The latest thinking and expert insights into the insurance industry.
14 November 2018

Exchange of Claims Information between Insurers in Europe

Verifying claim legitimacy is one of the most essential tasks of an insurance company. In addition to examining the reason and amount, examination of the claims history of the policyholder’s claims history is of considerable importance in assessing the eligibility of a claim. In addition to claims in your own company, claims that may have been settled by other insurance companies in the past are also important for the assessment of the present loss. An exchange of information between insurance companies in the event of a claim is therefore a desirable and valuable investigation tool for checking whether the claimed damage has actually occurred.

This exchange of information between insurance companies in Europe is comprehensively regulated. In addition to uniform regulations for European Union countries, there are also numerous national regulations.

Procedures for the exchange of information in the underwriting process and the exchange of health data are not discussed below. The exchange of health data is far more regulated, and stricter standards are applied to the exchange of information and obligations for the insurer.

General regulations

The basis for the collection, storage and processing of personal information in the EU is the General Data Protection Regulation (GDPR), which went into effect on May 25th, 2018. The GDPR also regulates the transfer or exchange of personal information. Personal data refers to information such as name, date of birth, marital status, etc., and also includes to factual circumstances such as income, living situation, license plates, insurance claims, etc.

Countries like Switzerland and Norway, that are not members of the EU, apply these regulations in a similar way.

The GDPR generally prohibits any collection, storage and processing of personal information. This also applies to the exchange of information between insurers. In addition to numerous legal permissions, personal data may be processed with the consent of the data subject.

Insurance Europe

Insurance Europe is the European insurance and reinsurance association. Insurance Europe represents all types of insurance and reinsurance through its 35 member associations – the national insurance associations – and mainly acts as an interest group at European level.

Insurance Europe therefore only provides the infrastructure for the exchange of information and experience between its members and plays a supporting role for its members. It also provides information and advice on topics of interest to the European insurance sector.

There is no provision for the exchange of information on Insurance Europe between insurance companies in specific claims, whether national or cross-border.


In addition to the GDPR, the Federal Data Protection Act (BDSG) in conjunction with the Code of Conduct of the German insurance industry (CoC) regulates the exchange of information between insurance companies. The principle applies that data transfer from the insurance relationship to third parties is not permitted unless the disclosure of the information serves the own legitimate interest, the legitimate interest of a third party, or serves to avert dangers to state and public security. In all cases, however, the legitimate interest of the person concerned must be weighed against the interest of the insurance company in providing information. It is recommended that this consideration be documented in writing.

A general exchange of information between insurance companies in the event of a claim is not legally permissible in Germany. In principle, the written consent of the person concerned is required for all inquiries to other insurers.

There is no central claims database in which all claims for all claims settled in Germany are stored. However, the situation is slightly different if the insurer has doubts about the legality of the claims or if contradictions arise during the clarification in the event of a claim. Almost all insurance companies use the information system (HIS) operated by informa HIS GmbH. The HIS is an information agency within the meaning of the Federal Data Protection Act (BDSG).

Persons (policyholders, injured parties, insured persons and other witnesses, for example) and assets (vehicles, buildings, etc.) can be reported by the insurance companies involved. Messages are made according to predefined, fixed notification criteria, which can be grouped into the following categories:

  • Atypical loss frequencies
  • Special damage consequences
  • Abnormal/higher risks
  • Suspicious claims

The policy holder/claimant must be informed by the registering insurer about registration in the HIS database. In the event of an HIS match, the inquiring insurer contacts the insurer providing the information directly.


Strict data protection regulations regarding the exchange of information between insurance companies also exist in Switzerland. In principle, an exchange of information is only possible with a specific and  earmarked consent form of the person concerned (policyholder or claimant).

Since no central claims database exists in Switzerland either, information can only be exchanged regularly via a request to all insurers.

In addition, the Swiss Insurance Association (SIA) operates the CC-Info information system. Only single companies participate in this central database on a voluntary basis. The insurance companies involved only register motor claims. In addition to the vehicle identification number, the ID of the company registering the claim is also stored. An inquiry to CC-Info will only check whether a vehicle has already claimed damage from one of the insurers involved. Subsequent exchanges take place on a bilateral basis with the appropriate authority between the companies directly.


As a member of the EU, Austrian insurance companies are subject to the GDPR regarding the exchange of information. Like Switzerland, there is no single procedure for exchanging information among insurers. In Austria, any form of disclosure of information to other insurance companies requires the person concerned to have signed a corresponding consent form, too.

