Guide to Insurtech Innovation and Utilization
Jump to
Guide to Insurtech Innovation and Utilization Start Comparison
Who are the relevant regulators in the region?

The Monetary Authority of Singapore (MAS) is Singapore's central bank and the integrated financial regulator supervising financial institutions in Singapore, including banks, insurance companies, capital markets intermediaries and other financial markets infrastructure. If the fintech/insurtech activities involve moneylending, the regulator is the Registrar of Moneylenders.

As a statutory board in the Singapore government, the Infocomm Media Development Authority of Singapore (IMDA) develops and regulates the converged infocomm and media sector, and also seeks to promote and regulate data protection in Singapore through the Personal Data Protection Commission (which is part of the IMDA).

The Intellectual Property Office of Singapore (IPOS) administers the intellectual property regime.

What are the types of fintech/insurtech activities that are regulated?

Activities involving insurers, insurance intermediaries and the insurance business may be regulated under the Insurance Act (Cap. 142), Financial Advisers Act (Cap. 110), and their attendant regulations, directions, notices, guidelines and industry codes (for example, there are codes of conduct or guidelines under the auspices of the General Insurance Association (GIA) or the Life Insurance Association (LIA)). Regulated insurance companies seeking to commence or develop fintech/insurtech activities must ensure that any new activities comply with the foregoing (as applicable) and do not breach any existing license conditions. In order to encourage more fintech/insurtech experimentation, the MAS has implemented the regulatory sandbox experiment such that companies may avail themselves of a regulatory sandbox to experiment with fintech solutions in the production environment but within a well-defined space and duration.

Payment and settlement systems (for example, digital payments) may be regulated under the Payment Systems (Oversight) Act (Cap. 222A), its attendant regulations, directions, notices and guidelines. Money-changing and remittance businesses will be subject to the requirements of the Money-changing and Remittance Businesses Act (Cap. 187), its attendant regulations, directions, notices and guidelines.

In August 2016, the MAS issued a Consultation Paper on Proposed Activity-based Payments Framework and Establishment of a National Payments Council. This consultation proposes a payment framework that will supersede the Payment Systems (Oversight) Act (Cap. 222 A), and envisages regulation on an activity basis to entities within the payments ecosystem to allow MAS to better address issues such as consumer protection, access, corporate governance, and other emerging risks such as cybersecurity, interoperability, technology, and money-laundering and terrorism financing.

Virtual currencies (for example, Bitcoin) are not regulated; however, the MAS has announced that virtual currency intermediaries may be regulated for anti-money laundering and countering the financing of terrorism purposes.

Any activities involving all offers of investments of securities in Singapore (for example, equity crowdfunding platforms), the dealing of securities, fund management, securities financing, custodial services for securities, leveraged foreign exchange trading, trading in futures contracts, among others, will potentially be regulated under the Securities and Futures Act (Cap. 289). Fintech activities involving moneylending may also be regulated under the Moneylenders Act (Cap. 188).

Separately, in relation to cryptography and data encryption, while Singapore does not have control on the import of cryptographic/dataencryption products or their use, the export of cryptographic/data-encryption products and technology listed in the Strategic Goods Control List of the Strategic Goods (Control) Order 2015, is controlled under the Strategic Goods (Control) Act (Cap. 300).

What is the attitude and what are the policy views of the regulator in relation to insurtech (if any)? Is innovation encouraged?

There is strong government and regulatory support. The development of the fintech/insurtech space is in line with Singapore's ambition to be a Smart Nation. The MAS seeks to create a Smart Financial Centre where technology is used pervasively in the financial industry to increase efficiency, create opportunities, allow for better management of risks and improve lives. Fintech/insurtech, which involves using technology to devise new financial services and products, is a key ingredient in building a Smart Financial Centre. The regulators have
been positive and encourage fintech/insurtech innovation in the following ways:

