FINANCIAL SUPERVISORY AUTHORITY Rule No. 15/2015 on the trading, by electronic means, of insurance contracts In accordance with Letter b) of Art. 2(1), Letter b) of Art. 3(1), Letter b) of Art. 5, Art. 6(1) and (2) and Art. 7(2) of Government Emergency Ordinance No. 93/2012 on the establishment, organisation and operation of the Financial Supervisory Authority, approved as amended and supplemented by Law No. 113/2013, as subsequently amended and supplemented, On the basis of Letter a) of Art. 5 of Law No. 32/2000 on the insurance activity and supervision of insurance, as subsequently amended and supplemented, Further to the deliberations held in the meeting of the Financial Supervisory Authority s Board of 12 August 2015, The Financial Supervisory Authority hereby issues this rule: Chapter I General Provisions Art. 1. This rule lays down the conditions under which the Financial Supervisory Authority regulates the trading, by electronic means, of insurance contracts. Art. 2. For the purposes of this rule, the terms, expressions and acronyms below shall have the following meanings: 1. trading, by electronic means, of insurance contracts means the work carried out for the promotion and the conclusion of insurance contracts, both at a distance by using the online environment, as well as by other electronic means, regardless of their access device, i.e. stationary or mobile processing units, if running on online applications the subject of which is: Page 1 of 11
a) to promote, conduct simulations, record, centralize, resubmit, process or store any request for offer concerning insurance contracts, finalised or not by their conclusion; b) to compare insurance offers and/or prices for any insurance contracts; c) to issue, by electronic means or applications related to mobile devices, insurance policies and/or receipt documents; d) to issue and/or modify insurance policies as a result of an order sent by any electronic means; 2. providers of solutions and/or software applications dedicated to the online trading or trading, by electronic means, of insurance contracts means the legal persons whose object of activity covers the design, programming, development, management, update or improvement of any IT solutions allowing for the activities referred to in Point 1, Letters a) through d), within IT security parameters, irrespective of whether they are intended for running on stationary or mobile access or processing units including: a) specialised applications intended for trading insurance policies; b) applications intended for any insurers/insurance intermediaries; c) applications intended for prospective insurance clients and/or end consumers; 3. electronic means of trading insurance contracts means online applications, applications installed on mobile terminals, internally developed by insurers or by the providers referred to in Art. 2(2), on which the insurer s own products and/or comparison of offers from several insurers may be directly presented (without redirecting the same), and/or where requests for offers may be made or orders of insurance contracts may be placed and/or from which insurance policies may be issued as electronic services; 4. online environment means the environment in which the work is carried out in real time via a network of remote electronic access, mainly via web/internet services; 5. NSAPDP means the National Supervisory Authority for Personal Data Processing; 6. ASF means the Financial Supervisory Authority. Page 2 of 11
Chapter II Trading, by Electronic Means, of Insurance Contracts Art. 3. The following entities may develop and implement electronic means of trading insurance contracts: a) insurance undertakings authorised by ASF, directly or through insurance agents; b) insurance brokers authorised by ASF; c) insurance undertakings authorised in EU Member States pursuing business in Romania under the right of establishment or freedom to provide services; d) subordinated insurance agents; e) insurance intermediaries authorised in EU Member States pursuing business in Romania under the right of establishment or freedom to provide services. Art. 4. The electronic means of trading insurance contracts intended for prospective and/or end consumers, policyholders and/or prospective policyholders, must meet at least the conditions below with regard to presentation, contents and security, as follows: a) the level of presentation of the information to the user shall provide in a visible place links to the following sections: about, our products/services, contact, terms and conditions, personal data processing policy and complaints; b) About section shall at least contain the name of the entity, brief presentation of the experience in insurance, registration number in the corresponding registry of ASF, organisational form, main activity, registration number or any other similar means of identification, where the entity is registered with the trade register or a similar public register; c) Our products/services section shall contain a brief overview of the products that are available through electronic means, and an overview of services offered; d) Contact section shall contain the address of the registered office or, where appropriate, the permanent address and places of business, contact modalities, telephone/fax, email for requests and complaints as well as the full name of the entity that has and/or uses electronic means of trading insurance contracts; e) Terms and conditions section shall at least contain the information referring to the definition of terms, rights and obligations of the seller/entity, the rights and obligations of the Page 3 of 11
