On April 22, 2021, the Superintendence of Private Insurance (SUSEP) placed for public consultation Public Notices No. 12 and 13, presenting the draft Circular and Resolution, respectively, on the guidelines for the implementation of the Open Insurance System for insurance companies, open pension entities and capitalization companies.
Open Insurance is a system that is characterized by the standardized sharing of data and services through the integration of platforms and technology infrastructure, and follows the line adopted in Open Banking, in accordance with the recent rules issued by the Central Bank of Brazil. The understanding put forward by the National Council for Private Insurance (CNSP) and SUSEP is that Open Insurance, in line with Open Baking, is considered to be the regulation and operationalization of the Brazilian General Data Protection Law (LGPD) in the economic segment of private insurance, in order to provide a safe, fast, accurate and convenient environment for the holder of the personal data to consent to the sharing of data, to revoke or to request the purge of such data.
In line with this, Public Notice no. 12/2021, in art. 2, item I, defines ‘Open Insurance’ as “standardized sharing of data and services by opening and integrating systems within the insurance, open pension and capitalization markets”.
These rules are structured with the purpose of establishing interoperability between Open Insurance and Open Banking, aimed at serving clients to provide more innovative options and customized experiences.
Furthermore, the Open Insurance regulation aims to avoid asymmetry in the insurance and pension market, considering that not all supervised companies are participants in financial conglomerates or make use of the banking channel to market their products and, therefore, will not benefit from Open Banking .
Therefore, the main objectives of Open Insurance, according to art. 3 of Public Notice No. 12, are to:
- Benefit the client;
- Make data sharing, as provided for in the LGPD, safe, fast, accurate and convenient for clients;
- Encourage innovation in the insurance market;
- Increase the efficiency of the private insurance, open private pension and capitalization markets;
- Promote competition; and
- Be compatible with Open Banking.
The scope of Open Insurance includes the sharing of open insurance data, personal data of policyholders and services related to insurance, and may include other data and services, provided that the provisions of the Resolution are observed.
The sharing of personal data, however, depends on obtaining the holder’s consent and may comprise data provided directly by the client or obtained through consultation with public or private databases, with specific exceptions, as in the case of sensitive personal data.
In addition, participants in Open Insurance are, according to art. 6 of Public Notice No. 12:
- in the case of sharing of open insurance data and personal data of insured persons, (a) the supervised companies in Segments 1 and 2, on a mandatory basis, and bound by the terms of the Open Banking regulations, and (b) the other supervised companies, on a voluntary basis; and
- in the case of sharing of insurance-related services, insurance service initiator companies, on a mandatory basis.
The “insurance service initiator company” is a limited liability company, exclusively digital, providing data aggregation services, information and control panels (dashboards) or, as a client representative, shares insurance-related services, which he consents to, without holding at any time the funds paid by the client, except for any remuneration for the service, or received by him, and which is duly accredited with SUSEP as a participant in Open Insurance, according to art. 2, item IX, of Public Notice No. 13/2021.
In turn, the data and services that are subject to sharing are: (i) service channels; (ii) insurance, open private pension and capitalization products available for sale, regardless of consent; and (iii) registration of clients and their representatives; (iv) transactions related to insurance plans, private pension plans, financial assistance and capitalization; (v) records obtained by electronic devices embedded, connected or used by the client; and (vi) insurance-related services, with the express consent of the holder.
Furthermore, in accordance with the general provisions of the Resolution, the data transmitting company must provide timely information to the data receiving company about the fulfillment of the request for sharing, for which the creation of obstacles to sharing is prohibited, while the participating companies must provide a service channel for the provision of technical support to other participating companies regarding requests for sharing.
The participating company will be responsible for the reliability, integrity, availability, security and confidentiality in relation to the sharing of data and services in which it is involved.
In addition, it is established that participating companies must submit technical proposals to Susep, especially regarding technological standards and operational procedures, the standardization of the data and services layout, the channels for forwarding client demands, among other aspects indicated in the Resolution.
Both Public Notices create several deadlines for the implementation of Open Insurance, considering that the insurance and pension products are provided in Phase IV of Open Banking, expected to be implemented by the Central Bank from December 15, 2021.
The Circular and Resolution Drafts can be accessed through the links above and are available for comments and suggestions that can be forwarded to the e-mail address email@example.com until May 22, 2021, by completing the specific standardized table available at this link.
The Resolution and Circular, if approved, will come into force on July 1, 2021.
Demarest’s Insurance & Reinsurance team will monitor developments regarding these public consultations up to the publication of the final text, and is available to provide any clarifications on the matter.