Regulatory Revolution in the Insurance Sector: The New Framework for Insurance Technology Companies in Ecuador

Introduction: A New Chapter for Insurance Innovation

In April 2025, the Financial Policy and Regulation Board (JPRF) marked a milestone in the history of Ecuador’s insurance sector with the issuance of Resolution JPRF-S-2025-0152. This regulation, a pioneer in the region, establishes the first specific regulatory framework for insurance technology service entities, internationally known as insurtechs. The objective is to modernize the sector, promote innovation, and ensure security and transparency in an increasingly digital environment.

I. Legal Context: From Lack of Regulation to a Specific Framework

Until the issuance of Resolution JPRF-S-2025-0152, the Ecuadorian insurance sector lacked clear regulation for technology companies providing services to insurers. Although the Fintech Law (Organic Law for the Development, Regulation and Control of Technological Financial Services, 2022) recognized the existence of technological activities in the financial and insurance sectors, there was no regulation defining, authorizing, and supervising insurtechs in the country. This gap created legal uncertainty, operational risks, and limited the adoption of disruptive technologies such as big data, artificial intelligence, blockchain, and digital platforms for the marketing of insurance, product design and development, and claims management. Resolution JPRF-S-2025-0152 fills this gap, aligning Ecuador with international best practices and providing security for both traditional players and new entrants.

II. Main Changes Introduced by Resolution JPRF-S-2025-0152

The resolution defines for the first time insurance technology service entities, encompassing companies that develop technology-focused activities for the insurance market. Regulated activities include virtual platforms for the promotion and marketing of insurance, technological infrastructure for the insurance market, customer assessment, risk profiling, fraud prevention, identity verification, big data analytics, business intelligence, cybersecurity, and electronic contracting, as well as blockchain-based solutions and other technological services that the JPRF may determine in the future. Before this resolution, insurtechs could operate without specific authorization, making control, user protection, and efficient integration with traditional insurers difficult. Now, the framework is clear: only qualified and authorized entities may legally operate in the sector.

The regulation establishes that insurtechs must be incorporated in accordance with the Fintech Law and be qualified by the Superintendence of Companies, Securities, and Insurance (SCVS), meeting technical and financial requirements. They must have a clearly defined corporate purpose, adequate capital and infrastructure, and a corporate governance code including specific roles such as product manager and risk manager. The SCVS must issue a control regulation detailing the procedures for authorization, suspension, revocation, and the sanctioning regime. Previously, there was no formal authorization process or minimum standards for capital, infrastructure, or corporate governance, which posed risks of entry for underprepared actors or non-transparent business models.

The resolution requires the implementation of a risk management system aligned with international best practices, covering the identification, measurement, control, and monitoring of inherent and residual risks. It mandates the management of operational risks such as process, people, system, technology failures, and external events, as well as legal risks arising from errors, negligence, or regulatory non-compliance. It also requires the development of risk management policy manuals, processes, and methodologies, as well as a business continuity plan and cybersecurity protocols. Previously, there were no specific guidelines on technological risk management, cybersecurity, or business continuity for insurtechs. The new regulation raises the standard and protects both insurers and users.

In addition, insurtechs must comply with the Organic Law on Personal Data Protection and the rules for the prevention of money laundering and terrorist financing. This includes the implementation of technical and organizational measures to safeguard information and report unusual operations. Previously, data protection and crime prevention regulations were not adapted to the technological reality of the insurance sector, exposing users to risks of fraud and misuse of their information.

III. Legal and Financial Impact on the Market

The resolution facilitates the integration of technological solutions under a safe and regulated framework for traditional insurers. Insurers will be able to contract insurtech services with the certainty that they meet standards for security, risk management, and data protection. This will allow them to optimize underwriting, pricing, and claims management processes, offer personalized products, improve customer experience, and reduce operating costs and response times. For example, an insurer wishing to implement an AI-based automatic claims management system can contract an authorized insurtech, knowing that the solution has been validated by the SCVS and complies with cybersecurity and data protection requirements.

For insurtechs and technology companies, the formalization of the sector opens opportunities for growth and innovation, but also entails greater compliance demands. Insurtechs will have to invest in strong capital and technology, risk management and compliance teams, as well as in certifications and periodic audits. For example, a startup developing a blockchain platform for policy and claims management must present its business model, have sufficient capital, demonstrate the security of its infrastructure, and comply with data protection requirements before receiving authorization to operate.

