Online insurance brokerage services are typically accessed easily by the Romanian public and we are not aware of any political pressures made with respect to the insurance brokerage services market.
Considering the specific activities undertaken by Fintechs, such activities qualify as insurance mediation activities under insurance law. Insurance intermediation (brokerage services) may only be provided in Romania by licensed brokers and unlicensed brokers who fulfill many conditions.
Authorized brokers must, inter alia: (i) have as sole line of business the insurance brokerage activity; (ii) not be direct or indirect shareholder or director of an insurer, reinsurer, insurance/ reinsurance agent or subordinated insurance agent and shall not have as shareholder (direct or indirect) one of such entities (including the manager of an insurance agent legal entity); (iii) the managers (directors with executive powers, minimum 2 for joint stock companies) shall have postgraduate studies and an experience of at least 2 years in a leading position within the insurance field or of at least 4 years in a leading position within the banking field; (iv) the manager shall hold a special graduating certificate of a specific professional qualification program or a continuous qualification program.
Data privacy requirements
Starting with 25 May 2018, data processing rules will change given the new legal background brought by the EU Parliament Regulation No. 679/2016 (GDPR). Under GDPR rules, new higher information standards to the existing ones (providing information on (i) the personal data processed, (ii) the identity of the Fintechs services providers; (iii) the purposes of such processing; (iv) the recipients /categories of recipients of such data; (v) existence of specific data protection rights) are set. Hence, GDPR requires Fintechs acting as controllers/ joint controllers (determining by themselves the limits of the processing or together with other entities) to also provide data subjects (regularly customers and employees) inter alia, with information on (i) contact details of data privacy officer, (ii) the grounds of the processing operations, with explicit reference to the legal provision itself, (iii) explicit description of the legitimate interests, where such are used as ground for processing; (iv) the period for which personal data will be stored, (v) the existence of automated decisions making. Moreover, Fintechs shall need to inform the potential customers at least on the following (vi) other supplementary information varying on a case by case scenario (e.g., in case of transfer in foreign countries, the destination countries, activities undertaken by specific data recipients, description of the rationale of the automated decisions making). Besides, GDPR brings in light new data subjects rights, respectively right to data portability (to ask Fintechs acting as controllers / joint controllers for data transfer to other controllers or an accessible copy of such where the data is processed based on consent / contract and via automatic means), right to restriction of processing (where for various expressly provided reasons the processing is not legitimate anymore). As regards the monitoring of behavior, preferences or other similar aspects via electronic means and using such data directly connected with the individuals to which it refers to (not anonymously), such processing may trigger specific requirements such as: (i) need to obtain data subjects’ consent, (ii) conducting a data privacy impact assessment, especially given the use of new technologies in the process, and (iii) in case further to such assessment it results that the processing would generate high risks in the absence of mitigation measures taken by Fintechs, prior consultation of the Romanian Authority for Supervision and Protection of Personal Data. Finally, among other supplementary requirements, Fintechs will need to ensure that appropriate written contractual arrangements addressing data protection aspects are concluded with all data recipients (joint controllers and/or data processors) and that appropriate accountability is ensured of compliance with all the obligations specific under GDPR.
There are no official statistics specifically for online insurance brokerage services. However, most of insurance brokers provide services similar to InsurTech-services (especially overview of policies terms). According to the the FSA Report on insurance market for 2017, published on FSA’s website (available at https://asfromania.ro/files/analize/Raport%20asigurari%202017.pdf) at the end of 2017 in Romania there were registered 382 (re)insurance brokers, out of which only 314 were active. The first ten insurance brokers in Romania and their market shares may be found in the table below.
||SAFETY BROKER DE ASIGURARE S.R.L.
||MARSH - BROKER DE ASIGURARE-REASIGURARE S.R.L.
||TRANSILVANIA BROKER DE ASIGURARE S.R.L.
||DESTINE BROKER DE ASIGURARE-REASIGURARE S.R.L.
||INTER BROKER DE ASIGURARE S.R.L.
||DAW MANAGEMENT - BROKER DE ASIGURARE S.R.L.
||CAMPION BROKER DE ASIGURARE S.R.L.
||UNICREDIT INSURANCE BROKER S.R.L.
||PORSCHE BROKER DE ASIGURARE S.R.L.
||AON ROMANIA BROKER DE ASIGURARE - REASIGURARE SRL