Digitalisation and Fintech

Digitalisation and Fintech

NEW DIGITAL FINANCE STRATEGY

In September 2020, the European Commission adopted a new Digital Finance strategy which covers four broad priority areas:

  • to make Europe's financial services more digital-friendly and to stimulate responsible innovation and competition among financial service providers in the EU, creating opportunities to develop better financial products for consumers, and unlocking new ways of channelling funding to EU businesses, in particular SMEs (legislative initiatives on crypto-assets);
  • to reduce fragmentation in the digital single market, so that consumers can have access to financial products across borders and that Fintech start-ups scale up and grow;
  • to create a European financial data space to promote data sharing and open finance, building on the European Data Strategy, while maintaining the EU's standards on privacy and data protection;
  • to address challenges and risks associated with digital transformation (legislative proposal on DORA).
  • to make Europe's financial services more digital-friendly and to stimulate responsible innovation and competition among financial service providers in the EU, creating opportunities to develop better financial products for consumers, and unlocking new ways of channelling funding to EU businesses, in particular SMEs (legislative initiatives on crypto-assets);
  • to reduce fragmentation in the digital single market, so that consumers can have access to financial products across borders and that Fintech start-ups scale up and grow;
  • to create a European financial data space to promote data sharing and open finance, building on the European Data Strategy, while maintaining the EU's standards on privacy and data protection;
  • to address challenges and risks associated with digital transformation (legislative proposal on DORA).
  • MiCA
  • DORA
  • EIOPA consultation on the insurance value chain and new business models
  • EIOPA consultation on open insurance
  • EIOPA consultation on blockchain and smart contracts
  • MiCA
  • DORA
  • EIOPA consultation on the insurance value chain and new business models
  • EIOPA consultation on open insurance
  • EIOPA consultation on blockchain and smart contracts

Crypto-assets are defined as assets as a digital representation of value or rights, which may be transferred and stored electronically, using distributed ledger technology or similar technology. There are many different types of crypto-assets, but the majority of them remain unregulated in the EU. To address this gap, in September 2020, the European Commission published a legislative proposal for a regulation on markets in crypto-assets (MiCA) which is being discussed by the European Parliament and the Council. Insurance intermediaries are in the scope of MiCA. They will need to comply with MiCA when selling with advice unit-linked life insurance products with crypto-asset funds as underlying investments.

The Commission proposal applies to persons that are engaged in the issuance of crypto-assets or provide services related to crypto-assets, including advice on crypto-assets. Crypto-asset service providers that are authorised to provide advice on crypto-assets shall assess the compatibility of such crypto-assets with the needs of the clients and recommend them only when this is in the interest of the clients. They shall request information about the client or prospective client’s knowledge of, and experience in crypto-assets, objectives, financial situation including the ability to bear losses and a basic understanding of risks involved in purchasing crypto-assets. They shall warn clients that, due to their tradability, the value of crypto-assets may fluctuate and, where relevant, they shall inform clients that the crypto-assets or crypto-asset services may be inappropriate for them.

MiCA does not apply to crypto-assets that qualify as financial instruments under Article 4(1)(15) of MiFID II. Investment firms authorised under MiFID II do not have to be authorised as crypto-asset service providers where they only provide one or several crypto-asset services equivalent to the investment services and activities for which they are authorised under MiFID II, except when they provide custody and administration of crypto-assets.

In any case, all investment firms providing crypto-asset services have to be registered, notify the competent authority for cross-border activities, have in place prudential safeguards and have the necessary good repute and competence.

In September 2020, the European Commission published its proposal for a Regulation on digital operational resilience for the financial sector (Digital Operational Resilience Act -DORA). Together with much larger financial entities like insurers or credit institutions, insurance intermediaries are included in the scope of the Commission's DORA proposal.

According to the Commission, the wide scope of this proposal aims at facilitating "a homogenous and coherent application of all components of the risk management on ICT-related areas" in the financial services sector. Some proportionality is embedded in the proposal. The DORA proposal also introduces an EU oversight framework for critical ICT service providers (such as Big Techs which provide cloud computing to financial institutions).

