31 October 2018

EIOPA publishes the result of the work of the EU – U.S. Insurance Dialogue Project in 2018

Insurance industry cybersecurity issues paper

The EU-U.S. Insurance Project will focus its future efforts on further examining these and other examples and approaches to insurer cybersecurity and post-incident coordination. Project members also are contemplating the development of an exercise template or process that could be used to test interjurisdictional responses to a multi-national cybersecurity incident. Initial discussions already have highlighted the need for continued dialogue in order to achieve the goal of improved cross-border coordination.

The cyber insurance market

Going forward, Project members see the need for a deeper mutual understanding of cyber risk. Improved data collection and reporting to regulators (in the EU, in particular), as well as dissemination to the public may help insurers make better underwriting decisions and help their customers make more informed purchases. Enhanced reporting on cyber underwriting, claims, and non-affirmative exposures also is crucial for regulators to better assess insurance market risks. 

In 2019, the EU-U.S. Insurance Project will continue to develop and enhance the mutual understanding of the EU and U.S. cyber insurance market and coverages and their respective regulatory frameworks. Future work may include discussions relating to:

• assessment of non-affirmative cyber risk and the potential for catastrophic losses;
• the challenges of reinsuring cyber risk; and
• the availability of cyber insurance data, including lessons learned from the experience with cyber data reporting in the U.S., and the potential for similar initiatives in the EU.

Big data issue paper

The Big Data Working Group has identified some common insurance industry practices across the U.S. and EU markets. While insurance supervisors want to encourage innovation to meet consumer demands, the Working Group also recognizes necessary consumer protections must remain in place. With a sound regulatory standard firmly established and responsive to both the insurance industry and consumers, insurance supervisors in both the U.S. and EU will continue to apply existing standards, monitor how the insurance industry is using big data and AI, understand consumer expectations, and, ultimately decide if regulatory standards and practices may need to change as the insurance marketplace changes. With this, the Big Data Working Group in 2019 will continue to discuss opportunities and challenges relating to these issues and recommends looking further into the following areas:

• Further exploration of Third-Party Vendor Issues. Discuss current regulatory oversight of insurer use of third-party vendors and whether or how this framework focuses on issues surrounding big data accuracy concerns, and the extent to which the current regulatory perimeter is addressing the ability for regulatory oversight.
• Discuss disclosures to applicants and policyholders specifically about how rating factors and thirdparty reports are being used and the opportunities for applicants and policyholders to adopt informed decisions and correct potential errors, while at the same time respecting insurer’s intellectual property rights (see use of credit score reports in U.S.EU and US as recent example).
• Discuss insurers’ use of AI-models, including governance, data quality and how to reduce the opacity of complex (‘blackbox’) models, for instance through human-intervention, implementation of explanatory models (e.g. LIME-models), or potential restrictions on in- and outputs. 

Supervision of intra-group transactions (IGTs)

The discussions in 2018 in the area of group supervision focused on IGTs with the conclusion that it is crucial for supervisors involved in cross-border operating groups to continue ensuring and enhancing the level of trust and commitment to cooperation and transparent information exchange. With this objective in mind, the following areas of further development and discussion in 2019 are proposed:

• discussions of approaches and practices of supervisory risk assessments and judgments for the most important IGT types observed in both jurisdictions;
• discussion of confidentiality and professional secrecy requirements regarding information exchange;
• exploration of possibilities, practices and examples to conduct joint supervisory activities in addressing topics of common concern through common work plans, off-site and on-site examinations where appropriate and subject to relevant laws and regulations.

Full news

© EIOPA