From Closed to Collaborative: The Dawn of Open Insurance
In an era marked by technological innovation and rapid digital transformation, the insurance industry finds itself at a crossroads. In the field of risk management, the idea of open insurance appears both as a promising opportunity and a significant source of change. Open insurance has the potential to redefine not only the way we protect ourselves and our assets but also how insurance companies interact with their customers, partners, and the wider financial ecosystem. In this article, we will highlight how recent regulatory changes play a crucial role in driving and shaping the upcoming transformation.
Open insurance refers to a business model and approach within the insurance industry that involves the sharing of data and services among various stakeholders, including insurance companies, insurtech startups, customers, and third-party service providers. The goal of open insurance is to foster collaboration and innovation within the insurance ecosystem by allowing different parties to access and integrate each other’s data and services through Application Programming Interfaces (APIs) and other technologies. This collaborative and data-sharing approach aims to create more personalized insurance products, streamline processes, enhance customer experiences, and drive innovation in the industry. Open insurance can lead to increased transparency, efficiency, and customer-centricity in the insurance sector.
The discussion around open insurance relates to the area of open finance, which so far has mainly focused on the banking sector. The PSD2 directive and the introduction of open data had a significant impact on the financial industry, notably simplifying processes and familiarizing consumers with digital standards through open banking. A similar transformation is now taking place in the realm of insurance.
In addition to adherence to GDPR and other data protection standards, the European Commission’s legislative proposal for a framework for financial data access (FIDA) has the potential to provide valuable clarifications within the framework of open insurance. Under the open insurance regulation, insurers would be legally obliged to establish standardized methods for sharing both personal and non-personal insurance information with third parties.
This article elaborates on the concept of open insurance, provides insights into recent regulatory developments, outlines anticipated measures by supervisory authorities, discusses the potential challenges and opportunities of open insurance, and underscores the importance of proactive preparation for this transformative paradigm.
Understanding open insurance
There is no uniform definition of open insurance, but generally it revolves around an ecosystem where customers’ insurance-related (personal and non-personal) data is shared between insurers, intermediaries and third parties.
In the open insurance ecosystem, data access will likely be made possible via APIs, mechanisms that allow two applications to communicate with each other. APIs will act as a link between policyholders and players in the insurance market, enabling insurers, intermediaries and third parties’ seamless access to insurance-related data, such as insured objects, coverages, and claims histories. A theoretical example of such an ecosystem is illustrated in the figure from the European Insurance and Occupational Pensions Authority’s (EIOPA) discussion paper below.
But what are the benefits of such a set-up? Driven by digitalization, customers’ demands have increased. They are expecting more tailored products, better services, and more efficient processes with a competitive price. Open insurance enables insurers and other parties to respond to these increased expectations by getting access to a broader set of information about the policyholders and the market, and consequently develop innovative solutions, effective processes, and sophisticated models.
From a consumer perspective, by giving permission to share insurance-related data to the ecosystem of insurers, intermediaries and third-party providers, policyholders get in exchange a better overview of the market, encouraging them to compare providers and shop around. This will likely lead to innovative, and more transparent insurance products and services tailored to the needs of individual consumers.
What is happening around regulations?
To grasp the legislative landscape of open insurance, it’s essential to start with a broader perspective on open finance and, in particular, open banking. Open banking gained prominence in the financial world with the implementation of PSD2 in 2018. It encompasses decentralized access to payment account information and the authorization to execute payment transactions on these accounts. During this initial phase, the concept of open finance became widely known among consumers.
On June 28th, the European Commission introduced FIDA, a pioneering legislative initiative aimed at extending data-sharing obligations beyond open banking to encompass virtually all financial services data. These obligations include the insurance sector, with a specific emphasis on insurance undertakings and intermediaries. FIDA stands as the cornerstone of legislative support for open finance within the European Union, aligning seamlessly with cross-sector digital market endeavors like the Data Act. Its primary objective is to nurture data-driven innovation and stimulate competition across various industries.
FIDA empowers consumers and Small and Medium-sized Enterprises (SMEs) to authorize third parties, referred to as data users, to access and use a wide range of their financial data. Unlike the previous scope limited to payment accounts data under PSD2, FIDA extends its coverage to include an extensive array of customer data, including mortgages, loans, savings, investments, crypto-assets, pensions, and non-life insurance products. However, FIDA does not cover data directly related to financial exclusion risks, such as sickness, health and life insurance data or data affecting creditworthiness assessments.
