Guillaume Bonnissent’s Insurance Technology Diary: Play your cards right

I had an old great aunt who always used to append a piece of avuncular wisdom to the Christmas wish she scrawled, in her spidery handwriting, on each year’s card. At the time I would have much preferred a five-franc note with which to buy des bonbons, but by now the candy – and thus the aunty – would probably be long forgotten.

In fact, I can still recall each of her sage morsels of hand-me-down advice. Some even became rules to live by. In honour of that endowment, I’m dedicating the year’s final instalment of Insurance Technology Diary to her, and offering you, dear reader, some unsolicited advice about DORA.

DORA isn’t my wise old aunt. It’s the latest annoying bit of regulation that’s about to hit insurers: the EU’s Digital Operational Resilience Act, which must be applied from 17 January. The rules are intended to beef up digital and operational resilience at all financial institutions, including insurance-related firms.

DORA means that insurers and brokers in the EU, including UK and international companies operating there, must comply with the series of systems-related risk management requirements it sets out. Much of it is box-ticking, but inevitably DORA will introduce some new compliance costs. Alongside the agony of reporting, firms may have to spend money on skills, process development and supportive tech.

Technology providers to the exposed insurance sector should pay attention. We are the digital supply chain which must, under DORA, be sufficiently resilient. And it’s the whole chain: DORA specifies that compliant firms will be able to illustrate our resilience, plus that of our suppliers, and our suppliers’ suppliers, ad infinitum.

It will be cumbersome and potentially a costly annoyance, but like the wisdom I was granted by my stingy aunt, it could pay long-term dividends. To that end, I prefer to see DORA as an opportunity. It’s a chance for tech suppliers to stand out.

It’s naturally incumbent upon all of us to help our clients through this new Brussels sprout of regulation. But we might even be proactive. We could prepare a cheat-sheet of information about our own resilience, and that of any relevant suppliers. We could even send it on a Christmas card.

See you in 2025!

Guillaume Bonnissent is CEO of Quotech