NOVUM and adorsys provide insurance market with PSD2 Sandbox available in a secure cloud environment.
Effective immediately, insurance companies and FinTechs will be able to use the adorsys Sandbox Environment as a SaaS solution through the NOVUM Cloud Platform to verify compliance with regulatory requirements via their systems without having to connect to banking systems.
Nuremberg, May 14, 2019 – The PSD2 initiative is currently perceived as a catalyst for open banking in Europe. This new EU directive governing the business operations of payment service providers in the EU (PSD2) opens up many opportunities for new entrants such as insurance companies, InsurTechs, and FinTechs. For insurers, PSD2 offers the opportunity to vastly improve their offerings and to expand them with new services. As of now, PSD2 requires banks to grant third-party providers access to customer accounts at the customers’ request. By analyzing the account situation of the customers, insurers can identify existing coverages, spot gaps, and make active suggestions for improvement. In addition to that, they can identify insurance policies that customers hold with other insurers. The prerequisite for data access is, however, the consent of the customer.
Since the release of the PSD2 directive, adorsys has focused on developing a PSD2 Access-to-Accounts (XS2A) interface and sandbox. Through membership in the Berlin Group Advisory Board and NISP (implementation support for banks), new requirements could be continuously incorporated into the software solution. This arrangement made an XS2A sandbox possible, which does not even exist yet on the market in this form.
With the NOVUM Cloud Platform (NCP), NOVUM provides a platform on which applications can be run in a safe and simple way. The operation is fully automated and does not require an IT administrator. The deployment and operation of applications on the NCP is ISO 27001 certified and complies with all regulatory requirements (German Insurance Supervision Act ‘VAG’, German Minimum Requirements under Supervisory Law on the System of Governance of Insurance Undertakings ‘MaGo’, Delegated Regulation (EU) 2015/35, German Supervisory Requirements for IT in Insurance Undertakings ‘VAIT’, etc.).
There are by now some PSD2 solutions. How does the XS2A Sandbox differ from the solutions of its competitors?
Stefan Hamm, CEO of adorsys: "In addition to the technical-regulatory requirements, we now focus on added value for our customers, such as a backend that behaves like a core banking system and enables end-to-end processes. The Sandbox was created to make it as easy as possible for users. It has, among other things, a true banking system emulation with an embedded XS2A interface, a wide range of services (accounting service, security and payment services) and a TPP test tool to generate the required certificate.
The Sandbox is primarily geared towards banks that need to comply with the PSD2 regulations, right? Can it also be used by insurance companies?
Stefan Hamm: "That is absolutely correct. We have developed a "dynamic" sandbox, which is primarily of great benefit for insurance companies and TPPs. The XS2A Sandbox has dual ledgers and behaves like a "real" bank. In addition to test data, the XS2A Sandbox enables you to generate certificates that are necessary for TPPs. Our goal is to provide a comprehensive solution so that our customers can completely focus on the development of their services.”
How does the collaboration between NOVUM and adorsys improve the benefits for insurers?
Michael Kraus, CEO of NOVUM: "By integrating the adorsys PSD2 Sandbox as a SaaS solution into the NCP, insurers can now verify if they comply with the regulatory requirements for the use of PSD2 without an implementation in their own IT infrastructure. The Sandbox acts as a fictitious bank and completely covers the PSD2 requirements for providing interfaces to third-party providers. The NCP also acts as the basis for the expert cloud service V'ger Sky, which is available for the sectors dealing with liability, accident and car insurance, life and health insurance, including all modules. It meets the highest security and compliance requirements."