INSURANCE WEB AGGREGATORS
NATIONAL INSURANCE COMMISSION
EFFECTIVE FEBRUARY, 2022.
2.0 Definitions
3.0 Authorisation
4.0 Registration and Approval Procedures
5.0 Service Level Agreement (SLA) between Web Aggregator & Insurer
6.0 Application and Eligibility Criteria for Grant of Licence
7.0 Mode of Operations, Business Conducts and Obligations
7.1 Mode of Operation:
7.2 Conducts of Web Aggregator:
7.3 Business Obligations:
7.3.1 Of Aggregators Generally 13
7.3.2 Of Aggregators as Related to Products Display on Websites 14
7.3.3 Of Insurers 15
7.4 Outsourcing
7.5 Restrictions
8.0 IT Infrastructural Requirements for Operations of a Web Aggregator
9.0 Capital, Fees/Commissions, Premiums
10.0 Validity of Licence/Renewai
11.0 Employees of Web Aggregator
12.0. Dispute Resolution and Complaints Mechanism
13.0. Financial Reporting Requirements and Disclosures
14.0. Remedial Measures & Sanctions
15. O. Effective Date
16.0. Enquiry
– 1.0 INTRODUCTION
i. This Operational Guidelines shall serve as a working document to register, supervise and
monitor web aggregators as Insurance Intermediary who maintain a website for
providing information on products of different Insurers. In exercise of the powers
conferred by the National Insurance Commission Act 1997, the Commission hereby issues
Insurance Web Aggregators Operational Guidelines.
ii. This Guidelines comes into effect on the date of release to the insurance industry and the
public
iii. This Guidelines shall apply to all Web Aggregators and Insurers respectively carrying on
insurance business in Nigeria.
iv. This Guidelines shall be read in conjunction with other relevant Legislation, Guidelines and
Circulars as determined to be applicable to the newly inclusive distribution channels
approved by the Commission.
v. It is the responsibility of Web Aggregators to obtain any clarification required on the
applicability of this Guidelines, and any other Regulations from the Commission. ~
Definitions:
In this Guideline and for the purpose of this Guidelines, the following definitions shall
subsist unless otherwise directed:
Act
Agreement
FMCG
GPI
Industry
Insurer
lead
lead Generation
lead Management
System (lMS)
MOU
NAICOM Act 1997
NCC
SLA
Solicitation
The Commission
means the NAICOM Act 1997 and/or Insurance Act 2003.
means Contract/SLA entered into between a Web Aggregator
and an Insurer.
means Fast Moving Consumer Goods.
means Gross Premium Income.
means the Insurance industry of Nigeria compnslng the
Underwriters, Brokers, Reinsurers, Loss Adjusters, Agents and
all other Operators captured by the NAICOM Act 1997 and the
Insurance Act 2003.
as defined in the Insurance Act 2003.
means information pertaining to a client who has accessed the
Website of a Web Aggregator and has submitted contact
information of any kind for obtaining information on prices or
features/benefits of insurance products.
means the process of collecting the details of the clients or
prospects in any fashion or approaching the clients directly or in
distant mode to ascertain their intent to purchase insurance
before proceeding with solicitation of insurance products and
includes all the activities leading to the solicitation.
refers to the Software deployed by the entity for recording,
filtering, validating, grading, distribution, follow up and closure
of leads from the enquiries received on the Website of the Web
Aggregator with an intention to buy insurance products.
means Memorandum of Understanding.
means National Insurance Commission Act 1997.
means Nigerian Communications Commission.
means Service Level Agreement.
means the approach of a prospect by an insurer or an
intermediary with a view to convince the prospect to purchase
an insurance policy.
means the National Insurance Commission of Nigeria.
Web Aggregator means a Company registered under the Companies and Allied
Matters Act No 1 of 1991 “CAMA” approved by NAICOM under
this Guideline, which maintains/owns a Website and avails
information pertaining to insurance products and price/features
comparisons of products of different insurers and offers leads to
an Insurer.
All words and expressions used herein but not defined herein but defined in the Act as
amended from time to time shall have the meanings respectively assigned to them in the Act.
3.0. AUTHORIZATION
The National Insurance Commission by the powers conferred on it by the provisions of section
49 (lB) of National Insurance Commission Act 1997 hereby issue the following Guidelines on
licensing and operation of Web Aggregators. ~_
4.1. Approval and/or No Objection are required in two phases/stages as follows:
i. Application for issuance of No Objection by NAICOM to Insurance Operators
(Insurers/Brokers) ;
ii. Application for issuance of Licence to Web Aggregator by NAICOM.
4.2. APPLICATION FOR ISSUANCE OF NO OBJECTION TO INSURANCE OPERATORS BY
NAICOM
Any Insurer who intends to carry on a Web based Insurance business shall make an
application to the Commission in the prescribed manner in line with NAICOM’s
Guidelines on Web Aggregator’s model of business.
An applicant having satisfied the requirements set out under Extant Laws and this
Guidelines, the Commission will grant No Objection with such conditions as it may
deem fit.
