SUSEP Public Consultation Notice No. 34/2021: Requirements for accreditation and operation of Insurance Service Initiator Companies (Sociedades Iniciadora de Serviço de Seguro) within the scope of Open Insurance

The Superintendence of Private Insurance (SUSEP) has placed for public consultation Notice No. 34/2021, presenting the draft of the CNSP Resolution, which proposes requirements for the accreditation and operation of Insurance Service Initiator Companies (SISS) within the scope of Open Insurance. SISS are not to be confused with existing companies under the supervision of SUSEP, but rather can be considered an additional element aiming to contribute to the expansion and gains in efficiency of the market.

SISS is defined in CNSP Resolution No. 415/2021 as a joint-stock company (sociedade anônima – S/A), accredited by SUSEP as a participant in Open Insurance, which provides data aggregation services, information and control panels (dashboards), or, as a customer representative, subject to the customer’s consent, establishes operation initiation services (“serviços de iniciação de movimentação”), without holding at any time the amounts paid by the customer, with the exception of possible remuneration for the service, or that are received by him.

The draft of the new Resolution proposes the following as its main objectives:

1. definition of the minimum technical requirements for the accreditation and operation of SISS;
2. definition of the minimum documentation necessary to file for the application for accreditation;
3. to determine the form in which the analysis of requests will be conducted by SUSEP;
4. to establish a procedure for requesting the provision of operation initiation services by Supervised Companies participating in Open Insurance;
5. to establish the minimum documentation necessary for the request for voluntary cancellation of accreditation, as well as to provide for situations that involve its suspension and ex officio cancellation by SUSEP; and
6. to include, in the specific regulation, provisions for penalties applicable to SISS that fail to comply with obligations arising from Open Insurance.

Among the proposed requirements presented, we highlight the following applicable to SISS:

• Requirement to be participants of Open Insurance and have an exclusive corporate purpose, consisting of the provision of operation initiation services in Open Insurance, notwithstanding the provision of services based on shared data, provided that they are related to its corporate purpose;
• Prohibition regarding the retention of any insurance risks;
• Possibility of being accredited as payment transaction initiator institutions, under the terms of Open Banking regulation.

As for accreditation, the draft proposes:

• Holding a prior technical meeting with SUSEP, to present the general aspects of the project;
• Presentation of financial statements pursuant to Law No. 6,404/76;
• Shareholders’ equity in the minimum amount equivalent to BRL 1,000,000.00. For supervised companies that also provide initiation services, the proposal is that this amount be added to their base capital;
• Compliance with technical requirements by SISS administrators and employees, related to the prevention and combat of money laundering crimes and cyber security, with the establishment of mechanisms for continuous and proactive monitoring of cyber threats and attacks. Failures and violations in the cybersecurity and data protection system may lead to the cancellation of accreditation;
• Compliance with the requirements of conduct, customer treatment, transparency in performance and remuneration, aiming to reduce the asymmetry of information, as well as to mitigate conflicts of interest in the activities carried out by SISS;
• Requirement to renew the accreditation at least every 5 (five) years;
• Exemption from accreditation of supervised companies (insurance company, supplementary pension funds or capitalization company) that provide operation initiation services, notwithstanding the communication of this intention to SUSEP with 90 (ninety) days in advance and obtaining specific certification for this purpose in the participant directory;
• Possibility of SUSEP canceling the accreditation, ex officio, in the event of damages and losses to consumers, resulting from the existence of evidence of illegal practices by way of willful misconduct or fraud; in addition to failures in the cyber security and data protection systems;
• Possibility of suspension of accreditation, in cases of imminent risk or harm to consumers or when, following notification from SUSEP, SISS fail to implement corrective measures, or does not suspend practices that conflict with the law.

Regarding the operation of SISS, the draft Resolution provides for the mandatory requirement to establish a Customer Care Service (“SAC”), at the beginning of their operation.

Furthermore, the new Resolution proposes to update CNSP Resolution No. 393/2020, with the insertion of a penalty that includes SISS, suggesting the following wording:

Article 73-A. Failure to comply with or observe any obligations arising from Open Insurance, with regard to customer relationships, cyber security, financial statements or to governance, including data.

Sanction: fine of BRL 30,000.00 (thirty thousand reais) to BRL 1,000,000.00 (one million reais).

The full draft Resolution can be accessed at this link. Interested parties can send comments or suggestions regarding the text through an electronic message addressed to cgraj.rj@susep.gov.br, until October 30, 2021, using the specific standardized table provided by SUSEP.

Demarest’s Insurance and Reinsurance team is closely monitoring the development of this public consultation through to the publication of the final version and is available to provide any clarifications on the subject.