Digitalisation and Fintech

Digitalisation and Fintech

Big Data and automation in financial advice


Big Data is defined by the Joint Committee of the European Supervisory Authorities (ESAs: EIOPA, ESMA and EBA) as “situations where high volumes of different types of data produced with high velocity from a high number of various types of sources are processed, often in real time, by IT tools (powerful processors, software and algorithms)”. EIOPA launched in June 2018 an EU-wide thematic review intended to gather empirical evidence on the use of Big Data by insurance undertakings and intermediaries. This review came as a follow up to the ESAs cross-sectorial review of the use of Big Data by financial institutions published in March 2018.

In May 2019, EIOPA published its Thematic Review on the use of Big Data Analytics (BDA) by insurance firms and insurance intermediaries focused on motor and health insurance. The review revealed a strong trend towards increasingly data-driven business models throughout the insurance value chain.

According to EIOPA, there are many opportunities arising from BDA, both for the insurance industry and consumers:

  • The combination of traditional and new sources provides greater granularity and frequency of information about consumer’s characteristics, behaviour and lifestyles. This enables the development of increasingly tailored products and services, more accurate risk assessments, speed in decision making and subsequently less operations costs.
  • BDA tools such as artificial intelligence and machine learning are commonly used by insurance undertakings rather than by insurance intermediaries, primarily on pricing, underwriting and claims management.
  • The use of cloud computing services is increasingly widespread, enabling implementation of BDA solutions.
  • Uptake of usage-based insurance products will gradually continue in the following years, influenced by developments such as connected cars, health wearable devices (Internet of Things -IoT) or the introduction of 5G mobile technology. This can help consumers to obtain a more accurate calculation of their insurance premium. Robo advisors and specially chatbots are also gaining momentum.
  • Ethical issues linked with fairness of BDA use and the principles for responsible behaviour in a digital age.
  • Other issues linked to accuracy, transparency, auditability, and explainability of certain tools such as artificial intelligence and machine learning. For example, certain outputs reached by “black box” algorithms cannot be adequately explained raising questions about the accountability of those firms using them.
  • GDPR-related issues; it is questionable whether consumers are fully aware of how their personal data is being used when they accept the terms and conditions of their insurance policy and also how firms can explain to consumers in a meaningful way the functioning of BDA tools in the context of “black box” algorithms, when complying with GDPR requirements.
  • Issues linked to personal data and consumer protection regulations when the information is stored on the cloud. Also, an excessive concentration in the number of providers in certain strategic services/technologies can potentially disrupt the efficient functioning of value chains, leading to situations of “reverse outsourcing”.

EIOPA has also identified some risks that can arise if firms do not have in place adequate governance arrangements. Such risks, which are not new, but their significance is amplified when using BDA, are:

EIOPA’s work on digital ethics in insurance

In 2019-2020 EIOPA conducted further work on ethical issues with the fairness of the use of BDA, as well as regarding the accuracy, transparency, auditability, and explainability of certain BDA tools, such as artificial intelligence and machine learning in collaboration with the industry, academia, consumer associations and other relevant stakeholders. EIOPA also continues its ongoing work in the area of cyber insurance and cyber security risks (see under Cybersecurity for more information).

As a follow-up of this thematic review, EIOPA established in September 2019 its Consultative Expert Group on Digital Ethics in Insurance. The objective of this Group of experts is to assist EIOPA in the development of digital responsibility principles in insurance. The Expert Group aims to address the use of new business models, new BDA tools (such as AI and ML) and data sources in insurance from the perspective of fairness and non-discrimination, transparency and explainability, and governance. Different areas of the insurance value chain will be covered with specific focus to be given to pricing and underwriting. The two candidates that BIPAR had supported were both appointed members of the Expert Group. The Group is expected to adopt a report and some proposed principles in the development of digital responsibility in insurance by the end of 2020.

