- About Us
Is the Insurance market changing rapidly? Yes, sir. Is PSD2 disrupting the financial industry? Hell yeah! But when you dive a little deeper, PSD2 and consent can be major growth enablers for Insurers going forward.
As of the beginning of 2018, the Regulatory Technical Standards (RTS) of PSD2 were approved which set the deadline for banks to implement the new requirements by September 2019. The first (and probably most important) thing banks need to bring to market are two open APIs: Account Information Services (AIS) and Payment Initiation Services (PIS). And Third-Party Providers (TPPs) can use these open APIs to build innovative services. For free.
Now, the difference between these two open APIs is:
One can imagine that this creates giant opportunities to enter the digital payments ecosystem for parties other than banks. Equally important, however, are privacy and security concerns as it does involve processing of highly critical consumer data.
Like other verticals, PSD2 brings a vast array of new business opportunities to the insurance industry. I did an attempt to list three possible scenarios:
With PSD2’s Account Information Services, insurers are offered detailed insight into the income and spending behaviour of its clients, it can better determine the risks involved for insuring these against certain things. Based on these risks, personal insurance rates can be proposed to individual consumers.
With the ability to execute payments via PSD2’s Payment Initiation Services, insurers can quite easily expand their service portfolio. For most end-users, both insurance and payments are positioned under the financial services umbrella. In that sense, a move to payments provider would thus be a logical choice for insurers.
The role of TPPs is new in the financial ecosystem. As such, the risks involved need to be determined and special insurance products for these parties seem a logical next step.
A very important element to make this happen is the explicit consent provided by the end-user to TPP (in this case, an insurance company) for processing his or her personal data. The European Banking Association (EBA) recently confirmed that banks will not be forced to double check at TPPs whether this consent has been granted. But this of course does not mean that TPPs don’t need to manage consent according to the highest privacy and security standards. Feel free to read an earlier blog to learn more on the requirements set for consent by GDPR.
In my opinion, the winners of PSD2 will be those parties that create most value to consumers while at the same time make sure that consumer data (including consents) is managed in the most security and privacy-aware manner. To do this, these parties can either build their own Consumer Identity & Access Management (CIAM) platform solutions or turn to one of the CIAM vendors out there. To guarantee privacy and security, consent management is a vital element of CIAM that should not be overseen.
Feel free to repost this blog on your website or social channels! But when you do so, please be so kind as to mention the source and give us a notice via email@example.com.