The proposed rules require all financial entities to respect strict common standards to ensure they can withstand ICT-related disruptions and threats. They will have to put in place:

  • dedicated ICT risk management capabilities,
  • harmonised reporting of major ICT-related incidents,
  • digital operational resilience testing,
  • management by financial entities of ICT third-party risk,
  • information sharing among financial entities.
  • dedicated ICT risk management capabilities,
  • harmonised reporting of major ICT-related incidents,
  • digital operational resilience testing,
  • management by financial entities of ICT third-party risk,
  • information sharing among financial entities.

In this light, the Commission also proposes amendments to the Solvency II, AIFM, IORPs MiFID II, PSD and the prudential supervision Directive to clarify certain provisions on operational risk in these existing financial services Directives. No amendments to the IDD are proposed.

BIPAR position

While BIPAR welcomes DORA’s objective to increase the digital operational resilience of the financial sector, it is of the opinion that the financial sector is not uniform in scale and structure. The incidents experienced by different financial services entities, as well as their consequences (for the financial stability, consumers etc..), differ from one financial services sector to another. The incident experienced by an intermediary with 15 employees can’t be compared to an incident experienced by a large credit institution. The risks they are exposed to and the systems and services that need to be protected and maintained are different.

BIPAR believes that DORA‘s requirements would simply not be operationally and financially sustainable for insurance or financial intermediaries. DORA's regulatory architecture is not adapted to the insurance distribution sector and proportionate application of the DORA's numerous and detailed requirements will be difficult to ensure in practice (this will be further complicated by the levels 2 and 3 measures). Insurance and financial intermediaries (and in particular SMEs) should therefore be completely exempted from DORA.

The EU legislators (the European Parliament and the Council) are currently preparing their respective positions on the DORA proposal. Together with its members, BIPAR is in contact with the EU legislators to explain its concerns and discuss its proposed amendments regarding the scope, and in particular the exclusion of micro and SMEs insurance intermediaries from the scope of DORA.

COMMISSION'S CALL FOR ADVICE ON DIGITAL FINANCE

In February 2021, the Commission addressed a request to EIOPA, ESMA and EBA for Technical Advice on Digital Finance and related issues. The three ESAs are asked for advice on how to address the risks and opportunities of digital finance, how to address the related prudential supervisory challenges arising from more fragmented and non-integrated value chains, from platformisation and bundling of financial services and from groups combining different activities. In preparation of its advice on these issues, but also irrespective of this, EIOPA has launched the following consultations:

In June 2020, EIOPA launched a consultation on the (re)insurance value chain and new business models arising from digitalisation. The goal of the consultation was for EIOPA to get a better picture on possible fragmentation of the European Union’s insurance value chain and supervisory challenges related to that in order to plan for its next steps.

In its discussion paper, EIOPA explained that technology continues to evolve, bringing new opportunities, social change and new expectations for consumers. In response, insurance undertakings and intermediaries continue to develop and revise their business models, often in increased cooperation with third parties (e.g. BigTech companies and start-ups), bringing both beneficial innovation (in terms of products and services) and a new set of emerging risks, such as operational risk, Information and Communication Technology (ICT) risks, security, governance, and reputational risks, consumer protection, data protection and compliance with outsourcing rules and regulatory perimeter issues, that have to be taken into account. In this context, a potential for a reduced regulatory and supervisory ‘grip’ on the relevant activities in the value chain, or "lengthening" of the value chain which ‘stresses’ existing regulatory and supervisory oversight, could occur.

BIPAR provided its input to this EIOPA consultation which will feed the EIOPA work on the EU Digital Finance project.

In January 2021, EIOPA launched a public consultation on open insurance. EIOPA will assess the feedback received to better capture open insurance developments, risks and benefits as well as to plan next steps, such as for the upcoming legislative initiatives foreseen in the European Commission’s Digital Finance Strategy or to supplement EIOPA´s ongoing work on digitalisation.

Open insurance is considered here in the broadest sense, covering the access to and sharing of personal and non-personal insurance-related data, usually via Application Programming Interfaces (APIs) (e.g. interaction between insurers and intermediaries or other third parties/outsourcing partners, including Internet of Things providers). API is a computing interface that defines interactions between multiple software instances or layers, including those operated by third parties.