BIPAR believes that intermediaries, who are daily confronted with the processing of consumer’s data, should actively explore the potential of the use of BDA in order to improve their processes. BIPAR also emphasises the need for a level playing field among the different distribution channels and warns of the challenges arising with regard to the mutualisation principle, the comparability of products and the cyber risks. The development and use of cyber insurance products may be one of the answers for the prevention of such risks.

Transparency of online intermediation services


In April 2018, the European Commission presented a proposal for a Regulation of the European Parliament and of the Council on promoting fairness and transparency for business users of online intermediation services.

The Regulation on promoting fairness and transparency for business users of online intermediation services has been published in the Official Journal of the EU in 20 June 0219 and it will start to apply in EU Member States from 12 July 2020 (Regulation 2019/1150). All language versions of this Regulation can be found here. The Regulation aims to ensure that business users of online intermediation services and online search engines are granted appropriate transparency, fairness and effective redress possibilities. The Regulation covers online platforms, such as price comparison websites, and online search engines that provide their services to businesses which are established in the EU and which offer goods or services to consumers located in the EU.

This Regulation provides for general rules on online platforms, not specifically targeting the financial/insurance sector, and it does not affect the application of the relevant rules of Union law applicable in financial services (e.g. the IDD). However, these rules on online platforms will apply in addition to sector-specific legislation when:

  • Insurance/financial intermediaries are business users of online platforms/corporate websites in order to offer (ancillary) insurance/financial services; in other words, they will be entitled to the rights provided in the Regulation.
  • Insurance/financial intermediaries (including comparison tools) are providers of online platforms/corporate website offering (ancillary) insurance/financial services; in other words, they should comply with the transparency obligations laid down in the Regulation.
  • explore the need for guidelines on outsourcing to cloud service providers by the first half of 2019, and
  • conduct further analysis and identify best practices on innovation facilitators.
  • Convergence on supervision of algorithms;
  • (Re) insurance value chain and new business models arising from InsurTech;
  • Innovation Hub;
  • RegTech; and
  • Distributed ledger technology (DLT) / Blockchain.

The Regulation introduces a ban on certain unfair practices (e.g. terms and conditions must be easily available and provided in plain and intelligible language), greater transparency in online platforms (e.g. main parameters determining ranking, including direct or indirect remuneration paid by business users), mandatory disclosure for a range of business practices (platforms must exhaustively disclose any advantage they may give to their own products over others), new avenues for dispute resolution (all platforms must set up an internal complaint-handling system to assist business users) enforcement rules (business associations will be able to take platforms to court to stop any non-compliance with the rules).

To assist online intermediation services and online search engines in complying with the obligation to set out in their terms and conditions the main parameters determining ranking and the reasons for the relative importance of those main parameters, the European Commission is planning to adopt guidelines.

Artificial Intelligence (AI)


Algorithms are behind more and more decisions that affect our everyday lives, for example getting a loan, or the selection of filtering of information. In several areas, there are already EU rules for algorithmic decisions. Examples include automated decisions based on personal data (GDPR) and for high-frequency trading on the stock market (MiFID II).

In April 2018, the European Commission proposed in its “Strategy on AI for Europe” to work with Member States on a Coordinated Plan on AI with the aim of increasing investments in AI research and innovation, encouraging synergies and cooperation across the EU, preparing socio-economic changes brought about AI and ensuring an appropriate ethical and legal framework.

According to the Commission’s Communication on AI, “artificial intelligence refers to systems that display intelligence behaviour by analysing their environment and taking actions – with some degree of autonomy – to achieve specific goals”. The High-Level Expert Group (HLEG) on AI set up by the Commission published in December 2018 a paper determining the definition of AI in more detail.

The HLEG on AI published its “Ethics Guidelines for Trustworthy AI” in April 2019.According to the Guidelines, trustworthy AI has three components, which should be met throughout the system's entire life cycle: 1) it should be lawful, complying with all applicable laws and regulations 2) it should be ethical, ensuring adherence to ethical principles and values and 3) it should be robust, both from a technical and social perspective since, even with good intentions, AI systems can cause unintentional harm.

