified human resources. They will most likely outsource most of the key functions or insurance activities, at least at the beginning of their activity. Therefore, in theory, to allow InsurTechs to start the activity and to anchor their presence to the market, the regulation should facilitate the outsourcing process. Meanwhile, though, it is complained that Solvency II inhibits the process by requiring, for instance, to adopt a written policy for the outsourced functions and insurance activities, designating an employee responsible for supervising the outsourcing process or by stipulating that the ultimate responsibility for the outsourced functions remains with the management board of the InsurTech company (Insurance Europe 2018, p. 4).

The NSA's Perspective
Some of the respondents in the Geneva Association's survey indicated conservatism of the national supervisory authorities (NSAs) as a barrier to innovate (The Geneva Association 2021, p. 10). This conservatism may result from the fact that the NSAs do not understand or have sufficient knowledge on how the InsurTechs actually work. Naturally, it builds a mistrust on the NSAs' side and implies stricter approach towards the supervision of InsurTechs.
The NSAs main goal is to ensure that customers enjoy the same level of protection, regardless of the distribution channel. The IAIS understands that the new technologies and innovations provide a unique opportunity to provide customers with products that are tailored to their needs in a best possible way, however, the IAIS' concern is whether the processes behind the use of new technology are fair. The IAIS has thoroughly analyzed the most popular innovations used in the market and voiced its concerns regarding the potential risks they may pose to the customers. The following represent a few examples. First, introduction of innovative solutions usually increases the number of parties involved in the execution of insurance relationship and makes the interactions more complex (Braad Olesen 2017). Second, the use of digital marketing campaigns and the increased collection and use of data (e.g., via social media platforms) may lead to customers being manipulated to buy an insurance product, without them being aware (IAIS 2018, pp. 15-16). Third, it is doubtful if the automated advice can solve every limitation of traditional faceto-face advice and therefore replace the human advice. IAIS believes that the automated advice may pose the risk of misunderstanding or a reduced detection of contradicting answers by customers if the automation is total. Furthermore, one of the most challenging aspects is if the automated advisors can detect when the customer is in doubt (IAIS 2018, p. 19). Fourth, there are price comparison websites that are not subject to specific disclosure requirements. In such a case, transparency is reduced, and it may affect adversely the customers' ability to make informed decisions (IAIS 2018, p. 20). Finally, reduction of transparency is also observed where algorithms and automated decision-making are employed. Here, it is feared that it can lead to unfair discrimination, or the policyholders may complain that forecasts made by an algorithm might not be explainable (IAIS 2020, pp. 11-12). For this reason, the German NSA has already stated that black-box models would not be accepted (BaFin 2018, p. 13).
As already mentioned, there is no doubt that innovation is necessary for the development of the markets and products and that its implementation should be strongly supported also by the NSAs (IAIS 2018, p. 34). Nevertheless, the above concerns cannot be ignored. The NSAs are thus facing the challenge of finding the right balance between acting as a promoter of the innovative solutions and businesses and protecting the customer.
To do so, it is crucial for the NSAs to understand how exactly these innovations work and how the InsurTechs are behaving with impact on outcomes for consumers.
Other than innovations as such, the NSAs may also not be familiar with the specificity of entities providing the innovations that wish to enter the insurance markets. Unlike the traditional insurers and insurance intermediaries, the InsurTech companies may not have experience or knowledge of financial services regulation, may have different entity structures and approaches to consumer related risks. The IAIS notices that it may require a proactive strategy for outreach and engagement with these new entrants to inform and "educate" them on relevant supervisory matters and the proper compliance attitude (IAIS 2018, p. 30). One way to know the InsurTech business better is establishing a 'regulatory sandbox' approach designed to assist new market entries. More precisely, it helps InsurTech companies to gain access to fast, frank feedback on the regulatory implications of their solutions, and identifies areas where the regulatory framework needs to adapt to enable further innovation in the interests of consumers.
Further to this, the NSAs should continuously monitor new developments and cooperate with InsurTechs as to how the potential risks resulting from their activity may be mitigated.

Principle of Proportionality. (How) Does It Come into Play?