The Austrian Insurance Association (VVO) also operates a central information system (ZIS). All losses of insurance companies operating in Austria are reported in the ZIS. By querying the ZIS as part of claims process, the inquiring insurer receives comprehensive information on the claims history of the policyholder or claimant. In the event of a hit, information is passed on directly between the insurance companies involved.

The Netherlands

The data protection regulations already described for other EU member states also apply without restriction to the Netherlands.

In the Netherlands, different central databases with claim information are operated. In addition to a central claims database (Foundation CIS), which was set up jointly by the insurers operating in the Netherlands, there is a central fraud database of the Dutch Insurance Association. Almost all information from the losses of the participating insurance companies is stored in the CIS database.  Insurers may only use this information for their application and claims processing. The stored data will not be used for other purposes or passed on to third parties. This exchange of information helps members recognize, prevent and control the abuse of insurance and to manage risks. The information in the CIS database is also used for scientific research and statistical analysis for fraud prevention and risk analysis.

Around 100 insurers participate in the central fraud database of the Dutch Insurance Association. The main task of the fraud database is to store information on new fraud damages and make it available to the insurers involved.


The general regulations of the GDPR also apply here. The insurance industry operates a central claims database in both Sweden and Norway. All insurance companies are connected to this and automatically report any damage. This central claim database contains information on the:

  • Policyholder/claimant
  • line of business
  • date of loss
  • a reference number
  • insurance company that registered the claim

The prerequisite for the subsequent exchange of information between the insurance companies is the written consent of the person concerned.

In Sweden, in addition to the Central Damage Database, Lärmtjänst AB is of great importance. Larmtjänst AB is a non-profit organization which is part of the Swedish Insurance Association as an independent unit. Lärmtjänst works for insurance companies to reduce the abuse of insurance policies and support the investigative activities of insurance companies. Larmtjänst has built up an international network of contacts with law enforcement authorities, organizations and private companies over many years to support Swedish insurance companies in their international work.


In principle, the exchange of information between insurance companies in Denmark is similar to Sweden. Denmark is also subject to the relevant provisions of the GDPR, however, there is no central claims database. Nevertheless, insurers can contact the Danish Insurance Association with their specific request for information in the event of special/suspicious claims. The association forwards these requests to all member companies, which contact the requesting company directly in the event of a hit. A corresponding consent form of the person concerned is also a prerequisite here.

Similar to Lärmtjänst in Sweden, the Danish Insurance Association has a very good international network and therefore they are also in an excellent position to support Danish insurers in the event of claims abroad.

United Kingdom

The exchange of information between insurance companies is very strictly controlled by the GDPR. The most important platform for the exchange of information is the Claims and Underwriting Exchange Database (CUE). The CUE data is only available to participating insurance companies. All claims made against the insurers involved are filed here. In the event of a claim, this data helps insurers to identify multiple claims with different insurers and thus prevent fraud.

The CUE databases currently contain information on approximately 11 million property damages, 13 million car damages and 11 million personal injuries. Insurers use the CUE data at all stages of the insurance life cycle, underwriting, renewal and in the event of a claim.

Another way of exchanging information or obtaining information about damage from other insurance companies is through government organizations that generally deal with cases of fraud and their investigation. However, very strict data protection rules also apply here.

National Crime Agency (NCA)

The NCA is a law enforcement agency that leads the UK’s fight against serious and organized crime. The NCA’s tasks are not limited to combating insurance fraud but cover all areas of life.

Insurance Fraud Bureau (IFB)

The IFB is a not-for-profit organization founded in 2006 to lead the insurance industry’s joint fight against insurance fraud. The IFB acts as a central hub for the exchange of insurance fraud data and information. In the UK, the IFB focuses on the detection and prevention of organized and cross-sector insurance fraud. The IFB works closely with the police and other law enforcement authorities.

The City of London Police´s National Fraud Intelligence Bureau (NFIB)

The London Police has set up its own task force in light of increasing fraud activities. The NFIB is also not limited to insurance fraud but is responsible for all cases of fraud. Insurance companies also work closely with the NFIB in individual cases of suspected fraud. In these cases, the NFIB coordinates the exchange of information in strict compliance with the relevant laws.


There is currently no structured approach and uniform rules for the exchange of information between insurance companies in the event of a claim, even across national borders, in Europe. However, the provisions of the GDPR can be regarded as a common basis for the dissemination of information. In addition, many country-specific laws, regulations and agreements regulate the exchange of information.