The Guidelines offer guidance on the second and third component of trustworthy AI. The Commission is taking a three-step approach. It sets out the key seven requirements that AI systems should meet: Human agency and oversight, Technical robustness and safety, Privacy and data governance, Transparency, Diversity, non-discrimination and fairness, Societal and environmental well-being and accountability. It launched a large-scale pilot phase for feedback from stakeholders in the summer of 2019. It works on international consensus building for humancentric AI. The HLEG concludes that, while these Guidelines aim to build a horizontal framework to achieve Trustworthy AI, it should be explored whether a sectorial approach is needed, given the context-specificity of AI systems, and that the Guidelines are a living document which should be reviewed and updated over time to ensure continuous relevance.

EU Digital Strategy 2020

On 19 February 2020 the European Commission announced the initiatives and actions to be taken over the next five years in order to address the challenges and opportunities brought about by digitalisation. The EU Digital Strategy is presented in the Commission Communication “Shaping Europe’s Digital Future”.

The Communication presents the three key objectives on which the Commission will focus to promote digital transformation for the benefit of people:

  • Technology that works for people;
  • A fair and competitive economy; and
  • An open, democratic and sustainable society.

The White Paper on Artificial Intelligence (AI) and the European Data Strategy presented together with the EU Digital Strategy are the first steps towards achieving these goals. The White Paper on Artificial Intelligence (AI) sets out the Commission's proposals for a trustworthy and secure development of AI in Europe. The Commission presents policy options on creating a legal framework that addresses the risks for fundamental rights and safety, including in the field of financial services. The Commission Communication on the "European Data Strategy” outlines a strategy for policy measures and investments to enable the data economy for the coming five years. The ultimate objective is to set up a true European data space, a single market for data (personal and non-personal data, including confidential and sensitive data), to unlock unused data, allowing it to flow freely within the European Union and across sectors. The Commission proposes, amongst other, to Launch sectoral specific actions to build European data spaces, for instance financial services, industrial manufacturing, the green deal, mobility or health. The Commission is also planning to present later in 2020 a Digital Services Act to establish clear rules for all businesses to access the Single Market, to strengthen the responsibility of online platforms and to protect fundamental rights.

The White Paper on Artificial Intelligence is now open for public consultation until 14 June 2020. BIPAR has launched an internal consultation amongst its member-associations and based on the feedback collected it will submit its contribution to the Commission.

Liability and AI

The Report on “the safety and liability implications of Artificial Intelligence, the Internet of Things and robotics”, which accompanies this White Paper, analyses the relevant legal framework. It identifies uncertainties as to the application of the product safety and liability framework with respect to the specific risks posed by AI systems and other digital technologies.

The Report concludes that the current product safety legislation already supports an extended concept of safety protecting against all kind of risks arising from the product according to its use. However, provisions explicitly covering new risks presented by the emerging digital technologies could be introduced to provide more legal certainty. For example, possible amendments to the Product Liability Directive will be examined in order to include services provided (not only goods) and to adapt the burden of proof required for damage caused by the operation of AI applications (fault-based vs strict liability).

In the consultation on the White Paper on AI, the Commission asks, in addition to the targeted questions for a regulatory framework for AI, whether the Product Liability Directive should be amended to better cover the risks engendered by certain AI applications. The European Commission is planning to present legislative proposals on AI in Q4 2020/Q1 2021.

As far as the work of the European Parliament is concerned, the EP (JURI Committee) has proposed on its own initiative a draft Report on a “Civil liability regime for Artificial Intelligence”.



In March 2018, the European Commission published an Action Plan on FinTech: “For a more competitive and innovative European financial sector”. The Action Plan contains different actions around three main objectives: 1. Enabling innovative business models to reach EU scale (actions regarding licensing requirements, standardization and innovation facilitators).

