ICSA Ireland

We use cookies to make this site as useful as possible. Read our cookie policy or ignore.

Outsourcing under Solvency II – Central Bank publishes paper for (re)insurers on notification requirements

04 July 2016

The Central Bank recently published a paper entitled ‘Notification Process for (Re)Insurance Undertakings when Outsourcing Critical or Important Functions or Activities under Solvency II’ (the Guidance). The Guidance is designed to assist (re)insurers in complying with Regulation 51(3) of the European Union (Insurance and Reinsurance) Regulations 2015 (the Regulations).

This provides that (re)insurers must notify the Central Bank, in a timely manner, before outsourcing critical or important functions or activities (CIFA) and regarding subsequent material developments with respect to those functions or activities.

Although notification is required, the Central Bank’s Guidance points out that this does not amount to a supervisory pre-approval. According to the Central Bank, prior notification provides it with an opportunity to discuss any concerns with the notifying (re)insurer in the event that the outsourcing appears not to comply with the outsourcing requirements and, if necessary, the opportunity to object to the outsourcing where the Bank’s concerns have not been addressed.

Factors for consideration prior to outsourcing

Section 5 of the Guidance sets out a detailed list of requirements for (re)insurers to comply with prior to any outsourcing arrangement coming into effect.

This includes factors to consider in respect of the outsourcing arrangement and sample areas to consider for due diligence when selecting a service provider. The Guidance also advises (re)insurers to have appropriate documentary evidence showing that the relevant factors and due diligence considerations have been taken into account.

Form, content and timing of the notification

Notification to the relevant supervisory team in the Central Bank should take the form of letter or email, signed by the CEO or Captive Manager of the (re)insurer and provided at least six weeks before the outsourcing is due to come into effect. If the Central Bank does not raise any concerns in advance of the date the outsourcing is due to come into effect, the (re)insurer may assume that the outsourcing is acceptable to the Central Bank.

The content of the notification must include a description of the scope and rationale for the outsourcing, the service provider’s name and a declaration that the (re)insurer has taken the factors referred to in Section 5 of the Guidance into account.

Where subsequent material developments in relation to the outsourcing occur, a further notification should be made to the Central Bank promptly, in written form, in accordance with the requirements for the initial notification. This includes all developments which are relevant for the supervisory process.

Where the proposed outsourcing relates to one of the four key functions of the system of governance, the Guidance states that additional information is required, including:

  • the name(s) of the person(s) in the undertaking designated with overall responsibility for the outsourcing arrangement; and
  • the name(s) of the person(s) in the service provider responsible for the performance of the outsourced key function or activity.

For functions other than the four key functions of the system of governance, the Central Bank refers (re)insurers to EIOPA’s Guidelines on the System of Governance to assist them in determining for themselves whether an activity is critical or important. This determination should be on the basis of whether the activity concerned is essential to the operations of the (re)insurer as it would be unable to deliver its services to policyholders without it.

Wider issues

A question has arisen as to whether the Guidance has any relevance to existing outsourcing arrangements.

Article 274(3) of the Solvency II Delegated Act (Commission Delegated Regulation (EU) 2015/35) states that (re)insurers must undertake a due diligence in relation to six specific matters when choosing the service provider for a CIFA. The term ‘when choosing the service provider’ suggests that the due diligence should be undertaken before the appointment of the service provider. Therefore it would seem that the provisions do not apply to existing service providers of CIFA.

Furthermore, Article 274(4) lists 12 requirements which must be included in the written outsourcing agreements ‘to be concluded between the insurance or reinsurance undertaking and the service provider’. This language also suggests that these provisions should apply only on a prospective basis.

However, in a response to a paper on the subject prepared by certain industry members of the Solvency II Implementation Forum, the Central Bank has indicated that it is of the view that the provisions in existing outsourcing agreements which continue after 31 December 2015 should have been subject to a review to ensure compliance with the requirements of Solvency II.

The Central Bank's position is that all existing outsourcing agreements should contain the 12 requirements which are listed in Article 274 of the Solvency II Delegated Act. Moreover, the Central Bank has stated that it takes a similar position with regard to Article 274(3), which deals with pre-contract due diligence assessments.

The Central Bank's interpretation seems at variance with the language of paragraphs Article 274(3) and (4) as set out above. Notwithstanding this, (re)insurers should be mindful of the Central Bank's position.

Action required

The purpose of the Guidance is to assist (re)insurers in their compliance with the obligations under the Regulations. It is not an exhaustive analysis of every aspect of outsourcing under Solvency II. However, the Guidance does provide (re)insurers with direction in terms of the Central Bank’s expectations regarding the mechanics of the notification process (as well as the content of the notification). It is important for (re)insurers outsourcing critical or important functions or activities to review and embed this process as necessary within their compliance frameworks.