The application shall be accompanied with the following:
i. Application letter with Service Level Agreement (SLA) signed with a Web Aggregator,
which it intends to partner with.
ii. A copy of the Appointment letter issued by the insurer to the Web Aggregator.
iii. Board approvals or resolutions in support of such partnership.
iv. A copy of Risk Management framework on web aggregator operations.
4.3. APPLICATION FOR ISSUANCE OF LICENCE BY NAICOM TO WEB AGGREGATOR:
An applicant who intends to register as a web Aggregator shall make an application to
the Commission in the prescribed manner in line with NAICOM Guidelines on Web
Aggregator.
The registration of a web aggregator shall be in Three (3) stages:
Stage 1:
i. Copy of No Objection/approval issued by Nigerian Communications Commission (NCC)
ii. Copy of letter of appointment issued to the Web Aggregator from named
Insurer( s)/Broker( s)
iii. Copy of SLAs with named Insurers/Brokers
iv. Copy of Certificate of incorporation issued by Corporate Affairs Commission (CAC)
v. Certified True Copy of Memorandum and Articles of Association of the Applicant
vi. Copy of Board resolution in support of partnership with named Insurers/Brokers
vii. Payment of non-refundable application fee L-
Stage 2:
i. Organisational chart showing functional responsibilities.
ii. Board Resolution to commence a Web Aggregator operation
iii. Curriculum Vitae (CV) and Credentials of Principal Officers and Directors.
iv. Principal place of business of the Web Aggregator and confirmation of place of
hosting the website.
v. Snapshots of contents of proposed website along with proof of domain name
registration.
vi. Details of infrastructure including IT infrastructures available.
vii.Detaiis and experience of the platform authorised Verifiers
viii. Copy of the Risk Management Framework.
ix. List of persons who have control over or responsibility for the website contents in
relation to insurance web aggregation.
x. A user 1.D. and temporary password (with only view permission) to verify the
aggregator’s website.
xi. Business plan with five years financials projection
xii.Sworn declaration of non-disqualification by the proposed directors in line with
Section 12(1) of the Insurance Act 2003.
xiii. Professional Indemnity Cover of not less than H20 Million limit of liability
xiv. Copy of Letter of appointment and acceptance of same of the proposed MD/CEO.
Stage 3
i. Physical verification of web aggregator head office address and IT
infrastructure to be deployed.
ii. Payment of Licence fee.
iii.Issuance of licence. ~
5.0. SERVICE LEVEL AGREEMENTS (SLAs)
5.1. WEB AGGREGATORS’AGREEMENTSWITH INSURER/BROKER
A Web Aggregator shall enter into an ‘agreement’ with the insurer and a copy of such
agreement shall be filed with the Commission within 30 Days for ratification.
The agreement shall contain but not limited to the following:
i. The Web Aggregator’s website model to be offered.
ii. Duties and responsibilities of each of the parties under the agreement during and
upon formation of the contract
iii. Time frame and mode of transmission of leads to be shared
iv. Responsibility of complying with regulatory and other legal requirements by both
parties to the agreement
v. Data elements to be shared i.e. name of prospect/client/visitors to the website,
contact details etc
vi. Duration of the contract and whether it is renewable
vii. Conditions for termination of the agreement
viii. Commission and fees to be charged
ix. Dispute resolution mechanism
x. Measures to safeguard confidential information
xi. Scope of operation of the partnership
xii. Business and professional conducts.
xiii. Disclaimer Clause – that the risks shall be underwritten by the Insurance Company
with no recourse to the Web Aggregator in terms of claims or any legal proceedings
between the Insurance company and the Web Aggregator’s Clienteles.
xiv. Record keeping and confidentiality of information.
xv. Prohibited businesses (if applicable).
xvi. Any other relevant information.
5.2. TRANSMISSION OF LEADSTO THE INSURER
Terms on Leads to be shared shall include but not limited to the following:
i. Web Aggregator shall disclose prominently on the home page that the client/visitor’s
particulars could be shared with insurers.
ii. Web Aggregator shall provide an option to select a minimum of three (3) Insurers to
whom the lead can be communicated. h—.
iii. Web Aggregator shall not transmit the data of a client to Insurer(s) other than the
one(s) preferred by the Client.
iv. Web Aggregator shall transmit the data of clients to the insurer:
a. Immediately but not later than three (3) days of visit to the website.
b. In a secure manner to prevent unauthorised access and misuse of information of
Clients
c. in compliance with generally accepted LT. security procedures
v. Web Aggregator shall use lead Management System (lMS) and the full details of the
visitors to the website and the leads and preference of the visitor should be
recorded.
vi. lMS Data should be shared only with the Insurance Companies that have signed
agreements with the Web Aggregator and with the Commission (if required)
vii. lMS should ensure transparency and accountability.
viii. Web Aggregators should deploy an IT Firm to audit the lMS systems at least once in
a year.
ix. The Audit Report of the IT Firm should be submitted to the Commission and the
partner Insurers who has a contract with the Web Aggregators.
