“Open Insurance,” as part of Open Finance, is a concept that has the potential to transform the insurance industry. It refers to the sharing and leveraging of customer data between insurance companies and third-party service providers, facilitated by digital platforms and application programming interfaces (APIs). The concept of Open Insurance is supported by the upcoming regulation on Financial Data Access (FIDA) proposed by the European Commission¹. This development will force insurers to rethink their data strategies.

This briefing note discusses the scope of FIDA, its potential impact on the insurance industry and the strategic options available to insurers to compete in this new environment.

The road to Open Insurance

The precursor of Open Insurance started in banking in 2020, with the introduction of the revised Payment Services Directive (PSD2), which had the aim of “opening up” data possession and portability in the banking sector. PSD2 introduced data-sharing rights for third-party providers to access customer data regarding payment accounts, if given permission by the customer. The two main objectives of this regulation were to give individuals control and rights over their own personal payment account data (in line with the General Data Protection Regulation (GDPR), and to stimulate competition and innovation within the banking sector².

In 2021 this was continued by a discussion paper published by the European Insurance and Occupational Pensions Authority (EIOPA)³, which explored questions of how far insurance value chains should be “opened up,” and what the implications could be for both the industry and consumers if regulation similar to the banking rules were applied. This paper suggests that a framework like the PSD2 cannot simply be applied to the insurance sector due to inherent differences between the banking and insurance industries. Insurance products are more complex and encompass a wide variety of optionality, where (very) sensitive and personal data are required for risk identification and pricing. In addition, insurance products face less frequent client-customer interactions.

In June 2023, the European Commission (EC) published the FIDA proposal⁴, which builds upon PSD2 for establishing a framework for responsible access to individual and business customer data across a wide range of financial services (such as mortgages, savings and investments, pension rights, real estate, credit data), including the insurance sector.

Part of this proposal is insurance-related:

1. The obligation for customer data holders to make this data available to data users, subject to the permission of the customer.
2. The observation that insurance companies could be both data holders and data users within the scope of this proposal.
3. A mandate for standardisation of customer data and the required technical interfaces as part of financial data-sharing schemes, of which both data holders and data users must become members within 18 months after this legislation goes into force.
4. Compensation rules entitling the data holder to charge a fee for making the data available to the data user, will also be established within these financial data-sharing schemes.

The aforementioned financial data-sharing schemes are proposed in the legislation as a way to give responsibility to the market participants themselves for implementation of data-sharing arrangements and compensation rules. This self-regulatory approach allows the industry significant flexibility to establish its own standards regarding the practicalities of data sharing. If no scheme is developed for certain categories of customer data, or if there is no realistic prospect of one being established, then the EC may adopt a delegated act specifying common standards for the data and technical interfaces.

The proposal will still need to pass through the EU Parliament and EU Council and is therefore still prone to internal discussions and lobbying from industry. As EU Parliament elections will take place in June 2024, it could take another 18 to 24 months for the proposal to enter into force; it will thus most likely not take effect before the end of 2026.

The scope of FIDA regarding insurance

With respect to insurance, the FIDA proposal will apply to customer data on non-life insurance products except for sickness and health insurance products. Life insurance products are excluded because the draft proposal considers that data sharing for these products could entail significant risks of financial exclusion in case it led to overly stringent or discriminatory requirements for underwriting. It is unclear at this stage whether corporate pension contracts are part of this exclusion, which potentially could lead to portfolio transferability risks. In addition, some (re)insurance companies are excluded from the scope of the regulation due to size (premium income less than EUR 5 million, or the total of the undertaking’s technical provisions, gross of the amounts recoverable from reinsurance contracts and special purpose vehicles, does not exceed EUR 25 million).

In the proposal, customer data is defined as: “personal and non-personal data that is collected, stored, and otherwise processed by a financial institution as part of their normal course of business with customers which covers both data provided by a customer and data generated because of customer interaction with the financial institution.” In our view, this definition leaves room for interpretation, but we believe that "normal course of business" and "as a result of customer interaction" imply that, besides policy data, also data related to claims and other information gathered under an insurance contract are encompassed by these terms.

All these data shall be made available in a secure and standardised way through APIs, which allows for the development of innovative and interconnected financial products and services.

