The Kingdom of Saudi Arabia (“KSA”), known for its rapid digital transformation initiatives, has recently introduced groundbreaking regulations to foster the growth of the Insurtech Rules in the country. The new Insurtech Rules issued under the Saudi Central Bank (“SAMA”)’s Governor’s decision No. (1/S/445) dated 08/01/1445H (corresponding to 26/07/2023 G), aims to revolutionize the insurance industry, promoting innovation, efficiency, and customer-centricity. Another key development also included the establishment of a dedicated Insurance Authority (IA) that will replace SAMA and the Council of Health Insurance (CHI) pursuant to the Council of Ministers’ resolution No. (85) dated 28/01/1445H (corresponding to 15/08/2023) with the mandate to regulate and oversee the KSA’s insurance sector. This Resolution aims to unify the regulator of the insurance sector in KSA to support the sector, raise insurance awareness, ensure the stability of the insurance sector, and protect the rights of policyholders and beneficiaries.

These initiatives are part of SAMA’s ongoing efforts to improve the insurance industry to provide better services for overall development, particularly the Insurance Technology Services. With a rising tech-savvy population and a supportive regulatory environment, KSA is poised to become a regional hub for Insurtech Startups and digital insurance services.

Regulatory Framework

SAMA, the country’s central bank and financial regulator, has taken proactive measures to facilitate the development of Insurtech. SAMA’s forward-thinking approach has resulted in the creation of a conductive ecosystem for emerging technologies, enabling Insurtech companies to thrive. The regulatory framework provides guidelines for licensing, data protection, and consumer protection, ensuring a balance between innovation and risk management. SAMA requires Insurtech Companies to submit a quarterly report to the supervisory authority on the development of the technical and security environment, the number of transactions involved, the number of customers, and complaints. Licensed Insurtech Companies must also obtain approval to outsource Insurtech Technology Functions. The Insurtech Rules are broad and general in nature, for example, SAMA has defined an Insurtech Company as “a legal person licensed by SAMA to practice any Insurtech Activities”[1]. Meanwhile, Insurtech Activities are defined as “any solutions or services fully provided or designed using technology within the scope of the insurance activities[2].

Licensing and Capital Requirements

The Insurtech Rules streamline the licensing process for Insurtech Companies, making it easier for them to enter the market. To practice the Insurtech Activities, the Insurtech Company must first obtain a license according to the licensing stages and requirements set out by SAMA, listed under Article 5 of the Insurtech Rules. SAMA has introduced a specialized license category for Insurtech startups, allowing them to operate with no specification of capital requirements compared to traditional insurers. This approach encourages entrepreneurship and lowers the barriers to entry, attracting both local and international Insurtech firms to establish a presence in KSA.

Data Protection and Cybersecurity

Recognizing the importance of data protection and cybersecurity in the digital era, the Insurtech Rules implement stringent measures to safeguard customer information. Insurtech Companies are required to adhere to robust data protection protocols, ensuring the privacy and security of policyholders’ data. These regulations aim to build trust and confidence among customers, encouraging them to embrace digital insurance services. An Insurtech Company must develop and operate its electronic platform and progress standard technological interfaces to ensure electronically exchanging information and communication with the users of Insurtech Company’s systems to exchange basic client information and enable the exchange of data and information with entities desired to be linked with[3]. The Insurtech Company shall verify the Client’s identity and validity of the information, data, and documents submitted by the Client electronically by using a reliable source[4]. Article 8 of the Insurtech Rules stipules that the Insurtech Company must protect and maintain the confidentiality of the client’s data and shall not disclose such data to other parties. In addition, the Insurtech Company shall not use or process the data of Clients for purposes other than the purposes for which such data are obtained unless required by court or relevant laws and Instructions.

Customer-Centric Approach

The new Insurtech Rules emphasize customer-centricity, encouraging insurers to leverage technology to enhance the customer experience. Insurtech Companies are empowered to leverage artificial intelligence, machine learning, and data analytics to offer personalized insurance products, efficient claims processing, and seamless interactions. This customer-focused approach aims to improve transparency, reduce costs, and increase customer satisfaction levels throughout the insurance value chain.

Conclusion

The new Insurtech Rules in KSA mark a significant milestone in the country’s journey toward digital transformation and innovation in the insurance sector. With a supportive regulatory environment, simplified licensing procedures, and a focus on customer-centricity, KSA is positioning itself as a regional Insurtech hub. The convergence of technology and insurance offers immense opportunities for startups, insurers, and customers alike, leading to a more efficient, accessible, and customer-focused insurance landscape in KSA

[1] Article 2/F of the Insurtech Rules

[2] Article 2/C of the Insurtech Rules

[3] Article 6 of the Insurtech Rules

[4] Article 7 of the Insurtech Rules

Authors:  Fadi A. Daher (PhD), Partner, Asad Ahmad, Senior Associate, and Alain Elia, Associate.

For further information, please contact Alex Saleh (alex.saleh@glaco.com) and Fadi A. Daher (PhD) (fadi.daher@glaco.com).