FCA conducted a review of outsourcing and third-party service providers for life insurers. FCA identified governance over outsourcing as a priority area for supervision in the life insurers’ portfolio strategy. While the review did not find evidence of a widespread failure to manage the risks to customers arising from outsourcing, improvement is needed. The FCA review covered exit planning, business continuity planning, and governance, systems, and controls. FCA also highlighted the good and poor practices of the firms it observed.
In carrying out this review, FCA took into account the existing regulatory framework, including the Principles for Businesses in FCA Handbook. FCA also considered the guidance for firms outsourcing to the cloud and other third-party IT services. Generally, life insurers have extensive governance, systems, and controls over outsourced activities. However, some firms were not identifying and managing operational risks throughout the life span of outsourced arrangements from inception to business-as-usual operation and to exit from the arrangements. The following are the key highlights of the review:
- Exit planning. FCA reviewed the adequacy of firm plans for exit from an outsourcing arrangement including planned and unplanned exits. The level of detail contained in the exit plans varied. In some cases, a lack of detail gave insufficient confidence that the plan could be carried out in a way which would avoid customer harm. The risk of such harm is also affected by the business model of the life insurer and the services provided by the outsourced service providers.
- Business continuity planning. FCA reviewed whether firms had adequate arrangements in place for system outages or disaster recovery in respect of outsourced activities. In most cases, the outsourced service providers use their own IT systems rather than systems operated by the life insurer. Where this applies, outsourced service providers carry out business continuity testing rather than life insurers. For all life insurers in the FCA sample, their service carried out recent (at least annual) business continuity planning testing, which they confirmed to the insurer. Some firms discuss and obtain detailed information on the scope and scale of business continuity testing from the outsourced service provider. This information enables them to assess the results of that testing and the standard to which it has been carried out. However, some firms obtain more limited information from outsourced service providers. So they may not be able to satisfy themselves that the testing is robust or meets their needs.
- Governance, systems, and controls. FCA reviewed the quality of governance and risk frameworks, including management information, for outsourced service providers arrangements. Information provided to outsourcing governance committees tended to focus on operational performance, with less emphasis on customer outcomes. Where outsourcing management information identified shortcomings, it was in some cases unclear what risk they posed to customers or whether timely and effective remediation action had been taken. In response to the queries of FCA, most firms were able to provide customer-centric management information and reasonable explanations of what actions they had taken and why. However, in some cases, firms did not provide this information as part of the outsourcing management information to their outsourcing governance committees. Some firms were unable to demonstrate that their outsourcing governance committees had sufficient focus on customer fairness, in addition to operational issues. There is a risk that ensuring customer fair treatment may be seen within some firms as a separate compliance-related issue, rather than being an integral part of oversight and control over outsourcing.
Related Link: FCA Review
Keywords: Europe, UK, Insurance, Life Insurance, Outsourced Service Providers, Operational Risk, Outsourcing Arrangements, FCA
Previous ArticleEC Proposes Climate Law, Sets Climate Neutrality Target for 2050
BCBS amended the guidelines on sound management of risks related to money laundering and financing of terrorism (ML/FT).
EBA finalized the guidelines on treatment of structural foreign-exchange (FX) positions under Article 352(2) of the Capital Requirements Regulation (CRR).
FSB published a statement on the impact of COVID-19 pandemic on global benchmark transition.
IAIS published the list of Internationally Active Insurance Groups (IAIGs) publicly disclosed by group-wide supervisors.
FED has temporarily revised the reporting form on consolidated financial statements for holding companies (FR Y-9C; OMB No. 7100-0128).
EC launched a consultation on the review of the key elements of Solvency II Directive, with the comment period ending on October 21, 2020.
ECB launched a consultation on the guide that sets out supervisory approach to consolidation projects in the banking sector.
PRA published a letter that builds on the expectations set out in the supervisory statement (SS3/19) on enhancing banks' and insurers' approaches to managing the financial risks from climate change.
US Agencies (Farm Credit Administration, FDIC, FED, FHFA, and OCC) finalized changes to the swap margin rule to facilitate implementation of prudent risk management strategies at banks and other entities with significant swap activities.
IAIS published technical specifications, questionnaires, and templates for 2020 Insurance Capital Standard (ICS) and Aggregation Method data collections.