  • Funding – There are currently various funding schemes for fintech/insurtech-related innovations. In particular, the MAS has committed SGD 225 million to the Financial Sector Technology & Innovation scheme (FSTI), which is aimed at growing the fintech/insurtech ecosystem in Singapore over the next five years by funding the establishment of innovation labs, institutional-level projects and industry-wide initiatives. Some FSTI-supported projects include a decentralized record-keeping system that prevents duplicate invoicing in trade finance, a cyber-risk test bed and a natural catastrophe data analytics exchange. The MAS is providing up to SGD 1.15 million worth of prizes (to a maximum of 10 winners) through the FTSI scheme to recognize innovative fintech solutions that have been implemented.
  • Support – The MAS, together with the National Research Foundation, has set up a FinTech Office to serve as a one-stop virtual entity for all fintech/insurtech matters and to promote Singapore as a fintech/insurtech hub. The new FinTech Office will assist with reviewing, aligning and enhancing these funding schemes across government agencies, identify gaps and propose strategies, policies, and schemes in industry infrastructure, talent development and manpower requirements, and business competitiveness, and manage the branding and marketing of Singapore as a fintech/insurtech hub through fintech/insurtech events and initiatives. The inaugural Singapore Fintech Festival that was held in Singapore from 14 to 18 November 2016 — the first of its kind in Asia — is a good example of Singapore's commitment to promote itself as a fintech/insurtech hub. The festival showcased, among other things, a selection of up to 20 teams that were invited to ideate and co-create solutions to specific problems/challenges faced in the financial industry. The MAS has also announced the second edition of the Singapore FinTech Festival, which will be held from 13 to 17 November 2017.
  • Policy views – Recognizing that innovation may be constrained by existing regulations, the MAS indicated that it does not expect financial institutions to seek MAS approval for all new digital products and services. Instead, they may proceed to launch such products without MAS approval provided that they are satisfied with their due diligence that no license or approval is required in relation to such products. In terms of the regulatory approach, the MAS will apply a materiality and proportionality test and ensure that regulation must not front-run innovation. To further this policy, the MAS, in November 2016, issued the FinTech Regulatory Sandbox Guidelines, which seek to encourage more
    fintech experimentation so that promising innovations can be tested in the market and have a chance for wider adoption in Singapore and abroad. Approval to enter the regulatory sandbox should be sought when experimenting with innovative financial services in the production environment, and the MAS may determine the specific legal and regulatory requirements, which it is prepared to relax for each case.
  • Developing expertise – The MAS has also set up the Financial Technology and Innovation Group within the MAS comprising three divisions (two of which — the Payments & Technology Solutions Office and the Technology Infrastructure Office — would focus on the regulatory policies, whereas the third — the Technology Innovation Lab — would focus on innovation and keep a lookout for opportunities to cooperate with the industry to test bed innovative solutions). This would allow the MAS to ensure that rather than having its regulations play catch-up with innovation, the MAS would stay very much involved and engaged in innovation in order to better supervise and regulate.
What are the licenses required and what are the criteria and process involved?

The licenses required will depend on the specific activities contemplated. We recommend seeking the advice of local counsel. In brief overview:

