How insurtechs can ease growing pains

As you move closer to an IPO, you’ll need increasingly sophisticated financial reporting and accounting policy to address:

• Revenue recognition: Many consumer-facing insurtechs start out as managing general agents (MGAs) or managing general underwriters (MGUs) focusing on customer acquisition and underwriting. They often progress to retaining risk as a full stack carrier and expanding into ancillary offerings like third-party administrator (TPA) services. As your business models and sources of revenue change, you’ll need clear and coherent accounting policy and interpretation of revenue recognition under US GAAP. Such interpretation is complex and you’ll need insight into sub-sector (e.g., agency and brokerage) considerations in order to provide meaningful measurements for investors and financial statement users.
• IPO readiness preparation: Adopting public company accounting standards and Rule S-X-compliant presentation of financial statements require a variety of data sources and accounting processes. Identifying future needs in advance of an IPO readiness transition facilitates high-quality data capture at the source and can reduce risk, potential surprises and effort.
• Quarterly reporting: As a future public company, you may be required or voluntarily choose to disclose multiple quarters of historical data. Your quarterly close process will need to be as robust as your annual one and meet an investment-grade, SEC-reporting-level of quality.
• Technology stack: Many insurtechs use sophisticated AI and machine learning models in customer targeting, underwriting and user experience. However, this “tech-first” ethos rarely extends to the back office. Many insurtechs use spreadsheets with manual processes and copy and paste data flows for finance and accounting. This can compromise accurate communication with investors and other key stakeholders. To improve, starting with your general ledger, refine your technology roadmap to address different platforms’ and systems’ strategic value and upgrade points. Especially if you’ve incorporated proper internal controls from the onset, this will help lower labor cost, reduce risk of error and allow for integration into multiple downstream process flows that are as valuable to the business as they are to financial reporting.
• Internal and external expertise: You should search for an experienced CFO, controller and other financial reporting specialists well before an IPO is imminent. You do not want your finance team figuring out the company and their jobs in the midst of a public filing. Moreover, given likely resource constraints, outsourcing accounting and reporting activities (e.g. statutory financial statements, actuarial valuation and accounting policy) can help promote confidence in your financial reporting and compliance as you develop talent and capabilities. Lastly, enlisting the support of an audit firm that has experience pre-, at and post-IPO will increase your key stakeholders’ trust in your financial reporting.

Insurtechs face the same tax issues as other technology startups, including the complexity that comes with growth, deferred compensation plans, R&D costs and loss limitation planning. Moreover, once insurtechs associate with regulated carriers, insurance-specific factors like statutory reporting, unearned premiums, loss reserve and actuarial planning also come into play. This combination can result in challenges with:

• State income and premium taxes: You may become subject to many different financial accounting rules for various types of taxes, which can affect both pre- and after-tax results.
  
  Your legal entity structure and the type and location of your activities, including the development of products and services, have state tax implications. Notably, it’s possible for companies — regardless of where they’re domiciled — to have a nexus for sales tax purposes if they reach a certain sales volume. This means that technology companies with only a virtual presence have to review their sales tax nexus footprint, including potential taxation on Software as a Service (SaaS) and Platform as a Service (PaaS) products.
  
  A related consideration is that insurance companies generally have not been subject to state income taxes because many states adopt “in lieu of” provisions for companies that pay premium taxes. However, states could assert economic nexus if the gross receipts of insurance companies that do not pay premium taxes (i.e., reinsurance companies, surplus lines writers) meet certain statutory thresholds.
  
  State premium taxes themselves are one of the most significant tax obligations for insurance companies. Most jurisdictions impose premium taxes based on the level of gross premium, regardless of a company’s operating income position. Accordingly, insurtechs should consider acquiring transferable premium tax credits or purchase investments (e.g., low-income housing or renewable energy credit investments) that carry credits, and potentially immediate cash savings.

