10 October 2022


Ganado Advocates


Ganado Advocates is a leading commercial law firm with a particular focus on the corporate, financial services and maritime/aviation sectors, predominantly servicing international clients doing business through Malta. The firm also promotes other areas such as tax, pensions, intellectual property, employment and litigation.
Insurtech has emerged with the aim of improving the effi ciency of the insurance market. Here, we examine the legal considerations underpinning the sector which insurers must fully grasp...
Malta Insurance
To print this article, all you need is to be registered or login on

Technological innovation is currently rising at a rapid rate and has been building for quite some time. Over the years, technology has revolutionised our world and daily lives. Modern technology has paved the way for multi-functional devices such as smartphones and smartwatches, making our lives faster and easier. Wave after wave of technological advances have also impacted the fi nancial services sphere, with technology clearly resting at the very core of this industry. In fact, technology, which acts as an enabler for innovation and has led to a much shorter time-to-market, can be seen to have improved customer experience, operational effi ciencies and regulatory compliance.

The insurance sector has also witnessed the exciting changes brought about by technology, as evidenced by the dawn of 'insurtech'. In simple terms, insurtech refers to technological innovations aimed at 'disrupting' the insurance market, created and then implemented for the purposes of improving the effi ciency of the insurance market. However, to fully understand insurtech and its effect on the insurance market, insurtech cannot be seen in a vacuum and regard must be paid to several legal considerations underpinning this sector.

Data protection considerations

In the insurance world, data plays a key role in improving both the insurers' internal capabilities as well as the end-product ultimately offered to the customer. Data analytics can create a wide array of opportunities such as enabling business growth and mitigating claims fraud, and can be utilised for additional accuracy in the predication of risk within the context of underwriting. While data in insurance has been used since time immemorial, with the dawn of insurtech, the role and capability of insurers in harnessing this data has reached new heights. Insurtech fi rms are now in a position to process a substantial amount of data, which may be used to gain further insight with respect to new products, as well as to better control the risks faced by insurers.

However, with great power comes great responsibility. While the utilisation of insurtech by insurers in capturing and processing data for the purposes of improving their model and service is clearly valuable, insurers must keep in mind their data protection responsibilities and the risks involved in processing personal data. The infringement of data protection regulations may lead to serious repercussions, be it in relation to administrative fi nes or reputational damage. Therefore, insurers need to ensure they have an adequate data management system in place to cater for such risks. In addition, ethical obligations underpinning the use of data in insurance shouldn't be ignored either. Insurers using data derived through insurtech for pricing and underwriting must ensure that data is used ethically and in full compliance with anti-discrimination legislation.

In this regard, Malta has fully transposed EU data protection legislation law, meaning that foreign market players looking to set up their insurtech structures in Malta will benefi t from working within a data protection framework that they may already be accustomed to, while not being hindered by any onerous or burdensome data protection considerations.

Blockchain technologies in insurance

The potential application of blockchain and smart contracts within the insurance and insurtech sectors is signifi cant. By integrating the use of blockchain technologies within their systems, insurers can potentially benefi t in a number of ways such as speeding up transactions and claims handling, lowering operation costs and improving traceability of documentation. There have already been test cases of blockchain technology being integrated in insurance within the EU, however most of the test cases so far are still small scale or in proof of concept (PoC) state.

Malta's legal and regulatory framework provides the perfect 'playground' for insurers interested in harnessing the myriad of benefi ts blockchain technology can bring to their businesses. Malta was the fi rst jurisdiction to set up a robust regulatory framework around blockchain while offering a favourable environment for distributed ledge technology (DLT) platforms by introducing three principle-based, light-touch laws aimed at regulating these emerging technologies: the Malta Digital Innovation Authority Act, the Technology Arrangement and Services Act, and the Virtual Financial Assets Act.

Besides having a legal and regulatory framework set up, the Malta Financial Services Authority has established a 'sandbox' which is effectively a regulatory environment where startups, technology fi rms and established fi nancial service providers may choose to test their innovative products and services for a specifi c period of time within the fi nancial services market. The sandbox is an essential research and development tool that can be harnessed by insurers interested in exploring insurtech and piloting a new project into the market, since it allows the testing of innovative technologies in controlled environments.

Insurtech and IoT

The internet of things (IoT), when tied to the term 'insurance', refl ects a perfect example of the fusion between tech and insurance. Summarily, the concept of IoT embodies all devices that can connect wirelessly to a network and have the ability to transmit data. As already established, the insurance industry is data-centric. IoT devices are already integrated in consumer, commercial, industrial and infrastructure applications and these collect a substantial amount of data on a daily basis. By harnessing the data gathered by IoT devices, insurers can achieve transformative benefits for their business by using the data being gathered for the purposes of improving underwriting and risk assessment procedures and having in place more efficient claims processing.

