EIOPA Issues Cyber Underwriting Proposal, Statement on Open Insurance

Draft supervisory statements. In the supervisory statement on exclusions in insurance products, EIOPA makes a few recommendations to insurers and competent authorities. The aim of the statement is to promote supervisory convergence in how national competent authorities assess the treatment of exclusions in insurance contracts that arise from risks following systemic events such as pandemic, natural catastrophes, or large cyber-attacks. Additionally, as part of the consultation on the draft supervisory statement on cyber exposures, EIOPA recommends national competent authorities to dedicate higher attention to insurance undertakings’ assessment of the terms and conditions of their existing insurance products. The consultation paper focuses on supervisory expectations and emphasizes the need for:

• a top-down strategy and risk appetite definition for (re)insurance undertakings to underwrite cyber risk.
• identifying and measuring risk exposure with the purpose of implementing sound cyber underwriting practices, with focus on management of non-affirmative cyber exposures.
• cyber underwriting risk management and risk mitigation, including the reinsurance strategy.

Feedback statement on open insurance. The feedback statement provides a high-level summary of the responses received on the discussion paper on open insurance as well as EIOPA’s reaction to them. In its discussion paper, published in January 2021, EIOPA had reflected on the definition of open insurance, analyzed existing use cases across the value chain, presented the risks and benefits of open insurance, and considered regulatory barriers to encourage a broader discussion around the topic. In their responses, stakeholders highlighted additional use cases apart from those featured in the paper, including better risk assessment, preventive measures, and fraud detection. Most stakeholders agreed with the benefits and potential risks of open insurance identified by EIOPA. The results of EIOPA’s public consultation show no strong agreement among stakeholders on the potential next steps. EIOPA will consider the feedback in its ongoing and future work on digitalization. EIOPA will continue monitoring legislative developments that may have a bearing on open insurance and will provide insurance and supervisory input where necessary. Relevant initiatives include the European Single Access Point proposal, the Data Act proposal, and any upcoming proposals for a new open finance framework as signaled in the European Commission’s Digital Finance Strategy. EIOPA might also further work on more concrete open insurance use cases, to facilitate a better understanding of the related implications for consumers, industry, and supervisors.

Related Links

• Press Release on Draft Supervisory Statements
• Consultation on Exclusions in Insurance Products
• Consultation on Cyber Underwriting Exposures
• Press Release on Feedback Statement on Open Insurance
• Feedback Statement on Open Insurance

Keywords: Europe, EU, Insurance, Reinsurance, Systemic Risk, Climate Change Risk, Cyber Risk, Open Insurance, Regtech, Solvency II, Cyber Underwriting, Insurtech, EIOPA