EIOPA Issues Cyber Underwriting Proposal, Statement on Open Insurance
The European Insurance and Occupational Pensions Authority (EIOPA) published two consultation papers—one on the supervisory statement on exclusions related to systemic events and the other on the supervisory statement on the management of non-affirmative cyber exposures. Both the consultations are open until July 18, 2022. In addition, EIOPA published a feedback statement on open insurance, following a discussion paper and a public consultation on the topic.
Draft supervisory statements. In the supervisory statement on exclusions in insurance products, EIOPA makes a few recommendations to insurers and competent authorities. The aim of the statement is to promote supervisory convergence in how national competent authorities assess the treatment of exclusions in insurance contracts that arise from risks following systemic events such as pandemic, natural catastrophes, or large cyber-attacks. Additionally, as part of the consultation on the draft supervisory statement on cyber exposures, EIOPA recommends national competent authorities to dedicate higher attention to insurance undertakings’ assessment of the terms and conditions of their existing insurance products. The consultation paper focuses on supervisory expectations and emphasizes the need for:
- a top-down strategy and risk appetite definition for (re)insurance undertakings to underwrite cyber risk.
- identifying and measuring risk exposure with the purpose of implementing sound cyber underwriting practices, with focus on management of non-affirmative cyber exposures.
- cyber underwriting risk management and risk mitigation, including the reinsurance strategy.
Feedback statement on open insurance. The feedback statement provides a high-level summary of the responses received on the discussion paper on open insurance as well as EIOPA’s reaction to them. In its discussion paper, published in January 2021, EIOPA had reflected on the definition of open insurance, analyzed existing use cases across the value chain, presented the risks and benefits of open insurance, and considered regulatory barriers to encourage a broader discussion around the topic. In their responses, stakeholders highlighted additional use cases apart from those featured in the paper, including better risk assessment, preventive measures, and fraud detection. Most stakeholders agreed with the benefits and potential risks of open insurance identified by EIOPA. The results of EIOPA’s public consultation show no strong agreement among stakeholders on the potential next steps. EIOPA will consider the feedback in its ongoing and future work on digitalization. EIOPA will continue monitoring legislative developments that may have a bearing on open insurance and will provide insurance and supervisory input where necessary. Relevant initiatives include the European Single Access Point proposal, the Data Act proposal, and any upcoming proposals for a new open finance framework as signaled in the European Commission’s Digital Finance Strategy. EIOPA might also further work on more concrete open insurance use cases, to facilitate a better understanding of the related implications for consumers, industry, and supervisors.
Related Links
- Press Release on Draft Supervisory Statements
- Consultation on Exclusions in Insurance Products
- Consultation on Cyber Underwriting Exposures
- Press Release on Feedback Statement on Open Insurance
- Feedback Statement on Open Insurance
Keywords: Europe, EU, Insurance, Reinsurance, Systemic Risk, Climate Change Risk, Cyber Risk, Open Insurance, Regtech, Solvency II, Cyber Underwriting, Insurtech, EIOPA
Featured Experts

Adam Koursaris
Asset and liability management expert; capable modeler; risk and capital specialist

Blake Coules
Across 35 years in banking, Blake has gained deep insights into the inner working of this sector. Over the last two decades, Blake has been an Operating Committee member, leading teams and executing strategies in Credit and Enterprise Risk as well as Line of Business. His focus over this time has been primarily Commercial/Corporate with particular emphasis on CRE. Blake has spent most of his career with large and mid-size banks. Blake joined Moody’s Analytics in 2021 after leading the transformation of the credit approval and reporting process at a $25 billion bank.

Michael Denton, PhD, PE
Dr. Denton provides industry leadership in the quantification of sustainability issues, climate risk, trade credit and emerging lending risks. His deep foundations in market and credit risk provide critical perspectives on how climate/sustainability risks can be measured, communicated and used to drive commercial opportunities, policy, strategy, and compliance. He supports corporate clients and financial institutions in leveraging Moody’s tools and capabilities to improve decision-making and compliance capabilities, with particular focus on the energy, agriculture and physical commodities industries.
Previous Article
ESMA Sets Sustainable Finance Priorities, to Conduct Stress TestingRelated Articles
APRA Publishes Results of Climate Risk Self-Assessment Survey
The Australian Prudential Regulation Authority (APRA) has published the findings of its latest climate risk self-assessment survey conducted across the banking, insurance, and superannuation industries.
ACPR Publishes Updates Related to CRD IV and Covered Bonds
The French Prudential Supervisory Authority (ACPR) published a notice related to the methods for calculating and publishing prudential ratios under the Capital Requirements Directive (CRD IV) and the minimum requirement for own funds and eligible liabilities (MREL).
BIS Paper Contributes to Debate on Regulating NBFIs and Big Techs
The Financial Stability Institute (FSI) of the Bank for International Settlements recently published a paper proposing a framework for classifying financial stability regulation as either entity-based or activity-based.
EIOPA Publishes Guidance on Climate Change Scenarios in ORSA
The European Insurance and Occupational Pension Authority (EIOPA) published the risk dashboard based on Solvency II data and the final version of the application guidance on climate change materiality assessments and climate change scenarios in the Own Risk and Solvency Assessment (ORSA).
EBA and ECB Respond to Proposals on Sustainability Disclosures
The European Banking Authority (EBA) and the European Central Bank (ECB) published their responses to the consultations of the International Sustainability Standards Board (ISSB) and the European Financial Reporting Advisory Group (EFRAG) on sustainability-related disclosure standards.
BIS Report Notes Existing Gaps in Climate Risk Data at Central Banks
A Consultative Group on Risk Management (CGRM) at the Bank for International Settlements (BIS) published a report that examines incorporation of climate risks into the international reserve management framework.
EBA Publishes Multiple Regulatory Updates for Regulated Entities
The European Banking Authority (EBA) published the final guidelines on liquidity requirements exemption for investment firms, updated version of its 5.2 filing rules document for supervisory reporting, and Single Rulebook Question and Answer (Q&A) updates in July 2022.
EIOPA Issues SII Taxonomy and Guide on Sustainability Preferences
The European Insurance and Occupational Pensions Authority (EIOPA) published Version 2.8.0 of the Solvency II data point model (DPM) and XBRL taxonomy.
EESC Opines on Proposals on CRR and European Single Access Point
The European Union published, in the Official Journal of the European Union, an opinion from the European Economic and Social Committee (EESC); the opinion is on the proposal for a regulation to amend the Capital Requirements Regulation (CRR).
HM Treasury Publishes Multiple Regulatory Updates in July 2022
HM Treasury published a draft statutory instrument titled “The Financial Services (Miscellaneous Amendments) (EU Exit) Regulations 2022,” along with the related explanatory memorandum and impact assessment.