Verifying claim legitimacy is one of the most essential tasks of an insurance company. In addition to examining the reason and amount, examination of the claims history of the policyholder’s claims history is of considerable importance in assessing the eligibility of a claim. In addition to claims in your own company, claims that may have been settled by other insurance companies in the past are also important for the assessment of the present loss. An exchange of information between insurance companies in the event of a claim is therefore a desirable and valuable investigation tool for checking whether the claimed damage has actually occurred.
This exchange of information between insurance companies in Europe is comprehensively regulated. In addition to uniform regulations for European Union countries, there are also numerous national regulations.
Procedures for the exchange of information in the underwriting process and the exchange of health data are not discussed below. The exchange of health data is far more regulated, and stricter standards are applied to the exchange of information and obligations for the insurer.
The basis for the collection, storage and processing of personal information in the EU is the General Data Protection Regulation (GDPR), which went into effect on May 25th, 2018. The GDPR also regulates the transfer or exchange of personal information. Personal data refers to information such as name, date of birth, marital status, etc., and also includes to factual circumstances such as income, living situation, license plates, insurance claims, etc.
Countries like Switzerland and Norway, that are not members of the EU, apply these regulations in a similar way.
The GDPR generally prohibits any collection, storage and processing of personal information. This also applies to the exchange of information between insurers. In addition to numerous legal permissions, personal data may be processed with the consent of the data subject.
Insurance Europe is the European insurance and reinsurance association. Insurance Europe represents all types of insurance and reinsurance through its 35 member associations – the national insurance associations – and mainly acts as an interest group at European level.
Insurance Europe therefore only provides the infrastructure for the exchange of information and experience between its members and plays a supporting role for its members. It also provides information and advice on topics of interest to the European insurance sector.
There is no provision for the exchange of information on Insurance Europe between insurance companies in specific claims, whether national or cross-border.
In addition to the GDPR, the Federal Data Protection Act (BDSG) in conjunction with the Code of Conduct of the German insurance industry (CoC) regulates the exchange of information between insurance companies. The principle applies that data transfer from the insurance relationship to third parties is not permitted unless the disclosure of the information serves the own legitimate interest, the legitimate interest of a third party, or serves to avert dangers to state and public security. In all cases, however, the legitimate interest of the person concerned must be weighed against the interest of the insurance company in providing information. It is recommended that this consideration be documented in writing.
A general exchange of information between insurance companies in the event of a claim is not legally permissible in Germany. In principle, the written consent of the person concerned is required for all inquiries to other insurers.
There is no central claims database in which all claims for all claims settled in Germany are stored. However, the situation is slightly different if the insurer has doubts about the legality of the claims or if contradictions arise during the clarification in the event of a claim. Almost all insurance companies use the information system (HIS) operated by informa HIS GmbH. The HIS is an information agency within the meaning of the Federal Data Protection Act (BDSG).
Persons (policyholders, injured parties, insured persons and other witnesses, for example) and assets (vehicles, buildings, etc.) can be reported by the insurance companies involved. Messages are made according to predefined, fixed notification criteria, which can be grouped into the following categories:
- Atypical loss frequencies
- Special damage consequences
- Abnormal/higher risks
- Suspicious claims
The policy holder/claimant must be informed by the registering insurer about registration in the HIS database. In the event of an HIS match, the inquiring insurer contacts the insurer providing the information directly.
Strict data protection regulations regarding the exchange of information between insurance companies also exist in Switzerland. In principle, an exchange of information is only possible with a specific and earmarked consent form of the person concerned (policyholder or claimant).
Since no central claims database exists in Switzerland either, information can only be exchanged regularly via a request to all insurers.
In addition, the Swiss Insurance Association (SIA) operates the CC-Info information system. Only single companies participate in this central database on a voluntary basis. The insurance companies involved only register motor claims. In addition to the vehicle identification number, the ID of the company registering the claim is also stored. An inquiry to CC-Info will only check whether a vehicle has already claimed damage from one of the insurers involved. Subsequent exchanges take place on a bilateral basis with the appropriate authority between the companies directly.
As a member of the EU, Austrian insurance companies are subject to the GDPR regarding the exchange of information. Like Switzerland, there is no single procedure for exchanging information among insurers. In Austria, any form of disclosure of information to other insurance companies requires the person concerned to have signed a corresponding consent form, too.
