FCA Conducts Review of Third-Party Service Providers for Life Insurers
FCA conducted a review of outsourcing and third-party service providers for life insurers. FCA identified governance over outsourcing as a priority area for supervision in the life insurers’ portfolio strategy. While the review did not find evidence of a widespread failure to manage the risks to customers arising from outsourcing, improvement is needed. The FCA review covered exit planning, business continuity planning, and governance, systems, and controls. FCA also highlighted the good and poor practices of the firms it observed.
In carrying out this review, FCA took into account the existing regulatory framework, including the Principles for Businesses in FCA Handbook. FCA also considered the guidance for firms outsourcing to the cloud and other third-party IT services. Generally, life insurers have extensive governance, systems, and controls over outsourced activities. However, some firms were not identifying and managing operational risks throughout the life span of outsourced arrangements from inception to business-as-usual operation and to exit from the arrangements. The following are the key highlights of the review:
- Exit planning. FCA reviewed the adequacy of firm plans for exit from an outsourcing arrangement including planned and unplanned exits. The level of detail contained in the exit plans varied. In some cases, a lack of detail gave insufficient confidence that the plan could be carried out in a way which would avoid customer harm. The risk of such harm is also affected by the business model of the life insurer and the services provided by the outsourced service providers.
- Business continuity planning. FCA reviewed whether firms had adequate arrangements in place for system outages or disaster recovery in respect of outsourced activities. In most cases, the outsourced service providers use their own IT systems rather than systems operated by the life insurer. Where this applies, outsourced service providers carry out business continuity testing rather than life insurers. For all life insurers in the FCA sample, their service carried out recent (at least annual) business continuity planning testing, which they confirmed to the insurer. Some firms discuss and obtain detailed information on the scope and scale of business continuity testing from the outsourced service provider. This information enables them to assess the results of that testing and the standard to which it has been carried out. However, some firms obtain more limited information from outsourced service providers. So they may not be able to satisfy themselves that the testing is robust or meets their needs.
- Governance, systems, and controls. FCA reviewed the quality of governance and risk frameworks, including management information, for outsourced service providers arrangements. Information provided to outsourcing governance committees tended to focus on operational performance, with less emphasis on customer outcomes. Where outsourcing management information identified shortcomings, it was in some cases unclear what risk they posed to customers or whether timely and effective remediation action had been taken. In response to the queries of FCA, most firms were able to provide customer-centric management information and reasonable explanations of what actions they had taken and why. However, in some cases, firms did not provide this information as part of the outsourcing management information to their outsourcing governance committees. Some firms were unable to demonstrate that their outsourcing governance committees had sufficient focus on customer fairness, in addition to operational issues. There is a risk that ensuring customer fair treatment may be seen within some firms as a separate compliance-related issue, rather than being an integral part of oversight and control over outsourcing.
Related Link: FCA Review
Keywords: Europe, UK, Insurance, Life Insurance, Outsourced Service Providers, Operational Risk, Outsourcing Arrangements, FCA
Previous Article
PRA to No Longer Require Certain Firms to Submit FSA047/048 ReturnsRelated Articles
OSFI Issues Phase2 Consultation on Climate Scenario Exercise for Banks
The Office of the Superintendent of Financial Institutions (OSFI) recently announced a consultation on the second phase of the Standardized Climate Scenario Exercise (SCSE) for banks and other financial institutions it regulates in Canada.
BIS and Central Banks Experiment with GenAI to Assess Climate Risks
A recent report from the Bank for International Settlements (BIS) Innovation Hub details Project Gaia, a collaboration between the BIS Innovation Hub Eurosystem Center and certain central banks in Europe
Nearly 25% G-SIBs Commit to Adopting TNFD Nature-Related Disclosures
Nature-related risks are increasing in severity and frequency, affecting businesses, capital providers, financial systems, and economies.
Singapore to Mandate Climate Disclosures from FY2025
Singapore recently took a significant step toward turning climate ambition into action, with the introduction of mandatory climate-related disclosures for listed and large non-listed companies
SEC Finalizes Climate-Related Disclosures Rule
The U.S. Securities and Exchange Commission (SEC) has finalized the long-awaited rule that mandates climate-related disclosures for domestic and foreign publicly listed companies in the U.S.
EBA Proposes Standards Related to Standardized Credit Risk Approach
The European Banking Authority (EBA) has been taking significant steps toward implementing the Basel III framework and strengthening the regulatory framework for credit institutions in the EU
US Regulators Release Stress Test Scenarios for Banks
The U.S. regulators recently released baseline and severely adverse scenarios, along with other details, for stress testing the banks in 2024. The relevant U.S. banking regulators are the Federal Reserve Bank (FED), the Federal Deposit Insurance Corporation (FDIC), and the Office of the Comptroller of the Currency (OCC).
Asian Governments Aim for Interoperability in AI Governance Frameworks
The regulatory landscape for artificial intelligence (AI), including the generative kind, is evolving rapidly, with governments and regulators aiming to address the challenges and opportunities presented by this transformative technology.
EBA Proposes Operational Risk Standards Under Final Basel III Package
The European Union (EU) has been working on the final elements of Basel III standards, with endorsement of the Banking Package and the publication of the European Banking Authority (EBA) roadmap on Basel III implementation in December 2023.
EFRAG Proposes XBRL Taxonomy and Standard for Listed SMEs Under ESRS
The European Financial Reporting Advisory Group (EFRAG), which plays a crucial role in shaping corporate reporting standards in European Union (EU), is seeking comments, until May 21, 2024, on the Exposure Draft ESRS for listed SMEs.
