Versions Compared

Version Old Version 1 New Version Current
Changes made by

Chris Michael

Warren Handley

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

By obtaining data about a customer pertaining to their past or current insurance policies, car, customer profile, premiums and previous/pending claims, an insurance broker or insurance provider can provide the customer with a personalised insurance quote. This insurance service request enables TPPs to retrieve a User’s data (with the User’s consent) held with a LFI. The TPP agrees the boundaries of the data sharing consent with the User, the TPP then sends this data sharing consent to the LFI, where it is approved by the User. TPPs are then further able to retrieve the status of the data sharing consent. This User journey requires a consent similar to that of an Account Access Consent.

LFIs are required to respond to quote requests from TPPs with a quote regardless of whether there is a pre-existing commercial agreement.

2.1 Customer Data Sharing - Generic User Story

...

#

Step

Rules & Guidelines

MICS-1

Initiate User Set-up (Conditional)

Depending on the use case, the User may have to be onboarded with the TPP by agreeing to any relevant terms and conditions (e.g. regarding sharing and storage of personal data) and setting up an account with them if required.

TPPs MUST:

1.1 Provide the User with a Terms & Conditions, and Privacy Notice outlining applicable rights and responsibilities in the context of relevant regulation and legal principles. This may need to include any onward sharing of personal data, recipients or categories of recipients who receive that data, and the lawful basis for processing personal data as perhttps://openfinanceuae.atlassian.net/wiki/spaces/standardsv1draft2standardsv1draft3/pages/5688524970090987/Consent+Setup#2.-Consent-Codification

1.2 Obtain the User's agreement to the above before setting them up and be able to request User consent as per the next step in the process

1.3 Provide an option to cancel the flow

MICS-2

Data Sharing Consent

Basic Consent Parameters

TPPs MUST:

2.1 Request only data required to perform their service (or use case).

2.2 Use the data language standards to describe the data clusters and data permissions in user-facing interactions so that the User clearly understands the data that will be requested from their LFI to provide the service requested

  • 2.2.1 Display to the User the data clusters that will be collected and the purpose the data will be used for when the data permissions cannot be set by the User due to the service being requested.

2.3 Provide to User, the OFP and the LFI their trading/brand name clearly and the name of any other parties they are supporting (if applicable).

2.4 Allow the User to identify and select the LFIs for the Consent

  • 2.4.1 Provide a way for the User to search for their LFI

Additional Consent Parameters

TPPs MUST:

2.5 Set the Accepted Authorization Type (as per https://openfinanceuae.atlassian.net/wiki/spaces/standardsv1draft2standardsv1draft3/pages/5252883070092902/Common+Rules+and+Guidelines#7.-Accepted-Authorization-Type).

2.6 Set the Authorization Time Window (as per https://openfinanceuae.atlassian.net/wiki/spaces/standardsv1draft2standardsv1draft3/pages/5252883070092902/Common+Rules+and+Guidelines#8.-Authorization-Time-Window) if there are specific timing requirements that must be met for the Consent authorization. This is also relevant to cases where multiple authorizers are required to authorize the payment consent.

2.7 Obtain the Users' explicit consent to access information from insurance products held at LFIs (as perhttps://openfinanceuae.atlassian.net/wiki/spaces/standardsv1draft2standardsv1draft3/pages/5688524970090987/Consent+Setup#2.1--Data-Sharing-Consent).

MICS-3

Consent Staging

As perhttps://openfinanceuae.atlassian.net/wiki/spaces/standardsv1draft2standardsv1draft3/pages/5252883070092902/Common+Rules+and+Guidelines#10.-Consent-Staging

MICS-4

Hand-off to LFI

TPPs MUST:

4.1 Notify the User that they will be transferred to the selected LFI to undertake their authentication and consent Authorization (as perhttps://openfinanceuae.atlassian.net/wiki/spaces/standardsv1draft2standardsv1draft3/pages/5252883070092902/Common+Rules+and+Guidelines#11.-Hand-off-to-LFI)
Example wording to use: ‘We will securely transfer to YOUR LFI to authenticate and authorize the data sharing request“.

