IDD, a challenge for insurers’ regulatory compliance

Some economic sectors are subject to intense regulatory pressure due to the relevance of their activity, their impact on the lives of their clients or users or the special protection of the data they handle, among other reasons. Among these sectors is the insurance sector. Such is the volume of data processed by its companies and its relevance that the European Union created a directive to harmonize at Community level some of the essential aspects in the distribution of insurance, thus improving the relationship between company and client. It did so by means of Directive (EU) 2016/97 on Insurance Distributiontransposed to our legal system in 2020. The obliged subjects are: insurers and any entity that participates in the process of insurance distribution, whether they are mediator, broker, physical or digital insurance offices, etc.

Among many other things, the IDD (Insurance Distribution Directive) came to standardize in all Member States aspects such as, among others, the mandatory qualification of insurance professionals and the information (type and format) that must be provided to customers before and after taking out products. It also makes it compulsory for customers to carry out suitability and appropriateness tests before taking out certain types of insurance, as was already the case in the financial sector, thus obliging insurers to create and implement Product Oversight and Governance(POG) procedures or policies to ensure that products meet the needs of the target market at all times. With this regulation, the European Parliament has brought transparency to the contracting processes and increased protection for users, regardless of the European Union country in which they reside or the channel through which they purchase their insurance. Another of its effects has to do with guaranteeing free competition in the sector. But, undoubtedly, one of its most important innovations has been to consider insurance companies as a distribution channel more oriented towards the end user: the customer.

Due to the wide range of types of companies affected, products and types of clients, as well as the diversity of existing channels for communicating with the client, the IDD is a directive that generates difficulties in its compliance and also makes it difficult to comply with it continuously: it is not enough for the actors in the insurance area to adapt to the regulation at the time of its entry into force, for example, but because of some of the obligations established in the text, this has to be done continuously. One of the most important challenges for companies is to undertake the processes related to the Insurance Product Information Document (IPID) for non-life products and the suitability and appropriateness tests in the case of insurance-based investment products. Regarding the former,

IPID is a document that must be delivered on a durable medium. -Durable medium – meaning any instrument that enables the consumer and the entrepreneur to store information addressed personally to him in a way that allows future reference and faithful reproduction. the customer prior to taking out an insurance policyIn the first, the insurance policy, which details the following aspects: insurer, type of insurance, coverage, exclusions, limitations and the existence of a section where you can get in touch in case of non-renewal of the insurance, in short, it is a document that facilitates the understanding of the general conditions of the insurance contracted. Regarding the second, suitability tests are mandatory in those insurance-based investment products that incorporate a structure that makes it difficult for the customer to understand the risk involved, for the purposes of Article 30, paragraph 3, of the Insurance Distribution Directive.

In both cases, companies must be able to make the appropriate documents and information available to their clients or future clients before signing the product, do so in the manner established by the regulations and obtain the necessary evidence depending on the case (delivery, downloading, reading, carrying out the test, communication of the client’s aptitude or not to contract the investment…). In addition, at the request of the regulator, the user or the judicial administration, in the event of litigation, the companies will have to be able to demonstrate that the entire process has complied with the requirements of the IDD and with all the guarantees provided by law. All this, moreover, must be carried out in combination with the prerogatives of one of the most important cross-cutting regulations (and one that causes a greater number of fines), the General Data Protection Regulation. The transposition of this directive in Spain was carried out at the beginning of 2020, when it was approved by the Council of Ministers through the Royal Decree-Law on the public procurement of private insurance.

The transposition of the IDD into Spanish law classifies its infringement regime into very serious, serious and minor infringements, and distinguishes between natural and legal persons both when identifying infringements and when imposing the associated fine. In the case of very serious penalties, a company could face penalties of up to 5% of the annual turnover published in the latest available accounts or 5 million euros. Also, and depending on the typology of the sanction, fines of twice the amount of the profits made or losses avoided due to the infringement could be imposed, if this can be determined. In the case of individuals, in addition to financial penalties, some of the irregularities could lead to the cancellation of their registration in the administrative register or even the suspension of activity for a period of 10 years.

At MailComms Group we have technological solutions, developed in-house, designed to ensure compliance with the Insurance Distribution Directive, while offering an attractive user experience to customers and the companies with which we collaborate. Our tools allow us to generate and send the IPID and the suitability and appropriateness tests through any channel and in a certified manner, and also obtain the evidence of storage on a durable medium required by law to ensure that the procedures are properly carried out. In addition, these solutions integrate functionalities such as electronic signature, proof of receipt and digital certification to ensure the legal authenticity of transactions and defense in case of claims or legal proceedings. In addition, they can be combined with our platform for the management of RGPD consents for full regulatory compliance.