1. Homepage
  2. -
  3. Insights
  4. -
  5. How to reduce IT costs...
How to reduce IT costs of regulatory changes in bancassurance
Apr 23, 2024 legislation , Article , Bancassurance

Banks that are serious about bancassurance face important decisions about their operating model on both the business and technology side.

It is not the purpose of this article to analyse the regulatory landscape. However, it is necessary to outline it to understand the foundations on which the vision for bancassurance software development is based. As part of the Bancassurance Competence at Sollers, we work with banks and share knowledge and experience with some of the most prominent experts involved in this business in Poland and Europe. In creating RIFE, our own bancassurance platform, one of our core values is to minimise the cost of adapting the bancassurance business to changing regulations.


Key regulations influencing the market


The Digital Operational Resilience Act is an EU regulation that will come into force on 17 January 2025. DORA will:

  1. make banks responsible for the operational security of third-party cloud and software services and data centres,
  2. require digital resilience testing, including open-source software analysis, security scans and assessments, vulnerability analysis and network security assessments,
  3. make it mandatory to respond to audit requests from regulators or customers.


The EC Regulation on the Financial Data Access framework is expected to be adopted by the end of the current term of the European Parliament, i.e. by June 2024. FIDA will require banks not only to allow customers to control their own financial data, but also to ensure transparency and security when sharing it. FIDA is a catalyst for open insurance. Insurers will be required to share external APIs and data about customers (once they have given their consent). Although the approach to FIDA is only just taking shape, banks are already looking at the opportunities this regulation will create for bancassurance.


The EU Data Act (a regulation on harmonised rules for fair access to data and the use of data) will enter into force on 12 September 2025. It regulates the exchange of data between companies and:

  1. other companies,
  2. consumers,
  3. public administration.

It will enhance the data portability rights of users of Internet-of-Things devices, including the right to share data generated by the use of these devices. By encouraging the development of innovative digital services and providing access to more detailed customer data, the GDPR will allow banks to better tailor their offerings to the individual needs of their customers.

The above regulations were not designed with the bancassurance sector in mind, and probably no one working in it on a daily basis would consider them crucial. However, they should not “disappear from the radar” of banks for a very simple reason – they will consume resources, using a fair amount of petrol from the same tank that fuels bancassurance. This may particularly affect the core IT assets that will be required to ensure compliance.

If we treat DORA, FIDA and the EUDA as the atmosphere in which the whole of European banking operates, the air quality for bancassurance in Poland is determined by the regulations described below.


Act of 6 October 2022 amending the laws on usury

The amended anti-usury regulations have been in force since 18 December 2022. The introduced regulations set a limit on additional costs for credit agreements. On the other hand, on 18 May last year, provisions came into force defining non-interest costs, including credit insurance.

This law mainly affects credit companies. It has not caused much turbulence in the bancassurance world, but it does force banks to include limits on non-interest costs in their offers.


Recommendation U

Following warnings from the European Insurance and Occupational Pensions Authority (EIOPA), local recommendations have been made regarding credit protection insurance (CPI). In the German market, for example, the Provisionsdeckel, a regulation limiting insurance commissions, came into force in 2022. In Poland, on the other hand, we have Recommendation U (or rather the “new” Recommendation U, as the “old” one dates from 2014) issued by the Financial Supervision Authority. It covers good bancassurance practices.

Banks must adapt their activities to Recommendation U by 1 July 2024 at the latest. Recommendation U enforces, among other things, changes to CPI products. 30% of gross insurance premiums should be returned to customers in the form of compensation or benefits. Recommendation U also affects the way banks conduct customer needs analyses and the rules for determining bank insurance commissions.

The changes are numerous. Some banks have already completed their adaptation projects, while others are still in the process. One thing is certain: the first half of the year will be hectic for both business and IT, and the cost of change will not be low. According to Sollers Consulting estimates, the IT-related costs for the 20 largest banks could be as high as PLN 20 to 30 million.



The Consumer Credit Directive 2 must be adopted and published by EU member states by 20 November 2025. The provisions of the Directive will apply from 20 November 2026 at the latest. While the previous version of the document ensured regulatory consistency and consumer protection in the area of consumer credit, it did not respond to changing market conditions. Among other things, CCD2 extends its scope to consumer credit agreements up to €100,000 (a change from the current limit of PLN 255,500), introduces greater restrictions on credit assessment and imposes an additional information requirement on creditors relating to the cost of the credit.

As regards the impact of the Directive on bancassurance, attention should be drawn to its Article 14. It imposes rules on the distribution of insurance products also sold through bancassurance channels. The Article will affect various aspects of the activity in question: communication with customers, assessment of product suitability, management of conflicts of interest, staff training and remuneration practices.


New bancassurance regulations: threat, challenge or opportunity

There is no doubt that changes in the regulatory environment will shake up the bancassurance sector. Banks will have to make strategic decisions on how to adapt to the dynamic situation and reduce the associated costs, as well as how to increase their competence and develop their skills in selling insurance products. There will be a split in the market. On the one hand, there will be players who limit themselves to preserving their current business and, on the other hand, those who also look for new opportunities. Ideas about bancassurance vary. Many of them need to be analysed in terms of compliance and effective execution. But one thing is for sure – things will get hot.

On the technology side, we now see different models in which banks operate. These models have a significant impact on the ability to adapt to ever-changing regulations.

Most banks operate in what might be called a “legacy architecture” model. Insurance logic is scattered around bank’s various systems and changing it requires the involvement of developers or IT teams dedicated to those systems. This often leads bancassurance having to compete for experts in core areas within the bank, which puts bancassurance on a losing side. This model can also include the situation of using an insurer’s or insurance broker’s technology. The longer the wait for IT changes, the weaker the position of the distributor.


Transition to modern architecture is a must

For this reason, banks with a good understanding of bancassurance and for whom it is a strategically important area have already made, or are in the process of making, a technological transition to a “modern architecture” based on a dedicated system for selling and servicing insurance.

There are two main approaches to this model. The first is to build a custom system in-house. The second is to buy a solution from the market. These approaches are very different and require a well-considered strategic decision, mainly because of the implementation time. While off-the-shelf software can be installed and integrated in as little as four to five months, building a custom solution will take (at least) 18 to 24 months. It is also a process with a high risk of making many mistakes along the way. However, a domain-specific system for bancassurance can deliver significant results, reducing the time and cost of launching new insurance products by up to 90%.


Sollers Consulting is the creator of RIFE Bancassurance Platform a fit-for-purpose IT solution for banks that want to play a leading role on the bancassurance market. Our Bancassurance Excellence Center delivers end-to-end transformation projects for retail and consumer finance banks.


photo of article author

Patryk Nowak – Lead Consultant at Sollers Consulting