  • Designated Payment Systems. No operator or settlement institution of a designated payment system may hold itself out as such unless the payment system has been designated by the MAS and annual fees are required for operators of designated systems. There are additional conduct of business and reporting obligations. There is no formal application for a license for designated payment systems. However, payment systems that may satisfy the criteria to become designated payment systems would be advised to engage the MAS on their business activities in Singapore.
  • Stored Value Facilities. Holders of widely accepted stored value facility (WASVF) with an aggregate of more than SGD 30 million will need to be approved as a holder of a WASVF and an approved bank must undertake full liabilities for the stored value held. The SVF Guidelines must comply with the minimum standards. Multipurpose SVFs whose aggregate value is SGD 30 million or less and single-purpose SVFs are subject to a light touch regime where no MAS approval is required (though notification to the MAS may be required), although certain restrictions may continue to apply and they are strongly encouraged to adopt and implement the SVF Guidelines, taking into consideration the nature, size and complexity of their SVFs. Applications to be approved holders of WASVF may take between 3 and 6 months; however, we recommend engaging local counsel and the MAS as early as possible in the process. Remittance business. A remittance license is required for remittance business, unless exempt.
  • Equity crowdfunding. A capital markets services license may be required for an equity crowdfunding platform. In June 2016, the MAS announced that it will make it easier for start-ups and small and medium enterprises to access securities-based crowdfunding. The MAS has published guidelines on advertising restrictions relating to securities-based crowd-funding and FAQs on lending-based crowdfunding.
  • Moneylending. A moneylender's license may be required if the contemplated lending activity is not excluded or exempt. Further information for applying for a moneylending license can be found at the following link: https://www.mlaw.gov.sg/content/rom/en/information-for-moneylenders.html.
  • Services-Based Operator License. A company intending to lease telecommunication network elements (such as transmission capacity and switching services) from any Facilities-Based Operator (FBO) licensed by IDA to provide their own telecommunication services, or to resell the telecommunication services of FBOs to third parties will need to apply for a Services-Based Operator (SBO) License. The SBO Licenses issued by IMDA fall under two categories: the SBO (Individual) License category, where individual licensing is required for the stipulated types of operations and services; and the SBO (Class) License category where interested parties will only be required to register with IMDA before providing the stipulated types of services. In general, operators who lease international transmission capacity for the provision of their services will be licensed individually.
  • Intellectual property registrations. For completeness, if the fintech/insurtech innovation involves a patentable invention or if there are plans to register a trademark, further information can be found at the following links: (a) for patents (https://www.ipos.gov.sg/protecting-your-ideas/patent/application-process); an d (b) trademarks (https://www.ipos.gov.sg/protecting-your-ideas/trade-mark/application-process)

Please note that the foregoing links may be updated from time to time and you are advised to check with local counsel for updates before relying on the above information.

Is the use of telematics and/or biometrics regulated?

There are no specific regulations for the use of telematics or biometrics on its own; however, insurance companies should ensure that such use is compliant with any existing regulations or conduct of business requirements. Data privacy concerns will also apply. Further, depending on how such technology is used, we may need to consider whether other areas of regulation are attracted (for example, telecommunications or pharmaceuticals).

Does the regulator draw a distinction between institutions that are "too big to fail" versus "too small to care"?

Yes, there can be different standards of regulation, for example, for payment systems. While the MAS has general oversight functions and information-gathering powers over payment systems, it has more extensive powers in relation to designated payment systems, which are those where the MAS is satisfied that a disruption in the operations of the payment system could trigger, cause or transmit further disruption to participants or systemic disruption to the financial system of Singapore; a disruption in the operations of the payment system could affect public confidence in payment systems or the financial system of Singapore; or it is otherwise in the interests of the public to do so.

Based on recent public announcements by the MAS, this distinction between "too big to fail" and "too small to care" may also be applied to fintech/insurtech innovations that may not already be regulated. This is because, as mentioned, the MAS has announced that it will apply a materiality and proportionality test and regulation introduced to address risks from fintech/insurtech innovation must be proportionate to the risk posed.

What laws (if any) do insurance companies have to comply with in respect of technology risk management?

Licensed insurers (other than captive insurers and marine mutual insurers) will need to comply with MAS 127 Notice on Technology Risk Management, registered insurance brokers will need to comply with Insurance companies MAS 506 Notice on Technology Risk Management, and licensed financial advisers will need to comply with FAA-N18 Notice on Technology Risk Management. The Technology Risk Management Guidelines, Business Continuity Guidelines, MAS 126 Notice Enterprise Risk Management for Insurers, MAS Circular No. SRD TR 02/2014 IT Security Risks Posed By Personal Mobile Devices, MAS Circular No. SRD TR 01/2014 System Vulnerability Assessments and Penetration Testing, MAS Circular No. SRD TR 01/2015 Early Detection of Cyber Intrusions and MAS Circular No. SRD TR 03/2015 Technology Risk and Cyber Security Training for Board will also need to be complied with.

Are there any laws governing big data, including the collection, use, storage, disclosure and transfer of personal data?

Singapore's Personal Data Protection Act 2012 (PDPA) and its attendant Personal Data Protection Regulations (which came into effect on 2 July 2014) applies to all organizations in the private sector. The PDPA regulates the collection, use, storage, disclosure and transfer of personal data in Singapore. In addition to the baseline requirements of the PDPA, additional specific mandatory regulations also apply to certain industries (such as banking and medical) with respect to certain categories of sensitive personal data (such as bank customer
information and medical records).

