CNSP Resolution 429/2021: Requirements for accreditation and operation of Insurance Service Initiator Companies (Sociedades Iniciadora de Serviço de Seguro) within the scope of Open Insurance

The Superintendence of Private Insurance (SUSEP) published Resolution No. 429/2021, which provides requirements for the accreditation and operation of Insurance Service Initiator Companies (SISS) within the scope of Open Insurance. SISS are not to be confused with existing companies under the supervision of SUSEP, but rather can be considered an additional element aiming to contribute to the expansion and gains in efficiency of the market. The new Resolution stems from Public Consultation No. 34/2021, through which SUSEP gathered comments and suggestions from the market to prepare the rule.

The SISS is defined in CNSP Resolution 415/2021 as a corporation, accredited by SUSEP as an Open Insurance participant, providing data aggregation services, information and control panels, or as a customer representative, provided that consent is given by the customer, providing transaction initiation services, without holding at any time the funds paid by the customer, with the exception of any remuneration for the service, or those funds received by it.

Among the main innovations brought by the Resolution in relation to the draft placed for public consultation is the possibility that the SISS may enter into partnerships with insurance brokers, with the objective of providing mechanisms for the intermediation of insurance, capitalization and open supplementary pension fund products. However, these partnerships do not include the sharing of personal data of Open Insurance clients with insurance brokers.

Furthermore, the text of the new Resolution maintained the requirements applicable to SISS described in the draft placed for public consultation, the main ones being:

1. Requirement to be participants of Open Insurance and have an exclusive corporate purpose, consisting of the provision of operation initiation services in Open Insurance, notwithstanding the provision of services based on shared data, provided that they are related to its corporate purpose;
2. Prohibition regarding the retention of any insurance risks;
3. Possibility of being accredited as payment transaction initiator institutions, under the terms of Open Banking regulation.

With respect to accreditation with SUSEP, the Resolution provides the following requirements applicable to SISS:

1. Holding a prior technical meeting with SUSEP, to present the general aspects of the project;
2. Presentation of financial statements pursuant to Law No. 6,404/76;
3. Shareholders’ equity in the minimum amount equivalent to BRL 1,000,000.00 (one million Brazilian reais). For supervised companies that also provide initiation services, the proposal is that this amount be added to their base capital;
4. Compliance with technical requirements by SISS administrators and employees, related to the prevention and combat of money laundering crimes and cyber security, with the establishment of mechanisms for continuous and proactive monitoring of cyber threats and attacks. Failures and violations in the cybersecurity and data protection system may lead to the cancellation of accreditation;
5. Compliance with the requirements of appropriate conduct, customer treatment, transparency in performance and remuneration, aiming to reduce the asymmetry of information, as well as to mitigate conflicts of interest in the activities carried out by SISS;
6. Requirement to renew the accreditation at least every 5 (five) years.

In addition, the new Resolution provides for scenarios that involve exemption, cancellation and suspension of accreditation. Among the provisions, the rule establishes that, in the event of damage to consumers or evidence of unlawful practice through malice or fraud, as well as failures in the cybersecurity and data protection system, SUSEP may cancel the accreditation ex officio.

For the supervised companies (insurance company, supplementary pension fund entity or capitalization company) that provide services for the initiation of transactions, notwithstanding the communication of this intention to SUSEP 90 (ninety) days in advance and obtaining the specific certification for this purpose in the participants directory, the new Resolution provides for the exemption of the accreditation.

With respect to the functioning of the SISS, the Resolution establishes the obligatory nature of the institution of Customer Service (SAC), at the beginning of its operation.

Furthermore, by updating CNSP Resolution 393/2020, the new Resolution establishes that, in the event of non-compliance with any obligations arising from Open Insurance, with regard to customer relations, cybersecurity, financial statements or governance, including data, the SISS will be subject to a fine ranging from BRL 30,000.00 to BRL 1,000,000.00. 

The Resolution will come into effect on December 1, 2021 and its full text can be accessed at this link.

Demarest’s Insurance, Reinsurance, Health and Pension Funds team is available to provide any further clarifications that may be necessary.