x. Web Aggregator shall develop a Website portal or search utility to enable a Client to
gain several quotes via an electronic e-quote form.
xi. A Web Aggregator shall have agreements with a number of Insurers to provide a
comparative quote based on pre-determined list of specified needs as disclosed by
potential Clients.
xii. A Web Aggregator shall transmit the details of the potential Client to the Insurer who
will then contact the potential Client to conclude the transaction and issuance of policy
~
~ 6.0. APPLICATION AND ELIGIBILITY CRITERIAL FOR GRANT OF LICENCE
i. An Applicant seeking a grant of License as Web Aggregator shall complete the
Application form as prescribed in Schedule I of the Guideline
ii. The Application shall be made for a Web Aggregator licence, along with the requisite
fees as specified in the Guidelines.
iii. The Applicant shall submit the evidence of approval/No Objection Letter from NCC
before securing the licence to operate as Web Aggregator from the Commission.
iv. The Commission may require an applicant to furnish any further information or
clarification for the purpose of disposal of the application and thereafter, in regard to
any other matter as may be deemed necessary by the Commission.
v. The Applicant shall appear before the Commission for personal representation in
connection with an application.
vi. In the event of change of the name of any Insurer, the Web Aggregator partnering
with such Insurer shall be apprised of the development.
vii. Validity of Licence – A Licence issued shall be valid for a period of two years, unless
same is suspended or cancelled pursuant to this Guidelines
6.1. Eligibility Criteria for Grant of Licence as Web Aggregator:
For the Grant/Renewal of Licence of the Web Aggregator, the Applicant shall ensure the
fulfilment at minimum the following conditions;
i. The Applicant must be registered with the Corporate Affairs Commission (CAC)
ii. The Memorandum of Association of the Company shall have the business of Web
Aggregation as its main objective.
iii. The Applicant is not engaged in any other business other than the main objects of
the Memorandum of Association.
iv. The Applicant shall have minimum share capital of N5Miliion registered with CAC
v. The Applicant shall employ/designate a Principal Officer to manage the Company on
full time
vi. The Principal Officer shall possess a minimum qualification and must have relevant
University first degree qualification or its equivalent and IT related qualification
and/or relevant training experience
vii. The Principal Officer must satisfy the conditions of FIT and PROPERPersons criteria
set out by the Commission ~
lllPage
viii. The Applicant must have the necessary infrastructure, such as, adequate and
conducive office, adequate customer base and necessary IT equipments to
effectively discharge its duties.
7.0. MODE OF OPERATIONS, CODE OF CONDUCT, OBLIGATIONS AND RESTRICTION~
7.1. Mode of Operations
Professional Indemnity Insurance:
a. Every Web Aggregator shall possess and continue to maintain a Professional Indemnity
Insurance Cover with a minimum limit of liability of N20Miliion or 50% of its annual
gross commission income (whichever is higher) throughout the validity period of the
Licence granted by the Commission.
b. The Indemnity Cover shall be on a yearly basis for the entire period of its licence.
7.2. Code of Conduct of Web Aggregator
a. Conduct in matters relating to Clients relationship –
Every Web aggregator shall:
i. conduct its dealings with Clients with utmost good faith and integrity at all times;
ii. act with care and diligence;
iii. ensure that the Client understands his/her relationship with the Web Aggregator and
on whose behalf the Web Aggregator is acting;
iv. treat all information supplied by the prospective Clients as completely confidential to
themselves and to the Insurer(s) to whom the business is being offered;
v. take appropriate steps to maintain the security of confidential documents in their
possession;
vi. understand the type of Client it is dealing with and the extent of the client’s
awareness of risk and insurance;
vii.treat the client fairly and avoid conflict of interest; and
viii. draw the attention of the client to Section 76 of the Insurance Act 2003, which
prohibits rebating and sharing of commission
b. Conduct in relation to complaints handling –
A Web Aggregator shall:
i. have in place a system for recording and monitoring complaints;
ii. accept complaints electronically and in writing etc.; ~
iii. ensure that the website contains details of complaints handling procedures and
provides a facility for complaints to be logged online;
iv. ensure that communication of customers in any form, written/phone/fax/email
/messaging etc are acknowledged promptly and in no case beyond three (3) days
from the date of receipt of such complaint;
v. ensure that the grievance is resolved to the satisfaction of the customer;
vi. ensure that response letters are sent to the Complainant on the resolution of the
grievance, and inform him/her of other redress procedure available if not satisfied; am
vii.ensure that complaints are dealt with at a suitably senior level cadre of the Web
Aggregator.
c. Conduct in matters relating to advertising
Every Web Aggregator shall ensure that website contains no advertisement or any
information prohibited in 7.5 below
d. Conducts in matters relating to training –
Every Web Aggregator shall:
i. Ensure that its staff are aware of and adhere to the standards expected of them by
this Guideline;
ii. Ensure that staff are competent, suitable and have been given adequate training;
iii. Ensure that there is a system in place to monitor the quality of training given to the
staff;
iv. Ensure that members of staff are aware of legal requirements including the law of
agency affecting their activities; and only handle classes of business in which they
are competent;
7.3 Business Obligations
7.3.1. Obligations of Web Aggregators
i. A Web Aggregator shall display License obtained from the Commission and details of
validity of license on its website.