MICS-5

Authentication

LFIs MUST:

5.1 Enable Users to perform authentication with their LFIs, as per the following sections:

5.2 Re-direct Users back to the TPPs, with information that the Consent has not been authorized, if User Authentication has failed or Users opted to cancel the authentication/authorization process.

MICS-6

Disclosure Consent

LFIs MUST:

6.1 Enable Users to authenticate using Multi-Factor Authentication (MFA) in order to review and authorize the data sharing Consent.

6.2 Retrieve from the OFP the data sharing Consent details staged by the TPP using the unique Consent Identifier.

6.3 Display details of data that will be shared and for how long

6.4 Use the data language standards to describe data clusters and permissions in user-facing interactions so that the same information is displayed to the User

MICS-7

Confirmation/ Authorization

LFIs MUST:

7.1 Present to Users all the details in relation to data sharing Consent.

7.2 NOT allow Users to change any of the Consent parameters (e.g. permissions) staged by the TPP.

7.3 Request Users to authorize the data sharing Consent.

7.4 Enable Users to cancel the data sharing Consent request from within the authorization journey

7.5 Re-direct Users back to the TPPs, with information that the Consent has not been authorized, if Users opt to cancel the Consent authorization process before final authorization.

7.6 Check the Authorization Time window is valid as perhttps://openfinanceuae.atlassian.net/wiki/spaces/standardsv1draft2standardsv1draft3/pages/5252883070092902/Common+Rules+and+Guidelines#20.-Check-Authorization-Time-Window

7.7 Change the state of the data sharing Consent from Awaiting Authorization to Authorized, when all Authorizers (one or more) have authorized the data sharing Consent.

7.8 Update the data sharing Consent details stored in the OFP with all the information included in the data sharing Consent authorized by the User.

OFP MUST:

7.9 Confirm back to the LFIs that the data sharing Consent details have been updated successfully.

Multi-Authorization Journey Only

7.10 As per https://openfinanceuae.atlassian.net/wiki/spaces/standardsv1draft2standardsv1draft3/pages/5252883070092902/Common+Rules+and+Guidelines#18.-Multi-User-Authorization-Flow

MICS-8

Hand-off back to the TPP

As perhttps://openfinanceuae.atlassian.net/wiki/spaces/standardsv1draft2standardsv1draft3/pages/5252883070092902/Common+Rules+and+Guidelines#14.-Hand-off-back-to-the-TPP

MICS-9

Confirmation to User

As perhttps://openfinanceuae.atlassian.net/wiki/spaces/standardsv1draft2standardsv1draft3/pages/5252883070092902/Common+Rules+and+Guidelines#16.-Confirmation-to-User

...

#

Step

Rules & Guidelines

MISR-1

Data Sharing Request

TPPs MUST:

1.1 Only request specific data in the scope of their service (or use case).

1.2 Only submit to OFP data sharing requests for the data clusters and permissions consented by the User as per the data sharing Consent authorized by the User.

MISR-2

Processing of Data Sharing Requests

OFP MUST:

2.1 Allow TPPs to submit data sharing requests in relation to a data sharing Consent authorized by Users, without any additional MFA or authorization by the Users.

2.2 Check that the received data sharing request relates to a valid data sharing Consent authorized by the User. The Consent MUST be in the Authorized state. The OFP MUST reject any data sharing requests related to a data sharing Consent in a different state (e.g. expired) and respond back to the TPP with the appropriate error message/code.

  • 2.2.1 Provide single data sharing access to Consented information, only if the User has consented to a single use data sharing Consent.

2.3 Reject the data sharing request and provide the necessary error message to the TPP, if any checks on the data sharing request fail against the authorized data sharing Consent.

  • 2.3.1 Only allow data sharing requests from TPPs for the data clusters and permissions consented by the User as per the data sharing Consent authorized by the User.

2.4 Send the data sharing requests to the LFI for the data clusters and permissions consented by the User as per the data sharing Consent authorized by the User.

