The insurance industry has seen an increase of insurance technology companies (aka InsurTechs) expanding influence and presence over the last few years, especially in the EU. To ensure you have a solid understanding of this potential disruptor we will give you a brief overview of what InsurTech is, what it’s up to, and how it may impact your data security posture.
InsurTech does one main thing: combine technology with new and innovative business models. Usually, the goal is to impact the insurance industry or a portion of its value chain with enhancements or disruptions. This combination of technology and innovation can help insurance become more consumer friendly, inexpensive, and hopefully simpler overall!
In January 2019, the three European Supervisory Authorities (ESAs) jointly released a FinTech report outlining two initiatives that can help facilitate financial innovation. The ESAs refer to these initiatives as ‘innovation facilitators’ and breaks this into the two initiatives:
- Innovation hubs
- Regulatory sandboxes
Innovation hubs provide a method to obtain non-binding guidance on FinTech related issues. Both regulated and unregulated organizations can engage with national component authorities (NCAs) - typically the financial service supervisory authorities in a relevant jurisdiction. This provides guidance on how financial products and services, business models, and delivery mechanisms can be innovative and conform to various regulatory requirements as well as different licensing and registration requirements.
Three participant types have been identified for innovation hubs:
- Start ups - unlicensed entities looking to enter the financial services market
- Regulated entries who already have competent authorities looking to increase innovative products or services
- Technology partners who provide technical solutions to the financial services market
Regulatory sandboxes are a method to test out innovative financial products, services, or business models. The NCAs monitor these methods via an agreed upon use of different test plans for both regulated and unregulated organizations. One of the primary goals is to have a monitored space to foster innovation, and two other common objectives were identified:
- Improve firms’ understanding of regulatory expectations for innovated business models, products, or services while staying focused on existing regulatory frameworks
- For the authorities to have improved knowledge of financial innovations and the risks vs. opportunities by leveraging direct testing
Both innovation hubs and regulatory sandboxes are designed to enhance both the organizations’ and the NCAs’ understanding of relevant issues surrounding innovative financial services, especially around activities involving digital assets and cryptocurrency.
Regulations vs. Innovations
Regulations and security policies often hamper and slow down initiatives to innovate with new products/services and an organization’s efforts to produce new ways to tackle difficult challenges. The goals for both innovation hubs and regulatory sandboxes include the ability to bridge the gaps between opposing forces and find ways to allow for innovation while still maintaining solid security practices and supporting the ability to meet current regulations and compliance mandates. This is done by allowing organizations to try out new approaches within the context of a safe and monitored environment that provides supervisory feedback and input to ensure the innovations are not violating one or more of the relevant regulations. This can result in best practices that organizations can leverage to continue to innovate while maintaining consumer protections.
Insur the Value
The outcome of the ESAs’ initiatives remains to be seen. Some organizations have been hoping for a unified single FinTech framework in the EU without additional legislative action. The ESAs seems to have an approach that provides multiple options to keep the regulatory progress on track. Any time organizations see efforts like this to work better together and engage with authoritative or supervisory organizations, there is an opportunity to find value and help maintain the momentum of innovative initiatives.
Looking at this specific set of initiatives for FinTech and InsurTech, there is an opportunity to interact with the ESAs to get the most out of these initiatives and help drive the value they offer.
There may be several approaches to participating and finding value, but for many it is interesting to note that when reading the ESAs’ report and the corresponding initiatives and goals that two commonly used terms are “consumer protection” and “data protection,” and then that “data analytics” are needed to establish and maintain these protections.
Consumer protection can mean many things, but it almost always includes protecting specific types of sensitive data for consumers. At the core of this initiative then are the same critical considerations that cybersecurity has seen in all other industries - what data needs protection and how must that protection be implemented. The ESAs’ initiatives allow for the technical details in this space to be tested out and compared to regulatory requirements. However, the time and effort involved can quickly become overwhelming with a haphazard approach or when focusing on data protection considerations with just one data type, security approach, or technology at a time.
Protecting all your sensitive data with a single approach that can meet the rigors of any past, current, or future regulation or security requirement is one of the best ways to be able to focus on the innovation and functionality aspects your products and services need to be successful. For more information on how to succeed with your data protection strategy and focus your organizations time and investments more on innovation, get in touch with us here.