2.Supporting the uptake of technological innovation in the financial sector (including a review of the suitability of existing rules by an expert group, removing obstacles to cloud services, an EU blockchain initiative, and an EU Fintech Lab, leveraging technology to support distribution of retail investment products across the Single Market)

3. Enhancing security and integrity of the financial sector (cybersecurity/ cyber resilience).

The European Commission's FinTech Action Plan mandated EIOPA, along with the other ESAs to:

Additionally, EIOPA is currently mapping possible barriers to InsurTech as well as the current authorising and licensing requirements and is assessing how the principle of proportionality is being applied in practice in the area of financial innovation. The mandate to ESAs also included: to map the existing supervisory practices across financial sectors around ICT (Information and Communication Technology) security and governance requirements, and a) to consider issuing guidelines aimed at supervisory convergence and enforcement of ICT risk management and mitigation requirements in the EU financial sector and, b) if necessary, provide the Commission with technical advice on the need for legislative improvements.

Digital finance is the term used to describe the impact of new technologies on the financial services industry. It includes a variety of products, applications, processes and business models that have transformed the traditional way of providing banking and financial services.

Digital Finance Strategy 2020

The European Commission launched on 3 April 2020 a consultation on a new Digital Finance Strategy for Europe/Fintech Action Plan. This consultation seeks views on the possible measures needed to further enable innovative digital financial services in the EU, while considering possible competition issues with BigTech companies.

According to the Commission, « digital finance can contribute in a number of ways to tackle the COVID-19 outbreak and its consequences for citizens, businesses, and the economy at large. […] digitalisation of the financial sector can be expected to accelerate as a consequence of the pandemic. The coronavirus emergency has underscored the importance of innovations in digital financial products services, including for those who are not digital native, as during the lockdown everybody is obliged to rely on remote services. At the same time, as people have access to their bank accounts and other financial services remotely, and as financial sector employees work remotely, the digital operational resilience of the financial sector has becoming even more important. »

The Digital Finance consultation is structured in three sections corresponding to the three priority areas:

  • Ensuring that the existing EU financial services regulatory framework is fit for the digital age (looking into whether the principle of technology neutrality works).
  • Enabling consumers and firms to reap the opportunities offered by the EU-wide Single Market for digital financial services (looking into aby barriers/frangmentaiton in the Single Market).
  • Promoting a data-driven financial sector for the benefit of EU consumers and firms (looking into how to improve market transparency and access to data through stadnards).

In the framework of the consultation on Digital Finance Strategy, the Commission-DG FISMA- is organising online roundtable discussions at EU and national level. This is an occasion for the Commission to gather together stakeholders in digital finance from across the EU, exchange experiences and create awareness on this commission consultation. BIPAR has been following the DG FISMA roundtables on digital finance that took place between March and May 2020. Some of these roundtables focused on: a technology-neutral and innovation-friendly regulatory framework, open finance/open insurance, crypto-assets, digital operational resilience framework for financial services and digital sustainable finance

The consultation is open until 26 June 2020. BIPAR has launched an internal consultation amongst its member-associations and based on the feedback collected it will submit its contribution to the Commission. Some of the key current BIPAR positions on digital finance can be summarized as follows:

  • “Same risks, same rules” principle should be observed.
  • The regulatory framework should be technology neutral allowing for a level-playing field for all players and service providers.
  • Guidance and supervisory sandboxes can be a good way to support innovation. An issue regarding sandboxes is that compliance with the rules by incumbent market players should not bring them into a situation where they are disadvantaged (in terms of innovation) compared to start ups, who may have more freedom because they are not covered by the same rules.
  • Competitions issues with BigTech companies should be studied and it is necessary to make sure that all players can compete in a fair way.
  • Regarding data protection issues, it is necessary to clarify how the financial data open space will fit in the GDPR and how it will be developed (e.g. data portability issue, data ownership issues).

Next steps

The Commission will propose in Q3 2020 a new Digital Finance Strategy/FinTech Action Plan that sets out a number of areas that public policy should focus on in the coming five year. The Commission may also add other measures already announced to further support the digital transformation of the European economy, including new policies and strategies on data, artificial intelligence, platforms and cybersecurity.