• Loss limitation: US tax law has special rules that restrict a corporation’s utilization of net operating losses, tax credits and built-in-losses in the event of an ownership change. As a company raises both debt and equity capital to meet its growth needs, the type and features of capital issuances may materially influence the likelihood of an ownership change and lead to reduction — potentially even a write-off — of valuable tax assets. 
• Deferred compensation: Like many startups, insurtechs have many forms of deferred compensation, including incentive and non-qualified stock options, restricted stock units and other payment structures. These payment forms are essential to accurate payroll reporting and withholding and, without adequate planning, companies can encounter taxability and non-deductibility challenges.
• Global planning and structuring: If you’re considering foreign expansion or a foreign captive structure, you’ll need to comply with local country rules, various international taxation regimes like Value Added Tax (VAT) and the impact of the OECD BEPS initiative’s Pillar 1 and 2 taxes.

Insurtechs typically don’t focus on compliance when they’re just starting up because of their limited market involvement and exposure. However, as they become more deeply involved in the business of insurance and need to remain in the good graces of regulators and customers, they face increasing responsibilities in:

• Regulatory compliance: Although it focuses on the straightforward concepts of capitalization and consumer protection, insurance regulation is complex and frequently changes. As your business grows, you’ll need to understand the regulatory requirements to which you may be subject, as well become familiar with regulators. Considering the statutory nature of insurance regulation, this is likely to take considerable time and effort. Moreover, it requires ongoing commitment. You’ll need to factor compliance considerations into your day-to-day business and conduct and build compliance skills. None of this is optional: Ineffective regulatory compliance can jeopardize how regulators, the market and customers view your business.
• Corporate compliance: Corporate compliance sets the standard for ethical decision-making, accountability and transparency. Establishing and sticking to ethical standards for business conduct for leadership, employees and third parties — what you should do and how you should act — is just as important as complying to the letter of the law. There are numerous examples of companies that have viewed corporate compliance as an afterthought and — even if they’ve avoided regulatory sanction — have lost investors, partners and customers, and even suffered legal ramifications as a result of questionable behavior and business practices.

Despite the significant effort it entails, effective compliance can actually promote growth if stakeholders believe a company takes the issue seriously (e.g., by having a member of leadership oversee it and establishing meaningful compliance policies and resources). By doing so, insurtechs are more likely to receive favorable analyst reviews, attract investors and partners, and appeal to customers.

Demonstrating an understanding of operational complexities and establishing sound controls helps reduce risk and build investor and customer trust. It’s essential for insurtechs to determine early in the maturity cycle — well before an IPO — who’s accountable for identifying these risks and designing appropriate controls over them. Being proactive will help you meet external compliance requests, avoid expensive retrofits and promote a high-performing culture. We advocate the following:

• Embed scalable controls as you grow. A failure to plan for and implement adequate controls can hurt your bottom line. Companies that wait until pre-IPO Sarbanes-Oxley (SOx) implementations to incorporate appropriately scaleable controls can be caught in a costly scramble to remediate issues or, even worse, have to explain losses to investors. That said, it can be challenging for young companies to balance the implementation of operationally intensive controls with the ability to scale, grow and adapt. Accordingly, you’ll need to be aware of and apply leading practices in relevant areas, which will require ongoing consultation with peers and stakeholders.
• Account for third-party risks. It’s increasingly easy to outsource non-core activities like cloud infrastructure and HR support. However, potential risks accompany shared responsibilities. Understanding who’s responsible for what and establishing an in-house controls framework, including vendor monitoring, are essential before you contract with third parties. Your options include audits, vendor questionnaires that focus on topics from operations to cyber and obtaining SOC1 and SOC2 reports.
• Understand customers’ controls needs. Whether they’ve gone public or not, insurtechs themselves often have to provide clients controls attestations. These requests can come before or during contracting and require a reasonably mature controls environment covering the areas of the insurtech’s business relevant to the client’s financial reporting needs. For example:
  • An insurtech that provides a SaaS solution may have to provide an SOC1 before contracting with an insurer if the solution supports business that is or could be material to the insurer’s own financial statements.
  • Because the insurtech and insurer are likely to share customer data, the insurer also may request as part of its vendor management program an SOC2 covering security, availability, data integrity, confidentiality and privacy.