Open Insurance Brazil
Brazil’s Open Insurance initiative gives Brazilian consumers greater access to and control over their data. The main companies that are operating in the Open Insurance ecosystem would be insurance companies, capitalization companies, and open supplementary pension entities. It encourages competition between service providers leading to better prices for the customers, more innovative insurance products and services, and improves consumers’ ability to compare and switch between products and services. Open Insurance operationalizes and standarizes the sharing of consumer data and services that are authorized/accredited by the SUSEP governing body in a safe, secure, and privacy compliant manner with consumer experience and explicit consent in the forefront.
One of the goals of Open Insurance is to be interoperable with Open Banking, forming the broader ecosystem, called Open Finance. Open Insurance requires two large group of segregated information to be shared - public data and personal data. Public data normal refers to exposing the information related to different product and services by different companies in the sector. Personal data comprises of mainly the consumer data that includes the customer registration, their policies, certificates, contracts, tickets, and transaction related to these. Any and all data sharing can only be done with the express authorization of the consumer, who decides what data is shared, with whom, and for how long.
Cloudentity provides a secure foundational platform to enable your Open data API platform to be Open Insurance compliant. Cloudentity platform handles consumer consents and also provides you with a highly scalable and configurable financial grade authorization server to ensure the data is shared with only authorized parties based on consumer consent. Keeping up with the security profile requirements for data consent and authorization can be challenging and Cloudentity is here to help with that problem in the Open Insurance space.
Institutions within the insurance sectors that own the consumer data are also referred to as Data Providers. The organization receiving consumer information is referred to as TPP/Data Recievers. The Open Insurance aims to provide greater choice and control for Brazilians over how their data is used and disclosed. Open Insurance requires all Brazilians Data Providers to:
- Share consumer data that has been consented by a consumer with accredited third parties
- Attain consent of the consumer before sharing their data with accredited third parties
- Apply Strong Customer Authentication (SCA)
Secure & Trusted Data Sharing in OpenAPI Economy
To build an ecosystem out of data shared from these industries, we need a standardized ecosystem of data sharing agreements. Using standardized APIs and then enabling access to those with consumer consent using established industry-standard secure protocols including OAuth 2.0 and OIDC, institutions and authorized third-parties can now focus to develop innovative products and solutions for consumers and businesses with the data. It’s a new era for security, privacy, and consent in all industries that hold customer-generated data sets.
Participant Trust in Open Finance Ecosystem
Brasil Open Finance ecosystem leverages a federation trust provider or directory of participants as the golden source of information on accredited participants and software that is authorized to partake in the Open Finance Brasil ecosystem. The services by the directory include:
- Software registration and management.
- Software credential registration and management using ICP Certificates.
- Software Statement Assertion (SSA) generation
Cloudentity integrates with directory services directly to ensure the data recipients are infact registered in directory, present a valid SSA during registration at data transmitter end, and ensures the credentials are intact while requesting the consumer data.
Cloudentity as Open Insurance Enabler
Cloudentity provides the capabilities required by Data Transmitters to meet the Open Finance Brazil Security profile requirements and securely authenticate end users, collect required consents, onboard accredited third parties to request data, manage the consumer consent, and verify the consumer authorization before data is shared with accredited Data Receivers. Cloudentity also facilitates Data transmitters to allow its consumers to manage their data sharing consent agreements securely. In a nutshell, the Cloudentity platform facilitates and accelerates the Data transmitter organization’s journey to expose their data APIs securely with consumer consent as required by Open Insurance specifications.
The Open Finance Brazil Security profile builds upon the foundations of the Financial-grade API Read Write Profile FAPI-RW-Draft, Financial-grade API Advanced Profile FAPI-1.0-Advanced and other standards relating to Open ID Connect 1.0 OIDC. Keeping up with the evolving advanced specifications in OIDF space can be a challenge for any organization and Cloudentity takes on this challenge. It allows organizations to completely focus on the business data APIs for insurance products that need to be exposed as per Open Insurance specifications.
Adopting Cloudentity accelerates the entire effort to achieve Open Insurance compliance drastically and allows faster time to market. Cloudentity solution offers a highly performant, multi-tenant advanced FAPI compliant and certified authorization server built on open standards and compatible with advanced OAuth 2.0 & OIDC specifications. Cloudentity also provides a rich set of APIs that facilitates consent collection & management for the Data Transmitter to implement the Open Insurance recommended safe and secure customer journey experiences using various digital channels.
With Cloudentity, your organization:
- Can achieve Open Insurance compliance faster
- Has faster time to market for data sharing capabilities
- Offloads the complex security profile requirements completely
- Lowers the overall Open Insurance implementation cost
Open Insurance security profile
Brazil Open Finance security profile conformance and Financial Grade API (FAPI) compliance can be enabled in the Cloudentity platform with a single click security profile for meeting the Open Finance regulations. You get a FAPI grade authorization server configured to meet all Open Insurance requirements for Financial Grade API (FAPI) compliance.
Once a workspace (authorization server) is created, it showcases all the configurations that were applied automatically to the authorization server for FAPI-compliance and to meet other Open Insurance security profile requirements.
Open Finance Brazil Security profile provides security requirements for participants in the Open Finance ecosystem to expose and access the APIs securely using open standards. Cloudentity automatically configures all the security profile requirements when a Open Finance Brazil workspace is created. Brasil Open Finance ecosystem leverages a federation trust provider or directory of participants as the golden source of information on accredited participants and software that are authorized to partake in the Open Finance Brasil ecosystem.
Some of the highlights in the configuration include:
Enable Data Recipients to register within the Data Transmitters using the OAuth 2.0 Dynamic Client Registration and validate software statement assertions(SSA) issued by the Directory of Participants.
Cloudentity dynamic authorization platform seamlessly integrates with other components to allow consumers to have a safe and secure data sharing journey.
Integrates with any of your existing identity providers seamlessly
Integrates with API gateways to enforce data sharing conformance checks]
Open Insurance Integration guides
Feels like diving deep into all the Open Insurance specifics and integrations? We have detailed guides to help you navigate the Open Insurance journey with ease.
- Open Insurance consent for data sharing with data recipient
- Open Insurance TTP DCR
- Open Insurance consent dashboards
- Open Insurance data API access & protection
Jump start the Open Insurance journey
Pick your style - SaaS vs non SaaS
Cloudentity has SaaS regions available across the world. If you want to host the solution yourself, we offer the same binary and tools that we use to run our SaaS infrastructure to your DevOps team. Your team can run our high scale solution on the infrastructure of your choice. Read about all the offered deployment models here.
Register for free to get access to a Cloudentity tenant and experience the Open Insurance journey with us!