1. Purpose
The purpose of this open insurance functionality for motor insurance is to ensure customers receive comparable and personalised insurance offerings. This can be done through:
Obtaining the full profile of a customer and details of any previous/current insurance products & activity on file for that customer
Using the profile and insurance data of the end customer to obtain a quote
2. Description
By obtaining data about a customer pertaining to their past or current insurance policies, car, customer profile, premiums and previous/pending claims, an insurance broker or insurance provider can provide the customer with a personalised insurance quote. This insurance service request enables TPPs to retrieve a User’s data (with the User’s consent) held with a LFI. The TPP agrees the boundaries of the data sharing consent with the User, the TPP then sends this data sharing consent to the LFI, where it is approved by the User. TPPs are then further able to retrieve the status of the data sharing consent. This User journey requires a consent similar to that of an Account Access Consent.
LFIs are required to respond to quote requests from TPPs with a quote regardless of whether there is a pre-existing commercial agreement.
2.1 Customer Data Sharing - Generic User Story
User Story
As a User (Consumer),
I want to provide my consent to a TPP to retrieve data about my insurance policies,
so that I can receive a personalised retail motor insurance quote.
2.2 Quote Request - Generic User Story
User Story
As a User (TPP),
I want to request a quote from an LFI using a customer’s data from an existing policy,
so that I can receive a personalised retail motor insurance quote for the customer.
3. User Journey
3.1 User shares data with TPP
Users can share data held with an LFI, by providing their data sharing consent to a TPP.
3.2 TPP requests quote from LFI
A TPP can request a quote from an LFI for a specific customer using their profile.
4. Rules & Guidelines
# | Step | Rules & Guidelines |
MICS-1 | Initiate User Set-up (Conditional) | Depending on the use case, the User may have to be onboarded with the TPP by agreeing to any relevant terms and conditions (e.g. regarding sharing and storage of personal data) and setting up an account with them if required. TPPs MUST: 1.1 Provide the User with a Terms & Conditions, and Privacy Notice outlining applicable rights and responsibilities in the context of relevant regulation and legal principles. This may need to include any onward sharing of personal data, recipients or categories of recipients who receive that data, and the lawful basis for processing personal data as perhttps://openfinanceuae.atlassian.net/wiki/spaces/standardsv1draft3/pages/70090987/Consent+Setup#2.-Consent-Codification 1.2 Obtain the User's agreement to the above before setting them up and be able to request User consent as per the next step in the process 1.3 Provide an option to cancel the flow |
MICS-2 | Data Sharing Consent | Basic Consent Parameters TPPs MUST: 2.1 Request only data required to perform their service (or use case). 2.2 Use the data language standards to describe the data clusters and data permissions in user-facing interactions so that the User clearly understands the data that will be requested from their LFI to provide the service requested
2.3 Provide to User, the OFP and the LFI their trading/brand name clearly and the name of any other parties they are supporting (if applicable). 2.4 Allow the User to identify and select the LFIs for the Consent
|
Additional Consent Parameters TPPs MUST: 2.5 Set the Accepted Authorization Type (as per https://openfinanceuae.atlassian.net/wiki/spaces/standardsv1draft3/pages/70092902/Common+Rules+and+Guidelines#7.-Accepted-Authorization-Type). 2.6 Set the Authorization Time Window (as per https://openfinanceuae.atlassian.net/wiki/spaces/standardsv1draft3/pages/70092902/Common+Rules+and+Guidelines#8.-Authorization-Time-Window) if there are specific timing requirements that must be met for the Consent authorization. This is also relevant to cases where multiple authorizers are required to authorize the payment consent. 2.7 Obtain the Users' explicit consent to access information from insurance products held at LFIs (as perhttps://openfinanceuae.atlassian.net/wiki/spaces/standardsv1draft3/pages/70090987/Consent+Setup#2.1--Data-Sharing-Consent). | ||
MICS-3 | Consent Staging | As perhttps://openfinanceuae.atlassian.net/wiki/spaces/standardsv1draft3/pages/70092902/Common+Rules+and+Guidelines#10.-Consent-Staging |
MICS-4 | Hand-off to LFI | TPPs MUST: 4.1 Notify the User that they will be transferred to the selected LFI to undertake their authentication and consent Authorization (as perhttps://openfinanceuae.atlassian.net/wiki/spaces/standardsv1draft3/pages/70092902/Common+Rules+and+Guidelines#11.-Hand-off-to-LFI) |
MICS-5 | Authentication | LFIs MUST: 5.1 Enable Users to perform authentication with their LFIs, as per the following sections: 5.2 Re-direct Users back to the TPPs, with information that the Consent has not been authorized, if User Authentication has failed or Users opted to cancel the authentication/authorization process. |
