Written by: Agata Wojtas, Chief Commercial Officer, Digital Colliers
Elliott building a stake in CCC and pushing for a sale isn't just a Wall Street story. If you're an insurer running quotes, claims, or subrogation through a single core platform, the ownership of that platform is now your problem. A new owner will retest every discount, every custom integration, and every renewal. If your data lives inside their schema and nowhere else, you don't have a negotiation. You have a bill.
This is the left-behind risk nobody prices in until it arrives. And it arrives fast, usually 6 to 12 months after the deal closes, when the new commercial team gets its number.
What most insurer contracts actually say about your data
Read your master agreement with your core vendor. Most of the ones I've seen contain some version of three clauses that look reasonable and are not.
- Data export is available "in the vendor's standard format" (which usually means a flat CSV dump, not the relational model you actually run on).
- Historical claim notes, adjuster workflow states, and audit trails are described as "platform metadata" and excluded from the export.
- Exit assistance is capped at 30 or 60 days, billed at time and materials, and gated on you being current on fees.
None of that gets you out. It gets you a pile of CSVs and a lawsuit. Under DORA, which has been in force since 17 January 2025, financial entities are already expected to manage ICT third-party risk with exit strategies that are actually testable. "We'll dump CSVs" is not a testable exit strategy.
The mirrored warehouse move
The operators who sleep through vendor M&A drama have done one specific thing. They keep a continuous, mirrored copy of their own data in a warehouse they control. Snowflake, BigQuery, Databricks, Postgres on their own cloud account, pick one. The vendor's platform is the system of record for operations. The warehouse is the system of record for the business.
The pattern looks like this:
- Nightly or streaming replication of every table you touch, including the join tables and status enums.
- A documented schema on your side, owned by your data team, not the vendor's PS org.
- Analytics, pricing models, and regulatory reporting run off the warehouse, not the vendor UI.
The negotiating power this buys is not subtle. When the new owner comes in with a 40% price increase, you can credibly say you're 90 days from switching. The ones without a mirror say the same thing and everyone in the room knows it isn't true.
Export terms to require, in writing
If you're renewing in the next 18 months, or negotiating a new core, these are the clauses to fight for. Not nice-to-haves. Signature-blockers.
- Continuous read access to the full relational model, not a nightly export. API or direct replica, your choice.
- Schema documentation kept current, with 90 days notice on breaking changes and a contractual right to reject them.
- All derived data included: adjuster notes, workflow states, decision audit logs, model scores, override reasons.
- Portability of any AI or scoring outputs the vendor generates on your book. Under the SCHUFA ruling (C-634/21, December 2023), automated scoring on your customers carries your GDPR exposure, not theirs, and GDPR fines run up to €20M or 4% of global turnover.
- Exit assistance measured in months, not days, with a fixed fee schedule agreed up front.
- A tested exit runbook, executed annually, with evidence retained. DORA examiners are going to ask.
The AI Act clock is also ticking
Most core insurance platforms are quietly shipping more automated decisioning every quarter. Pricing suggestions, fraud flags, claim triage. Under the EU AI Act, high-risk obligations apply from 2 December 2027, with fines up to €15M or 3% of global turnover for high-risk violations. If your vendor's model is deciding who gets a policy or a payout, the regulator is going to want to see your documentation, not theirs.
You can't produce that documentation from a CSV dump six months after a hostile exit. You produce it from a warehouse you already own, populated with data you already have, governed by contracts you already signed.
The M&A story is the forcing function. The data model is the actual work.

