Skip to main content
Back Custom print Text Only Rich Text Print / Save as PDF
Download Original PDF

  • Rules Governing Insurance Aggregation Activities

    Saudi Central Bank has issued this Rules according to the Governor’s Decision number (441/4) dated 25/06/1441H, based on the powers vested to Saudi Central Bank by the Cooperative Insurance Companies Control Law promulgated by Royal Decree No. (M/32) dated 02/06/1424H (corresponding to 31/07/2003), and its Implementing Regulation issued by the Decision of the Minister of Finance No. (1/596) dated 01/03/1425H (corresponding to 20/04/2004).

    • Article Two Scope of Application

      These Rules shall apply to Insurance Aggregation Activities.

    • Article Three Purpose

      The Rules set out the requirements and controls necessary for granting the license to carry out online Insurance Aggregation Activities in Saudi Arabia, in addition to the rules concerning the relationship between the Insurance Aggregator and Insurance Companies.

    • Article Four General Provisions

       

      1. Without prejudice to the provisions of the Law, the insurance aggregator license application shall be submitted to Saudi Central Bank in accordance with the requirements and procedures set forth in these Rules along with the instructions issued by Saudi Central Bank in this regard from time to time.
      2. The provisions of the Law and its Implementing Regulation, Insurance Intermediaries Regulation, Online Insurance Activities Regulation and Saudi Central Bank’s relevant rules and instructions and relevant laws and regulations issued by other authorities shall govern whatever is not provided for therein and to the extent possible.

    • Article Five License Requirements

      1.

      The applicant for insurance aggregator license shall:

       

       

      a)

      be a joint stock or limited liability company licensed to operate in Saudi Arabia; and

       

       

      b)

      have a minimum capital of:

       

       

       

       

      -

      Five hundred thousand Saudi Riyals (500,000) for an Insurance Aggregator only.

       

       

       

       

      -

      Three million Saudi Riyals (3,000,000) for an insurance broker conducting Insurance Aggregation Activities.

       

       

       

       

      -

      Saudi Central Bank shall determine the additional minimum capital required based on the insurance lines and products as specified by the applicant in the business plan referred to in subsection (2) of this article.

      2.

      The application shall include a specific business plan for Insurance Aggregation Activities. The plan shall, as a minimum, include the following:

       

       

      a)

      Insurance lines and products to be displayed on the Electronic Platform, and analysis of the volume of online insurance transactions expected over the next three years;

       

       

      b)

      Analysis of the risks related to web transactions and precautionary measures and actions necessary to reduce such risks, including, money laundering crimes, strategic risks and illegal access to the data; and

       

       

      c)

      Emergency plan that includes actions to be taken if one or more components of the Electronic Platform go down. The plan must include corrective measures to ensure business continuity and reporting mechanisms to Saudi Central Bank and the company.

      3.

      The application submitted to Saudi Central Bank shall include all regulatory requirements and documents required by Saudi Central Bank to examine the application.

      4.

      The license shall not be granted unless the applicant presents a professional liability insurance policy covering negligence, errors and omissions from an Insurance Company. The insurance coverage shall not be less than (5,000,000) five million Saudi riyals.

    • Article Six Licensing phases

      Insurance aggregator’s license shall be granted as follows:

      Phase one:Submit the application to Saudi Central Bank in accordance with the procedures set forth in the Implementing Regulation of the Law and the instructions issued by Saudi Central Bank in this regard.
      Phase two:Subject to the fulfilment of the requirements referred to in Article (5) “License Requirements”, the applicant may be provided with Saudi Central Bank’s initial non- objection .
      Phase three:Upon receiving Saudi Central Bank’s initial non-objection, the applicant shall link with at least (5) Insurance Companies within (60) business days from the date of the initial non-objection issuance.
      Phase four:The applicant shall launch the pilot Electronic Platform within a period specified by Saudi Central Bank.
      Phase five:Upon verification of the applicant’s compliance with the requirements set forth herein, Saudi Central Bank shall issue the insurance aggregator license.

    • Article Seven Technical Requirements for Linking with Insurance Companies

      7.1

      The Insurance Aggregator shall improve and operate the Electronic Platform to carry out Insurance Aggregation Activities and develop standard technical interfaces through Web Services to ensure the following:

       

       

      a)

      Exchange of information and electronic communication with the Insurance Companies' technical systems in order to exchange basic client information with Insurance Companies.

       

       

      b)

      Enable companies to assess insured risks.

       

       

      c)

      Provide the client with insurance quotes online, the payment method and procedures and policy information once issued by the Insurance Company.

       

       

      d)

      Perform any operations required by Insurance Aggregation Activities.

      7.2

      Insurance requests, offers and policies shall be submitted, received and issued instantly through the Web Services “API” linked between the Electronic Platform and the technical systems of the Insurance Companies.

      7.3

      Prior to linking with an Insurance Company the Insurance Aggregator shall ensure that the Insurance Company’s IT infrastructure is ready and equipped to allow information exchange and electronic communication through the web services and Electronic Platform, as per the communication mechanism agreed on and set forth in Paragraph (7.1) above.

    • Article Eight Obligations to Ensure Accuracy and Protection of Information Provided

      8.1

      The Insurance Aggregator shall ensure the validity and accuracy of the insurance offers and establish the necessary validation procedures. 

