InsurTech4Good.com Weekly Newsletter #34, 2026

I’m back with the first newsletter episode of the year after a short pause over the holidays. That doesn’t mean I paused my monitoring. Quite the opposite.

This edition is packed with insight into the structural risks of digital dependence in the financial sector, the emerging regulation around AI and hyperpersonalisation, and how the insurance ecosystem is navigating Europe’s digital future.

It also look at consumer trust, cyber risk supervision, and a provocative question: what does it mean for insurance when 230 million people ask AI about their health?

Let me know if you think something in this newsletter should be improved and please do contact me if you need support in areas where financial innovation meets regulation.

Hope you enjoy the read!

Andres

Subscribe to my newsletter here
See how I can help you here
Follow me on LinkedIn
andres@insurtech4good.com

Systemic risks in the financial sector from digital dependence

A warning worth taking seriously.

Digital dependence is becoming a systemic risk for the financial and insurance sector.

The AFM and De Nederlandsche Bank (DNB) have just published a joint report arguing that the financial and insurance sector’s growing reliance on a small number of (largely non-European) IT service providers can turn operational incidents into system-wide disruptions.

What’s driving the risk?

Financial institutions increasingly outsource critical functions (including cloud services, software solutions, and AI models) and often rely on the same underlying infrastructure.

Short term: what supervisors want to see.

The report urges firms to prepare for disruptive scenarios through practical measures such as developing threat scenarios, sharing incident intelligence, and running “chain tests” across the ecosystem (not just within one firm).

Long term: Europe’s strategic fork in the road

The report outlines four possible “future states”, from Europe becoming a digital colony to achieving digital autonomy, and argues this is bigger than any one institution. It requires coordinated European action and a stronger European tech ecosystem.

Regulation angle (and why this matters now).

The report explicitly points to DORA, including the register of information (to map third-party dependencies) and the emerging oversight of critical ICT suppliers, while noting that vulnerabilities can still persist.

This topic is close to my heart from my previous work, particularly the growing fragmentation of the value chain and the implications of Big Tech dependencies for financial sector. So it’s encouraging to see more supervisory thinking in this direction.

By the way, EIOPA’s recent financial stability report also touches on related themes, including from an AI angle.

And as a strong believer in scenario-based approaches, I’m glad to see forecasting and future-state thinking reflected in both the report and its recommendations.

Read more here. 

AI adoption across underwriting, pricing, and claims

AI is already changing how insurers underwrite, price, and handle claims. The harder part is proving it is safe, fair, and controllable at scale.

The Global Insurance Market Report (GIMAR) by International Association of Insurance Supervisors (IAIS) looks at AI adoption across underwriting, pricing, and claims.

It also looks at supervisory questions it raises around governance and transparency, cybersecurity and operational resilience, and data bias and third-party concentration risk.

Read more here. 

Consumer Trends in European Insurance and Pensions 2025

For your convenience, the main parts on digitalisation are below:

1. Digital channels play a more and more prominent role in the insurance purchasing process, with 24% of EU consumers who acquired an insurance product in the past two years doing so exclusively online.
2. Social media platforms and AI tools are also gaining traction, representing 12% and 9% of the total, and with 30% of EU consumers expressing trust regarding AI-generated recommendations.
3. Benefits of digitalization primarily related to non-life insurance products and are largely attributed to the enhancement of the overall consumer experience (e.g., faster and more seamless claims settlement, improved customer service and communication).
4. However, digitalization also poses risks, particularly in relation to the online purchasing of insurance products, where consumers could be inadequately informed about key aspects of the product, resulting in a lack of transparency and understanding.
5. In addition, some emerging risks are emerging relating to the fact that some consumers may be believing advice is provided by AI powered tools even when these may not be registered intermediaries.
6. Outlook: Increasing. As digital channels continue to enhance customer experience, they also introduce new risks and challenges, including consumer concerns and transparency issues.

Read more here. 

Regulating Financial Innovation: What Does It Take?

This is a topic very close to my heart and has played a huge role in my professional career: regulating financial innovation and the role of supervisors in it.

The report that aims to inspire financial sector regulators and policymakers to dream big, articulate their vision, and push it forward. 

And this is needed: a vision, rather than “just” a strategy.

More concretely, the report highlights five areas.

1. Vision: should give key stakeholders a clear sense of direction backed by the credible willingness to implement and necessary political support. A vision without the will to implement it, no matter how well articulated, remains an abstract idea. 

2. Tone at the top: a critical expression of the will to implement the vision and strong encouragement to join in the effort should come from top executives within the organization. 

3. Innovation culture: a set of values, attitudes, and behaviors that supports innovation. Innovation culture promotes experimentation, agility, and the ability to learn from failures. It requires leadership support and continuous capacity building. 

4. Industry engagement: formal and informal channels available for dialogue with industry and related governing processes. Industry engagement strengthens mutual understanding between the regulator and private sector.

5. Mandate: regulators operate within legal mandates that often are interpreted as constraining their capacity to address innovation. However, with the needed recognition of the interlinkages between traditional mandates and other policy goals, and a strong vision and right tone at the top, such constraints can often be overcome

Read more here. 