Other Initiatives Related to FinTech/InsurTech

Outsourcing to cloud service providers

EIOPA published in March 2020 its Guidelines on outsourcing to cloud service providers. Cloud services are a combination of a business and delivery models that enable on-demand access to a shared pool of resources such as applications, servers, storage and network security. The services are, typically, delivered in the form of Software as a Service (“SaaS”), Platform as a Service (“PaaS”) and Infrastructure as a Service (“IaaS”).

The aim of these Guidelines is to:

(a) provide clarification and transparency to market participants avoiding potential regulatory arbitrages;
(b) foster supervisory convergence regarding the expectations and processes applicable in relation to cloud outsourcing.

These Guidelines are addressed to insurance and reinsurance undertakings (collectively ”undertaking(s)”) and to competent authorities and they provide guidance on how the outsourcing requirements foreseen in Articles 13(28), 38 and 49 of the Solvency II Directive and Article 274 of the Delegated Regulation should apply in the context of outsourcing to cloud service.

EIOPA had published in March 2019 a Report on "Outsourcing to the Cloud: EIOPA's Contribution to the European Commission Fintech Action Plan".Based on a survey conducted by the National Supervisory Authorities (NSAs), EIOPA found that cloud computing is not yet extensively used by (re)insurance undertakings. According to EIOPA, it is used mainly by newcomers, within a few market niches and by larger undertakings for non-critical functions. However, as part of their wider digital transformation strategies many European large (re)insurers are expanding using the cloud.

EIOPA concluded that the purchase of cloud computing services falls within the broader scope of outsourcing (Solvency II, EIOPA Guidelines on system of governance). However, the current guidance on these regulatory measures, including at national level, is not homogenous. At the same time, the majority of the NSAs responsible for both banking and (re)insurance supervision are considering the Recommendations issued by the European Banking Authority (EBA), which have been integrated into further Guidelines on outsourcing arrangements as a reference for the management of cloud outsourcing. EIOPA had developed Draft Guidelines on Cloud Outsourcing in 2019, building on the substance of the EBA Recommendations and had launched a consultation seeking for stakeholders input.

Innovation Facilitators

The ESAs published in January 2019 a Joint Report on innovation facilitators: regulatory sandboxes and innovation hubs. The ESAs define innovation hubs as “schemes whereby regulated or unregulated entities can engage with competent authorities on FinTech-related issues and seek non -binding guidance on the conformity of innovative financial products, services, business models or delivery mechanisms with licensing, registration and/or regulatory requirements.” Regulatory sandboxes, on the other hand, are defined as “schemes set up by a competent authority that provides regulated and unregulated entities with the opportunity to test, pursuant to a testing plan agreed and monitored by a dedicated function of the relevant authority, innovative products or services, business models, or delivery mechanisms, related to the carrying out of financial services”.

The report sets out a comparative analysis of the national innovation facilitators established to date within the EU Member States. The majority of competent authorities reported that innovation facilitators offer opportunities to gain a better understanding of innovation in financial services (gaining nearly “real time” insights into emerging technologies and their application in the financial services, anticipating regulatory/supervisory issues, responding proactively etc..) and for firms to understand better the regulatory and supervisory expectations. However, some competent authorities believe that some operational challenges or risks could be slightly increased by innovation facilitators (keeping pace with the industry, domestic coordination and cross border cooperation and an impact on a level playing field).

Based on this analysis, ESAs propose a set of best practices for the design and operation of innovation facilitators.

The best practices are intended to: (i) promote consistency across the single market in the design and operation of innovation facilitators; (ii) promote transparency of regulatory and supervisory policy outcomes resulting from interactions between competent authorities and firms in the context of innovation facilitators; and (iii) facilitate cooperation between national authorities, including consumer and data protection authorities.