LFIs MUST:

2.5 Allow the OFP to submit the data sharing requests without any additional MFA or authorization from the User.

2.6 Reject the data sharing request received by the OFP in case there are valid reasons for the data sharing Consent to be suspended as per https://openfinanceuae.atlassian.net/wiki/spaces/standardsv1draft2standardsv1draft3/pages/5688524970090987/Consent+Setup#4.-Consent-States or due to any other BAU checks failure.

2.7 Share data requested by the OFP in relation to the authorized data sharing Consent.

  • 2.7.1 Ensure that the data provided to the OFP allows the TPPs to reconcile the account transactions received from the LFI.

OFP MUST:

2.8 Send an appropriate error response to the TPPs in case the data sharing request is rejected due to violating any of the LFIs BAU checks.

2.9 Provide the TPP with all the available data for the data clusters and permissions requested in relation to the data sharing Consent authorized by the User.

...

  • If it should be mandatory for a user to share all available policies or if they can select specific policies

  • If consent should be single-use for quotes or if there is a valid use case for long-lived consent

  • How consent is affected when there are multiple drivers under a single policy

  • How to standardise multiple vehicles under a single policyHow to standardise the request of quotes

7. Data Categories

...

The below data categories define potentially relevant properties that should be available from an LFI holding a motor insurance policy for a customer. These data categories will be grouped as clusters of permissions to ensure TPPs are requesting data relevant to the service that they are providing in language that is easy to understand for the user.

7.1

...

Basic Information

Property

Description

lineOfBusiness

Class of insurance business e.g. motor comprehensive insurance

productModel

Type of insurance product e.g. comprehensive, third-party

contractType

Automated, smart contract or conventional

gracePeriod

Days until the policy lapse date

currency

Currency used to define policy limit, sum insured, excess etc.

policyFee

Policy administration fees

premiumPaymentFrequency

Frequency of premium payment e.g. annual, monthly

profitShare

Profit share formula agreed with policyholder

intermediary

Name of intermediary

...

Customer ID

Customer ID number

Customer Full Name

First name, last name

Customer Short Name

Category / Segment

Local Branch

Primary Language

English / Arabic / Other

7.2 Customer Data

7.4 Policy & Premium Data

...

Property

...

Description

...

policyNumber

...

Insurance policy number

...

inceptionDate

...

Cover inception date and time

...

expiryDate

...

Cover expiry date and time

...

status

...

Status of policy

...

discountAmount

...

Loyalty discount and discounts applied other than no claim bonus

...

premiumRate

...

Percentage rate

...

grossWrittenPremium

...

Gross insurance premium amount and acquisition costs before sales tax

...

salesTax

...

Tax as percentage

...

brokeragePercentage

...

Percentage of commission paid to intermediary

...

brokerageAmount

...

Money amount commission paid to intermediary

...

premiumPaymentFrequency

...

Frequency of premium payment

...

indemnityLimitPolicy

...

Annual policy limit

...

indemnityLimitAccident

...

Combined single limit any one accident

...

isAgreedValue

...

Sum insured based on agreed value instead of market value yes or no

...

endorsementID

...

Endorsement number

...

endorsementDate

...

Date of endorsement

...

endorsementType

...

Type of endorsement

...

peril

...

perils insured against

...

voluntaryDeductiblePercentage

...

percentage amount of each and every loss

...

voluntaryDeductibleAmount

...

amount of each and every loss

...

compulsoryDeductiblePercentage

...

percentage amount of each and every loss

...

compulsoryDeductibleAmount

...

amount of each and every loss

...

windscreenDeductiblePercentage

...

percentage amount of each and every loss

...

windscreenDeductibleAmount

...

amount of each and every loss

...

distanceUnit

...

km, miles

...

pleasureDistance

...

average annual distance travelled on pleasure trips

...

businessDistance

...

average annual distance travelled on business trips

...

numberOfVehicles

...

