.Countries around the world have adopted or are in the adoption of open banking regulations reform

The reform allows citizens to instruct the banking entities to share with fintech companies information about the current account, credit cards, loans, insurances and more, with the aim of evaluating whether there is a possibility to reduce costs and manage our household and business more efficiently and better, quickly and simply.

The important reform, which opens the markets to competition and optimizes the financial services for us, now allows more fintech companies to enter the market and offer advanced services to citizens. However, it also exposes those companies to various risks, exposing them to various lawsuits and regulatory investigations.

What Do the Open Banking Regulations Stipulate?

As part of the “open banking” reform, legislators around the world have been developing laws and regulations,  among other things, the license obligation for companies that want to present financial information to customers by connecting online to financial institutions through API interfaces.

Currently, there are two kinds of licenses: Account information service provider (AISP), and Payment Initiation service provider (PISP).

It allows the licensee to offer customers various services. For example, the concentration of financial information from sources of financial information, cost comparison, transfer of information to financial entities in order to receive offers to contract for the client for financial services, and more.

For example, according to the PSD 2 regulation in the EU companies are required to hold insurance in order to be licensed.

 

According to the authority, the scope of the insurance and/or the deposit will be determined according to the following parameters:

  1. The type of activity of the licensee
  2. Does the licensee provide only an information service or also additional services such as payment services or a paid service?
  3. The number of customers of the licensee.
  4. The number of accounts from which the licensee collected financial information.

 

 

What is the Open Banking licensee responsibility towards his customers, and what insurance is suitable to cover it’s responsibility?

The existing laws regulate various acts of negligence, such as negligent representations, advice, and management. The question is, what happens regarding insurance related to negligence, due to the use of technological systems and even cyber incidents? Today licensees have an obligation to meet cybersecurity standards.

 

What is Happening in the World?

In 2018, the Second European Directive on Payment Services (PSD2) came into force by the European Union. The directive is part of the international regulation of payment services. It establishes an insurance obligation for providers of financial information services. The European Banking Authority (EBA) has issued detailed guidelines which determine how the amount of insurance should be determined. Still, these are also coverages that the insurance must include.

According to the EBA, licensees of financial information service providers (Account Information Services) must take out professional liability insurance, but the insurance must also include coverage against claims arising from unauthorized and/or malicious access to customer information. In other words, coverage for claims also for cyber incidents.

 

So, Which Insurance Meets the Requirements of the Law?

In fact, the insurance license holders must take out professional liability insurance, including coverage for technological failure – Technology Errors and Omissions Insurance. Today such insurance exists under professional liability insurance for high-tech companies.

The point is that this insurance mostly only includes coverage for claims filed against the company for technological failures, such as software bugs, breaches of contract, disruptions, and intellectual property violations.

In most cases, the insurance will include an exception related to cyber incidents. In some cases, the insurance company can be asked to extend the policy, which will include coverage for claims arising from an event with an additional fee. Alternatively, today in Europe, there are dedicated insurances in accordance with the directive.

 

Additional Insurances that License Holders Must Take into Account

So far, we have discussed the issue of insurance, which is mandatory according to the law. But in light of these license holders’ regulatory oversight and exposure, it would be advisable to consider additional insurance, such as covering legal expenses for regulatory investigations and insurance for directors and officers, for which personal liability can be imposed by law. And, in light of the exposure of the companies to a cyber incident and the dramatic increase in the number of cyber incidents in recent years, take care of full cyber insurance that will also include coverage for the damages of the company itself, for cyber incidents such as ransom, reporting expenses, forensics personnel and more.

With the development of technology, we are witnessing new risks that are also expressed from a regulatory point of view, and therefore today, companies that provide services technologically must be aware of these risks and examine the possibility of transferring them through appropriate insurance.

This law is the first of two laws as part of the open banking reform. When the next one is expected to be the payment law, which will include additional obligations and the license holders will have to arrange insurance accordingly.

LAMDA’s dedicated open banking insurance policy is recognized by the Israel Real Estate Authority as an alternative to collateral during the process of obtaining an open banking license.