Amongst the 7 operating principles for regulatory sandboxes, it is interesting to note the following one that is an important principle that BIPAR has been promoting over the last years: “Regulatory sstaboxes should not allow the disapplication of regulatory requirements under EU law. However, levers for proportionality available to the relevant authority/ies may be made available in the context of regulatory sandboxes and applied in the same way as to firms outside the sandbox. Explanatory notes: Regulatory sandboxes may not be used as a mechanism to dispense with requirements under EU law, such as the requirement to obtain a licence before carrying out certain financial services, such as payments services, insurance services etc. Levers for proportionality embedded into law, for instance with regard to systems and controls requirements, may be applied in the context of firms participating in a regulatory sandbox in the same way as to firms outside the sandbox”

The ESAs explain in the report that they will continue to monitor developments regarding national innovation facilitators in the EU and will take further steps to promote an accommodative and common approach towards FinTech in the EU.

Regulatory Barriers to InsurTech

Following a consultation via an online survey, EIOPA has identified a number of potential barriers for InsurTech in European insurance legislation.

EIOPA understands as regulatory barriers to Insurtech those legal provisions that are outdated and/or unnecessary and/or excessive in a digital environment and where the underlying public policy objectives might be achieved in a comparable way without hindering financial innovation.

EIOPA found that, while addressing some of the barriers may justify legislative changes (such as the paper requirement by default), others are justified from a regulatory and supervisory standpoint, or may be addressed by the application of the principle of proportionality (e.g. existing capital requirements) or via practical guidance (e.g. outsourcing requirements for cloud computing services, access to data, processing of personal data and Big Data Analytics tools).

Report on best practices on licensing requirements, peer-to-peer insurance and proportionality

In March 2019, EIOPA published a Report on "Best Practises on Licencing Requirements, Peer-to-Peer (P2P) Insurance and the Principle of Proportionality in an InsurTech Context". As part of the European Commission's Fintech Action Plan, EIOPA mapped in its Report current licencing requirements regulated in Solvency II and in IDD, assessed how they apply to InsurTech firms and analysed how the principle of proportionality is being applied in practice in the area of financial innovation (e.g. InsurTech start-ups).

Based on the evidence gathered, EIOPA found that the EU InsurTech market is at an early stage but evolving. EIOPA believes that regulation and supervision must be technology neutral (mainly for consumer protection reasons) and must ensure a level playing field and it underlines that facilitating innovation is not about de-regulation. To the extent that InsurTech activities involve the carrying out of a regulated activity, the appropriate licence is required. In line with normal authorisation practices, a proportionate approach may be applied for the assessment of conformity with the conditions for authorisation (e.g. in terms of expectations regarding governance processes, systems and controls requirements, which take into account the specificities and risks inherent to InsurTech).

EIOPA concludes that so far there seems to be no need for further regulatory steps considering licencing requirements and the principle of proportionality. However, EIOPA proposes to NCAs non legally binding best practices in relation to InsurTech licencing requirements and the application of the principle of proportionality to ensure consistent supervision. Furthermore, EIOPA is of the view that at this point there is no clear need for special P2P insurance regulation, but this might be the case in the future, if P2P insurance evolves.

At a later stage, EIOPA’s work will also include:

  • Convergence on supervision of algorithms;
  • (Re) insurance value chain and new business models arising from InsurTech;
  • Innovation Hub;
  • RegTech; and
  • Distributed ledger technology (DLT) / Blockchain.

ESAs Advice on Information and Communication Technology risk management in the EU financial sector

In April 2019, the ESAs published a Joint Advice on the need for legislative improvements relating to ICT risk management requirements in the EU financial sector.

In developing the Joint Advice, the ESAs' objective was that every relevant entity should be subject to clear general requirements on governance of ICT, including cybersecurity, to ensure the safe provision of regulated services. Guided by this objective, the proposals presented in the Advice aim at promoting stronger operational resilience and harmonisation in the EU financial sector by applying changes to their respective sectoral legislation. Incident reporting is highly relevant to ICT risk management and allows relevant entities and authorities to log, monitor, analyse and respond to ICT operational, ICT security and fraud incidents. Therefore, the ESAs call for streamlining aspects of the incident reporting frameworks across the financial sector.

Furthermore, the ESAs suggest that a legislative solution for an appropriate oversight framework to monitor the activities of critical third-party service providers should be considered.

- Published on June 2019 -

Looking for an insurance intermediary near your home or business?Find one