In this journey towards digitization, Open Insurance presents itself as an opportunity to the insurance sector. The European Insurance and Occupational Pensions Authority (EIOPA) defines Open Insurance as an initiative that promotes the access and sharing of personal and non-personal data related to insurance activity, normally through Application Programming Interfaces (APIs).
Open Insurance can provide many opportunities for a data-driven society, both from the perspective of creating new digital businesses and in terms of transparency. Likewise, it makes insurance more holistic to the customer’s view.
However, it also brings with it certain risks, among which we can highlight those related to the following domains: privacy and data security, impact on the reputation of companies, vulnerabilities in the Cyber/ICT (Information and Communication Technology) field, interoperability problems or contingencies derived from concentration and dependence on third parties.
Although there is currently no specific regulation for the creation of these APIs, the lessons learned from open banking/PSD2 show that the sector needs some guidance and support for the generation of these APIs.
Although the term has started to join the agenda of insurers, and some of them already offer a marketplace to enable third parties to consume their applications, the model is not fully mature in Spain. To date, not many companies have taken a step forward with the implementation of this kind of open solutions.
Moreover, it is important to stress the impact of technology on the Open Insurance model. Apart from the exchange of information between different actors, this initiative goes beyond data sharing. That is, it is essential to understand how technology is used for the collection and exploitation of data, as well as for the generation of new business models. For example, if processes incorporate the use of technologies such as IoT (Internet of Things), telematics, artificial intelligence, machine learning, blockchain, or smart contracts, among others.
Existing regulations such as the Insurance Distribution Directive (IDD), Solvency II, and Data Protection Regulation (GDPR) in combination with new regulations being worked on such as crypto-asset markets (MICA), Digital Operational Resilience Regulation (DORA), the EU's fifth and sixth Anti-Money Laundering Directives (AMLD5 and AMLD6) or the Artificial Intelligence legislative acts may cover a large part of the risks generated by these technologies.
Nonetheless, in this context, some stakeholders consider that certain angles of regulation should be reviewed, including sustainability, considering that some technologies such as blockchain may involve massive energy consumption. Therefore, intensive use of this technology could counteract the effort to mitigate climate change and give rise to contradictory regulatory imperatives.
Recent studies on Insurtechs already delve deeper into the importance of regulation in the insurance industry, with a focus on the impact of ecosystems and Open Insurnace. In these analyses, attention is also beginning to be drawn to the path of regulatory Sandboxes. These spaces allow the creation of new products and services with much more agile means, as regulation is incorporated into innovation processes from the outset.
In short, Open Insurance is here to stay in the industry. For this reason, insurers must commit to the creation of spaces to connect to third-party ecosystems (and vice versa), and, at the same time, they must begin to propose innovative use cases within the framework of the aforementioned Sandboxes. This combination of innovation, technology, and regulation will undoubtedly be the basis for the future of insurance.