The regulation strengthens user rights protection, ensuring that their personal data is protected and not misused, that the technological services contracted by insurers are safe, transparent, and reliable, and that there is a clear channel for handling complaints and SCVS supervision. For instance, a user purchasing insurance through a digital platform can be assured that their information is safeguarded and that the company complies with international security standards.

The JPRF and SCVS now have tools to supervise a rapidly evolving sector, anticipate systemic risks, and promote responsible innovation. The Ecuadorian market becomes more attractive for national and international investors by offering a regulated, transparent environment aligned with global trends.

IV. Critique and Reflection on Regulatory Balance

While Resolution JPRF-S-2025-0152 imposes strict requirements for authorization, reporting, and compliance, it is important to recognize that these regulatory demands serve an essential function: protecting users, ensuring the solvency of actors, and preventing fraud and financial crimes. However, there are additional risks and challenges that should be highlighted in the implementation and regulatory development process.

One of the main risks is that when the SCVS issues the qualification and authorization regulation for insurtechs, the process may become overly bureaucratic. The resolution establishes that the SCVS must define technical and financial requirements as well as procedures for authorization, suspension, and revocation. However, if the SCVS does not develop clear and agile criteria for interpreting and classifying the nature of each service offered by insurtechs, there is a danger of administrative obstacles, unjustified delays, and a lack of legal certainty for new actors. The absence of precise definitions of the different business models and technological services may lead to restrictive or inconsistent interpretations, affecting innovation and the entry of new participants into the market. In a context where technology evolves rapidly, regulation must be flexible enough to adapt to new models and services, avoiding bureaucracy becoming an obstacle to sector development. One way to implement a regulation aligned with this vision would be to adopt comparative law models from Latin America and Europe tailored to our legal system.

Another aspect is that the regulation issued by the SCVS must clearly state that insurtechs do not replace the services of entities within the private insurance system, such as claims adjusters and insurance intermediaries. It is important to emphasize that insurtechs are companies whose sole purpose is to provide technology services and not to sell insurance policies per se; rather, they serve as a support tool for carrying out this activity.

This clarification would ensure legal certainty for various members of the insurance sector and provide reassurance to insurance agents and adjusters by clearly defining each party’s role in the insurance market. A lack of clear positioning from the Ecuadorian regulator could lead to differing interpretations, litigation, or even anti-competitive practices. Therefore, it is essential that the SCVS and JPRF address this issue in future regulations or guidelines by establishing appropriate limits, conditions, or control mechanisms.

In this context, the challenge for the regulator will be to maintain a balance between control and flexibility, allowing experimentation and the development of new business models without sacrificing market security and trust. Regulation should be dynamic, principles-based, and results-oriented, rather than relying on overly detailed rules that may become obsolete in the face of rapid technological innovation. Only then can an environment conducive to the growth of insurtechs, the protection of users, and the sustainable modernization of Ecuador’s insurance sector be ensured.

V. Conclusion: A More Innovative and Secure Insurance Future

Resolution JPRF-S-2025-0152 represents a qualitative leap in the regulation of Ecuador’s insurance sector, aligning the country with international standards and opening the door to a new era of technological innovation. For insurers, insurtechs, investors, and users, this new framework offers greater security, transparency, and development opportunities. The success of this reform will depend on the ability of all actors to adapt to new demands, invest in technology and compliance, and seize the opportunities of a more modern, competitive, and secure market. The future of insurance in Ecuador is digital, and regulation is the foundation to build it with confidence and long-term vision.

Written by:

María Belén Jaramillo – Director

Belén has extensive experience in Corporate, Commercial, Banking, and Insurance Law. She focuses her practice on advising on reinsurance company registration, implementing insurance products in the country, compliance advice for insurance companies and reinsurance producers, drafting insurance marketing contracts, and insurance litigation. She also has significant experience advising auxiliary companies in financial services systems and banking entities, as well as the qualification of regulated services in the banking sector.

Juan Bernardo Guarderas – Senior Associate

Juan Bernardo is a senior associate at BUSTAMANTE FABARA and a member of the firm’s Corporate, Commercial, Financial, Banking, Capital Markets, and Mergers & Acquisitions teams. He focuses his practice on financial, securities, corporate, and banking matters. He advises multilaterals, bilaterals, national and international creditors, financiers, debtors, sellers, and buyers in complex financial and banking operations, usually involving commercial, fiduciary, securities, and regulatory components. He has been involved in Ecuador’s most sophisticated financial and banking transactions, including the country’s and region’s first issuance of green, thematic, and blue bonds.