MICS-6 | Disclosure Consent | LFIs MUST: 6.1 Enable Users to authenticate using Multi-Factor Authentication (MFA) in order to review and authorize the data sharing Consent. 6.2 Retrieve from the OFP the data sharing Consent details staged by the TPP using the unique Consent Identifier. 6.3 Display details of data that will be shared and for how long 6.4 Use the data language standards to describe data clusters and permissions in user-facing interactions so that the same information is displayed to the User |
MICS-7 | Confirmation/ Authorization | LFIs MUST: 7.1 Present to Users all the details in relation to data sharing Consent. 7.2 NOT allow Users to change any of the Consent parameters (e.g. permissions) staged by the TPP. 7.3 Request Users to authorize the data sharing Consent. 7.4 Enable Users to cancel the data sharing Consent request from within the authorization journey 7.5 Re-direct Users back to the TPPs, with information that the Consent has not been authorized, if Users opt to cancel the Consent authorization process before final authorization. 7.6 Check the Authorization Time window is valid as perhttps://openfinanceuae.atlassian.net/wiki/spaces/standardsv1draft3/pages/70092902/Common+Rules+and+Guidelines#20.-Check-Authorization-Time-Window 7.7 Change the state of the data sharing Consent from Awaiting Authorization to Authorized, when all Authorizers (one or more) have authorized the data sharing Consent. 7.8 Update the data sharing Consent details stored in the OFP with all the information included in the data sharing Consent authorized by the User. |
OFP MUST: 7.9 Confirm back to the LFIs that the data sharing Consent details have been updated successfully. | ||
Multi-Authorization Journey Only | ||
MICS-8 | Hand-off back to the TPP | As perhttps://openfinanceuae.atlassian.net/wiki/spaces/standardsv1draft3/pages/70092902/Common+Rules+and+Guidelines#14.-Hand-off-back-to-the-TPP |
MICS-9 | Confirmation to User | As perhttps://openfinanceuae.atlassian.net/wiki/spaces/standardsv1draft3/pages/70092902/Common+Rules+and+Guidelines#16.-Confirmation-to-User |
5. Data Sharing Requests
# | Step | Rules & Guidelines |
|---|---|---|
MISR-1 | Data Sharing Request | TPPs MUST: 1.1 Only request specific data in the scope of their service (or use case). 1.2 Only submit to OFP data sharing requests for the data clusters and permissions consented by the User as per the data sharing Consent authorized by the User. |
MISR-2 | Processing of Data Sharing Requests | OFP MUST: 2.1 Allow TPPs to submit data sharing requests in relation to a data sharing Consent authorized by Users, without any additional MFA or authorization by the Users. 2.2 Check that the received data sharing request relates to a valid data sharing Consent authorized by the User. The Consent MUST be in the Authorized state. The OFP MUST reject any data sharing requests related to a data sharing Consent in a different state (e.g. expired) and respond back to the TPP with the appropriate error message/code.
2.3 Reject the data sharing request and provide the necessary error message to the TPP, if any checks on the data sharing request fail against the authorized data sharing Consent.
2.4 Send the data sharing requests to the LFI for the data clusters and permissions consented by the User as per the data sharing Consent authorized by the User. |
LFIs MUST: 2.5 Allow the OFP to submit the data sharing requests without any additional MFA or authorization from the User. 2.6 Reject the data sharing request received by the OFP in case there are valid reasons for the data sharing Consent to be suspended as per https://openfinanceuae.atlassian.net/wiki/spaces/standardsv1draft3/pages/70090987/Consent+Setup#4.-Consent-States or due to any other BAU checks failure. 2.7 Share data requested by the OFP in relation to the authorized data sharing Consent.
| ||
OFP MUST: 2.8 Send an appropriate error response to the TPPs in case the data sharing request is rejected due to violating any of the LFIs BAU checks. 2.9 Provide the TPP with all the available data for the data clusters and permissions requested in relation to the data sharing Consent authorized by the User. |
6. Assumptions & Considerations
The below items are a work-in-progress and require further analysis.
If it should be mandatory for a user to share all available policies or if they can select specific policies
If consent should be single-use for quotes or if there is a valid use case for long-lived consent
How consent is affected when there are multiple drivers under a single policy
How to standardise the request of quotes
7. Data Categories
In the Motor Insurance API design, data elements will be logically grouped together into “permissions”. Grouping permissions together as clusters adds another layer of logical grouping and the description helps Users' understanding of the data they are being asked to consent to share.
The below data categories define potentially relevant properties that should be available from an LFI holding a motor insurance policy for a customer. These data categories will be grouped as clusters of permissions to ensure TPPs are requesting data relevant to the service that they are providing in language that is easy to understand for the user.