The Austrian Insurance Association (VVO) also operates a central information system (ZIS). All losses of insurance companies operating in Austria are reported in the ZIS. By querying the ZIS as part of claims process, the inquiring insurer receives comprehensive information on the claims history of the policyholder or claimant. In the event of a hit, information is passed on directly between the insurance companies involved.
The data protection regulations already described for other EU member states also apply without restriction to the Netherlands.
In the Netherlands, different central databases with claim information are operated. In addition to a central claims database (Foundation CIS), which was set up jointly by the insurers operating in the Netherlands, there is a central fraud database of the Dutch Insurance Association. Almost all information from the losses of the participating insurance companies is stored in the CIS database. Insurers may only use this information for their application and claims processing. The stored data will not be used for other purposes or passed on to third parties. This exchange of information helps members recognize, prevent and control the abuse of insurance and to manage risks. The information in the CIS database is also used for scientific research and statistical analysis for fraud prevention and risk analysis.
Around 100 insurers participate in the central fraud database of the Dutch Insurance Association. The main task of the fraud database is to store information on new fraud damages and make it available to the insurers involved.
The general regulations of the GDPR also apply here. The insurance industry operates a central claims database in both Sweden and Norway. All insurance companies are connected to this and automatically report any damage. This central claim database contains information on the:
- line of business
- date of loss
- a reference number
- insurance company that registered the claim
In Sweden, in addition to the Central Damage Database, Lärmtjänst AB is of great importance. Larmtjänst AB is a non-profit organization which is part of the Swedish Insurance Association as an independent unit. Lärmtjänst works for insurance companies to reduce the abuse of insurance policies and support the investigative activities of insurance companies. Larmtjänst has built up an international network of contacts with law enforcement authorities, organizations and private companies over many years to support Swedish insurance companies in their international work.
In principle, the exchange of information between insurance companies in Denmark is similar to Sweden. Denmark is also subject to the relevant provisions of the GDPR, however, there is no central claims database. Nevertheless, insurers can contact the Danish Insurance Association with their specific request for information in the event of special/suspicious claims. The association forwards these requests to all member companies, which contact the requesting company directly in the event of a hit. A corresponding consent form of the person concerned is also a prerequisite here.
Similar to Lärmtjänst in Sweden, the Danish Insurance Association has a very good international network and therefore they are also in an excellent position to support Danish insurers in the event of claims abroad.
The exchange of information between insurance companies is very strictly controlled by the GDPR. The most important platform for the exchange of information is the Claims and Underwriting Exchange Database (CUE). The CUE data is only available to participating insurance companies. All claims made against the insurers involved are filed here. In the event of a claim, this data helps insurers to identify multiple claims with different insurers and thus prevent fraud.
The CUE databases currently contain information on approximately 11 million property damages, 13 million car damages and 11 million personal injuries. Insurers use the CUE data at all stages of the insurance life cycle, underwriting, renewal and in the event of a claim.
Another way of exchanging information or obtaining information about damage from other insurance companies is through government organizations that generally deal with cases of fraud and their investigation. However, very strict data protection rules also apply here.
National Crime Agency (NCA)
The NCA is a law enforcement agency that leads the UK’s fight against serious and organized crime. The NCA’s tasks are not limited to combating insurance fraud but cover all areas of life.
Insurance Fraud Bureau (IFB)
The IFB is a not-for-profit organization founded in 2006 to lead the insurance industry’s joint fight against insurance fraud. The IFB acts as a central hub for the exchange of insurance fraud data and information. In the UK, the IFB focuses on the detection and prevention of organized and cross-sector insurance fraud. The IFB works closely with the police and other law enforcement authorities.
The City of London Police´s National Fraud Intelligence Bureau (NFIB)
The London Police has set up its own task force in light of increasing fraud activities. The NFIB is also not limited to insurance fraud but is responsible for all cases of fraud. Insurance companies also work closely with the NFIB in individual cases of suspected fraud. In these cases, the NFIB coordinates the exchange of information in strict compliance with the relevant laws.
There is currently no structured approach and uniform rules for the exchange of information between insurance companies in the event of a claim, even across national borders, in Europe. However, the provisions of the GDPR can be regarded as a common basis for the dissemination of information. In addition, many country-specific laws, regulations and agreements regulate the exchange of information.
Nevertheless, one thing is the same for all countries: an exchange of information takes place only with the consent of the person concerned, in addition to the insurer’s far-reaching duties to provide information.
The need to exchange information in compliance with all national and international data protection regulations has recently moved into the focus of various national insurance associations. Therefore, some European countries have launched initiatives to establish a national claims/fraud database.
Source: SIU Today