ESAs’ joint report on digital finance: recommendations for the insurance market

On 7 February, a report summarising the ESAs’ (European Supervisory Authorities) considerations in response to the European Commission’s invitation to provide recommendations on issues related to the world of digital finance was published on the EIOPA online portal. The report provides some cross-sector and some insurance-specific recommendations to ensure that the EU regulatory and supervisory framework is adapted to the digital age. With reference to the insurance market, EIOPA, in cooperation with the other ESAs, has provided two specific recommendations.

Recommendation 1, on the insurance business in the light of digitisation

The report firstly points out that, in the light of digitisation, the definition of insurance and insurance-related activities needs to be questioned again.

Article 18(1)(a) of the Solvency II Directive provides that the corporate object of insurance undertakings should be limited to “the business of insurance and operations arising directly therefrom, to the exclusion of all other commercial business”. In practice, however, it may not be so easy to identify which of the activities that are not strictly insurance-related may be carried out by an insurance company. This is not a new issue, but it seems to arise with particular frequency with the development of digitalisation and InsurTech, which in turn is associated with a shift from a model based on risk protection/coverage to one that relies more on prevention/advice (as seen, for example, in the cyber risk market).
EIOPA recognises that the above-mentioned article, by also referring to the operations that “derive directly” from the insurance activity, could already provide a possibility to include a series of new services that are the result of digitalisation, but that, at the same time, this definition cannot be considered exhaustive.

This could be the case, for example, of purely IT software/API development activities carried out directly by the company, but offered to other insurers or intermediaries (EIOPA gives the example of the intermediary that develops its own comparison tool for internal use, but then offers it to other intermediaries as a white-label service).

A possible solution could be that (digital) activities directly related to insurance activities and insured risks, such as those directed towards risk prevention or risk management services offered to clients (health apps, rehabilitation services, coaching) are considered as insurance or ancillary activities.

EIOPA will consider further analysis, including an in-depth examination of what is considered as “activities directly related to insurance” in several Member States, in order to be able to provide clarification on this issue, taking into account the potential impact on consumers, the insurance industry and its supervision.

Recommendation 2, on the handling of P2P insurance

EIOPA has already examined peer-to-peer/P2P insurance in its “Report on Best Practices on licensing requirements, peer-to-peer insurance and the principle of proportionality in an InsurTech context”. This is a model that is spreading, in which, in a logic of sharing economy, a group of individuals with common interests or similar risk profiles pool their “premiums” in order to insure themselves against a certain risk at more favourable conditions (in the most widespread model, for minor claims the insurance cover is not activated but is drawn from the capital pooled by the group of individuals, as if it were self-insurance, while for major claims a classic insurance cover is activated, stipulated by the group).

In this Report it was noted that, following an approach based on the type of activity carried out, three different P2P insurance business models can be found: (a) P2P insurance sold directly through a licensed insurance company; (b) P2P insurance sold through a licensed/registered insurance intermediary in collaboration with a licensed insurance company; and (c) service/platform providers acting solely as system administrators for risk-sharing groups, without an underlying insurance carrier and without performing insurance distribution activities (e.g. some DLT/Blockchain-based solutions).

Due to the current relatively low market penetration of P2P insurance business models and the fact that most business models appear to be covered by existing regulation, EIOPA does not consider that there is an urgent need for new regulatory approaches or particular changes in relation to P2P insurance.

However, EIOPA suggests that the Commission may consider new legislation in the future, particularly in view of the further development of P2P insurance or similar business models. New legislation could, for example, include the definition of criteria and thresholds to identify when P2P is an insurance product and when service providers are acting as intermediaries. In general, any regulatory response to regulate P2P insurance should be (1) neutral in terms of how a product or service is distributed; and (2) proportionate with respect to the business model, risk profile, size, systemic relevance, and complexity and cross-border activity of the regulated entities.

The ESAs’ observations on the adequacy of the current regulatory framework with respect to new business models definitely offer interesting insights into whether innovative products and services developed by insurance companies and intermediaries should be considered regulated activities. However, the circumstance that the matter is, to date, regulated by minimum harmonisation legislation, namely the Solvency II Directive and the IDD, unavoidably implies the possibility of different approaches to the matter by national authorities. In order to reduce the proliferation of different solutions to common issues, an action at EU level could be an effective solution for a full and uniform development of new (digital) insurance products and services within the EU.