Digital Fairness Act and financial services

It is likely to be one of the key debates affecting the finance and insurance sector in 2026.

The European Commission is planning to present its proposal for a Digital Fairness Act by the end of 2026.

This consultation aimed to gather citizens’ and stakeholders’ views on how EU consumer law could be strengthened to better protect consumers in the digital environment and to ensure a level playing field for traders.

The feedback collected will feed into the impact assessment for the forthcoming Digital Fairness Act.

The consultation covered topics including: dark patterns; addictive design; unfair personalisation practices; harmful practices by social media influencers; unfair pricing-related marketing; issues with digital contracts; simplification measures etc.

Read more here. 

AI in financial services in Kazakhstan

This report gives an overview of the application of generative AI in financial services in Kazakhstan.

Read more here. 

Cyber insurance market 

A brief overview of the world’s largest cyber insurance market. 

Read more here. 

Hyperpersonalisation in finance and insurance

I expect we’ll discuss hyperpersonalisation in financial and insurance services a lot over the coming year.

There is growing interest in “hyperpersonalisation”: tailoring online choice environments to consumers’ characteristics, preferences, and behaviour.

The combination of large volumes of individual data and AI enables firms to refine customer profiles and personalise digital journeys with increasing precision.

Content, tone, order, and design can all be adapted, sometimes in real time. In its most advanced form, that’s hyperpersonalisation.

Compared to other sectors, (hyper)personalisation in financial services remains relatively limited.

In many cases, it goes little further than minor tweaks based on factors such as age or whether someone has a mortgage.

Early moves toward more advanced personalisation have mostly focused on online advertising and in-app banners, with firms held back by practical barriers and legal uncertainty.

Personalising the choice environment lets firms influence attention and behaviour more effectively, creating both opportunities and risks.

On the upside, personalisation can help consumers through tailored warnings or reminders, and by offering clearer insights into their own financial situation.

On the downside, it can amplify risks of undue influence through choice architecture, and in insurance it can undermine the principle of mutualisation.

This is also timely in light of EU-level discussions on a potential Digital Fairness Act, which aims (among other things) to address addictive design practices and unfair personalisation in digital products.

My recommendation for financial services providers: you don’t need a complex playbook. The principles are straightforward: put consumers first, do not manipulate them, act in their best interests, and treat them fairly.

Read more here. 

Regulation and supervision of cyber risk in the financial sector

Just published: global experiences and key lessons in the regulation and supervision of cyber risk in the financial sector.

This paper delineates established good practices for effective, proportionate, and outcome-oriented regulatory frameworks.

To build these, authorities need to:

1. Ensure frameworks address information and communication technology and comprehensive cyber risk management.

2. Establish clear governance arrangements and rigorous risk management protocols.

3. Conduct systematic testing and ensure robust oversight of third-party service providers.

4. Apply good supervisory practices in supervision and oversight including offsite and onsite supervision, thematic reviews, simulation exercises.

5. Develop strategies for sector-wide operational resilience.

The findings advocate for a calibrated approach blending principles-based and prescriptive regulation, adaptable to the maturity of individual institutions.

Ongoing supervisory visibility and capacity development remains essential.

By providing actionable recommendations, the paper seeks to support authorities worldwide in enhancing cyber resilience, promoting financial stability, and preserving the integrity of the digital financial ecosystem.

Read more here. 

ChatGPT Health and insurance 

OpenAI is introducing ChatGPT Health, a more dedicated experience designed to bring health information and AI together.

Health is already a major use case for ChatGPT. People already ask health insurance questions too. Now it becomes more structured: connect records and apps, upload files, connect tools, and use it more like a personal advisor.

Insurers have tried to push prevention for years. It is difficult. Changing human behaviour is difficult. And healthcare systems remain fragmented almost everywhere, so people do not have a holistic overview and cannot easily link everything up, yes, even in Estonia.

At the same time, social systems are under pressure globally. A stronger focus on prevention, whoever coordinates or provides it, could be part of the solution.

But the risk side is non-trivial. Cyber, privacy, liability, bias, regulatory questions.

I am also thinking about how this fits into the broader open finance and open data debate. 230 million is quite a lot.

AI in Securities Market

This is great, practical reading for supervisors and anyone interested in the intersection of technology and finance. In my view, the challenges and recommendations highlighted are also largely applicable to banking and insurance, so it is definitely worth reading beyond securities markets.

The International Monetary Fund report’s recommendations are grouped into seven areas:

1. Enhancing AI supervisory capacity and skillsets

2. Harnessing technology-enabled supervisory tools

3. A proportionate approach to market monitoring

4. Enhanced transparency and disclosure requirements

5. Social media monitoring and market manipulation prevention

6. Cross-border supervision and cooperation

7. Measures to address concentration and infrastructure risk

The SupTech angle is particularly important, especially social media monitoring, as we continue to discuss how to approach finfluencers globally (see for example ESMA recent one-pager).

But similar discussions are happening in insurance and banking. And in the EU will be discussed in the coming year as part of the Digital Fairness Act preparation (see impacts for financial services here). It is tricky to strike the right balance.

Read more here. 

Subscribe to my newsletter here
See how I can help you here
Follow me on LinkedIn
andres@insurtech4good.com