ii. A Web Aggregator shall prominently display the names of Insurers with whom it has an
agreement to refer leads in the Home page of the website.
iii. A Web Aggregator shall state clearly that insurance is the subject matter of solicitation.
iv. A Web Aggregator shall continue to maintain the minimum share capital at all times.
v. A Web Aggregator shall at no point of time of its functioning, have referral
arrangement with any Insurer, act as Corporate Agent, Micro Insurance Agent,
Surveyor or loss Assessor.
vi. A Web Aggregator shall not exclusively promote the products of any particular Insurer
and shall suggest the best available product in the market that fits the need of Clients
vii. A Web Aggregator shall maintain register of all persons engaged for the purpose of
lead generation/solicitation of insurance business. The register shall, apart from name
and address of such persons contain valid proof of identification and other relevant !
credentials
viii. A Web Aggregator shall maintain an effective lead Management System (lMS) and
ensure that leads are recorded and monitored through the lMS
ix. A Web Aggregator shall maintain the records and the reports of its activities under the
agreement with the Insurer, in the manner specified in the agreement entered into
between the Insurer and the web aggregator.
x. A Web aggregator shall along with its employees (whatever their designation may be)
comply with all the provisions of the Insurance Act 2003 and the rules and regulations
framed therein and other regulations issued by the Commission from time to time.
xi. A Web Aggregator, it’s Employees or Promoters shall not accept any payment from
Insurers/Brokers other than the remuneration specified in the guidelines.
7.3.2. Web Aggregator’s Site Specimen & Display of Product Comparisons on the website
Display of Product Comparisons on the Website
i. Web Aggregators shall disclose prominently on the home page, a notice that the
Client/Visitor’s information could be shared with Insurers.
ii. Product information displayed shall be authentic and solely on information received
from Insurers.
iii. Web Aggregators shall not display ratings, rankings, endorsements or bestsellers of
insurance products on their website. The content of the Website shall, at all times, be
unbiased and factual; they shall not comment on insurers or their products in their
editorial or at any location in their Website.
iv. Products shall be categorized as follows:
Life: a. Term Assurance Products
.b. Endowment Products
c. Other associated life products
Non-life: a. Motor Insurance
b. Personal Accident Insurance
C. Micro-Insurance . ‘ ~.
d. Takaful Insurance
e. Other classes
v. Products under a category as mentioned above can be compared in respect to basic
product features such as:
a. Eligibility criteria
b. Plan, Policy Term, Premium Payable, Minimum and Maximum
Sum Assured, Minimum and Maximum age of entry or exist,
Maturity etc.
c. Benefits such as Survival/Maturity Benefits, Death Benefits, Surrender
benefits, loans etc.
d. Interest rate on Investment linked products.
e. Any other additional information or special product features relating to
the products under comparison
vi. Template can be mutually worked out between the Web Aggregators and Insurers
whose products are compared
vii. Product comparisons that are displayed shall be up to date and reflect a true picture of
the products
viii. Web aggregators shall display product information purely on the basis of the
information furnished to them by Insurers
ix. Web Aggregators can use published data for additional information to customers such
as data provided by the Commission
x. Web Aggregators can integrate their Websites with the Insurers Website for:
a. Online Sale.
b. Registration of Customers Data or Proposal Form.
c. Online underwriting decision.
xi. Web Aggregator shall not carry any advertisement or sponsored content on their
Website
xii. Web Aggregator shall integrate their website with the Commission’s Portal.
7.3.3. Obligations of Insurers
i. An Insurer shall not pay any fee or remuneration, by whatever name called, to Web
Aggregators other than what is prescribed in the Guidelines
ii. An Insurer shall not pay commission, on any type of renewal premium or premium
payable from the second year and the subsequent years, to web aggregators, except
where such renewal is conducted through the Web Aggregators platform.
iii. An Insurer shall not engage any person/entity who owns/maintains a website not
licensed by the Commission under this Guideline ~
iv. An Insurer shall not make any payment, by whatever name called, in the form of
advance to a Web Aggregator
v. An Insurer shall not pay any remuneration after termination of agreement with Web
Aggregator.
vi. An Insurer shall not pay any remuneration after the lapse of validity of License given by
the Commission to the Web Aggregator.
vii. An Insurer shall obtain and maintain records of leads / data obtained from each Web
Aggregator through the lead management System of the Web Aggregator, the details
of the policies sold out of the leads / data thus obtained and the information regarding
the premium payments.
viii. Insurers shall share product information and premium rates with Web Aggregators and
the information so shared shall match with the product approved by the Commission.
ix. Insurers shall make no payment by any name to Web Aggregators or related parties
towards infrastructure or on any account other than payment on the policies solicited or
procured on the Web Aggregator’s website
x. Insurers shall specifically identify the policies procured through Web Aggregators and
obtain all relevant records pertaining to such policies. The Insurer shall produce such
records before the Commission in case of dispute involving alleged violation or breach
of conduct by the Web Aggregator/
7.4 Requirements and Scope of Outsourcing Activities
Outsourcing of the activities shall be at the discretion of the Insurers. However, it is
reiterated that execution of core activities are to be carried out by the Insurers as provided
in the Prudential Guidelines for Insurers and Reinsurers in Nigeria.