The Personal Data Protection Commission (PDPC) has issued advisory guidelines, which indicate the manner in which the PDPC will interpret provisions of the PDPA. Of interest to insurance companies and fintech/insurtech businesses seeking to utilize big data and telematics are the advisory guidelines on the PDPA for selected topics such as analytics and research, and on anonymization, which was revised on 28 March 2017, There are also industry-led guidelines developed by the insurance industry associations, such as the LIA Code of Practice for Life Insurers on the PDPA, and the LIA Code of Conduct for Tied Agents of Life Insurers on the PDPA.

In addition, the PDPC recently, on 20 January 2017, introduced and updated its advisory guidelines to help companies better protect personal data in compliance with the PDPA. The new and/or updated guidelines include:

  • Guide to preventing accidental disclosure when processing and sending Personal Data (new)(b) Guide to securing Personal Data in electronic medium (updated)
  • Guide to disposal of Personal Data on physical medium (updated)
  • Guide on building websites for SME (updated)

Insurance companies will also need to ensure that their dealing with personal data do not contravene any business conduct requirements or any technology risk management guidelines.

Are there any restrictions that could hinder the growth and usage of insurtech by insurance companies under data privacy laws?

Yes, the PDPA provides the following:

  • an organization (including insurance companies) should not transfer personal data outside of Singapore unless it ensures that the transferred personal data will be afforded a standard of protection that is at least comparable to that provided under the PDPA
  • an organization is required to ensure that personal data in its possession and control is protected from unauthorized access and use, and implement appropriate physical, technical and organizational security safeguards commensurate with the amount, nature and sensitivity of the personal data involved, to protect the personal data
  • an organization should cease to retain personal data as soon as it is reasonable to assume that the purpose for which the personal data was collected is no longer being served and when the retention is no longer necessary for legal or other business purposes
Are there any laws governing cybersecurity or to mitigate cybersecurity concerns?

Singapore's Computer Misuse and Cybersecurity Act (Cap. 50A) (CMCA) criminalizes certain activities, including the unauthorized access, use, interception and modification of computers, data and computer services, and empowers the Minister of Home Affairs to act against
cybersecurity threats. On 3 April 2017, the Singapore Parliament passed certain amendments to the CMCA to strengthen Singapore's legislative framework for combatting cybercrime. In particular, the amendments seek to extend the reach of the CMCA by criminalizing acts that are enabled by cybersecurity attacks. For example, it would be unlawful for a person to use hacked credit card details, even if the act of hacking was committed by another. In addition, the amendments also targets acts that enable cybercrime, by criminalizing the act of obtaining and the act of dealing in tools that may be used to commit a CMCA offense (for example, hacking tools such as malware).

The Singapore Minister of Communications and Information has also indicated that a new stand-alone Cyber Security Act (CSA) will be introduced in 2017 to strengthen the powers of the Cyber Security Agency to protect Singapore's critical infrastructure and national systems, such as those in the energy and transport sectors, from cyber threats. The proposed CSA is intended to be an omnibus, overseeing cybersecurity of essential services as a whole. Among other things, the proposed CSA will confer power on the Cyber Security Agency's chief as Commissioner of Cybersecurity to investigate threats and incidents to ensure that critical infrastructure and national systems will not be disrupted in the event of a cyberattack. In addition, the proposed CSA also includes proactive and preventive measures that must be undertaken by owners of critical infrastructure, such as conducting regular system audits by a commissioner-approved
third party, among others. The Cybersecurity Bill was just released on 10 July 2017 for public consultation.

What innovations are insurance companies and/or regulators looking at implementing?

In April 2015, the MAS launched a web aggregator called compareFIRST, which allows consumers to compare the premiums and features of life insurance products and acts as a direct purchase channel, allowing people to buy simple life insurance products without commissions and financial advice. Since then, many banks and insurance companies have announced innovation hubs or accelerator programs, with the support of the MAS and other relevant government bodies, including the IDA (now merged with the MDA to constitute the IMDA).

