FCA conducted a review of outsourcing and third-party service providers for life insurers. FCA identified governance over outsourcing as a priority area for supervision in the life insurers’ portfolio strategy. While the review did not find evidence of a widespread failure to manage the risks to customers arising from outsourcing, improvement is needed. The FCA review covered exit planning, business continuity planning, and governance, systems, and controls. FCA also highlighted the good and poor practices of the firms it observed.
In carrying out this review, FCA took into account the existing regulatory framework, including the Principles for Businesses in FCA Handbook. FCA also considered the guidance for firms outsourcing to the cloud and other third-party IT services. Generally, life insurers have extensive governance, systems, and controls over outsourced activities. However, some firms were not identifying and managing operational risks throughout the life span of outsourced arrangements from inception to business-as-usual operation and to exit from the arrangements. The following are the key highlights of the review:
- Exit planning. FCA reviewed the adequacy of firm plans for exit from an outsourcing arrangement including planned and unplanned exits. The level of detail contained in the exit plans varied. In some cases, a lack of detail gave insufficient confidence that the plan could be carried out in a way which would avoid customer harm. The risk of such harm is also affected by the business model of the life insurer and the services provided by the outsourced service providers.
- Business continuity planning. FCA reviewed whether firms had adequate arrangements in place for system outages or disaster recovery in respect of outsourced activities. In most cases, the outsourced service providers use their own IT systems rather than systems operated by the life insurer. Where this applies, outsourced service providers carry out business continuity testing rather than life insurers. For all life insurers in the FCA sample, their service carried out recent (at least annual) business continuity planning testing, which they confirmed to the insurer. Some firms discuss and obtain detailed information on the scope and scale of business continuity testing from the outsourced service provider. This information enables them to assess the results of that testing and the standard to which it has been carried out. However, some firms obtain more limited information from outsourced service providers. So they may not be able to satisfy themselves that the testing is robust or meets their needs.
- Governance, systems, and controls. FCA reviewed the quality of governance and risk frameworks, including management information, for outsourced service providers arrangements. Information provided to outsourcing governance committees tended to focus on operational performance, with less emphasis on customer outcomes. Where outsourcing management information identified shortcomings, it was in some cases unclear what risk they posed to customers or whether timely and effective remediation action had been taken. In response to the queries of FCA, most firms were able to provide customer-centric management information and reasonable explanations of what actions they had taken and why. However, in some cases, firms did not provide this information as part of the outsourcing management information to their outsourcing governance committees. Some firms were unable to demonstrate that their outsourcing governance committees had sufficient focus on customer fairness, in addition to operational issues. There is a risk that ensuring customer fair treatment may be seen within some firms as a separate compliance-related issue, rather than being an integral part of oversight and control over outsourcing.
Related Link: FCA Review
Keywords: Europe, UK, Insurance, Life Insurance, Outsourced Service Providers, Operational Risk, Outsourcing Arrangements, FCA
Previous ArticleEC Proposes Climate Law, Sets Climate Neutrality Target for 2050
The European Banking Authority (EBA) published the final guidelines on the monitoring of the threshold and other procedural aspects on the establishment of intermediate parent undertakings in European Union (EU), as laid down in the Capital Requirements Directive (CRD).
In a recent Market Notice, the Bank of England (BoE) confirmed that green gilts will have equivalent eligibility to existing gilts in its market operations.
The Financial Conduct Authority (FCA) published the policy statement PS21/9 on implementation of the Investment Firms Prudential Regime.
The European Banking Authority (EBA) proposed regulatory technical standards that set out criteria for identifying shadow banking entities for the purpose of reporting large exposures.
The Board of the International Organization of Securities Commissions (IOSCO) proposed a set of recommendations on the environmental, social, and governance (ESG) ratings and data providers.
The European Securities and Markets Authority (ESMA) published recommendations from the Working Group on Euro Risk-Free Rates (RFR) on the switch to risk-free rates in the interdealer market.
The European Commission (EC) announced plans to defer the application of 13 regulatory technical standards under the Sustainable Finance Disclosure Regulation (2019/2088) by six months, from January 01, 2022 to July 01, 2022.
The European Insurance and Occupational Pensions Authority (EIOPA) proposed to amend the supervisory statement on supervision of run-off undertakings that are subject to Solvency II regulation.
The Bank of England (BoE) published a consultation paper on approach to setting minimum requirement for own funds and eligible liabilities (MREL), an operational guide on executing bail-in, and a statement from the Deputy Governor Dave Ramsden.
The European Banking Authority (EBA) is seeking preliminary input on standardization of the proportionality assessment methodology for credit institutions and investment firms.