7.5 Restrictions
The Web Aggregator shall conduct the business in a fair manner and shall not:
i. Display any information pertaining to products or services of other Financial/Fast
Moving Goods Company(FMGC) or any other product or service in the Website;
ii. Display advertising of any sort, either pertaining to any product or service including
insurance product or service, other financial products or service/or any other product or
service in the Web Aggregator’s website;
iii. Operate multiple websites or tie up with other approved/unapproved/unlicensed
entities/websites for lead generation/comparison of product etc;
iv. Operate the websites of other financial/commercial/marketing or sales or service
entities or use other social media sites for comparison of products etc; and ~
v. Operate in any other manner for the purpose of transmitting leads to any entity
engaged in insurance business excepts as provided under this guidelines.
8.0. INFORMATION TECHNOLOGY (IT) INFRASTRUCTURAL REQUIREMENTS FOR
OPERATIONS OF A WEB AGGREGATOR
8.1. Standards for Computer Networks & Internet
i. Networks used for transmission of data must be demonstrated to meet the
requirements specified for data confidentiality and integrity.
ii. Web Aggregators are required to deploy a proxy type firewall to prevent a
direct connection between the Aggregators backend systems and the Internet.
iii. Aggregators are required to ensure that the implementation of the firewalls
addresses the security concerns for which they are deployed.
iv. External devices such as tablets, smart phones, personal computers, (PC’s) at
remote branches, kiosks, etc. Permanently connected to the company’s
network and passing through the firewall must at the minimum address issues
relating to non-repudiation, data integrity and confidentiality. Aggregators may
consider authentication via Media Access Control (MAC) address in addition to
other methods.
v. Aggregators are required to implement proper physical access controls over all
network infrastructures both internal and external.
8.2. Standard on Protocols
i. Web Aggregators must take additional steps to ensure that whilst the web
ensures global access to data enabling real time connectivity to the company’s
back-end systems, adequate measures must be in place to identify and
authenticate authorized users while limiting access to data as defined by the
Access Control List.
ii. Web Aggregators are required to ensure that their ports are disabled to control
the use of external devices.
8.3. Transacting Insurance
Aggregators shall put in place procedures for maintaining the company’s
website which should ensure the following: W
Only authorized staff shall be allowed to update or change information on
the website.
Updates of critical information should be subjected to dual verification.
Website information & links to other websites should be verified for
accuracy and functionality.
Management should implement procedures to verify the accuracy & content
of any financial planning software, calculators, and other interactive
programs available to customers on an internet website or other electronic
insurance services.
v. Links to external websites should include a disclaimer that the Customer is
leaving the Insurance Company’s site and provide appropriate disclosures,
such as noting the extent, if any, of the Insurance Company’s liability for
transactions or information provided at other sites.
vi. Web Aggregators must ensure that the Internet Service Provider (ISP)
implement a firewall to protect the company’s website.
8.4. Backup, Recovery & Business Continuity
Web Aggregators should ensure adequate back up of data as may be required
by their operations. Web Aggregators should also have, well documented and
tested business continuity plans that address all aspects of the insurance
business.
i. Both data and software should be backed up periodically, the frequency of
backup depending on the recovery needs of the application. Online/real time
systems require frequent backups within a day. The backup may be
incremental or complete. Automating the backup procedures is preferred to
obviate Operator’s errors and missed backups.
ii. Recovery and business continuity measures, based on criticality of the
systems, should be in place and a documented plan with the organization
and assignment of responsibilities of the key decision making personnel
should exist.
iii. An off-site back up is necessary for recovery from major failures/disasters to
ensure business continuity. Depending on criticality, different technologies
based on backup, hot sites, warm sites or cold sites should be available for
business continuity. The business continuity plan should be frequently
tested. ~;
8.5. IT Security Policy and Privacy
Web Aggregators shall have in place a security policy duly approved by their
Board and the policy should address the following issues:
i. Basic approach to information security measures.
ii. The IT assets that must be protected and the reasons for such protection.
iii. Priorities of information and information systems that must be protected.
iv. Involvement of Management and the establishment of an Information
Security Coordination Division (ISCD).
v. Checks for compliance with Laws/Regulations.
vi. The use ofconsultants (where necessary).
vii. Identification of information security risks and their mitigation plan.
viii. Disabling an account after three (3) unsuccessful logins may result in denial
of service when it is done by somebody else mischievously or when
restoration takes unduly long time.
ix. Decision making process of carrying out information security measures.
x. Procedures for revising information security measures.
xi. Responsibilities of each officer and employee and the rules (i.e. disciplinary
action) to be strictly applied as needs be.
xii. Quarterly IT Audit to determine effectiveness and compliance to the security
policy.
xiii. User awareness and training regarding information security.
xiv. Business Continuity Plans.
xv. Procedures for periodic review of the policy and security measures.
xvi. Procedures for change and configuration management covering facilities.
