Technological developments are changing the framework conditions in the financial market and are opening up new opportunities for insurance undertakings, that are however also bound with risks. In addition, the Covid-19 pandemic has accelerated innovations and digital interconnectedness, thereby further increasing challenges in conjunction with the using of information and communication technologies.
In this environment, the FMA is continuing its analysis of the state of digitalisation in the Austrian financial market. Based on this, the FMA is able to take preventative measures, to initiate improvements in the legal framework, determine the intensity of supervision of individual supervised undertakings in a more risk-adequate manner, and to act in a risk-based and forward-looking manner in planning and setting the priorities for supervision.
Strengthening of cyber resilience is the centrepiece of legal development.
- In particular, the European Commission has been pursuing the objective of strengthening the defences of the EU’s financial sector against cyber attacks since publishing the FinTech Action Plan in March 2018. Negotiations are currently ongoing in the European Union regarding the proposed Regulation on digital operational resilience as part of the Digital Finance Package. These future regulations are intended to ensure that entities are able as far as possible to withstand outages and threats arising in conjunction with the usage of information and communication technologies.
- The FMA made its publication FMA-Leitfaden IT-Sicherheit in Versicherungs- und Rückversicherungsunternehmen (“FMA Guide on IT Security for Insurance and Reinsurance Undertakings” – available in German only) available as guidance for entities back in 2018.
- The FMA Guide was replaced in July 2021 by the EIOPA Guidelines on information and communication technology security and governance.
Furthermore the work of EIOPA, to which the FMA also actively contributes, also focuses on the topics of InsurTech and Big Data as well as on Cyber Underwriting and the development of efficient and innovative digital supervisory practices.
The European Commission’s proposed regulation for using artificial intelligence is also significant for insurance undertakings.
In the area of digitalisation, the FMA has taken the following measures and set the following priorities:
- Study on “Digitalisation of the Financial Market”: The FMA regularly conducts cross-sector analyses on digital transformation.
- IT interdependencies: Based on the visualisation of interconnectedness in the IT service provider landscape in the insurance sector, potential concentration risks are presented and further deductions reached for supervisory strategy and practice.
- FMA-Cyber-Maturity Level Assessment: The FMA has being using a tool developed in-house for measuring and evaluating the cyber resilience of Austrian insurance undertakings since 2019. See for example the FMA publication, Facts and Figures, Trends and Strategies 2021, and the item “Cyber Maturity Level Assessment” or the FMA’s Report on the state of the Austrian Insurance Industry 2019 (available in German only), II. C. Technologisches Umfeld.
- FMA-Cloud Maturity Level Assessment: This was implemented analogously to the survey on cyber maturity. See also the FMA’s Annual Report 2020, Priorities for supervision and inspections 2020: embracing digitalisation, addressing the risks.
- ICT-related incidents: the FMA enquires about such incidents and is thereby preparing insurance undertakings for future binding reporting requirements. See also the FMA Report 2021 on the state of the Austrian Insurance Industry (available in German only), 2.13.2 IKT-bezogene Vorfälle – Cybervorfälle (ICT-related incidents – cyber incidents).
- Post Covid-19 related risks: Risks arising in conjunction with the return to presence working were analysed.
- Practice dialogue: There is an ongoing exchange with the sector about digitalisation issues.