7.1 Basic Information
Property | Description |
Customer ID | |
Customer Full Name | First name, last name |
Customer Short Name | |
Category / Segment | |
Local Branch | |
Primary Language | English / Arabic / Other |
7.2 Customer Data
Property | Description |
Correspondence Address | |
Address Line 1 |
|
Address Line 2 |
|
Address Line 3 |
|
Postal Code |
|
City |
|
State / Emirate |
|
Country |
|
|
|
Permanent Address | |
Address Line 1 |
|
Address Line 2 |
|
Address Line 3 |
|
Postal Code |
|
City |
|
State / Emirate |
|
Country |
|
|
|
Residential Address | |
Address Line 1 |
|
Address Line 2 |
|
Address Line 3 |
|
Postal Code |
|
City |
|
State / Emirate |
|
Country |
|
|
|
Communication Type 1 | Home / Mobile / Other |
Communication Number 1 |
|
Communication Type 2 | Home / Mobile / Other |
Communication Number 2 |
|
Communication Type 3 | Home / Mobile / Other |
Communication Number 3 |
|
|
|
Email ID |
|
Alternate Email ID |
|
7.3 Individual Customer Details
Property | Description |
Personal Details | |
Gender | Male/female |
Date of Birth | Age of primary driver/rider |
Marital Status |
|
Education Background |
|
Nationality |
|
Dual Nationality | y/n |
Second Nationality |
|
Salutation |
|
City of Birth | |
Country of Birth |
|
Religion |
|
Mother's Maiden Name |
|
Spouse Name |
|
Spouse Date of Birth |
|
Spouse Employment Details |
|
Spouse Contact |
|
Number of children |
|
Professional Details | |
Profession |
|
Profession Description |
|
Employer Name | or company name in case of self-employment |
Employer Address | or company address in case of self-employment |
Employment Type |
|
Employment Location |
|
Nature of Business |
|
Designation |
|
Source of Income | e.g. salary / dividends from ownership |
Income Currency |
|
Montly Income |
|
Annual Income |
|
Employment Start Date |
|
Identification Details | |
EID Number | Emirates ID number |
EID Expiry Date | Emirates ID expiry date |
Passport Number |
|
Passport Issue Country |
|
Passport Issue Date |
|
Passport Expiry Date |
|
Visa Number |
|
Visa Issue Country | UAE Visa Issued from which country |
Visa Issue Date |
|
Visa Expiry Date |
|
UAE Driving License Number |
|
UAE Driving License Issue Date |
|
UAE Driving License Issuing Emirate |
|
Mulkiya Card |
|
Vehicle Passing Certificate |
|
Dealers Quote | Quote from dealer reflecting all costs (out-the-door price) |
Home Country Driving License |
|
7.4 Vehicle Data
Property | Description |
plateNumber | Vehicle plate number |
registrationDate | Date of the first registration of the vehicle with the respective public authorities. |
emirateOfRegistration | Emirate where vehicle is registered |
chassisNumber | Vehicle chassis number |
vin | An alphanumeric series that includes make, model, and serial number for a vehicle |
engineNumber | Engine number |
vehicleWeight | Vehicle curb weight in kg |
agencyRepair | Has the vehicle been repaired yes or no |
vehicleGarage | Is the vehicle kept in garage yes or no |
bodyType | Body shape |
fuelType | Type of fuel used |
aiClassification | Level of autonomous driving used according to definitions of SAE International |
vehicleUse | Primary use of vehicle |
yearlyMilage | Average kilometres driven per year |
vehicleBrand | Brand name for the maker of the vehicle |
vehicleModel | Model name for type of vehicle brand |
modelYear | Year of manufacture |
seats | Number of seats as per vehicle registration certificate |
colour | Colour of vehicle body |
trailerIncluded | Is trailer hitched |
sumInsured | Sum the vehicle is insured for |
accessories | Description of fitted accessories |
accessoryValue | Total value of accessories |
engineCapacity | Capacity of engine in cubic centimetres |
co2Emissions | Meets co2 emissions standard yes or no |
automaticTransmission | Manual or automatic |
lefthandDrive | Vehicle steering system lefthand or righthand drive |
disabilityAdapted | Adapted vehicle for a disabled driver yes or no |
doors | Number of doors including boot if it opens upward and includes the rear window |
securityDevice | Type of security device fitted in vehicle |
modification | Modification made to vehicle including colour, seating capacity, engine, cylinder capacity, fuel type, chassis or body shell or weight |
digitalKeyUsed | Keyless access available yes or no |
7.5 Policy Data
Property | Description |
Policy Issue Date | |
Policy Expiry Date | |
Policy Type | |
Coverage Amount | |
Coverage Start Date | |
Policy Premium | |
Policy Holder Emirates | |
Previous Policy Number | |
Previous Policy Insurer | |
Previous Policy Start Date | |
Previous Policy Expiry Date |
7.6 Historical Information
Property | Description |
Additional Insurance Information | Gap in car insurance or vehicle under TPL coverage |
Driving History | More than 1 year of driving experience |
Number of claims last 12 months |
|
Number of approved claims last 12 months |
|
Total value of claims last 12 months |
|
Total value of approved claims last 12 months |
|
Number of claims last 36 months |
|
Number of approved claims last 36 months |
|
Total value of claims last 36 months |
|
Total value of approved claims last 36 months |
|