number of vehicles insured under a policy

7.5 Claims Data

Property

Description

claimNumber

Claim number assigned by lead risk carrier

fnol

Date of first notification of loss

lossDate

Date of loss occurrence

claimType

Type of damage claimed for

location

Location of where accident or incident happened

lossCause

Cause of incident

description

Description of cause of loss

liabilityShare

Percentage amount for policyholder's share in liability for loss as per police report, court decision or other regulatory requirements

reserve

Money amount for estimated incurred loss inclusive of all expenses

claimStatus

Current status of claim

lastUpdate

Last file update

reopenDate

Date claim case was reopened

excessAmount

Money amount applicable to excess

paymentMethod

Method used to settle the claim

documents

File URL of accident image, police report etc.

Property

Description

name

First name, last name

gender

Male/female 

driverDOB

Age of primary driver/rider

email

Email address

mobilePhone

Mobile phone number

address

Place of residence

idNumber

Number shown on official identity document

isPrimaryDriver

Are they the primary driver, are they permitted

licence

Driving licence details

noClaimsDiscount

Number of years of no claims bonus/no claims discount

conviction

Offence date, offence code

medicalConditon

Medical restriction, notifiable condition

nonMotorConviction

Information on notifiable non motor convictions

workStatus

Self-employed, employed, unemployed

occupation

Profession of natural person

7.3 Vehicle Data

...

Property

...

Description

...

plateNumber

...

Vehicle plate number

...

registrationDate

...

Date of the first registration of the vehicle with the respective public authorities.

...

emirateOfRegistration

...

Emirate where vehicle is registered

...

chassisNumber

...

Vehicle chassis number

...

vin

...

An alphanumeric series that includes make, model, and serial number for a vehicle

...

engineNumber

...

Engine number

...

vehicleWeight

...

Vehicle curb weight in kg

...

agencyRepair

...

Has the vehicle been repaired yes or no

...

vehicleGarage

...

Is the vehicle kept in garage yes or no

...

bodyType

...

Body shape

...

fuelType

...

Type of fuel used

...

aiClassification

...

Level of autonomous driving used according to definitions of SAE International

...

vehicleUse

...

Primary use of vehicle

...

yearlyMilage

...

Average kilometres driven per year

...

vehicleBrand

...

Brand name for the maker of the vehicle

...

vehicleModel

...

Model name for type of vehicle brand

...

modelYear

...

Year of manufacture

...

seats

...

Number of seats as per vehicle registration certificate

...

colour

...

Colour of vehicle body

...

trailerIncluded

...

Is trailer hitched

...

sumInsured

...

Sum the vehicle is insured for

...

accessories

...

Description of fitted accessories

...

accessoryValue

...

Total value of accessories

...

engineCapacity

...

Capacity of engine in cubic centimetres

...

co2Emissions

...

Meets co2 emissions standard yes or no

...

automaticTransmission

...

Manual or automatic

...

lefthandDrive

...

Vehicle steering system lefthand or righthand drive

...

disabilityAdapted

...

Adapted vehicle for a disabled driver yes or no

...

doors

...

Number of doors including boot if it opens upward and includes the rear window

...

securityDevice

...

Type of security device fitted in vehicle

...

modification

...

Modification made to vehicle including colour, seating capacity, engine, cylinder capacity, fuel type, chassis or body shell or weight

...

digitalKeyUsed

...

Keyless access available yes or no

Correspondence Address

Address Line 1

 

Address Line 2

 

Address Line 3

 

Postal Code

 

City

 

State / Emirate

 

Country

 

 

 

Permanent Address

Address Line 1

 

Address Line 2

 

Address Line 3

 

Postal Code

 

City

 

State / Emirate

 

Country

 

 

 

Residential Address

Address Line 1

 

Address Line 2

 

Address Line 3

 

Postal Code

 

City

 

State / Emirate

 

Country

 

 

 

Communication Type 1

Home / Mobile / Other

Communication Number 1

 

Communication Type 2

Home / Mobile / Other

Communication Number 2

 

Communication Type 3

Home / Mobile / Other

Communication Number 3

 

 

 

