Protectionism continues to create dangerous risk concentrations

Jurisdictions that adopt protectionist measures in (re)insurance can dangerously concentrate risk in their own economies. In a new insight briefing on protectionism, Insurance Europe, the European insurance federation, sets out examples of current protectionist measures and the problems they create for the very economies they seek to protect.
An example of commonly used protectionist measures are compulsory cessions, or “rights of first refusal”. These oblige local insurers to cede their risks to local, often state-owned, reinsurers. They are in force or under consideration in a wide range of African, South American and Asian countries.
Cristina Mihai, head of prudential regulation and international affairs at Insurance Europe, commented: “These kinds of protectionist measures remain a major risk for the jurisdictions that implement them. This is because they concentrate risk in the jurisdiction’s economy, rather than allowing it to be spread throughout the global reinsurance market, which is only possible if markets are open.”
Many protectionist practices also go against the spirit of free trade agreements that various jurisdictions have in place. This is why Europe’s (re)insurers engage with the European institutions to help identify such practices, so that they can be addressed at an international level.
Mihai said: “It is hoped that these kinds of issues will be addressed by EU policymakers in forthcoming discussions on possible trade agreements, as well as in regulatory dialogues with other jurisdictions.”
The briefing also notes that, while some countries are taking positive steps towards opening their markets, these steps are often limited, both in terms of scope and ambition. For example, Argentina recently introduced highly welcomed reforms that will gradually re-open the reinsurance market; however, a complete liberalisation is not yet foreseen.
Mihai added: “By opening their markets to foreign (re)insurers, jurisdictions can benefit their domestic markets in several ways. These include wider access to operational expertise, skills and discipline in underwriting, access to a wider range of products, a strong risk management culture, technological developments and training. All these elements can benefit other companies and sectors, and hence the economy.”
More must be done to address lack of information on cyber attacks
Increasingly devastating cyber attacks mean it is vital for society to protect itself against this emerging threat. Insurers are part of the solution, and many already provide a range of services to their clients, including risk prevention, risk mitigation advice and risk transfer.
However, their efforts are being hindered primarily by one particular challenge: a lack of information on cyber attacks. There is also a pressing need to increase general awareness about cyber risk. These were the central messages from a special event on cyber risk held today by Insurance Europe, the European insurance and reinsurance federation.
Regarding the first challenge, insurers would be able to offer far more tailored protection and advice if they could access anonymised information on cyber attacks. Two incoming pieces of EU legislation, which are currently being implemented, offer a significant opportunity for this to happen.
Michaela Koller, director general at Insurance Europe, commented: “Two recently adopted pieces of EU legislation — the General Data Protection Regulation (GDPR) and the Directive on Security of Network and Information Systems (NIS) — will generate a wealth of new cyber incident-related data. Insurers could significantly enhance their ability to contribute towards the fight against cyber risks, if given access to this information in an anonymised form.”
Regarding the need to raise awareness about cyber risks, insurance associations are already playing a significant role. Some have produced brochures for SMEs that provide tips and information on how they can anticipate and minimise the impact of cyber risks, while others have developed guidelines that enable SMEs to audit their own cyber-resilience. Examples of these programmes are available here.
Koller: “Action by authorities is also welcome. For example, the recent European Commission Cybersecurity Package is a step in the right direction, as it encourages member states to engage in awareness-raising. We look forward to seeing this translated into concrete action.”
Examples of cyber risk-related initiatives & template for cyber breaches published
Insurance Europe has published a special online resource dedicated to cyber risk insurance.
This includes a series of examples of insurance industry initiatives that aim to help strengthen cyber resilience, for example through awareness raising or by providing SMEs with advice.
It also includes a template for breach notifications under the EU’s General Data Protection Regulation developed by Insurance Europe. The template is easy to use and allows the information to be compared across sectors. The data gathered would be anonymised but sufficiently granular to be of use to insurers for underwriting purposes.
The template was shared with the Article 29 Working Party in view of its work on guidelines for data breach notification templates.