While IoT presents a great number of opportunities for insurers, it equally presents a number of challenges. Currently, the legislative and regulatory framework surrounding IoT devices is still uncertain. On an EU level, there has been a wide push for the proper regulation of these devices in an effort to safeguard data protection considerations tied with the use of these devices, including by putting into place standardised certification requirements and by regulating the flow of data gathered by the IoT devices. Indeed, at the forefront of this agenda is the proposed EU Regulation on harmonised rules on fair access to and of data, referred to as the 'Data Act'.

Malta's regulatory history has evidenced both its dedication to fully implementing the applicable EU legislation to ensure a proper regulatory framework is in place, while fashioning structures and models which encourage innovation and flexibility. One would expect this to be the case once IoT legislation becomes a reality.

Cybersecurity considerations

Cybersecurity considerations in the world of financial services play a fundamental role – this is further heightened in the case of insurtech due to the increased reliance on information and communication technology (ICT) arrangements. It is crucial that players within the insurtech world have resilient safeguards in place to protect against the risks of major disruptions should their systems be subject to deliberate attacks. Apart from the irreparable reputational and financial damage these attacks may bring about, insurers must also have in place the necessary cybersecurity frameworks as required under applicable law to comply with their legal obligations. Currently, on this matter, the Digital Operations Resilience Act (DORA) is being discussed at an EU level – this seeks to strengthen the financial industry's resilience to ICT-related incidents, while introducing a harmonised standard across the EU member states. While DORA is not yet in force, insurtech players need to set the necessary foundations in anticipation of the promulgation of DORA, to ensure they are fully prepared for this new regulatory regime and limit disruption to their business to a minimum.

The Malta Financial Services Authority had, as early as 2019, placed ICT risk and cybersecurity as one of its key supervisory priorities, and has introduced sector-wide guidelines in respect of technology arrangements, ICT and security risk management, and outsourcing arrangements. This clearly evidences its dedication to creating a legal and regulatory framework that ensures insurers are committing their utmost attention for strategic and operational planning aimed at achieving an effective ICT governance framework.

Unique opportunities in Malta

It is safe to say innovation has long played a key role in Malta's financial services industry. This is clearly the case in the insurance industry where Malta has carved out a reputation for itself as being on the forefront of legal and regulatory development in the EU. Malta is a well-known insurance jurisdiction that offers innovative and flexible structures to cater for the needs of insurers, captives and intermediaries alike. Innovation in the Maltese insurance sector can be linked closely to the protected cell company (PCC) model, which offers a convenient way of acquiring a dedicated space on an already active insurance platform.

As new insurtech products are developed, the insurtech market is expected to search for structures and models that are best suited for the introduction of these products. Malta's legislative framework (especially the PCC model) offers the insurtech market the necessary flexibility and innovation that should allow them to test, develop, launch, implement and maintain their products, while benefiting from lower capital requirements and governance costs that the PCC model offers.

The PCC model has been a considerable success for Malta, with a high number of cells being established and used for many business models. While the PCC model was originally seen as an ideal vehicle for captives and fronting arrangements, the scope for its use has continued to develop and now extends to (re)insurance linked security models, direct insurance business, as well as to insurance intermediaries.

The main benefit of a PCC results from its legal nature – it is a single legal entity that allows for the creation of one or more cells, all having separate patrimonies which are segregated from the assets and liabilities of each other cell and the 'core'. This results in attractive benefits in terms of regulatory capital requirements, system of governance and regulatory reporting. Seeing how each cell only needs to satisfy its own notional capital requirement, this may lead to certain undertakings being required to maintain capital which is lower than that required to be maintained by standalone insurers. In addition, the PCC structure offers economies of scale and significant cost burden sharing, and grants cells access to a common pool of knowledge and expertise within the common management system at the core of the PCC.

The insurtech market should also be able to take advantage of the PCC structure and can be seen as the perfect model in order to test, incubate, experiment and launch new insurtech technology-based business models. In this regard, the PCC model may represent an attractive option for insurtech firms for several reasons. Firstly, insurtech firms may create their own PCC structure and market the use of this platform and the 'sale' of its insurtechdriven products, through the establishment of independent cells for insurers, reinsurers and captives, that wish to utilise the technology-driven products manufactured by insurtech firms.

The PCC may also be used for the purposes of creating a cell within the PCC structure, which would directly write insurance business by utilising the insurtech's technology, while more accurately pricing its insurance product, better estimating the potential claims and providing its policyholders with an innovative and user-friendly technology.


The insurtech world will undoubtedly continue to gain traction and momentum, and although the task of understanding insurtech may seem overwhelming and daunting at first, insurers which successfully navigate it and fully understand and overcome the legal and regulatory obstacles touched upon in this article, are bound to reap the rewards of an untapped, and as yet overlooked, phenomenon.

Originally published Captive Review (July 2022 edition)

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More