The route to a fully autonomous vehicle market seems long and fitful in the eyes of many. But it is likely to become a reality faster than many are prepared to accept. Like IBM, Kodak, and many other companies once confronted with a rapidly changing market, we, too, are now faced with disruptions in the auto market, perhaps unlike any since the invention of the auto. As liability increasingly shifts from the human driver to systems and software – a trend highlighted by recent reports of the first autonomous fatality – original equipment manufacturers (OEM) will come to the forefront as primary holders of automobile-related insurance risk. How they manage this risk will help determine the success and acceptance of the autonomous vehicle market in the years to come.
A new age
Skeptics of an early adoption of fully autonomous vehicles have a point. In their short history, autonomous vehicles have faced a wide array of challenges including skittish maneuvering ability in wet weather, gaps in infrastructure, regulatory and legal shortcomings, market acceptance, risk of hacking, consumers’ privacy, and ethical choices. The list goes on, but so do advances in technology.
There are dozens of advances such as braking assistance, blind spot detection, pre-collision warning systems, electronic stability control, and vehicle-to-vehicle communication that have been adopted over the years or are now making their way into the latest models. These technologies have been largely accepted and often embraced by consumers who have come to view them as something more than just a convenience.
In fact, few dispute the potential safety advantages of fully self-driving cars. Active safety systems that eliminate the human element from the driving equation have already been shown to prevent accidents. According to the Insurance Institute for Highway Safety (IIHS), automatic braking can reduce rear-end crashes by 40% and front collision warning systems can lower rear-end accidents by 23%.1 But this is just the tip of the iceberg: 94% of auto accidents are caused by human errors such as speeding, driving under the influence, and driver inattention, according to a 2015 survey by the National Highway Transportation Safety Administration.2
The U.S. market is expected to see several thousand autonomous vehicles sold in 2020, which will grow to nearly 4.5 million vehicles sold in 2035, according to IHS Automotive forecasts, an industry research firm.3 The slow methodical 11-year turnover in U.S. car ownership is likely to fall by the wayside as convenience or safety features entice consumers to purchase a self-driving car sooner than they would otherwise do. These early purchasers could be setting up a cycle of more rapid adoption as car buyers decide to forgo the thrill or pleasure of driving for the safety of their families and the ability to be more productive (or just catch up on sleep and social media). Further, there may be no need for car ownership at all in a new shared economy including on-demand autonomous shuttles.
Assessing liability in the near future will admittedly be a tricky matter as a mix of driving modes, ranging from no autonomy to full autonomy, populate the roadways. Accidents that involve human driver to human driver will morph into dozens of combinations of human drivers with various levels of semi-autonomous drivers and eventually fully autonomous cars. (See sidebar) Questions of liability will need to sort out not only the comparative negligence of a human operator’s actions but also the functionality of software and sensors. As the ever diminishing role of human drivers gives way to the rise of autonomous vehicles, the importance of personal auto insurance will likewise be replaced by product liability.
During the transition to fully autonomous vehicles, insurers and other risk takers will have to manage the liabilities for vehicles with varying levels of autonomy. The National Highway Traffic Safety Administration defines vehicle automation according to following five levels, but unless standardization takes over, there are certain to be variations within each broad category:
No-automation (Level 0): The driver is in complete and sole control of the primary vehicle controls – brake, steering, throttle, and motive power – at all times.
Function-specific automation (Level 1): Automation at this level involves one or more specific control functions. Examples include electronic stability control or pre-charged brakes, where the vehicle automatically assists with braking to enable the driver to regain control of the vehicle or stop faster than possible by acting alone.
Combined function automation (Level 2): This level involves automation of at least two primary control functions designed to work in unison to relieve the driver of control of those functions. An example of combined functions enabling a Level 2 system is adaptive cruise control in combination with lane centering.
Limited self-driving automation (Level 3): Vehicles at this level of automation enable the driver to cede full control of all safety-critical functions under certain traffic or environmental conditions and, in those conditions, to rely heavily on the vehicle to monitor for changes in those conditions requiring transition back to driver control. The driver is expected to be available for occasional control, but with sufficiently comfortable transition time. The Google car is an example of limited self-driving automation.
Full self-driving automation (Level 4): The vehicle is designed to perform all safety-critical driving functions and monitor roadway conditions for an entire trip. Such a design anticipates that the driver will provide destination or navigation input, but is not expected to be available for control at any time during the trip. This includes both occupied and unoccupied vehicles.
U.S. Department of Transportation releases policy on automated vehicle development
Google, Mercedes, and Volvo have already said they will accept responsibility for accidents that are caused by malfunctions in the technology in their cars, a move welcomed by federal regulators that see the commitment as a way to smooth the introduction of vehicles with these new technologies. While these carmakers’ pledges may, in fact, be redundant, they are a harbinger of the shift in demand for product liability.
But carmakers’ step up in accountability is only one link in the manufacture of autonomous vehicles, which can involve dozens of suppliers for software, systems, and devices which enable the positioning data and predictive response algorithms to be accurate and effective. Enhanced sensing and response time capabilities will drive new demands on hardware and software performance. How will liability be spread among potentially dozens of interlocking but legally separate entities?
