Chaz Dheer and Stuart White of Reynolds Porter Chamberlain explain how to keep the online monitors happy.
More than ever, the insurance industry is using the internet as a means to deliver service and products, so the General Insurance Standards Council (GISC) Rules include specific provision (in Section E) to deal with this.
These rules are mainly concerned with imposing minimum standards for GISC members' websites and relate only to private customers. Any member who has, or intends to, set up a website is strongly urged to study these rules and take appropriate advice at the earliest opportunity.
Even if a member intends to use their website merely to supply information about the member (without any e-commerce facility), the website must set out certain pieces of information, including the member's registered name, status, normal trading address and contact details. The website homepage must also include the GISC logo and a link to the GISC website.
If the member carries out activities other than those connected with general insurance products or services, all these required details can appear on the first page of the part of the website which deals with general insurance products.
When you think about it, these requirements are simply common sense as well as good business practice.
Legal complexities
However, if a member wishes to sell general insurance products online or provide other services via the website (for example, claims management), they must consider a whole host of legal and technical issues, such as privacy, data protection and jurisdiction.
For example, Rule 14 requires that members must state clearly on their website that their products and services will not be available to private customers from countries where the member is not licensed to operate. Furthermore, the website itself must include validation procedures to ensure the member does not inadvertently offer a quotation or sell a general insurance product to a person in such a country.
For example, if a member wishes to provide quotations online, the prospective customer must be informed of the proposed contract's governing law and jurisdiction for disputes.
Prospective customers must also be informed of certain other matters as part of the quotation process, either on a website page or by email (see Rule 7).
This information includes the name of the insurer, a summary of the cover provided, details of significant conditions or obligations the customer must meet, as well as a "clear statement" of the customer's duty to disclose information and the consequences of not doing so.
The member must also provide details of the length of time for which a quotation is effective, fees (including any possible future fees) and any other information the member would be required to supply under the Private Customer Code (see Section C of the GISC Rules).
Rule 9 requires the website to be set up so the customer answers all proposal form questions (which have to be carefully structured to elicit all necessary information), with active validation of any pre-entered answers.
Furthermore, the website must allow customers to read the full policy wording and must require customers to confirm they have at least read the summary of cover before accepting (Rule 10). This could cause practical problems if, for example, the full policy wording is not available online but, say, only by post. In this case, the member cannot complete the transaction until the customer has received the full policy wording.
Security
Another key issue is security. If a prospective customer applies for a quotation online, they will be submitting a lot of information about themselves to the website. Rule 15 requires the member to keep this information secure.
If customers are to be provided with passwords to enable them to access (and possibly amend) their own details on the website,
they must be informed of the consequences of disclosure of their passwords and any potential liability. It may be appropriate to draw up legal terms and conditions governing use of passwords, which customers would be required to accept before being given a password.
Privacy
Customers will be submitting personal data about themselves when applying for quotations. Members must comply with the provisions of the Data Protection Act 1998 when dealing with this data. Therefore, it may be appropriate to draw up a privacy policy for the website (either as part of the legal terms and conditions or separately) and to require customers to accept the terms of such a policy. Such a policy should set out all the ways in which the member will use any data collected via the website.
Above all, seek good advice at the outset.
The guidance to Section E states: "Members should obtain appropriate legal advice before establishing a website and as necessary thereafter."
Make sure the firm you go to has in-depth experience not only of e-commerce and IT issues but also of all aspects of insurance. Once you are properly set up and have the right systems in place, you should have no fear of the GISC monitors.
Question 1
Why do the GISC Rules extend to members' websites?
a. Because dotcoms are prone to financial failure.
b. Because members can use websites to provide general insurance activity-related information or services.
c. Because members' websites are linked to the GISC website.
d. Because websites can contain text, pictures and sound.
Question 2
How quickly should you reply to a private customer's email?
a. You needn't if you don't want to
b. Very quickly
c. Within 24 hours
d. Within the timescale promised on your website
Question 3
How much information should you obtain before providing a quotation online?
a. None.
b. The customer's name only, as all other information is confidential.
c. Enough to ensure that the customer's circumstances are known and the extent of cover required ascertained.
d. Only details of the location from which the customer has accessed your website.
Question 4
Which of the following are acceptable forms of writing for the purposes of the requirements of the Private Customer Code when dealing with private customers?
a. Email.
b. A website.
c. Both email and a website.
d. Neither email nor a website.
GISC Rules referred to here
Section E - code practice requirement -
E1 - e-commerce (page 15 - 17 of the Rules): the whole section, with particular reference to: Rule 7, Rule 9, Rule 10, Rule 14 and
Rule 15. n
--
Last week's answers: 1: B ; 2: E and 3: C.
