Featured Product

    EIOPA Consults on Guidelines on Outsourcing to Cloud Service Providers

    July 01, 2019

    EIOPA launched a consultation on the guidelines for outsourcing to cloud service providers. The guidelines are addressed to insurance and reinsurance undertakings as well as national supervisory authorities in EU. The guidelines specify how the outsourcing provisions set forth in the Solvency II Directive (2009/138/EC), in the Delegated Regulation 2015/35, and in the EIOPA guidelines on system of governance need to be applied in case of outsourcing to cloud service providers. The consultation is open until September 30, 2019. These guidelines apply from July 01, 2020 to all cloud outsourcing arrangements entered into, or amended on or after this date.

    EIOPA developed these guidelines in line with its contribution to Fintech Action Plan of EC and taking into account the outcome of its Fourth Insurtech Roundtable on the use of cloud computing by (re)insurance undertakings. The guidelines aim to provide clarification and transparency to market participants and to help avoid potential regulatory arbitrages. They also intend to foster supervisory convergence regarding the expectations and processes applicable in relation to cloud outsourcing. Annex 1 to the consultation contains the impact assessment to the guidelines whereas Annex II provides an overview of questions for consultation. The key areas covered in the guidelines include the following:

    • Criteria to distinguish whether cloud services should be considered within the scope of outsourcing
    • Principles and elements of governance of cloud outsourcing, including documentation requirements and list of information part of the notification to supervisory authorities
    • Pre-outsourcing analysis, including materiality assessment, risk assessment, and due diligence on the service providers
    • Contractual requirements
    • Management of access and audit rights; security of data and systems; sub-outsourcing, monitoring, and oversight of cloud outsourcing; and exit strategies
    • Principle-based instructions for national supervisory authorities on the supervision of cloud outsourcing arrangements including, where applicable, at group level

    The use of cloud outsourcing is a common practice among all types of financial undertakings, not only for insurance and reinsurance undertakings. Moreover, the key associated risks are similar across sectors. Acknowledging these facts and recognizing the potential risks of regulatory fragmentation in developing these guidelines—in addition to the (re)insurance provisions on outsourcing—EIOPA also considered the most recent guidance published by EBA.

     

    Related Links

    Comment Due Date: September 30, 2019

    Effective Date: July 01, 2020

    Keywords: Europe, EU, Insurance, Reinsurance, Guidelines, Outsourcing, Cloud Service Providers, Governance, Fintech, Insurtech, Regulatory Arbitrage, Supervisory Convergence, Cloud Outsourcing, Solvency II, EBA, EC, EIOPA

    Featured Experts
    Related Articles
    News

    HM Treasury Publishes Policy Statement Amending Benchmarks Regulation

    HM Treasury announced that the new Financial Services Bill has been introduced in the Parliament.

    October 21, 2020 WebPage Regulatory News
    News

    PRA Consults on Implementation of Certain Provisions of CRD5 and CRR2

    PRA published the consultation paper CP17/20 to propose changes to certain rules, supervisory statements, and statements of policy to implement elements of the Capital Requirements Directive (CRD5).

    October 20, 2020 WebPage Regulatory News
    News

    US Agencies Finalize Rule to Reduce Impact of Large Bank Failures

    US Agencies adopted a final rule that applies to advanced approaches banking organizations and aims to reduce interconnectedness in the financial system as well as to reduce contagion risks associated with the failure of a global systemically important bank (G-SIB).

    October 20, 2020 WebPage Regulatory News
    News

    US Agencies Finalize Rule on Net Stable Funding Ratio Requirements

    US Agencies (FDIC, FED, and OCC) adopted a final rule that implements the net stable funding ratio (NSFR) for certain large banking organizations.

    October 20, 2020 WebPage Regulatory News
    News

    FSB Sets Out Effective Practices for Cyber Incident Recovery

    FSB finalized the toolkit of effective practices to assist financial institutions in their cyber incident response and recovery activities.

    October 19, 2020 WebPage Regulatory News
    News

    ECB Publishes Eleventh Issue of the Macroprudential Bulletin

    ECB published eleventh issue of the Macroprudential Bulletin, which provides insight into the ongoing work of ECB in the field of macro-prudential policy.

    October 19, 2020 WebPage Regulatory News
    News

    HM Treasury Seeks Views on Review of Solvency II Regime for Insurers

    HM Treasury issued a call for evidence seeking views to reform the prudential regulatory regime—also known as Solvency II—of the insurance sector in UK.

    October 19, 2020 WebPage Regulatory News
    News

    ESRB Responds to EC Consultation on Review of Solvency II

    ESRB responded to the EC consultation on review of Solvency II regime.

    October 19, 2020 WebPage Regulatory News
    News

    HM Treasury Consults on Phase II of Future Regulatory Framework Review

    HM Treasury launched a consultation on Phase II of the Future Regulatory Framework Review, with the comment period ending on January 19, 2021.

    October 19, 2020 WebPage Regulatory News
    News

    EC Publishes Work Program for 2021

    EC adopted the work program for 2021.

    October 19, 2020 WebPage Regulatory News
    RESULTS 1 - 10 OF 5991