Currently, as part of the general purchasing conditions, the supplier will indemnify and hold the manufacturer harmless from and against any and all loss, liability, cost, and expense arising out of a claim that a defect in the design or manufacture of the product caused personal injury or damage to property. However, suppliers are not always completely responsible for the design or validation of the components they provide, but rather can be directed by the carmaker to either model or test the component according to the carmaker’s predetermined specifications. Thus, the parties may have a shared financial burden of failure and need to negotiate the consequences at project inception. The process of assigning responsibility and managing indemnification often involves a team of resources that do not contribute to the carmakers’ underlying business function of making people mobile.
This relationship is likely to evolve as the importance of the car’s electronic control unit (ECU) grows ever more critical as the brain center for programming features that ultimately determine how the car responds. Even now, validating software code – a function paramount in detecting errors – is less defined as compared with hardware. How the validation process will evolve under all possible control scenarios is extremely difficult to imagine. But one change in the process is becoming clear: As the software algorithms become more integral to the success and failure of autonomous vehicles, carmakers have started to keep a tight rein on the integration of software and hardware. As willing as carmakers may be to absolve consumers of the responsibility for accidents that stem from the fault of their technology, they are unlikely to extend a similar courtesy to their suppliers. And why should they if the cause of the accident can be traced to a supplier’s defective sensor or software?
Nevertheless, untangling the web of responsibility can be a distraction from the business focus and could become an impediment to progress. What is a relatively well-established practice in other fields for passing the liability down the supply chain to the source of the failure is likely to become much more complicated and nuanced in the realm of autonomous vehicles as cars become increasingly dependent on an integration of sophisticated technologies.
Likewise, the ways in which risk is shared under product liability are likely to be increasingly difficult to manage. In an autonomous world, the insurance program would ideally be structured such that suppliers not only have skin in the game but also have a more transparent line of sight to the cost they are contributing to the potential liability. The question the industry needs to ask is: Is there a better way to share the cost of risk among the carmaker and its suppliers reflecting the shifted responsibility?
Enter a SPLASh pool
One option is to create an insurance pool for each autonomous carmaker. Under a Supplier Product Liability Autonomous Share (SPLASh) pool, the carmaker would assume all the product liability risk for accidents stemming from the autonomous technology and cede the risk to the SPLASh pool. To be viable, all suppliers – or “swimmers” – along with the carmaker would need to participate in the pool, which would operate as a funding vehicle for the risk. Each year, the pool would be funded commensurate with the expected losses, and losses would be paid directly from the fund, eliminating the manufacturer’s role of managing indemnification from the suppliers.
Like more traditional risk pools used by a range of organizations from public entities that share their law enforcement exposure to a group of hospital systems that manage their professional liability risk, a SPLASh pool would also have a management function, presumably overseen by the manufacturer, as well as various insurance-type functions from actuaries, to calculate the premium and reserves; claims handlers (internal or outsourced) to pay and manage claims; and lawyers to interpret coverage, among others. In this way, autonomous technology may be paving a new road but with the experience and insight of well-travelled insurance professionals who understand the different approaches to managing risk.
Funding would reflect the supplier’s risk profile with low risk suppliers like those that provide cameras for parallel parking – the minnows of the pool – paying less than high risk “whale” suppliers such as a software developer. The pool can be structured according to frequency and severity of risk. Such an arrangement could consist of all pool members participating in a structure where more frequent, low severity claims are grouped (Fund A) separately from less frequent, high severity claims (Fund B), both meeting risk transfer.
Each fund would have per occurrence loss limits and require member contributions based on actuarial projections, perhaps at first based on fault rates from engineering systems output, until credible loss data develop. Various features such as aggregate limits, loss ratio caps, overflow between funds, and member assessments can be used to tailor the insurance coverage with a clear desired outcome – to motivate innovators to develop quality products.
The arrangement builds in a high level of transparency as suppliers with bad loss performance would be required to contribute more to Fund B than others. Moreover, consistently poor swimmers could be replaced by suppliers with better performance.
This concept blends well with the current warranty programs offered by car manufacturers. Like those programs offered today, dealers provide details of new and used warranty programs available to the consumer, covering defects in material or workmanship for 48 months or 50,000 miles, whichever comes first, for example. The carmaker would budget a certain amount of costs towards warranty replacement and then track the records and claims to more accurately predict future replacement costs as well as pinpoint components that are failing, assuming that the problem can be isolated. If costs are higher than expected (outside of the normal failure rate), the manufacturer can push further costs to the supplier at the source or remove them from the assembly line altogether.
A SPLASh pool can pave the way to managing carmakers’ risk in the future. The product liability exposure from autonomous vehicles shouldn’t be a roadblock to the increased safety and mobility that self-driving cars can bring to millions of people. The insurance industry will need to demonstrate its creativity and foresight in managing risk to keep innovation on the right track.