consumer, billing and payment policy, information concerning possible cancellations or amendments of insurance contracts; in the case of distance contracts, it shall also include information about the possibility of clients to exercise their right to unilaterally terminate the contract during the 14-day term of unilateral termination after the conclusion of the contract/receipt of the policy and the contract terms, without penalty and without the necessity of invoking any reason, or 30 calendar days for the unilateral termination of contracts which have as their object life insurance, with an express indication that in the case of the compulsory insurance against civil liability for prejudices caused by vehicle accidents the rules specific to such insurance shall apply, information on the policy and the frequency of updating the data published through the electronic means of trading insurance contracts; f) Personal data processing policy section shall contain a description of the procedure for the protection of personal data and specification of authorisation by NSAPDP/equivalent authority processing data in accordance with Law No. 677/2001 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, as subsequently amended and supplemented; g) Security Protocol Transport Layer Security (TLS using keys of minimum 2048 bits), or similar protocols, or with the same technical capacity and certifications issued by an accredited provider, shall be used in the sections containing forms for collecting information for submission of offers; h) Complaints section shall comply with the legal provisions in force, with reference to the possibility of submitting petitions to ASF by providing the links to the petition section available on ASF s website. Art. 5. The electronic means of trading insurance contracts, developed and implemented by insurers and insurance intermediaries, according to their destination, used for direct sale or through intermediaries, shall be organised by two distinct clearly delimited sections with secure access, as follows: a) the first section for the insurer s employed personnel, responsible for the issuance of insurance policies and/or sellers of insurance contracts, having the right to conclude them under a RAF or RAJ code and brokerage agent/assistant contract with an insurer or an insurance broker authorised by ASF; under this section, the authentication of the insurer s employed personnel, Page 4 of 11
responsible for the issuance of insurance policies and/or sellers shall be made by using secure authentication techniques provided by the entity that uses electronic means of trading insurance contracts and shall also allow for the actual issuance of an insurance policy; for the insurance concluded in the sections intended for sellers of insurance contracts, running on mobile terminals, electronic or biometric signing mechanisms may be developed and used to sign insurance contracts; storage of the data related to the electronic signature (qualified electronic certificate) or to the characteristics of the biometric signature captured on a touch screen (speed, pace, acceleration, pressure) is done securely through specific mechanisms to also ensure nonrepudiation of that operation; b) the second section for prospective and/or end consumers, policyholders and/or prospective policyholders, which allows for the submission of offers, comparisons, registration of requests for offers and/or issuing orders; this section may permit issuance of the policy after meeting the legal requirements on the issuance of distant insurance contracts, in so far as the platform is provided with a user registration, management and authentication system, using secure authentication techniques provided by the entity that uses the electronic means of trading insurance contracts, and the user/customer launching the issuing order is authenticated; for the purposes of issuing the insurance contract, for the security of data and the identification of the consumer, the consumer will authenticate via an access account. Policies may be issued online only after confirmation of its acceptance expressed by the payment of the insurance premium. Art. 6. - The entities referred to in Art. 3 that use the online environment and the electronic means of trading insurance contracts must have personnel employed or under a mandate contract responsible for issuing insurance policies or, where appropriate, personnel dedicated to processing services of requests for offer and/or online orders, required to meet the legal provisions in force concerning the vocational training specific to tendering and sale of insurance products. Art. 7. - (1) The electronic means of trading insurance contracts as defined in Point 3 of Art. 2 must meet the following requirements with respect to the correct and transparent information to policyholders and/or prospective policyholders: Page 5 of 11