In late 2016, MAS launched its fintech regulatory sandbox experiment in order to encourage more fintech experimentation so that promising innovations can be tested in the market and have a chance for wider adoption. As of June 2017, only one sandbox experiment has been accepted by the MAS and publicly announced. The sandbox is an area of active innovation and there are market trends suggesting continued application of the sandbox to insurtech developments in Singapore.

Have there been fintech/insurtech-related cases (including competition and/or data privacy) in Asia Pacific

On 17 March 2016, the Competition Commission of Singapore issued an infringement decision against ten financial advisers in Singapore for engaging in an anticompetitive agreement to pressure their competitor, iFAST Financial Pte. Ltd., to withdraw its offer of a 50% commission rebate on competing life insurance products on the Fundsupermart.com website. The ten financial advisers were fined between SGD 5,000 and SGD 405,114, depending on each financial advisor's respective life insurance business turnover and aggravating and mitigating factors. This is the first case involving market access and restriction of market access involving firms in the financial services industry and highlights that the Competition Commission of Singapore will enforce the law where necessary to ensure that new and innovative players can access the market and compete fairly in Singapore.

What are the most immediate challenges to insurtech innovation?
  • The high costs of development and innovation; for start-ups, the lack of finances
  • Regulatory and compliance – Fintech/insurtech businesses may not always fall squarely within any particular regulatory regime in Singapore, and in certain instances, such as the use of virtual currencies and blockchain technology, there is ongoing uncertainty over
    the approach to regulation. The regulatory sandbox approach seeks to mitigate the uncertainty over the application of laws and regulations to new fintech/insurtech businesses, and fintech/insurtech are encouraged to make use of such regulatory framework to continue innovation in their spheres notwithstanding such uncertainty.
  • Cybersecurity – As the sophistication of cybercriminals has evolved, it is crucial to ensure that there are robust policies and systems in place to address cybersecurity. Failure to do so may also affect customer confidence.
  • The lack of skilled employees that are able to effectively develop, utilize and apply fintech/insurtech innovations
  • Data protection privacy – Many insurtech companies are making use of big data capabilities and analytics. Any misuse or leakage of such analytics might be in breach of data protection laws and pose a reputational risk for insurers.
What has been, or could be, the impact of fintech/insurtech on the financial services industry?

Fintech/insurtech will likely be a key enabler in designing better and more efficient work processes and creating new business models that will deliver higher growth, cost savings and better services for industry participants.

What insurtech trends or disruptions may impact insurance companies?

Insurance companies will seek to acquire or team up with non-insurance tech players such as new digital insurance start-ups or telematics-related companies in order to deliver new offerings, better price risk, extend the value chain and have greater overall efficiency. As a further example, insurance companies are also looking to mine data sets to identify underwriting opportunities for those who suffer chronic illnesses such as dementia and obesity. With big data, we also expect to see more insurers better adopt end-to-end analytics solutions that cross the entire insurance value chain. In doing so, they hope to gain an enriched, single client view and the ability to execute a targeted pipeline.

Another area may be "just-in-time" insurance. It has also been suggested that the traditional concept of insuring an asset over many periods is outdated, and that instead, the business should move to a more transactional consumption model where just-in-time insurance is delivered on mobile and underwritten in seconds.

We may increase accessibility to insurance in Singapore. The MAS' compareFIRST web aggregator was successful with more than 180,000 visits within the first three months of its launch and we may see the cost of insurance become lower, providing access to lower-income
consumers. In addition, the insurance sector has seen new contenders come up with the aim of addressing the shortcomings in user experience and analytics of compareFIRST. This ensures a more efficient "aggregator" experience where customers have a smoother experience comparing the latest offerings. Hence, we may see the cost of insurance become lower, providing access to lower-income consumers.

We expect to see enhanced customer service in insurtech. For example, some insurance companies have launched a self-learning virtual assistant, which is meant to provide instant answers to operational inquiries, and thus enabling frontline staff to focus on dealing with more
complex queries. Other insurtech apps are working on improving the notification system for payment of premiums and renewals. In doing so, insurance companies can heighten efficiency in serving customers, which might help expand the insurance company's customer base.

We can also expect a rise in usage-based insurance and dynamically adjusted premiums. Companies may begin to offer insurance schemes based on lifestyles instead of traditional factors such as age and location.