Strategic implications for insurers, lessons from Open Banking

To envision the strategic future of Open Insurance it is useful to analyse the market developments in banking that occurred after introducing PSD2. Since 2020, three new types of data-driven business models have emerged:

1. Infrastructure providers that provide a platform for which other companies, such as fintechs and banks can offer digital financial solutions.
2. Product augmenters that use access to banking data to improve their existing products or services, for example by making them easier or faster.
3. Customer experience providers that create more reliable or more secure insights and overview in financial transactions.

These same types of data-driven business models may also be likely to emerge, albeit in a different form, in the insurance market when the FIDA legislation is implemented.

The EIOPA paper also describes some theoretical use cases that may emerge. The most obvious is to provide consumers a user-friendly overview of their insurance policies, including coverage details, potential overlaps and exclusions⁵. This model, which could be classified as a customer experience provider, can also be easily extended to comparing different offerings and data-driven decision-making, a business model already used by some of the online brokers in various markets. Using a richer dataset about the customer’s coverages will allow training artificial intelligence (AI) algorithms, like recommender engines, to customize new product offerings.

The potential emergence of these business models, including potential new entrants, will force insurers to rethink their strategic options.

Strategic options for insurers

Building on the lessons from the banking industry, insurers have several opportunities to benefit from this upcoming regulation. If provided with a wider range of data, insurers could:

1. Use customer data for cross-selling and upselling, for instance in combination with using AI (recommender systems).
2. Offer insurance-as-a-service, fully digital or embedded insurance where insurance is seamlessly bundled with products and services from other industries.
3. Improve fraud detection models by using a broader dataset.
4. Improve risk and/or pricing models, facilitating better underwriting.
5. Offer personalised products and services, for instance customised coverages or usage-based insurance.

At the same time insurers will face some challenges:

1. New insurtech competitors may emerge, for instance with the entrance of Big Tech companies, which have a (temporary) “unfair” advantage in the current proposal, as they are not insurers. FIDA obliges data sharing by insurers but not data sharing to insurers by third parties.
2. The availability of more data allows for more precise risk assessments and individual pricing but at the same time contradicts the principle of solidarity in insurance, which is based on pooling risks among a group of people. The more that data is used to differentiate, the less the risk is shared, thus eroding the sense of community and mutual support.
3. Potential for regulatory fines and reputational damage because of data breaches.
4. Investments needed to mitigate information and communications technology (ICT) and cyber risk to comply with regulations and compatibility with existing legacy IT-systems.

Insurers will need to respond to these opportunities and challenges by answering several strategic questions, like which business model to pursue (1), whether to make, buy or leverage potential partnerships with insurtechs (2), what data strategy will bring a competitive advantage (3) and how to build an easy to-work-with data and API infrastructure (4).

Conclusion

Open Finance may have a profound influence on insurance, both on the technical and data side, as well as on a strategic level, where new entrants with sophisticated data-mining capabilities could outcompete and seize customer relationships. Given the strategic implications, it is highly recommendable for insurers to start rethinking their data strategies with a focus on customer value. The development of advanced analytical capabilities, like AI and machine learning, product personalisation and additional compliance, will require sizable investments and business change.

The developments that followed the introduction of PSD2 give insurers some options to consider. Building a competitive data strategy will be a must in this increasingly competitive environment.

¹ EC (28 June 2023). Financial Data Access and Payments Package. Retrieved 8 May 2024 from https://finance.ec.europa.eu/publications/financial-data-access-and-payments-package_en.

² European Central Bank (March 2018). The Revised Payment Services Directive (PSD2) and the Transition to Stronger Payments Security. Retrieved 8 May 2024 from https://www.ecb.europa.eu/paym/intro/mip-online/2018/html/1803_revisedpsd.en.html#:~:text=The%20main%20objectives%20of%20the.

³ EIOPA (28 January 2021). Open Insurance: Accessing and Sharing Insurance-Related Data. Retrieved 8 May 2024 from https://www.eiopa.europa.eu/consultations/open-insurance-accessing-and-sharing-insurance-related-data_en.

⁴ The full text of the proposal is available at https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:52023PC0360.

⁵ EIOPA (24 July 2023). Discussion Paper: On Open Insurance: An Exploratory Use Case in the Insurance Sector. Retrieved 8 May 2024 from https://www.eiopa.europa.eu/system/files/2023-07/EIOPA%20Open%20Insurance%20use%20case%20-%20Insurance%20Dashboard.pdf.