Solvency II and IDD Directives are two principal EU insurance regulations covering (re-)insurance activity and insurance distribution respectively. The undertakings subject to these regulations range from traditional big (re-)insurance undertakings providing coverage to thousands of policyholders to small, specific captive insurance undertakings with only one policyholder. The selection of the insurance distributors is also fairly diversified as it includes the insurance undertakings, brokers, tied and independent agents, coverholders, and ancillary insurance intermediary. When the same regulation governs such a diversified market, to provide a business-friendly environment that is to the mutual benefit of both customers and regulated undertakings, it must be designed in a way that accommodates all different market participants. In other words, the regulation must avoid creating unnecessary burden that can discourage undertakings to take up business or to develop by, for example, employing innovations (Harbo 2015, p. 37). In this vein, the principle of proportionality was introduced to Solvency II (Van Hulle 2019, p. 171). Later on, proportionality was also adopted in IDD (see recitals 72, 17, 23 of IDD). Because the directives cover different areas of insurance law, the principle of proportionality embedded therein slightly differs, however, its function remains the same. Namely, in both directives, proportionality serves to adjust the regulation to the specificity of an individual undertaking by allowing to increase or decrease the intensity of the regulation and supervision (see more in Ostrowska 2020, p. 39; Löfvendahl and Yong 2018, p. 4).

Proportionality in Solvency II-Insurance Activity
Since Solvency II imposes requirements regarding the insurance activity and the requirements are risk-based (Purves 2011, p. 641), the intensification of the regulation and supervision is adjusted to the risk profile of a regulated undertaking. The risk profile is defined by three criteria: nature, scale and complexity of the risks inherent in the business of an undertaking. Thus, in practice, application of proportionality comes down to calibrate a requirement to those three criteria.
Although nature, scale and complexity of a risk are not legally defined, the supervisory authorities made an effort to explain their meaning by issuing guidelines and other nonbinding instructions (see for instance CEIOPS 2008; EIOPA 2015a; IAIS 2008). Based on these guidelines, nature of the risk refers to the insurance risk of an undertaking. The insurer should consider whether it underwrites long-or short-tail business, whether it is a low frequency and high severity business or consists of high frequency and low severity risks and who are the policyholders (CEIOPS 2008, p. 6). Complexity of the risks refers to all the risks borne by the undertaking, including e.g., operational risk or market risk. The nature and complexity of the risks should thus provide a picture of the undertaking resulting from the analysis of the origination of the risks, the correlation between the types of risks and the mitigations and diversifications (Grima 2020, p. 226). The full picture of a risk profile must be completed with the scale of the risks which depends on the scale of the undertaking's balance sheet and materiality of the risks (CEIOPS 2008, p. 6). Now, if an InsurTech company seeks to obtain an insurance license, it means that the business it wishes to pursue falls within the scope of the definition of the insurance activity and as such it presents the risks associated with the insurance activity. In other words, it results that the core of the activity of InsurTechs does not differ from the activity of the traditional insurance undertakings. Consequently, it is justified to subject the InsurTech company to the risk-based Solvency II Directive as the regulation introduced therein is appropriate and necessary to achieve the objectives of insurance regulation (see recital 133 of Solvency II Directive). At the same time, taking into account the specificity of InsurTechs as well as the role of proportionality, the principle should be considered instrumental in applying the regulation to the InsurTech companies.
There is no doubt that proportionality is an adequate tool to address the concerns regarding a too strict system of governance requirements or the excessive supervisory reporting and bring the InsurTech companies a regulatory relief, at least technically (see Commission of the European Communities 2007, pp. 24-26). The following paragraphs will now demonstrate how proportionality may be of help for the InsurTechs on their way to adapt to Solvency II Directive as it stands today.