8.6. Standards on Identification
All users of critical devices on networks used by Web Aggregators shall be uniquely
identified to facilitate arrangements for authentication, access control,
confidentiality, demarcations and enforcement of security policies.
A customer registration process should ensure that all users and critical devices are
uniquely identified and linked with all authorized identification systems (i.e.
International Passport, Driver’s License, etc.). All identities must be aged and
renewed on expiry.
Authentication: A minimum of two-factor authentication process is required for all
User to access to the services provided. Web Aggregators may need to consider ~.
the use of Public Key Infrastructure (PKI) for authentication of Users for
e-insurance services .
8.7. ACCESS CONTROL
Web Aggregators shall introduce logical access controls in the IT infrastructure
deployed. Controls instituted by Web Aggregators shall be tested using periodic
penetration testing, which should include but not limited to the followings:
i. Password guessing and cracking.
ii. Search for back door traps in programs.
iii. Attempts to overload the system using Ddos (Distributed Denial of Service) &
Dos (Denial of Service) attacks.
iv. Check if commonly known vulnerabilities in the software still exist.
v. Web Aggregators may for the purpose of penetration testing engage external
Experts (Consultant).
8.8. SECURITY LOG (AUDIT TRAIL)
Computer access, including messages received, shall be logged and security
violations (suspected or attempted) shall be reported for follow-up actions in line
with the Organization’s escalation policy.
i. Log of Messages: The insurance applications run by the Web Aggregators shall
have proper record keeping facilities for legal purposes.
ii. All received and sent messages must be kept in both encrypted and decrypted
form. When stored in encrypted form, it should be possible to decrypt the
information for legal purpose by obtaining keys with owners’ consent ~.
9.0. CAPITAL, FEES, COMMISSION, PREMIUM ETC
9.1. Capital
i. The Applicant shall have a minimum share capital not less than N5Miliion as at
the date of application and shall continue to maintain same throughout the
license period.
ii. The Web Aggregator shall submit to the Commission a financial position duly
certified by an External Auditor every year after finalisation of books of
Accounts.
9.2. Fees Payable for Registration/Renewal
i. Non-Refundable Application fee
ii. Licensing fee
iii. Renewal fee
N 500,000.00
N2,500,000.00
N1,000,000.00
9.3. Iss Levy Payable by Web Aggregator
Insurance levy payable by Web Aggregator shall be 1% of the gross commission
income or minimum of N200, 000, whichever is higher.
9.4. Commission Payable to Web Aggregator
i. The commission to be paid by the Insurer Partner to Web Aggregator shall not
exceed 30% of Brokers Commission as stated in Section 53 of the Insurance
Act, 2003.
ii. A Web Aggregators shall put in place a robust LMS and transmit leads at no
extra cost to the Insurers.
iii. The Insurer shall keep adequate records of commission paid to a Web
Aggregator.
9.5. PAYMENT OF PREMIUM
i. Payment of premium under web Aggregation operation shall be guided by
Section 50(1) of the Insurance Act 2003 which provides for receipt of an
insurance premium as condition precedent to a valid contract of insurance and
highlighted further that there shall be no cover in respect of an insurance risk,
unless the premium is paid in advance i.e. “No premium, No cover”. A—
ii. Where Client made a payment for premium on a policy and account debited,
the Insurer partner Account must be credited simultaneously with the full value
amount paid as premium.
10.0 VALIDITY OF LICENSE/RENEWAL
i. A licence once issued shall be valid for a period of two calendar years unless same is
suspended or cancelled pursuant to this Guideline.
ii. A renewal application and documentation shall be submitted at least 45 days prior
to the date of expiration of license.
iii. Thirty (30) days of grace from the date of expiry may be allowed for renewal of
licence only and any business transacted after the grace period shall attract a
minimum penalty of N1Miliion or 10 times the commission received on such
transaction(s), whichever that is higher.
iv. Licence issued to Web Aggregator that is not submitted for renewal after expiration
of the thirty (30) days of grace, is deemed as lapsed and re-registration may be
considered after three (3) years of cool-off period.
v. Application for renewal of licence shall be in such a form as may be prescribed by
the Commission from time to time. ~
11.0 EMPLOYEES OF WEB AGGREGATOR
11.1. Web Aggregator’s Principal Officer
i. A Web Aggregator shall employ/desicnate a senior officer from the position
of Assistant General Manager (AGrvl)and above to manage the affairs of the
company on full time basis.
ii. At minimum, the officer must possess first degree or its equivalent in
Insurance from relevc;nt University/Polytechnics and must demonstrate vast
proficient in IT backed by certification from reputable AcademicjTraining
Institutions.
iii. The Principal Officer shall fulfil conditions of FIT and PROPERPersons set
by the Commission.
iv. The Principal Officer of a Web Aggregator shall be subject to the approval of
the Commission.
