Insurers in Singapore face “a critical challenge,” as the legal and regulatory environment continues to evolve.
Ian Stewart, partner at Clyde & Co, told
Insurance Business that the insurance industry needs to stay on top of several key changes for the industry.
“Staying abreast of new rules and implementing internal processes to ensure compliance is a critical challenge facing every Singapore insurer,” Stewart said.
“The legal and regulatory environment here in Singapore continues to rapidly evolve, generating additional compliance costs.
Stewart cited recent changes such as newly implemented corporate governance obligations, including board composition arrangements, attaching to Singapore incorporated insurers, and new rules relating to outsourcing arrangements.
One of the biggest legal issues facing the insurance industry remains in the cyber space as countries across the region come to terms with the legal ramifications of a growing problem.
Ian Roberts, partner at Clyde & Co, said that Singapore is no different as the Personal Data Protection Commission has upped its activity on enforcement.
“This year is the first time since the Personal Data Protection Act (PDPA) came into force in 2014 that the Commission has publicly published the enforcement action it has taken,” Roberts said.
“Most of the enforcement actions taken relate to the unauthorised disclosure of personal data, and in most cases the enforcement action taken was the issue of a warning.
“However, fines were imposed in six instances.
“It is of interest to note that one of the warnings given by the Commission was to an insurance company in relation to the disclosure of the bank account details of an insured to a third party.”
The General Data Protection Regulation, expected to be enacted by the European Union in 2018, could have a major impact on the global cyber security industry as firms found in breach could be fined up to 4% of global turnover.
Whilst the PDPA does not require mandatory breach notification, Roberts noted that amendments to the PDPA to require mandatory breach notification “are possible if the European Union experience shows the utility of such notifications.”
Related stories:
Cyber insurance market opens industry to disruption
Global Aon boss reveals cyber market to watch
CIRC to introduce new regulations on insurance products