We start with the system of governance where Solvency II Directive does not prescribe any specific system of governance. This is because there is no one system that would work well for all undertakings. The variety of (re-)insurers subject to the EU insurance regulatory framework makes it impossible to create common rules on the organization of the system of governance, not to mention that neither would it be the best solution from the high-quality legislation perspective (i.e., criticized 'one-size-fits-all' approach). It is only possible to outline the results that are expected of the system of governance that is recognized as proportional, which EIOPA did by issuing Guidelines on system of governance (EIOPA 2015a). For this reason, the regulation on system of governance is mostly principle-based which allows insurance undertakings to freely decide on their own system of governance as long as it is proportionate to the nature, scale and complexity of the operations of the insurers (Article 41(2) of Solvency II Directive). The principle of proportionality has been introduced here as a general principle ruling the whole regulation of the system of governance which means that all provisions on system of governance should be interpreted according to the nature, scale and complexity of the operations of the insurance undertakings. If an InsurTech is small or medium-sized, or if its business is relatively simple and straightforward, a less sophisticated governance system should be sufficient (Van Hulle 2019, p. 400). What is meant by a less sophisticated governance system must be of course specified individually. I will, however, present issues which may be common for many InsurTechs, taking as an example an InsurTech startup with an innovative technology-led business model wishing to enter the EU insurance market. First, Solvency II Directive introduces a requirement that an undertaking must organize at least four key governance functions: risk management, internal control, internal audit and actuarial (Articles 44, 46, 47, 48 of Solvency II) where each function is operationally independent (Article 268(1) of Commission Delegated Regulation (EU) 2015/35 of 10 October 2014 (Delegated Regulation)). Establishment of four independent functions was proved to be burdensome for small and less complex undertakings, such as (re-)insurance captives, which for their size tend to outsource most of the functions (AON 2011, p. 3). This may be the case of most of the small-sized companies or companies that are entering the market, including InsurTech startups. The principle of proportionality helps to ease this burden by allowing the insurance undertakings to outsource the key functions (Article 49 of Solvency II Directive) or to combine them (recital 32 of Solvency II Directive). If the functions are combined, it should be ensured that the conflicts of interests are avoided, and the judgement is independent. One key function that, in principle, cannot be combined with other functions is the internal audit function (Article 271(1) of Delegated Regulation). Article 271(2) of Delegated Regulation provides however for a very narrow exclusion to this prohibition, according to which a person carrying out the internal audit function may also carry out other key functions if (i) this is appropriate with respect to the nature, scale and complexity of the risks inherent in the undertaking's business and (ii) no conflict of interest arises for the person carrying out the internal audit function and (iii) the costs of maintaining person for the internal audit function that do not carry out other key functions would impose costs on the undertaking that would be disproportionate with respect to the total administrative expenses. EIOPA further specifies what is meant by this exclusion and states that the performance of the internal audit function by the same person or persons which perform the compliance, risk management or actuarial function is only possible where the undertaking has a risk profile that does not entail large or complex risks, i.e., where the undertaking only writes standard lines of business on a limited scale and where the undertaking is not invested in complex investment products (EIOPA 2015b, p. 83). If this description corresponds with an InsurTech startup's risk profile, it would be justified for that InsurTech to apply the exclusion. In such a case, the InsurTech would need to be able to demonstrate to the supervisory authority, on request, that the conflicts of interest are properly dealt with and no concerns remain that the objectivity and independence of the internal audit function is compromised (EIOPA 2015b, p. 83). If combination of functions is not an option, it is also possible to outsource them. In principle, there is no qualitative limitation to outsourcing, i.e., as to which functions or activities can be outsourced. Yet, if the outsourced function or activity is critical or considered important operational function, the outsourcing of such function cannot put at risk the InsurTech's quality of governance, increase its operational risk, hinder the supervisory process or undermine the service to the policyholder (Article 49(2) of Solvency II Directive). The part of key activities or functions that must be retained in the InsurTech compared with tasks outsourced should be assessed having regard to the nature, scale and complexity of its business. Obviously, the InsurTech cannot outsource all its functions and activities. It must retain sufficient expertise and resources to monitor and manage its risks. The part of key activities and functions that the insurer retains must be such that the insurer will be in a position to resume direct control over an outsourced activity either by insourcing or through an alternative outsourcing arrangement (Van Hulle 2019, p. 460). This must be assessed having regard to the nature, scale and complexity of the InsurTech.
The proportionality of the system of governance is also relevant where the InsurTechs use AI within their organization. In the recent EIOPA's report, it is underlined that the governance measures that the insurance undertakings must implement (e.g., transparency and explainability policies, human oversight, data management) should be proportionate to the AI use case and its impact on both consumers and those insurance undertakings (EIOPA 2021, pp. 8, 17). To help InsurTech assess the impact and justify the choice of the governance measures, the report suggests following the AI use case impact assessment which determines the impact by the potential harm caused by the use of AI to an individual and to the insurance undertaking (EIOPA 2021, p. 18). If, according to the impact assessment, a concrete AI use case has low impact, there is no need for the InsurTech to implement sophisticated measures but instead, they can be limited to the minimum required.