v. The Proposed Principal Officer shall not violate the obligations of Web
Aggregator as specified by this Guideline and shall adopt appropriate Code
of Good Conduct.
vi. The Principal Officer on commencement of operations as a Web Aggregator
shall embark on at least eighty (80) hours of practical training in Insurance
and Web Aggregation in NAICOM accredited Training Institutions within 6
months of operatioil. Evidence of attendance to be forwarded to
Commission for appropriate action.
vii. Web Aggregators shall be responsible for all acts of commission and
omission of the Employees including the Principal Officer in their
employment
11.2 Other Employees of Web Aggregator
Other empl<?yeesof a Web Aggregator are also required to have certification in
Insurance and IT and their functions shall include but not limited to the following:
i. The employee of a Web Aggregatur shall complete minimum of seventy-two
(72) hours practical training in Insur2nce and Web Aggregation in NAICOM
accredited training institution.’
ii. Obtaining detailed information about the Customer and his/her business.
iii. Maintaining. detailed knowledge of available insurance Products
frominsurers’ partner.
iv. Providing requisite lead information to the Partner Insurer in assessing the
risk to decide pricing terms and conditions for cover.
v. Maintaining proper records of Leads and businesses generated
12.0 DISPUTE RESOLUTION AND COMPLAINTS REDRESS MECHANISM.
12.1 Dispute Resolution among the Web Aggregator [Insurers partners and
the Public.
i. For any disputes arising between a Web Aggregator and the Partner Insurer,
the provisions of SLA in respect to Arbitration Clause must be exhausted
before referring the matter to the Commission.
ii. In any dispute arising out of Insurance transactions, the person so affected
may refer the matter to the Commission.
12.2. Customer Complaints Redress Mechanism.
A Web Aggregator and the Partner Insurer shall put in place an appropriate
complaints redress mechanism to ensure that client’s issues are appropriately
addressed.
· 13.0 . FINANCIAL REPORTING REQUIREMENTS AND DISCLOSSURES
~
13.1 Annual Reports
A Web Aggregator shall prepare the following:
i. Balance Sheet or Statement of Affairs as at the end of each accounting year.
ii. Profit and Loss Account annually
iii. Statement of Cash/Fund flow.
iv. Any additional statements on Web Aggregator’s business which may be
required by the Commission.
v. Every Web Aggregator shall submit to the Commission, a copy of the audited
financial statements along with the certificate of oath from the auditor within 6
months from the close of the accounting year in line with the provision of the
Insurance Act 2003.
vi. For the purpose of this Guideline, the accounting year shall be a period of 12
months (1st January- 31st December) and the accounts shall be in compliance
with International Financial Reporting Standard (IFRS).
13.2. Returns & Prudential Records
i. All documents relating to business conducted through a Web Aggregator shall
be maintained at the Head office of the Web Aggregator or such other branch
office as may be designated.
ii. All the electronic Records, books and documents, statements, contract notes
etc. referred to in this Guideline and maintained by the Web Aggregator shall
be retained for a period of not less than 10 years from the end of the year to
which they relate. However, the Digital Records/documents pertaining to the
cases of legal disputes reported and the disposal of same is pending ,such
Records are required to be maintained till the cases are disposed off by the
Court.
13.3 Disclosures to the Commission
i. A Web Aggregator shall disclose to the Commission, as at when required, any
information in line with the provision of the Act.
ii. A Web Aggregator shall disclose to the Commission on his own any material
change in the composition of the Web Aggregator’s within thirty (30) days of
such change.
iii. A Web Aggregator shall seek the prior approval of the Commission on the
following: ~
Change of Principal Officer.
Change of Director(s) .
Change in name of the Company.
Change of address of registered office/Corporate Office.
Opening/closing of branch office.
Engaging the services of service providers or third party vendors.
Change of location of the servers hosting the comparison website.
A Web Aggregator shall submit to the Commission the following information:
List of qualified personnel.
Outstanding claims in respect of Professional Indemnity Policy.
c. Acquisition of any property.
d. Any other information as will be required from the commission from time to
time
-. 14.0 REMEDIAL MEASURES& SANCTIONS
14.1. Remedial Measures
i. Where the Commission determines non-compliance with provIsions of this
Guidelines, it may take any intervention measures, remedies or steps
prescribed in the Insurance Act 2003
ii. Where the Commission determines that the Web Aggregators’ non-compliance
with the provisions of this Guidelines impacts on the Company’s ability to
identify, assess, manage and mitigate its risks in a systematic manner, the
Commission may issue such orders which it considers necessary to protect
Policyholders’ interest in accordance with the NAICOM Act 1997
iii. Power of Authority to Inspect:-In addition to the above, the Commission may
appoint one or more of its Officers or Information Technology Experts as
inspecting authority to undertake inspection of the premises of the Web
Aggregator to ascertain and see how activities are carried on and also to
inspect the books of account, records, and documents of the Web Aggregator
for compliance purpose under the following conditions:
i. To ensure that the provisions of the Act, rules and regulations are being
complied with;
ii. To ensure that the Lead Management System is managed as per the
provisions of this Guidelines;
iii. To investigate the affairs of the Web Aggregator to ensure proper
development of insurance business in the interest of policyholders.