a) the mandatory information stipulated by the legal provisions in force relating to consumer information shall be presented in the form of new windows or through links to pages that contain such information before the prospective consumer completes the stages of the order; b) before submitting the order, the consumer shall confirm that he has read the conclusion terms (with/without risk inspection) and the terms of the insurance contract, the rights and obligations incumbent upon him, and by ticking the appropriate box the consumer shall confirm that he has understood, accepted the terms and conditions of the insurance contract, and that he agrees to the issuance of the insurance policy; c) to ensure that all documents referred to in Letters a) and b) have been read, the box for accepting conditions or for closing the window shall be visible only after reading the whole text; d) the offer generated and submitted shall at least contain the following: 1. identification data of the object to be insured and/or of the owner/consumer/prospective policyholder; 2. questions of the insurer/ insurance intermediary required for classification in risk classes; 3. answers of the prospective policyholder to the questions referred to in Point 2 and based on which the offer was calculated by the IT system; 4. insured amounts; 5. franchise (excess or deductible), if any, stating clearly the amount thereof, cases in which it applies and amounts to which it applies (if they are expressed as a percentage); 6. insured period; 7. insured risks; 8. exclusions; 9. territorial coverage of risks; 10. total price which the consumer/prospective policyholder must pay, indicating any levies, additional costs or related expenses and any additional cost arising from the insurance as a result of using the electronic means of trading insurance contracts; 11. fee of the agent(s), in the case of RCA policies; 12. Bonus/Malus class, in the case of RCA policies or whenever applicable; 13. period of validity of the offer; 14. unique code for confirmation of the offer; 15. need to carry out an inspection risk or not; Page 6 of 11
16. any documents required for the execution of the insurance contract; 17. information on the payment modalities and for making payments; 18. information on whether or not the right to unilaterally terminate the contract is stipulated; if stipulated, it shall specify the terms and conditions under which it may be exercised, including any penalties or consequences resulting therefrom, in compliance with the provisions of Government Ordinance No. 85/2004 on consumer protection in the conclusion and performance of distance contracts concerning financial services, republished, as subsequently amended and supplemented; 19. information on whether or not the right of the insurer/policyholder to early terminate the contract is stipulated, the rights, obligations and any penalties imposed or resulting therefrom; 20. any contractual clause indicating the applicable law and/or the court having jurisdiction to settle any disputes between the parties; 21. existence of guarantee funds or other compensation mechanisms, with a clear and visible indication of the guarantee fund in which the insurance undertakings generating the offer participate. e) the prices displayed through the electronic means of trading insurance contracts cannot be different from the amounts received/paid by prospective policyholders and provided in the insurance contract/tax receipt/payment order/payment confirmation; in this respect, such information shall be displayed clearly and distinctly. (2) The user of the electronic means of trading insurance contracts shall be responsible, at the submission of the offer/conclusion of the insurance contract, for all errors, mistakes and omissions attributable to him, registered from the use of the insurance service through electronic means of trading insurance contracts. Art. 8. - (1) Users of electronic means of trading insurance contracts that enable comparative offers for a minimum of two insurance contracts shall take into account all criteria of comparison that may be highlighted. (2) The criteria of comparison referred to in Para (1) shall contain at least the following: a) type of policy, i.e. all risks or nominated risks ; b) insured amounts per risks covered, if any, and conditions applicable to them under the insurance terms; Page 7 of 11
c) coverage and term; d) exclusions; e) limit(s) on compensation, if any; f) franchises (excess or deductible) and details of the same; g) territorial coverage provided by the insurance policy; h) information on the insurance premium, payment modalities and frequency and on making payments; i) fees for issuance, management and termination; j) product warranties; k) name of the issuing insurance undertaking. Chapter III Issuance, by electronic means, of Insurance Contracts Art. 9. - (1) Prior to the conclusion of an insurance contract, the prospective consumer shall tick an affidavit indicating at least the following: a) that he has at least 18 years of age; b) that the data and information provided are true at the time of filling in the application. (2) The window for ticking the affidavit shall be closed, and the order or issuance of an insurance policy shall be processed provided that the requirements referred to in Para (1) are met. Art. 10. To validate the data, the users of electronic means of trading insurance contracts shall use any means of proof, having at the same time the obligation of recording and storing them for a period of not less than one year in addition to the insured period. Art. 11. Offers finalised by the issuance of the insurance contract/policy issued through electronic means of trading insurance contracts shall be recorded automatically in the management and record-keeping software of the issuing insurer or insurance broker, as appropriate, securely through insurance mechanisms of non-repudiation of registration. Page 8 of 11