Besides the system of governance, proportionality is also instrumental for the supervisory reporting duties. The regular reporting obligations include the Solvency and Financial Condition Report, the regular supervisory report, Own Risk and Solvency Assessment and annual and quarterly quantitative report templates (Article 304(1) of the Delegated Regulation). Submission of these reports is obligatory and the frequency of reporting varies from quarterly to at least every three years. Both big-sized and small-sized insurance undertakings complain that the supervisory reporting in its current form is unnecessarily costly for its intended purposes and often overlaps with other disclosure requirements (European Commission 2018, pp. 7, 10). If the issue is raised by experienced big-sized insurers, most likely it will also be a challenge for a small-sized InsurTech startup. The principle of proportionality may help to minimize the burden of the reporting in at least two ways. First, instead of submitting annual and quarterly report templates, the InsurTech could limit the reporting duties to the annual quantitative templates only if proves the following: (i) the submission of quarterly information is overly burdensome in relation to the nature, scale and complexity of the risks inherent in its business and (ii) the quarterly information is reported at least annually (Article 35(6) of Solvency II Directive). Second, NSA may limit regular supervisory reporting or exempt the InsurTech from reporting on an item-by-item basis, where (i) the submission of that information would be overly burdensome in relation to the nature, scale and complexity of the risks inherent in its business, (ii) the submission of that information is not necessary for the effective supervision of the InsurTech, (iii) the exemption does not undermine the stability of the financial systems concerned in the EU and (iv) the InsurTech is able to provide the information on an ad-hoc basis (Article 35 (7) of Solvency II Directive). Although in both cases, the limitation of the reporting duties depends on the prior approval of the NSA, it is worth noticing that the small-sized InsurTechs should be prioritized when determining the eligibility of the undertakings for those exemptions (Article 35(6) of Solvency II Directive).
As seen in the above examples, the principle of proportionality does offer a general possibility to adjust the Solvency II framework to the InsurTech specificity (particularly size of the business and the use of IA). Each time the InsurTech would wish to apply proportionality, it will be key to specify its risk profile and, most importantly, if (and how) the innovative business models and the technology used by that InsurTech affect the risk profile. Do certain business models increase or decrease the risk of insolvency? Does the technology used by InsurTech companies expose the policyholders to higher risks or provides greater safety? For instance, the risk mitigation techniques applied within the peer-to-peer arrangements or application of the technology that allows for controlling the risk may decrease the overall complexity of the risks inherent to the business. In turn, if the InsurTech adopts new technologies or innovates processes or products where they represent the supervisory concerns mentioned earlier, it would perhaps increase the complexity and therefore the InsurTech should make sure that the appropriate internal control or security measures are in place.
Although, technically, proportionality enables to adjust the regulation to the specificity of the InsurTech companies, it should be underlined that the history of the principle in the insurance industry shows that the mere fact the principle exists is not enough. Namely, the practical application of proportionality revealed to be too troublesome both for the NSAs and the insurance companies. It is complained that the proportionality is not applied to its fullest extent or is not applied at all (Batten and Di Capua 2020; Insurance Europe 2018; Insurance Europe and AMICE 2019) which leads to the situation where in fact 'one-size-fitsall' approach persists. It should be stressed, however, that the criticism does not question proportionality as such. The principle is commonly recognized as indispensable to apply the EU regulatory framework (see e.g., Insurance Europe 2018, p. 3;ECIROA 2008, p. 5). Rather, the criticism focuses on the procedural aspects of the application of proportionality.
The insufficient and inconsistent application of the principle is a general problem, however, it may be particularly damaging to innovative business models. Based on experiences in the German and French markets, the InsurTech companies faced the difficulties relating to licensing exactly for this reason (Insurance Europe 2018, p. 1). The principle of proportionality is now being revised within the Solvency II review and different ways to improve its application and supervision are being analyzed. The accounts are also taken of the InsurTechs needs and interests (the proportionality toolbox suggested by the Dutch Association of Insurers facilitates activity of small and medium-sized insurers as well as InsurTechs (see Dutch Association of Insurers and Insurance Ireland 2019, p. 3).

Proportionality in IDD Insurance Distribution
Since most of the InsurTech companies are active in the insurance intermediation area, the conduciveness of the regulation on the insurance distribution is particularly important in terms of the InsurTech regulation. Meanwhile, the Geneva Association survey shows that the insurance distribution regulation is considered a barrier by 44% of respondents, including Germany (The Geneva Association 2021, p. 12) (IDD Directive is also claimed to be burdensome by Insurance Europe (see Insurance Europe 2021, p.10)).
