Hong Kong IA flags poor calibration in insurers’ recommendation engines

The IA also advised insurers to base rule settings on historical case data.

Recommendation engines in insurers’ tablet-based sales platforms are often too loosely calibrated, mapping products to any single customer objective rather than evaluating them against all stated needs, the Hong Kong Insurance Authority (IA) has warned.

Inadequate user acceptance testing (UAT), particularly without frontline sales staff involvement, further undermines the effectiveness of these systems, raising the risk of unsuitable product recommendations and mis-selling.

Using a hypothetical example called Sell+, the IA illustrated how insurers can design end-to-end digital controls to better align with regulatory expectations under GL30 (Financial Needs Analysis) and GL27 (Policy Replacement).

Sell+ models how controls can be layered across the sales process: front-end prompts that flag risks and enforce hard-stops when agents override recommendations; underwriting checks that validate the timing and consistency of FNAs; and post-sale pattern analysis to identify potential mis-selling, including deviations from system suggestions and benefit illustrations.

Data quality remains a major barrier to effective automation. The IA cited problems including access gaps to legacy repositories, OCR errors from past digitisation efforts, inconsistent data formats, duplicate customer IDs, and incomplete capture of surrendered or terminated policies.

Calibration of system parameters was also identified as a weak point. Thresholds tuned to avoid false positives may fail to catch genuine issues.

The IA advised insurers to base rule settings on historical case data, require formal approvals for any changes, maintain full audit trails, and review rule performance regularly.

It also stressed the importance of realistic project timelines, sufficient resources, and a solid foundation of clean, consolidated data — including unified customer IDs and real-time access to legacy information via APIs or middleware.

Ultimately, the IA cautioned that while automation can materially enhance suitability and policy replacement controls, poorly designed, tested, or governed systems can amplify conduct risk.