In its discussion paper, EIOPA explores questions on whether and how far insurance value chains should be "opened" up by the sharing of insurance-related and specific policyholder data amongst insurance, including insurance intermediaries, and non-insurance firms, to protect policyholder rights and to allow for innovation in products and services (e.g. insurance undertakings and insurance intermediaries being required to provide other insurers/intermediaries seamless access (via standard APIs) to their users’ underwritten insurance policies. Access to policies would make it easier for insurers and intermediaries to develop and market different ‘smart insurance’ products, which could give consumers an overview of their policies and help them manage their risks, get better prices etc).

According to EIOPA, the exchange of both personal and non-personal data through (open) APIs has started to emerge in the insurance sector. This can facilitate industry-wide innovation and increase the agility of businesses in responding to changes in customer needs and expectations. However, it could also give rise to new or amplified risks such as data security, cyber risks, interoperability challenges, and liability, ethical and broader consumer protection issues. Increased data sharing, especially if combined with artificial intelligence or machine learning tools, could also increase financial exclusion. It could also raise the question of a level playing field (e.g. the question of providing equal access to data for all insurance undertakings/intermediaries, including small ones and/or through reciprocity in the sharing of consumer data between all market participants).

For EIOPA, a key consideration for possible open insurance solutions is finding a balance between regulatory objectives related to data protection, insurance, and competition while supporting innovation, efficiency, consumer protection and financial stability.


In its response to the EIOPA consultation, BIPAR requests that:

-Any EU framework on Open Insurance is built on existing EU rules (e.g. GDPR, IDD);

-Any EU framework on Open Insurance ensures a genuine level playing field among economic actors (equal access to data, same level of regulatory/supervisory oversight: “same activities, same risks, same rules” or “activity-based principle”);

-Any EU framework on Open Finance takes the specificities of the insurance sector into account. A mandatory model of data sharing like PSD2 (Payment Services Directive 2) may not be appropriate for the insurance sector because banking and insurance products and processes are different in content and variety;

-Any EU framework on Open Finance is not too prescriptive to allow market players to be agile in providing their services in the interest of the consumers;

-Any EU framework on Open Finance is sufficiently clear to prevent possible confusion arising from level 2 texts;

-Cost-efficiency analyses should be conducted by EIOPA/the European Commission to justify their proposals regarding an open insurance framework (scope, implementation timing, etc);

-The role and rights of insurance intermediaries in an open insurance framework are clearly addressed.

The European Commission is expected to present a legislative proposal for a new open finance framework by mid 2022.

At the end of April 2021, EIOPA published for consultation a Discussion Paper on blockchain and smart contracts in insurance. With this paper, EIPOA :

  • provides an overview of risks and benefits of blockchain and smart contracts in the insurance industry, including insurance distribution,
  • gives an overview of the findings of the feedback received from National Competent Authorities (NCAs) through a survey on blockchain and smart contracts in insurance,
  • assesses some issues related to crypto-assets.
  • provides an overview of risks and benefits of blockchain and smart contracts in the insurance industry, including insurance distribution,
  • gives an overview of the findings of the feedback received from National Competent Authorities (NCAs) through a survey on blockchain and smart contracts in insurance,
  • assesses some issues related to crypto-assets.

As EIOPA explains in the Paper, the number of potential use cases is constantly growing and can influence several insurance functions, such as IT, operations, product design and development, pricing and underwriting, distribution and claims management. It can deliver benefits but can also trigger some risks. The EIOPA Paper covers in particular the current and future role of intermediaries in the insurance value chain for some transactions. BIPAR will respond to this important consultation for our industry.

ARTIFICIAL INTELLIGENCE

In April 2020, the European Commission proposed new rules on Artificial Intelligence (AI). The proposed rules on AI are cross-sectoral and will apply to both public and private actors inside and outside the EU as long as the AI system is placed on the Union market or its use affects people located in the EU. It can concern both providers (e.g. a developer of a CV-screening tool) and users of high-risk AI systems (e.g. a bank buying this resume screening tool). It does not apply to private, non-professional uses.

Insurance and financial intermediaries using AI systems that are considered as high-risk AI systems (listed in an Annex) will be affected by these new AI rules. For instance, the high-risk AI system’s operation should be sufficiently transparent to enable users to interpret the system’s output and use it appropriately. Additionally, the users will have to meet some obligations, such as use according to the instructions, input data relevant to its intended purpose, logging. Similarly, insurance and financial intermediaries which “develop an AI system or have an AI system developed with a view to placing it on the market or putting it into service under their own name or trademark” will be covered by the scope of these rules, i.e. they shall subject the AI system to a conformity assessment to demonstrate that they comply with mandatory requirements. The Regulation provides that the needs of “small-scale providers” and users will be taken into account.

