SERBIA Law and Practice Contributed by: Željka Motika, Ivana Bulatović and Jovana Spasojević Gligorijević, Motika i partneri
8. Insurtech 8.1 Underwriting Processes
and operated in a manner consistent with the require - ments of the relevant laws and regulations. Responsibility for the proper application of regtech solutions – and for ensuring their ongoing compliance with applicable legal and regulatory obligations – ulti - mately rests with the regulated entities that adopt and use these technologies. 9.2 Contractual Terms to Ensure Performance and Accuracy In Serbia, contractual arrangements between finan - cial institutions and technology providers are heavily shaped by mandatory regulatory requirements. Regu - lations governing banking, payment services, digital assets, data protection and ICT risk management establish minimum contractual standards intended to ensure system resilience, data accuracy and effective regulatory oversight. Contracts must clearly define the scope of author - ity, duties and liabilities of the service provider. From a performance standpoint, technology contracts are required to support business continuity obligations. This includes specifying key parameters such as the maximum acceptable outage (MAO), recovery time objective (RTO) and recovery point objective (RPO), in accordance with the National Bank of Serbia’s ICT risk‑management rules. Data accuracy is also a regulatory imperative. Pay - ment institutions and electronic money institutions may outsource activities to third parties only if the vendor applies internal control systems equivalent to those of the institution itself. One of the most critical regulatory requirements con - cerns audit and supervisory access. Agreements must grant the financial institution, its external auditors and the competent regulators (the National Bank of Serbia or the Securities Commission) access to all relevant documentation, systems, records and business prem - ises of the vendor. Contracts must further impose clear incident‑notifi - cation obligations on service providers. As financial institutions must report significant ICT incidents to the regulator, vendors are required to notify the institution
In practice, underwriting processes in insurance involve analysing relevant data about both the insured party and the associated risk. These processes increasingly rely on digital tools, automated sys - tems, and data analytics. While insurers may choose whichever underwriting methods and technological solutions best suit their operations, all processes must comply with insurance regulations and the rules issued by the NBS. This includes adhering to require - ments related to risk management, the use of trans - parent and non‑discriminatory criteria, and maintain - ing appropriate controls over automated processes. In addition, underwriting activities must comply with applicable data protection regulations and consumer protection rules governing financial services. 8.2 Treatment of Different Types of Insurance In Serbia, different types of insurance are subject to distinct regulatory regimes. Life and long‑term prod - ucts, including savings or investment‑linked policies, are governed by enhanced supervisory requirements. These include stricter risk assessments, more com - plex long‑term liability management, greater transpar - ency obligations, and expanded policyholder rights. As a result, the underwriting process for these prod - ucts is more detailed and demanding. By contrast, non‑life insurance (such as property, lia - bility, and accident coverage) operates under a more flexible regulatory framework. This reflects the shorter duration of such contracts and their differing risk pro - files, leading to comparatively simpler underwriting processes.
9. Regtech 9.1 Regulation of Regtech Providers
Regtech providers are not, in themselves, regulated entities. Instead, the technologies they develop for use in regulated sectors are tailored to the specific regulatory frameworks governing the contexts in which they are deployed. This means that such tech - nological solutions must be designed, implemented,
714 CHAMBERS.COM
Powered by FlippingBook