The roles of data holder and data user are not mutually exclusive, allowing for flexible data sharing arrangements. For example, an insurance intermediary can share customer data with data users upon customer request while also receiving data from other providers to enhance their services. However, unlike PSD2, data users cannot initiate transactions on behalf of customers solely on authorization under FIDA. If you are authorized to also provide payment services under PSD3 or if you are a credit institute, you can do both.
Data holders are required to make customer data accessible to data users promptly and securely, adhering to generally recognized standards. The specifics of these standards are to be jointly developed by data holders and users through Financial Data Sharing Schemes (FDSS). Additionally, data holders must offer customers an accessible permission dashboard for managing data permissions. FDSS play a vital role in governing data access and standards, especially within the insurance sector. However, the lack of regulatory clarity regarding their establishment and the comprehensive scope of FIDA raise concerns about their effectiveness.
A notable difference between FIDA and PSD2 is that data holders have the right to request reasonable compensation from data users. This introduces a complex interplay between FIDA and the EU Data Act, which establishes governance for mandated data sharing, including rules for determining fair compensation levels.
Data users must obtain authorization from an EU National Competent Authority (NCA) as either a financial institution or a financial information services provider (FISP) to access customer data. They can only access data with customer consent and within agreed-upon conditions.
To address potential risks of financial exclusion, EIOPA will develop guidelines for data users on using FIDA data for risk assessments and insurance product pricing.
What are the challenges and opportunities?
As we explore the concept of open insurance, it’s crucial to acknowledge the significant challenges it brings. These challenges are important factors to consider, as they impact how open insurance operates within the industry.
Data privacy and security: Sharing sensitive customer data with various third parties raise concerns about data privacy and security. Data breaches or misuse of customer information can result in reputational damage and regulatory fines. Ensuring robust data protection measures and compliance with data privacy regulations is crucial.
Regulatory compliance: Staying updated on evolving regulatory frameworks related to open insurance is critical. Ensuring full compliance with data protection and consumer rights regulations, such as GDPR, is necessary to avoid legal issues and fines. Furthermore, FIDA presents a couple of specific key challenges:
- Data sharing obligations: Compliance entails data holders being obligated to share customer data upon request. Defining what qualifies as customer data is a key compliance concern.
- Data sharing mechanisms: Compliance relies on financial data sharing schemes (FDSS), which are currently unregulated, creating market expectations regarding data sharing practices.
- Cost sharing mechanisms: Establishing FDSS might lead to insurers and intermediaries bearing a disproportionate share of IT transformation costs without well-designed cost-sharing mechanisms.
- Standardization: Standardizing insurance data is more challenging than payment data, necessitating industry-driven standards or potential regulatory intervention. The risk of insufficient standardization exists if multiple FDSS emerges, potentially leading to high costs for data users.
- Customer permissions: Compliance mandates data holders to provide customers with permission dashboards for monitoring and managing data sharing permissions, ensuring transparency and control.
Trust and consumer confidence: In the open insurance ecosystem, trust becomes a cornerstone. Customers must have confidence that their data will be handled securely and responsibly. Any breaches or misuse of data can erode this trust and harm the reputation of the industry. Furthermore, the practice of combining customer data for creating precise consumer profiles raises concerns about potential financial exclusion. Regulatory bodies, such as EIOPA, are actively engaged in developing guidelines to safeguard consumers and regulate data use for risk assessments and pricing.
Competition and market dynamics: As open insurance continues to attract more players, the landscape becomes increasingly competitive. This heightened competition may lead to a stronger focus on price, making it challenging for insurance companies to differentiate themselves based on offerings. Additionally, simplified insurance switching might result in a concentration of customers around a select few providers who offer the best deals, which could impact profit margins for insurers and intermediaries.
Concentration risk and dependency: A significant challenge arises from the concentration of power among incumbent insurance companies, often accompanied by limited inclusion of smaller players in setting industry standards. This scenario can lead to a risk of dependency on a relatively small number of providers. Such dependency introduces the potential for systemic failures that could have far-reaching impacts on the entire insurance industry.
Technological challenges and skills: Implementing open insurance systems requires specialized skills, technical capabilities, and technological expertise. This includes tasks like building secure APIs, managing complex data flows, and ensuring scalability, all of which can be complex and costly endeavors. Examining the banking sector’s experience of opening up APIs solely for payment accounts reveals that larger banks incurred substantial expenses in complying with PSD2 regulations. However, the insurance sector may face even greater potential costs due to the potential complexity of data involved.
While open insurance certainly comes with its fair share of challenges, it’s equally important to recognize the promising opportunities that arise. These opportunities represent a pathway to harnessing the full potential of open insurance in transforming the insurance landscape. Below are some of the primary opportunities presented by open insurance.
