EIOPA Issues Cyber Underwriting Proposal, Statement on Open Insurance
The European Insurance and Occupational Pensions Authority (EIOPA) published two consultation papers—one on the supervisory statement on exclusions related to systemic events and the other on the supervisory statement on the management of non-affirmative cyber exposures. Both the consultations are open until July 18, 2022. In addition, EIOPA published a feedback statement on open insurance, following a discussion paper and a public consultation on the topic.
Draft supervisory statements. In the supervisory statement on exclusions in insurance products, EIOPA makes a few recommendations to insurers and competent authorities. The aim of the statement is to promote supervisory convergence in how national competent authorities assess the treatment of exclusions in insurance contracts that arise from risks following systemic events such as pandemic, natural catastrophes, or large cyber-attacks. Additionally, as part of the consultation on the draft supervisory statement on cyber exposures, EIOPA recommends national competent authorities to dedicate higher attention to insurance undertakings’ assessment of the terms and conditions of their existing insurance products. The consultation paper focuses on supervisory expectations and emphasizes the need for:
- a top-down strategy and risk appetite definition for (re)insurance undertakings to underwrite cyber risk.
- identifying and measuring risk exposure with the purpose of implementing sound cyber underwriting practices, with focus on management of non-affirmative cyber exposures.
- cyber underwriting risk management and risk mitigation, including the reinsurance strategy.
Feedback statement on open insurance. The feedback statement provides a high-level summary of the responses received on the discussion paper on open insurance as well as EIOPA’s reaction to them. In its discussion paper, published in January 2021, EIOPA had reflected on the definition of open insurance, analyzed existing use cases across the value chain, presented the risks and benefits of open insurance, and considered regulatory barriers to encourage a broader discussion around the topic. In their responses, stakeholders highlighted additional use cases apart from those featured in the paper, including better risk assessment, preventive measures, and fraud detection. Most stakeholders agreed with the benefits and potential risks of open insurance identified by EIOPA. The results of EIOPA’s public consultation show no strong agreement among stakeholders on the potential next steps. EIOPA will consider the feedback in its ongoing and future work on digitalization. EIOPA will continue monitoring legislative developments that may have a bearing on open insurance and will provide insurance and supervisory input where necessary. Relevant initiatives include the European Single Access Point proposal, the Data Act proposal, and any upcoming proposals for a new open finance framework as signaled in the European Commission’s Digital Finance Strategy. EIOPA might also further work on more concrete open insurance use cases, to facilitate a better understanding of the related implications for consumers, industry, and supervisors.
Related Links
- Press Release on Draft Supervisory Statements
- Consultation on Exclusions in Insurance Products
- Consultation on Cyber Underwriting Exposures
- Press Release on Feedback Statement on Open Insurance
- Feedback Statement on Open Insurance
Keywords: Europe, EU, Insurance, Reinsurance, Systemic Risk, Climate Change Risk, Cyber Risk, Open Insurance, Regtech, Solvency II, Cyber Underwriting, Insurtech, EIOPA
Featured Experts

Blake Coules
Across 35 years in banking, Blake has gained deep insights into the inner working of this sector. Over the last two decades, Blake has been an Operating Committee member, leading teams and executing strategies in Credit and Enterprise Risk as well as Line of Business. His focus over this time has been primarily Commercial/Corporate with particular emphasis on CRE. Blake has spent most of his career with large and mid-size banks. Blake joined Moody’s Analytics in 2021 after leading the transformation of the credit approval and reporting process at a $25 billion bank.

Michael Denton, PhD, PE
Dr. Denton provides industry leadership in the quantification of sustainability issues, climate risk, trade credit and emerging lending risks. His deep foundations in market and credit risk provide critical perspectives on how climate/sustainability risks can be measured, communicated and used to drive commercial opportunities, policy, strategy, and compliance. He supports corporate clients and financial institutions in leveraging Moody’s tools and capabilities to improve decision-making and compliance capabilities, with particular focus on the energy, agriculture and physical commodities industries.

Paul McCarney
Insurance product strategist; insurance domain expert; extensive experience developing risk assessment frameworks for insurers
Previous Article
HKMA Looks at CBDC Cyber Risk and Operational Resilience IssuesRelated Articles
FINMA Approves Merger of Credit Suisse and UBS
The Swiss Financial Market Supervisory Authority (FINMA) has approved the takeover of Credit Suisse by UBS.
BOE Sets Out Its Thinking on Regulatory Capital and Climate Risks
The Bank of England (BOE) published a working paper that aims to understand the climate-related disclosures of UK financial institutions.
OSFI Finalizes on Climate Risk Guideline, Issues Other Updates
The Office of the Superintendent of Financial Institutions (OSFI) is seeking comments, until May 31, 2023, on the draft guideline on culture and behavior risk, with final guideline expected by the end of 2023.
APRA Assesses Macro-Prudential Policy Settings, Issues Other Updates
The Australian Prudential Regulation Authority (APRA) published an information paper that assesses its macro-prudential policy settings aimed at promoting stability at a systemic level.
BIS Paper Examines Impact of Greenhouse Gas Emissions on Lending
BIS issued a paper that investigates the effect of the greenhouse gas, or GHG, emissions of firms on bank loans using bank–firm matched data of Japanese listed firms from 2006 to 2018.
HMT Mulls Alignment of Ring-Fencing and Resolution Regimes for Banks
The HM Treasury (HMT) is seeking evidence, until May 07, 2023, on practicalities of aligning the ring-fencing and the banking resolution regimes for banks.
MFSA Sets Out Supervisory Priorities, Issues Reporting Updates
The Malta Financial Services Authority (MFSA) outlined its supervisory priorities for 2023
BCBS Report Examines Impact of Basel III Framework for Banks
The Basel Committee on Banking Supervision (BCBS) published results of the Basel III monitoring exercise based on the June 30, 2022 data.
PRA Consults on Prudential Rules for "Simpler-Regime" Firms
Among the recent regulatory updates from UK authorities, a key development is the first-phase consultation, from the Prudential Regulation Authority (PRA), on simplifications to the prudential framework that would apply to the simpler-regime firms.
DNB Publishes Multiple Reporting Updates for Banks
DNB, the central bank of Netherlands, updated the list of additional reporting requests and published additional data quality checks and XBRL-Formula linkbase documents for the first quarter of 2023.