The proposed Regulation on AI follows a risk-based approach with four levels of risk: unacceptable risk, high risk, limited risk and minimal risk AI systems.

BIPAR will be following the development of the proposal on AI as it goes through the legislative process and how it impacts the activities of our sector. The proposal as it currently stands makes no reference to insurance and financial services, other than credit institutions as high-risk AI systems. The Commission proposes that the list of high-risk AI systems that cause harm to the health and safety or have an adverse impact on the fundamental rights be under review and may be extended in the future.

TRANSPARENCY OF ONLINE INTERMEDIATIONS SERVICES

On 20 June 2019 the Regulation on promoting fairness and transparency for business users of online intermediation services was published in the EU Official Journal (Regulation (EU) 2019/1150). This Regulation, also called the Platform to Business or P2B Regulation started to apply from 12 July 2020.

The P2B Regulation covers online platforms, such as price comparison websites, and general online search engines that provide their services to businesses which are established in the EU and which offer goods or services to consumers located in the EU. The P2B Regulation does not cover business - consumer relationships.

The P2B Regulation provides for general rules on online platforms, not specifically targeting the financial/insurance sector and it does not affect the application of the relevant rules of Union law applicable to financial services (e.g. the IDD). However, these rules on online platforms will apply, where relevant, to the financial/insurance services provided via online platforms in addition to sector-specific legislation. Hence, the Regulation is likely to have an impact on:

  • insurance/financial intermediaries when being business users of online platforms/corporate websites in order to offer their insurance/financial services. In other words, they will be entitled to the rights provided in the Regulation;
  • insurance/financial intermediaries when being providers of online platforms/corporate website offering insurance/financial services. In other words, they should comply with the transparency obligations laid down in the Regulation; and
  • the protection of businesses/clients of online platforms or search engines, such as insurance comparison websites (e.g. clearer ranking parameters, etc.). Insurance comparison websites will fall directly within the scope of this Regulation and subsequently they will be required to comply with the transparency and other kinds of obligations imposed on them towards their users.
  • insurance/financial intermediaries when being business users of online platforms/corporate websites in order to offer their insurance/financial services. In other words, they will be entitled to the rights provided in the Regulation;
  • insurance/financial intermediaries when being providers of online platforms/corporate website offering insurance/financial services.In other words, they should comply with the transparency obligations laid down in the Regulation; and
  • the protection of businesses/clients of online platforms or search engines, such as insurance comparison websites (e.g. clearer ranking parameters, etc.). Insurance comparison websites will fall directly within the scope of this Regulation and subsequently they will be required to comply with the transparency and other kinds of obligations imposed on them towards their users.

In brief, the P2B Regulation introduces a ban on certain unfair practices, transparency in online platforms (e.g. main parameters determining ranking, direct or indirect remuneration paid by business users), mandatory disclosure for a range of business practices (platforms must disclose any advantage they may give to their own products over others) and an internal complaint-handling system to assist business users.

The Regulation is likely to have an impact on cross-selling via online platforms. Online intermediation providers should provide a description of what ancillary goods and services, including financial products, offered by them alongside a business user's offer, irrespective of whether this is offered by the platform itself or by a third party.

As a follow up to the application of the P2B Regulation, on 10 July 2020, the European Commission issued a practical guidance in the form of Q&As aimed at assisting the stakeholders to better understand their obligations and rights under this Regulation.

DISTANCE MARKETING OF FINANCIAL SERVICES DIRECTIVE (DMFSD) - EVALUATION BY THE EUROPEAN COMMISSION

The 2002 DMFSD concerns the distance marketing of consumer financial services. It aims to ensure the free movement of financial services by harmonising consumer protection rules in the single market. This Directive provides details on the information that a consumer should receive about a financial service and the financial service provider before concluding a distance contract. For certain financial services, it also gives a consumer 14 days to withdraw from a contract. In addition, the DMFSD bans services and communications from suppliers that a consumer has neither solicited nor consented to. It applies to insurance intermediaries when distributing products under an organised distance sales/service provision scheme and exclusively via one or more means of distance communication.


