December 13, 2018 Identity Management Blogby Mark de Hullu

PSD2 and Consent as opportunities for Insurers

Is the Insurance market changing rapidly? Yes, sir. Is PSD2 disrupting the financial industry? Hell yeah! But when you dive a little deeper, PSD2 and consent can be major growth enablers for Insurers going forward.

 

The principles of PSD2 and Open Banking

As of the beginning of 2018, the Regulatory Technical Standards (RTS) of PSD2 were approved which set the deadline for banks to implement the new requirements by September 2019. The first (and probably most important) thing banks need to bring to market are two open APIs: Account Information Services (AIS) and Payment Initiation Services (PIS). And Third-Party Providers (TPPs) can use these open APIs to build innovative services. For free. 

Now, the difference between these two open APIs is:

 

  • Account Information Services (AIS) make consolidated information on the payment accounts of end-users as held by banks, available to TPPs. This will result in TPPs being granted access to the information on payment accounts.
  • Payment Initiation Services (PIS) allows TPPs to initiate an actual transfer of funds on behalf of the end-user, of course with explicit consent and secure authentication by the end-user. In practice, this means that an end-user can initiate payments via TPPS, to be deducted from an account the end-user holds at a bank.

 

One can imagine that this creates giant opportunities to enter the digital payments ecosystem for parties other than banks. Equally important, however, are privacy and security concerns as it does involve processing of highly critical consumer data.

 

New PSD2 business models for Insurers 

Like other verticals, PSD2 brings a vast array of new business opportunities to the insurance industry. I did an attempt to list three possible scenarios:

 

1. Offer personal insurance rates

With PSD2’s Account Information Services, insurers are offered detailed insight into the income and spending behaviour of its clients, it can better determine the risks involved for insuring these against certain things. Based on these risks, personal insurance rates can be proposed to individual consumers.

 

2. Expand service portfolio with payments

With the ability to execute payments via PSD2’s Payment Initiation Services, insurers can quite easily expand their service portfolio. For most end-users, both insurance and payments are positioned under the financial services umbrella. In that sense, a move to payments provider would thus be a logical choice for insurers.

 

3. Set up new insurance services to TPPS

The role of TPPs is new in the financial ecosystem. As such, the risks involved need to be determined and special insurance products for these parties seem a logical next step.

 

The way forward: consent is key

A very important element to make this happen is the explicit consent provided by the end-user to TPP (in this case, an insurance company) for processing his or her personal data. The European Banking Association (EBA) recently confirmed that banks will not be forced to double check at TPPs whether this consent has been granted. But this of course does not mean that TPPs don’t need to manage consent according to the highest privacy and security standards. Feel free to read an earlier blog to learn more on the requirements set for consent by GDPR.

In my opinion, the winners of PSD2 will be those parties that create most value to consumers while at the same time make sure that consumer data (including consents) is managed in the most security and privacy-aware manner. To do this, these parties can either build their own Consumer Identity & Access Management (CIAM) platform solutions or turn to one of the CIAM vendors out there. To guarantee privacy and security, consent management is a vital element of CIAM that should not be overseen.

 

Mark de HulluMark de Hullu

Sr Sales Executive at iWelcome

With over 20 years of experience, Mark has become a successful sales executive in the  technology industry with a proven track record in IT sales.

Mark de Hullu

Feel free to repost this blog on your website or social channels! But when you do so, please be so kind to mention the source and give us a notice via marketing@iwelcome.com.