EIOPA Discussion Paper on Business Models Arising from Digitalization

Complexity of how insurance is being manufactured and distributed is increasing, in addition to the growing involvement of third parties, with new forms of outsourcing. However, this can come with additional challenges in the form of legal and compliance issues as well as the creation of new conduct and prudential risks and amplification or relocation of significantly old risks such as operational risk, Information and Communication Technology (ICT) risks, security, governance, and reputational risks. The widespread use of third party providers can also lead to concentration risk if a large number of undertakings become dependent on a small number of dominant outsourced or third party service providers. Thus, a fragmentation of the insurance value chain could occur, including  a potential for a reduced regulatory and supervisory grip on the relevant activities in the value chain, or ways in which the lengthening of the value chain stresses existing regulatory and supervisory oversight.

As a consequence, supervision requires more attention to different companies involved throughout the value chain that must be supervised, or at least identified and overseen efficiently and effectively. Supervisors are also challenged to improve their information gathering, knowledge, experience, skillset, and resources for controlling new models and technologies while keeping up with the rapid changes. The consultation also highlights that Solvency II regular reporting might not be fit-for-purpose to have an overview of cooperation with all third parties and there might be a need for more flexible reporting. Similarly, although Solvency II Directive provides rules for outsourcing, it might be worth exploring additional practices for proper supervision of more fragmented value chains. Effort is also needed to avoid diverging supervisory outcomes between national competent authorities, particularly considering that the insurtech developments can often have a cross-border and cross-sector impact. As per EIOPA, the possible areas for further work include the following:

• More specific analysis of possible regulatory responses to third parties in the value chain. This could include exploring ways of getting better overview on market developments involving third parties active in the insurance value chain, including understanding ownership structures, partnership agreements, and new forms of outsourcing to assess who underwrites the risk and where risks are concentrated.
• A follow-up study focusing on the impact of platforms and ecosystems and their practical supervision (licensing, outsourcing, consumer protection, product oversight, and governance rules), including the application of EU law and possible gaps.
• Adapting disclosures and advice requirements to the digital world, based on an assessment of customer capabilities and new behavior patterns and ways of providing information and advice.
• Further analyses of broader measures that might underpin sound digital markets in insurance and insurance related data.

EIOPA is expecting, from interested parties, views on whether they agree with its view of the risks and benefits and whether they have any comments or additional proposals on proposed solutions or next steps. EIOPA will work further with the national competent authorities on supervisory responses to further support supervisors and supervisory convergence, while maintaining a strong and open dialog with the market and other stakeholders.

Related Links

• Press Release
• Discussion Paper (PDF)
• EU Survey Tool

Comment Due Date: September 07, 2020

Keywords: Europe, EU, Insurance, Reinsurance, Operational Risk, Governance, Cyber Risk, Concentration Risk, Insurtech, Cloud Computing, Solvency II, Reporting, EIOPA