IDD Directive follows the suit of Solvency II and implements the principle of proportionality to accommodate different insurance distributors and thereby create a level playing field (Marano,p. 6). Here, however, proportionality refers not only to the risk profile of an undertaking (recital 23 of IDD Directive) but primarily to the activities performed, the nature of the insurance products sold and the nature of the distributor (Article 25(2) of IDD). The intensity of the regulation is adjusted to the activities performed, nature of the products offered and type of the distributor. The intensity of supervision is additionally adjusted to the nature, scale and complexity of the risks inherent in the business of a particular distributor. There are no general guidelines on how to calibrate specific requirements to the activities performed, nature of the products offered or type of the distributor. Occasionally, EIOPA explains what impactful elements are considered when assessing proportionality of individual requirements. For example, with respect to the product oversight and governance, the NSAs should consider whether the distribution activity is the principal professional activity or an ancillary activity, whether the distributor is acting as a tied agent or an independent broker (type of the distributor) (EIOPA 2020, p. 7), manufacturers' business model, activities pursued (designing and manufacturing of insurance products and/or distribution of insurance products) and kinds of product offered (their complexity), distribution and outsourcing arrangements, characteristics of the different target markets (EIOPA 2020, p. 8).
Similarly to Solvency II Directive, there seems to be nothing against application of proportionality to the InsurTech companies. Quite the opposite, in fact. The element to which the regulation should be adjusted are so broad and generic that they can embrace the specifics of InsurTech. Again, however, what may be problematic is the practical application of proportionality. Besides, the uncertainty about how to calibrate a requirement to e.g., complexity of the product sold, application of proportionality is virtually impossible. This is because some of the requirements set out by IDD Directive are rule-based and leave no room for the proportional adjustment. The problem regards e.g., Article 23 of IDD Directive which imposes obligation to provide the relevant information to the customer on paper. The industry argues that the InsurTechs should be exempted from this obligation. However, nonapplication of the obligation cannot be justified by the application of proportionality. This is because according to the idea behind the principle of proportionality, proportionality can never lead to the non-application of a requirement (Van Hulle 2019, p. 172). It is explained that because all the measures (requirements) are appropriate and necessary, if application of proportionality allowed for nonapplication of a requirement, it would question its necessity. On a separate note, it is interesting to notice here that the principle of proportionality in the bank regulation slightly differs in this respect. Namely, proportionality applied in the bank regulation allows to apply certain regulations only to those institutions which are relevant to the issue being addressed by those regulations (e.g., a regulation intended to be addressed to systemically significant banking institutions which at the same time should not be applied to other institutions which are not deemed to be systemically significant). As a result, proportionality allows to waive certain rules, rather than apply them in a simplified or less prescriptive way, whenever an institution is only marginally exposed to the risks that those rules are designed to control (EBA Banking Stakeholder Group 2015, p. 29). Perhaps the same concept transposed to the insurance regulation could address the problem of the default paper requirements.

Conclusions
This paper attempted to examine whether the application of existing rules and policy approaches might be adapted to meet the development of InsurTech companies without incurring major regulatory changes. Based on the above discussion, two provisional conclusions arise.
First, the principle of proportionality does appear adequate and sufficiently flexible to embrace the activity of the InsurTech companies, at least for now and at least where the regulation is not too much prescriptive or rule-based. The conclusion is shared by the Insurance Europe which stresses that proper and consistent application of the principle of proportionality can ensure both traditional insurance distributors and new InsurTech companies to provide innovative products when the activity and risk are the same (Insurance Europe 2018, p. 3). For the purpose of the application of a requirement in a proportional manner, the valuation of the risk profile should take into account the influence of the innovation and new technology used by InsurTech companies. The NSAs should use the concept of the regulatory sandbox not only to test whether the innovation is safe for the customers but also as an opportunity to understand how the innovations work and then to use what they learned to enhance the application of the principle of proportionality towards the InsurTechs.
The first conclusion may change however if the innovative business models developed to the point where the financial buffers imposed by Solvency II would no longer be needed. Clearly, this is an extremely abstract vision of the future, yet, judging on the pace of technological development so far, its potential should be never underestimate.
Second, a mere application of proportionality will not make the regulation 'technologically neutral'. This is because in the current regulation application of the principle cannot lead to a nonapplication of a requirement and therefore the application of proportionality cannot justify nonapplication of the requirement that limits technological development, e.g., a compulsory use of paper documentation. In these cases, the principle of proportionality will not suffice, and more radical changes should be introduced instead.