      8.2

      The Insurance Aggregator shall verify the identity of the client, ensure the validity of the information and documents provided by the Client online, through the use of documents, data or information are obtained from reliable and independent sources before providing them to Insurance Companies. The insurance aggregator shall be responsible for the validation. The Insurance Company may electronically verify the information and request any information using any other electronic services.

      8.3

      The Insurance Aggregator shall keep electronic records of client’s documents and identities obtained through its Electronic Platform.

      8.4

      In accordance with the instructions issued to ensure security and integrity of the information, the Insurance Aggregator shall establish an electronic record for each client and set the following procedures and measures, as a minimum, to protect the client record:

       

       

      a.

      Verify the client email address and phone number by sending an authentication link; and

       

       

      b.

      Develop the procedures necessary to ensure that information provided is up to date, for example, using the national address.

    • Article Nine Obligations of Insurance Aggregator and Insurance Company

      9.1The electronic linkage between Insurance Companies and Insurance Aggregators shall be for the purpose of conducting Insurance Aggregation Activities only and shall not be used for any other purposes.
      9.2Comply with Saudi Central Bank instructions with respect to commission rates.
      9.3Inform the clients of any matter related to the insurance process through email and text messages.
      9.4Set a mechanism to prevent fraud incidents that might occur while selling insurance products through the platform. The mechanism shall include but not limited to the following:
        a)The Insurance Aggregator shall not insure more than five vehicles belonging to the same insured. If the maximum number of vehicles is exceeded, the Insurance Aggregator shall notify the insurance applicant to refer to the Insurance Company’s point of sale.
        b)the insurance policy shall be linked with the insured’s personal data and information after verifying it through an approved, reliable and independent source;
        c)The national address shall be directly and automatically linked. Manual insertion of the national address shall not be allowed.

       

       

      The Insurance Company shall:

      9.5Offer insurance products’ prices in accordance with the approved underwriting guidelines.
      9.6Notify the Insurance Aggregator through the Electronic Platform once the insurance policy is issued, providing the Insurance Aggregator with all policy information, including the duration of the policy and coverage limits, as well as an electronically signed and dated digital copy of the insurance policy.
      9.7If disclosure of insurance policy information is required in accordance with applicable laws and regulations:
        a)Disclose the required information related to the insurance policies it issued.
        b)Ensure compliance with all legal procedures of disclosure.
        c)Take all necessary procedures to protect the confidentiality of such information.

       

       

      The Insurance Aggregator shall:

      9.8Adopt a business plan approved by a resolution of the company’s Board of Directors after obtaining Saudi Central Bank's non-objection. The plan shall be reviewed annually by the Board and Saudi Central Bank’s non-objection shall be obtained when making any material change to the strategy of the Insurance Aggregator. Moreover, Saudi Central Bank shall have the right to request an amendment to or a change of the plan, if deemed necessary.
      9.9Clarify the nature of services provided for clients through its Electronic Platform and ensure that the nature of the relation between the parties is clear.
      9.10Disclose license information to clients.
      9.11Obtain appropriate approvals and acknowledgements from the clients before using the Electronic Platform.
      9.12 Provide a list of insurance companies that have been linked to through the Electronic Platform. Such list serves as a reference for clients. In addition, the Insurance Aggregator shall not participate in any marketing campaigns for companies to which the Insurance Aggregator is linked. Further, the Insurance Aggregator shall not prefer an Insurance Company to another in order to prevent any potential conflict of interest.
      9.13The Insurance Aggregator shall clarify and provide on the Electronic Platform all terms and conditions of the Electronic Platform, security instructions, payment methods, information confidentiality, other instructions pertaining to the use of the Platform and all data that must be legally disclosed.
      9.14Provide a website feature that enables the clients to upload photos and files in order for the Insurance Company to accurately price the insurance policy.
      9.15Apply Two-Factor Authentication (2FA) process to finalize the insurance policy purchase. Text message based two factor authentication shall be supported as one of the 2FA methods. The Insurance Aggregator shall also notify clients through email or text message once the insurance policy is issued.3
      9.16Disclose data of commissions received as a result of the insurance policies.
      9.17Notify clients of any fees or extra charges in exchange for any related services.
      9.18Send an email or text message to the clients with the insurance premium and the phone number of complaint management department or client service department at the Insurance Company.
      9.19Notify the clients of any changes in disclosure and conditions.
      9.20Notify the client in case the Insurance Company refuses to issue the policy or if additional documents are requested through email and text message.
      9.21Provide a feature on the Electronic Platform that enables clients to contact the Insurance Aggregator’s client service representatives directly through the platform.
      9.22Not receive any insurance premiums on behalf of the Insurance Company as such premiums shall be collected by the Insurance Company directly.
      9.23Notify the clients before the expiration of the insurance policy within reasonable time, in not less than 15 days.

    • Article Ten Concluding Provisions

      10.1

      The Insurance Aggregator shall establish appropriate internal controls and procedures to ensure compliance with these Rules. In case of contracting with third parties to provide services related to Insurance Aggregation, the Insurance Aggregator shall ensure that all parties comply with these Rules.

      10.2

      The Insurance Aggregator shall keep sufficient electronic records to confirm compliance with the Rules and other relevant laws and regulations. Such records include, the business plan of Insurance Aggregation Activities and supporting documents of its implementation, outsourcing contracts and web hosting contracts.

      10.3

      The Insurance Aggregator shall publish these Rules and any other laws or regulations governing its business on the Electronic Platform.

      10.4

      Non-compliance with these Rules shall be deemed a violation of the Law and its Implementing Regulation and may subject the company to regulatory penalties.