Nevertheless, one thing is the same for all countries: an exchange of information takes place only with the consent of the person concerned, in addition to the insurer’s far-reaching duties to provide information.

The need to exchange information in compliance with all national and international data protection regulations has recently moved into the focus of various national insurance associations. Therefore, some European countries have launched initiatives to establish a national claims/fraud database.

Source: SIU Today

Contact us

Cookie and Privacy Policy

1. Introduction

When you use this website, FRISS may collect information about your use of the website and the content offered. We believe it is important to handle your (personal) data with due care and confidentiality. When processing your personal data, we comply with the General Data Protection Regulation (Algemene Verordening Gegevensbescherming) and Article 11.7a of the Telecommunications Act (Telecommunicatiewet).

1.1.  Controller

The controller of the processing of personal data is:

FRISS Fraudebestrijding B.V.
Orteliuslaan 15
3528 BA

This processing of personal data is registered with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) in The Hague under reporting number m00004997.

1.2.  Purposes of data processing

There are several places on our website where you can fill in your (personal) data. We will explain the purposes of the various instances of data processing below.

Filling in the contact form or sending an e-mail

If you fill in the contact form on our website or send us an e-mail, we will only use the (personal) data you provide for the purpose or purposes for which you filled in the contact form or sent the e-mail.

Download form

If you download files on our website (such as e-books, whitepapers or reports), we will use the (personal) data you provide for one or more of the following purposes:

  • for the execution of an agreement, for example to send you the e-book, whitepaper or report you have chosen;
  • for the formation of an agreement, for example by contacting you by telephone or in writing.


If you fill in the application form for the newsletter on our website, your (personal) data will be used to send you the newsletter. Each newsletter contains a hyperlink at the bottom of the message that you can use to unsubscribe.

In addition to the personal data you provide to FRISS yourself, FRISS may collect, record and process additional (personal) data if you use the (web) services of FRISS. This concerns the following personal data:

  • data from the used equipment, such as a unique device ID, version of the operating system and settings of the device you use to access a service;
  • information about the use of a service, such as the time at which you use the service and the type of service that is used;
  • location details from your device or derived from your IP address that is provided to us when you use a particular service;
  • data available from external sources. We may receive information about you from public or commercially available sources.

1.3.  Provision of (personal) data to third parties

Your (personal) data will never be provided to third parties without your permission, unless we have an obligation to do so pursuant to legislation or regulations or you have given permission for this.

1.4.  Security of data

FRISS respects your privacy and ensures that personal data are handled confidentially and with the utmost care. All processed (personal) data is stored exclusively in secure databases. These databases are only accessible to employees of FRISS, to the extent that this access is required by virtue of their position. FRISS makes every effort to secure these systems against loss and/or any form of unlawful use or processing.

1.5.  Inspection, correction and deletion of data and the right to object

You can view your data that is processed by FRISS at any time and free of charge and, if you so wish, modify this data or have it deleted. You can also object to receiving information about products, services or content of FRISS. If you wish to make use of one of these options, you can send an e-mail to the Data Protection Officer of FRISS via privacy@friss.eu or write to the following address:

FRISS | fraud, risk & compliance
Attn. Data Protection Officer
Orteliuslaan 15
3528 BA Utrecht.

2. Cookies

When using this website, information about your use of these services and other websites may be collected by or on behalf of FRISS, for example by means of cookies.

A cookie is a small file that is sent along with pages of a website and stored by your browser on the hard disk of your computer. We use cookies to remember settings and preferences. You can disable these cookies via your browser.

2.1.  The purposes for which FRISS uses cookies

On our website we use cookies for the following purposes:

  • for statistical purposes, in order to analyse the use of FRISS websites. This allows us to keep track of the number of visitors and see which parts of our website are popular. We use Google Analytics in order to track and consult these statistics. On this website you can find explanations about all cookies that may be placed by Google;
  • for what is known as ‘targeting’ purposes, if you have used the download form. By targeting we mean building a profile of you based on your surfing behaviour on our website, after which we may contact you by telephone or e-mail based on the interests you have shown in order to offer you FRISS services that you may be interested in. We use HubSpot in order to track and consult these statistics. On this website you can find explanations about all cookies that may be placed by HubSpot;

3. Changes to this Cookie and Privacy Statement

FRISS may make changes to this Cookie and Privacy Statement. All modifications will be published on this page. We advise you to consult this Cookie and Privacy Statement regularly, so that you are always aware of the content of the current Cookie and Privacy Statement.