Chapter IV Providers of solutions and/or software applications dedicated to the trading, by electronic means, of insurance contracts Art. 12. - The entities referred to in Art. 3 which conclude service contracts with providers of solutions and/or software applications dedicated to the trading, by electronic means, of insurance contracts, shall ensure that they meet at least the following conditions: a) they have as their objects of activity at least CAEN code 6201 Computer programming activities (customer-oriented software) or an equivalent activity if the providers of solutions and/or software applications are legal entities from other Member States or from third countries; b) they provide solutions and/or software applications dedicated to the trading, by electronic means, of insurance contracts under service/collaboration contracts concluded with the entities referred to in Art. 3; c) they are personal data operators authorised by NSAPDP/equivalent authority, only where they are processing personal data, being authorised as operators. Art. 13. - (1) Service contracts concluded between the entities referred to in Art. 3 and providers of solutions and/or software applications dedicated to the trading, by electronic means, of insurance contracts shall take effect and allow entities to access the electronic issuance of insurance policies so long as these entities have the legal and/or contractual right to issue insurance policies and were not banned from doing so, or their right to issue insurance policies was not suspended as a result of a decision issued by ASF. (2) In the case of service contracts concluded with providers of solutions and/or software applications dedicated to the trading, by electronic means, of insurance contracts, the access to the application for issuing insurance policies shall be granted on the basis of secure credentials, as follows: a) in the case of insurance undertakings authorised by ASF, insurance undertakings authorised EU Member States pursuing business in Romania under the right of establishment or freedom to provide services only for the personnel responsible for issuing insurance policies and insurance agents with RAF/RAJ code; Page 9 of 11
b) in the case of insurance brokers authorised by ASF, insurance intermediaries authorised in EU Member States pursuing business in Romania under the right of establishment or freedom to provide services, only for the personnel employed or mandated to issue insurance policies and brokerage assistants with RAF/RAJ code, and also for the persons empowered to represent the undertaking in its relations with the insurance broker, provided that they have a vocational qualification/training certificate; c) insurance agents subordinated only through own personnel. Art. 14. - (1) The entities referred to in Art. 3 shall maintain secure records of the persons who have access to the application for issuing insurance policies and, if applicable, records of persons who have access to the application for issuing insurance policies from the provider of solutions and/or software applications dedicated to the trading, by electronic means, of insurance contracts which shall contain at least the following data: a) surname and first name of the person; b) Personal Number Code in the case of individuals; c) RAF code; d) number of the vocational qualification/training certificate, and RI code; e) name of the insurer, where the user is a natural person insurance agent; f) name of broker and registration number in the Register of Brokers, where the user is an employee of the insurance broker or natural person brokerage assistant; g) for leaders or employees of a legal person insurance agent, the name of the legal person agent and its RAJ code, Personal Number Code and RAF code of each natural person employee/proxy holder entitled to issue insurance policies; h) for leaders or employees of a legal person brokerage assistant, the name of the legal person brokerage assistant and its RAJ code, Personal Number Code and RAF code of each natural person employee/proxy holder entitled to issue insurance policies; (2) ASF s personnel with supervisory and control duties shall have access to the information of the records referred to in Para (1). (3) The entities referred to in Art. 3 which conclude service contracts with providers of solutions and/or software applications dedicated to the trading, by electronic means, of insurance contracts shall monitor compliance by the same with the provisions of this rule and ASF Rule Page 10 of 11
No. 6/2015 on the management of operational risks generated by the IT systems used by the entities regulated, authorised/licensed and/or supervised by the Financial Supervisory Authority, and shall be held jointly liable for failure to comply with the same. Art. 15. - The entities referred to in Art. 3, through their own IT Department, may develop internal solutions or software applications for trading, by electronic means, insurance contracts; the situation in which the entities referred to in Art. 3 acquire the solution/application from an external provider and that external provider does not carry out activities for its implementation/management shall be also deemed internal development. Chapter V Final Provisions Art. 16. The entities provided for in Art. 3 shall comply with the provisions of this rule as of 1 January 2016. Art. 17. Breach of the provisions of this rule shall be deemed petty offence and shall be punished as provided for in Art. 39 of Law No. 32/2000 on the insurance activity and supervision of insurance, as subsequently amended and supplemented. Art. 18. This rule shall be published in the Official Journal of Romania, Part I and shall enter into force on the date of its publication. President of the Financial Supervisory Authority Mișu NEGRIȚOIU Bucharest, 14 August 2015 No. 15 Page 11 of 11