Evaluation exercise

Since 2002, when the Directive came into force, new sector-specific EU rules applying to the distribution of financial/insurance services/products like the IDD and new horizontal EU rules on consumer protection like the GDPR were adopted. These new EU rules introduced new pre-contractual information or disclosure requirements. In April 2019, seventeen years since this Directive was first adopted the Commission launched an evaluation to assess whether it is still fit for purpose given the market and legislative developments that have occurred since 2002.

In its response to the Commission, BIPAR welcomed the Commission’s intention to focus its evaluation on the functioning of the DMFSD from “a cost/benefit and burden reduction perspective”. BIPAR agrees with the Commission's approach to evaluate the interplay of the DMFSD with these new EU rules and to avoid any possible duplication, in particular for the sake of better consumer protection and legal clarity. BIPAR also underlined that the technology-neutral approach of the DMFSD is completely appropriate and should be maintained. It prevents distortion of competition and does not favour one channel of distribution in particular. Regulation should deliver the same protection regardless of channel and consumers will determine what suits them best. It is important that all consumers receive - be it in a digital or non-digital environment - relevant, clear and meaningful information, so that they can take an informed decision about their insurance products. Lastly, BIPAR added that the principle of proportionality should be introduced in any revised DMD, in particular as its all-encompassing scope covers the entire financial sector, which means that it applies to big firms and SMEs alike.

Evaluation report

On 30 November 2020, the Commission published its evaluation report, assessing the overall functioning and practical application of the DMFSD and its continued relevance in view of market and legal developments and the current needs of stakeholders. It looked into the effectiveness, efficiency and simplification and burden reduction, relevance, coherence, and EU added value. In a nutshell, the evaluation finds that the DMFSD has been partially effective in increasing consumer protection and of limited effectiveness in contributing to consolidate the single market due to barriers that are beyond its remit. The DMFSD has EU added value and its objectives are still relevant. However, digitalisation exacerbated some aspects not fully addressed by the DMFSD, including how and when information should be provided. Simultaneously, needs originally addressed by the DMFSD are currently addressed by other EU legislation that significantly overlaps with the DMFSD.

Next steps

The Commission has started to work on its Impact Assessment of a revised DMFSD and is likely to publish a proposal for a revised DMFSD by the end of the year. BIPAR is actively monitoring this issue.

REGULATION ON ELECTRONIC IDENTIFICATION AND TRUST SERVICES FOR ELECTRONIC TRANSACTIONS IN THE INTERNAL MARKET (eIDAS)

The eIDAS Regulation is applicable since 2016 and creates a European internal market for the so-called “eTrust Services” by ensuring that these services will work across borders and have the same legal status as traditional paper-based processes. These eTrust services are e-signatures, electronic seals (i.e. the electronic equivalent of a seal or stamp which is applied on a document to guarantee its origin and integrity), electronic time stamps (i.e. date and time on an electronic document which proves that the document existed at a point-in-time and that it has not changed since then), electronic registered delivery service (i.e. the equivalent in the digital world for registered mail) and website authentication certificates (i.e. a trustmark for websites).

The eIDAS Regulation ensures that people and businesses can use their own national electronic identification schemes (eIDs) to access public services in other EU countries where eIDs are available (this happens on the basis of mutual recognition; for the private sector the current legislation only encourages Member States to open the use of eID to the private sector).

In 2018, the European Commission undertook various initiatives to promote eIDAS, amongst others focusing on SMEs in the financial services sector and BIPAR participated in several events in this respect. The material remains accessible on the Commission’s website.

Review of the eIDAS regulatory framework

The European Commission is currently evaluating the eIDAS regulatory framework to assess to what extent it remains fit for purpose, delivering the intended outcomes, results and impact. The Commission also considers whether it is appropriate to modify the scope of the Regulation or its specific provisions, taking into account the experience gained in the application, and technological, market and legal developments.

The Commission is expected to come up with legislative proposals regarding “a trusted and secure European e-ID” in early June 2021. BIPAR will monitor these new proposals.

- Published on June 2021 -

Looking for an insurance intermediary near your home or business?Find one