Email ID

 Email address

Alternate Email ID

 

7.3 Individual Customer Details

Property

Description

Personal Details

Gender

 Male/female

Date of Birth

 Age of primary driver/rider

Marital Status

 

Education Background

 

Nationality

 

Dual Nationality

 Yes/no

Second Nationality

 

Salutation

 

City of Birth

Country of Birth

 

Religion

 

Mother's Maiden Name

 

Spouse Name

 

Spouse Date of Birth

 

Spouse Employment Details

 

Spouse Contact

 

Number of children

 

Professional Details

Profession

 

Profession Description

 

Employer Name

or company name in case of self-employment

Employer Address

or company address in case of self-employment

Employment Type

 Full-time/part-time

Employment Location

 

Nature of Business

 

Designation

 

Source of Income

e.g. salary / dividends from ownership

Income Currency

 

Montly Income

 

Annual Income

 

Employment Start Date

 

Identification Details

EID Number

 Emirates ID number

EID Expiry Date

 Emirates ID expiry date

Passport Number

 

Passport Issue Country

 

Passport Issue Date

 

Passport Expiry Date

 

Visa Number

 

Visa Issue Country

UAE Visa Issued from which country

Visa Issue Date

 

Visa Expiry Date

 

UAE Driving License Number

 

UAE Driving License Issue Date

 

UAE Driving License Issuing Emirate

 

Mulkiya Card

 

Vehicle Passing Certificate

 

Dealers Quote

Quote from dealer reflecting all costs (out-the-door price)

Home Country Driving License

 

7.4 Vehicle Data

Property

Description

plateNumber

Vehicle plate number

registrationDate

Date of the first registration of the vehicle with the respective public authorities.

emirateOfRegistration

Emirate where vehicle is registered

chassisNumber

Vehicle chassis number

vin

An alphanumeric series that includes make, model, and serial number for a vehicle

engineNumber

Engine number

vehicleWeight

Vehicle curb weight in kg

agencyRepair

Has the vehicle been repaired yes or no

vehicleGarage

Is the vehicle kept in garage yes or no

bodyType

Body shape

fuelType

Type of fuel used

aiClassification

Level of autonomous driving used according to definitions of SAE International

vehicleUse

Primary use of vehicle

yearlyMilage

Average kilometres driven per year

vehicleBrand

Brand name for the maker of the vehicle

vehicleModel

Model name for type of vehicle brand

modelYear

Year of manufacture

seats

Number of seats as per vehicle registration certificate

colour

Colour of vehicle body

trailerIncluded

Is trailer hitched

sumInsured

Sum the vehicle is insured for

accessories

Description of fitted accessories

accessoryValue

Total value of accessories

engineCapacity

Capacity of engine in cubic centimetres

co2Emissions

Meets co2 emissions standard yes or no

automaticTransmission

Manual or automatic

lefthandDrive

Vehicle steering system lefthand or righthand drive

disabilityAdapted

Adapted vehicle for a disabled driver yes or no

doors

Number of doors including boot if it opens upward and includes the rear window

securityDevice

Type of security device fitted in vehicle

modification

Modification made to vehicle including colour, seating capacity, engine, cylinder capacity, fuel type, chassis or body shell or weight

digitalKeyUsed

Keyless access available yes or no

7.5 Policy Data

Property

Description

Policy Issue Date

Policy Expiry Date

Policy Type

Coverage Amount

Coverage Start Date

Policy Premium

Policy Holder Emirates

Previous Policy Number

Previous Policy Insurer

Previous Policy Start Date

Previous Policy Expiry Date

7.6 Historical Information

Property

Description

Additional Insurance Information

Gap in car insurance or vehicle under TPL coverage

Driving History

More than 1 year of driving experience

Number of claims last 12 months

 

Number of approved claims last 12 months

 

Total value of claims last 12 months

 

Total value of approved claims last 12 months

 

Number of claims last 36 months

 

Number of approved claims last 36 months

 

Total value of claims last 36 months

 

Total value of approved claims last 36 months