14.2. Sanctions
14.2.1. Action against the Web Aggregator:-
i. The Commission may cancel the licence granted to a Web
Aggregator or take any other action as deemed appropriate under
the Act in case of failure to exercise due diligence or comply with its
obligations in this Guidelines or such other directives issued by the
Commission
ii. The Commission will also impose any or all of the available
administrative sanctions in accordance with the powers under the
NAICOM Act 1997 and the Insurance Act 2003
iii. Penal Provision:- in case of violation of the provisions of the NAICOM
Act 1997 and the Insurance Act 2003 or any Rules, Regulation,
Circular/ Guidelines issued by the Commission from time to time, A—
1
the Commission may impose appropriate penalty depending on the
nature/gravity of infractions.
14.2.2. Action Against a Web Aggregator without Approval or Valid Licence:-
i. From the date of commencement of this Guideline no person shall
function as a Web Aggregator unless he/she is licensed by the
Commission under this Guideline.
ii. Notwithstanding and without prejudice to initiation of criminal
proceedings against any person, who acts as a Web Aggregator
without holding a valid Licence issued by the Commission, the
Commission may in addition to ongoing prosecution impose against
such person penal action under the Act. ~
15.0 EFFECTIVE DATE
This Guideline shall be effective from 1st February 2022. All Insurance
Companies and Web Aggregators operating under any agreement of a
business relation whether called Web Aggregation business or otherwise shall
comply with the provisions of this Guideline within sixty (60) days of its coming
into effect. ~
16.0 ENQUIRY
Enquiries on any aspect of this Guideline should be referred to:
Address: National Insurance Commission,
Plot 1239, LadokeAkintola Boulevard Garki II,
Abuja.
Telephone: 09-8756021
E-mail: PoIReg@naicom.gov.ng/authpolicy@naicom.gov.ng
Website: www.naicom.gov.ng ~
II
APPLICATION FOR REGISTRATION/RENEWAL OF LICENCE AS WEB AGGREGATOR
Under the Insurance Act 2003
:.
PARTICULARS OF APPLICANT
1. NAME OF THE APPLICANT: _
2. CONTACT ADDRESS
3. TELEPHONE NO
4. E-mail
5. The licensing / renewal fee of N payable in respect of this application has
been paid to the Commission via receipt No of
……………………………… 20 .
2. ORGANISATIONAL STRUCTURE
2.1 Status of the Applicant:
(e.g. Limited company-Private/Public, partnership, proprietary, others. If listed, names
of Stock Exchanges and latest share price to be given)
Name of the
company
Status Date of Incorporation
DD_MM_YYYY
2.2 Scope of business as described in the Memorandum of Association
(To be given in brief along with copy of Memorandum and Articles of Association
or Partnership Deed).
2.3 List of major shareholders (holding 5% and above of applicant directly or along
with associates)
Share holding as on: _
Name of shareholder No of Shares held % of total paid up capital of the company
2.4 Particulars of all Directors –
Name
. Qualification
Designation / . (s) Shares in , Directorship in other
Position
increase the table to seven’
Company ,
, companies
2.5 Name and activities of associate companies/concerns
Name of Company’
jFirm
Address Type of activity I Nature of Interest, – – – Nature and
of Promoters (if
any) interest of
associate
company(ies)
2.6 Name and Address of the Princ!pal bankers of the applicant .
2.7 .
3. BUSINESSINFORMATION
3.1 Business plan with five years financials projection to be attached to the
application.
3.2 Organisation Chart separately showing functional responsibilities to be enclosed
3.3 Particulars of Key Management Personnel
Position/Des Working Experience
Name ignation Qualification Date of Functional
Appointment Areas
3.4 Any other information considered relevant to the nature of services
rendered by the applicant.
4. FINANCIAL INFORMATION
Authorised share capital ~ —————————-
Issued share capital ~——————————–
Paid-up share capital ~——————————–
DECLARATION
THIS DECLARATION IS TO BE SIGNED BY TWO OF THE DIRECTORS
1. We hereby apply for license as a web aggregator to transact Insurance business.
2. We have gone through the Insurance Act 2003 and the web aggregator guidelines and
are satisfied that we are eligible to apply for the Web Aggregator’s licence.
3. We state that we have truthfully answered the questions above and provided all the
information which might reasonably be considered relevant for the purposes of our
Licence.
4. We declare that the information supplied in the application form is complete and
correct.
5. We undertake that we shall not allow or offer to allow, either directly or indirectly, as
an inducement to any person, any rebate of the whole or part of the commission
earned by us during the Licence period.
6. We undertake to service the run-off business on the books at the time of cancellation
or non renewal of Licence.
7. We declare that we do not possess an insurance agent Licence under section 34 of the
Insurance Act.
For and on behalf of
(Signature and Name of Director)
(Signature & Name of Director)