Enhanced customer experience: Open insurance enables a more personalized and convenient customer experience. Customers can access and manage their policies, claims, and other insurance-related services through various digital platforms and third-party apps, making it easier to interact with their insurers. This transformation revolutionizes customer engagement, simplifying interactions and fostering satisfaction.
Innovation and competition: Increased competition in the open insurance space is beneficial for both customers and new market entrants. By opening up their APIs, insurance companies can stimulate innovation by allowing third-party developers to create new products and services. This encourages competition and can lead to the development of more customer-centric solutions, ultimately improving the insurance landscape.
Increased efficiency: Open APIs play a crucial role in automating processes, reducing administrative overhead, and lowering operational costs. Claims processing, underwriting, and policy issuance can become more efficient, leading to quicker responses to customer inquiries and claims. The automation of various processes, coupled with the ability to tap into external data sources, allows insurers to reduce operational costs, potentially leading to cost savings for customers or reinvestment in service enhancements.
Enhanced risk management: Open insurance platforms have the capacity to access a broader range of data sources, significantly improving risk assessment models. This, in turn, leads to more accurate pricing and better fraud detection mechanisms. By leveraging this wealth of data, insurers can better understand and manage risks, ensuring a fair and precise evaluation of policies.
Improved transparency: Open insurance platforms provide customers with increased visibility into their policies and the claims process. This transparency enhances trust between insurers and policyholders, strengthening the overall insurer-policyholder relationship. Customers can make informed decisions and have a clearer understanding of their coverage, leading to improved satisfaction and loyalty.
Preparing for open insurance
Open insurance is poised to revolutionize the insurance industry, but unlocking its full potential necessitates strategic preparations from regulatory, risk management, and technological standpoints.
The cornerstone of open insurance is securing consumer consent to share their insurance-related data with the market, underscoring the paramount importance of establishing trust among consumers. The regulatory framework governing open insurance is anticipated to be established in the near future, serving as the cornerstone of a secure digital ecosystem. Given the sensitive nature of insurance-related data, it demands substantial efforts from both the industry at large and individual insurers to ensure robust data protection, compliance with GDPR regulations, and the maintenance of sound IT security measures.
A resilient ecosystem characterized by the seamless flow of information simplifies market entry for new players, intensifying competition. In this highly competitive landscape, insurers must endeavor to differentiate themselves by introducing innovative products and services, necessitating investments in cutting-edge technologies and the cultivation of specialized skillsets.
Crucial aspects integral to optimizing open insurance opportunities include the following:
Open insurance, propelled by the FIDA framework, stands at the forefront of industry transformation. It empowers consumers and SMEs to grant access to their insurance-related data, fostering data-driven innovation and competition.
Looking ahead, a pivotal moment for open insurance will be the implementation of FIDA. The timeline for this milestone is intricately tied to the evolving landscape of the insurance industry. Notably, the European Parliament election in Q2 2024 looms on the horizon, potentially exerting substantial influence over the legislative course and policies shaping open insurance in the EU. Consequently, the enforcement of regulations stemming from the FIDA framework is unlikely to materialize before 2025, at the earliest.
The emergence of open insurance, catalyzed by the European Commission’s FIDA framework, is fundamentally reshaping the insurance landscape. Open insurance transcends traditional boundaries, empowering customers to grant authorization for third-party data users to access their insurance-related data.
Insurance providers now encounter a spectrum of both opportunities and challenges. Access to a wealth of customer data presents the potential for heightened engagement and the creation of personalized insurance solutions. Nevertheless, developing and ensuring fair data-sharing arrangements and managing compensation mechanisms introduce intricate complexities.
Regulatory bodies such as EIOPA and the European Banking Authority (EBA) will play pivotal roles in establishing guidelines to uphold compliance and ethical data practices.
Success in this evolving environment pivots on the adept integration of open insurance into existing business models, harnessing advanced data analytics, AI, and machine learning capabilities. Decisions regarding whether to take a leading role or collaborate within this emerging ecosystem become strategic imperatives.
Consequently, preparing for open insurance is pivotal for insurance companies, promising a data-driven, customer-centric future.
For further inquiries or comments, please contact:
 European Commission (2023). Proposal for a Regulation of the European Parliament and of the Council on a framework for Financial Data Access and amending Regulations (EU) No 1093/2010, (EU) No 1094/2010, (EU) No 1095/2010 and (EU) 2022/2554.
 EIOPA (2021). Open Insurance: Accessing and Sharing Insurance Related Data (open-insurance-discussion-paper-28-01-2021.pdf (europa.eu))