Home Knowledge Digitalisation – An Increasing Feature of Insurance Regulation

Digitalisation – An Increasing Feature of Insurance Regulation

October 14, 2024
Marguerite Sinnott
Senior Associate
Marguerite Sinnott
Partner
Eoin Caulfield
Partner
Ian Murray

Digitalisation and broader innovation themes are growing features in the insurance sector. This is seen across the entire insurance ‘value chain’.

It ranges from firms dealing with customers through digital channels, often with no direct human interaction, through to back-end activities with a heavy reliance on technology. Many insurers and intermediaries also have complex outsourcing and cloud dimensions.

Regulatory approach

The Central Bank of Ireland, EIOPA, the European Commission, and the European Parliament have been active in seeking to understand the benefits and risks of technology and to regulate accordingly.

EIOPA’s Report on Digitalisation of European Insurance Sector (April 2024) highlighted the variation in approaches to digital across the EU while recognising the increased use of technology. It notes, for example, that the use of chatbots is expected to rise significantly. A lack of IT skills and understanding within firms is also identified.

Risk-based regulation

The new Artificial Intelligence (AI) Act is an example of a risk-based approach to technology, similar in ways to the Solvency II Directive. Different aspects of a firm’s use of AI will now be stratified from ‘high’ to ‘low’ as regards end-user risk, and it is then regulated (to a greater or lesser level) accordingly.

Similarly, the Central Bank of Ireland’s consultation on a new Consumer Protection Code, which closed in June 2024, avoids prescriptive detail. As regards digitalisation, it instead aims to be more principles-based. It mirrors the EIOPA commitment in its ‘Digital Strategy’ document (September 2023) to remain “technology neutral and people first.”

In parallel with initiatives in the financial services area, cross-sectoral legislation includes the new Digital Markets Act and Digital Services Act which now regulate online platforms. Many of the online platforms are expanding into cross-selling activities associated with insurance products. The value of data and client lists is obvious but appropriate use is a key theme of regulators. This builds on areas like the GDPR. There is recent guidance from EIOPA and the Central Bank of Ireland on areas including data ethics, use of cloud and cyber risk.

Digitalisation – ‘securing customers’ interests’

Digital channels will need to be operated in the future according to ‘best outcomes’ based regulation. This is like the recently introduced ‘consumer duty’ in the UK and, in Ireland, the proposed updates to the Consumer Protection Code (2024) and the Individual Accountability Framework’s new ‘conduct’ and ‘business’ standards.

There is a focus on ensuring firms in their digital offerings are always thinking about good outcomes for consumers. Regardless of how a firm gets to an end-sale, it should be fair. The psychology as a customer navigates through an app or platform must be carefully considered and not lead to pre-determined conclusions (e.g. a product is purchased rather than not). This approach can also be seen in the new EU Distance Marketing of Financial Services Contracts Directive, which must be transposed by all Member States by end-2025.

Whilst these areas seek to address digital sales directly, there is also a regulatory theme that no customer should be unduly ‘left behind’ through tech developments. There must be equivalence of treatment, whether selling via a tech channel or a traditional physical presence. It includes regulatory requirements on the appropriate treatment of ‘vulnerable customers’ and the less tech-savvy generally.

DORA and related developments

Operational resilience in business models is a related area that is receiving much regulatory focus. This recognises the increasing sophistication of insurer business models, both in terms of technology and at key pinch-points, such as the use of outsourcing.

Firms are preparing for the Digital Operational Resilience Regulation (DORA), new EU legislation effective from January 2025. DORA brings together provisions addressing digital operational risk, outsourcing, operational resilience, recovery planning and IT & cybersecurity risks. The approach, recognising the international nature of activities, has been to create a single EU statute taking in all these areas but which can operate in the same way for all Member States.

Apart from regulated financial services firms, including insurers, DORA brings into regulatory scope external service providers that are viewed as systemically significant. This includes the main cloud providers, such as AWS, Azure, and Google Cloud. They will now be regulated by a designated EU financial services regulator, in many ways, just like an insurer or any other type of regulated firm.

If you wish to talk to us about digitalisation in the insurance sector, please contact Eoin Caulfield, Marguerite Sinnott, or any member of the Insurance team.

A version of this article previously appeared in Finance Dublin 2024.

Recommended Insights

See all
Article and Insights
15
Oct 2024
DORA – What Irish Insurance Firms Need to Know
DORA significantly raises the benchmark in cyber and ICT risk management standards...
WF_author_blank
Senior Associate
Marguerite Sinnott
Article and Insights
5
Sep 2024
Asset Management & Investment Funds Update – September 2024
September 2024 updates across sustainable finance, macroprudential policy for inve...
WF_author_blank
Partner
Nessa Joyce
Article and Insights
19
Aug 2024
EIOPA Publishes Final Advisory Report on Greenwashing and Sustainability Claims
EIOPA issues its final report on greenwashing risks and the supervision of sustain...
WF_author_blank
Partner
Eoin Caulfield
Article and Insights
11
Jul 2024
Asset Management & Investment Funds Update – July 2024
Welcome to the July 2024 edition of our Asset Management & Investment Funds Update.
WF_author_blank
Consultant
Patricia Taylor
Article and Insights
3
Jul 2024
Legal News Podcast – July 24
Here is a selection of recent publications and podcasts contained in our July 2024...
WF_author_blank
Consultant
Gail Nohilly
Article and Insights
20
Jun 2024
Podcast – DORA: Practical Initial Steps to Compliance
In the third episode of our DORA miniseries, the Fintech team look at implementing...
WF_author_blank
Partner
John O’Connor
Article and Insights
17
Jun 2024
DORA: ICT-Third Party Risk Management and Contract Remediation
In this episode, our Fintech team take an in-depth look at one of the key themes o...
WF_author_blank
Partner
John O’Connor
Article and Insights
13
Jun 2024
Podcast – Overview of DORA
In this first episode of William Fry's Legal Podcast miniseries focusing on DORA, ...
WF_author_blank
Partner
John O’Connor
Article and Insights
18
Apr 2024
EIOPA Publishes Supervisory Statement on Reinsurance from Third-Country Reinsurers
EIOPA finalises its supervisory statement on reinsurance concluded with third-coun...
WF_author_blank
Partner
Eoin Caulfield
Article and Insights
2
Feb 2024
Digital Operational Resilience Act – second batch of technical standards launched for consultation
We focus on the second batch of draft implementation measures announced by the Eur...
WF_author_blank
Partner
John O’Connor
prev
next
See all