The Financial Conduct Authority (FCA) has released the results of its review of outsourcing in the life insurance sector, and firms’ good and poor practices have been highlighted.
For its review, the FCA looked at a sample of life insurers’ systems and controls for managing and governing outsourced activities given the potential for widespread harm if an outsourced service provider (OSP) fails. The regulator focused on the areas of exit planning; business continuity planning (BCP); and governance, systems, and controls.
Poor practices that came to light included the absence of an exit plan. For instance, what happens when the OSP contracted by the insurance company suddenly becomes insolvent, or in the event of a serious breach? It was found that not all life insurers had exit plans.
In the area of BCP, it was noted that some firms don’t obtain detailed information from their OSPs as far as the latter’s business continuity testing is concerned. A good practice cited by the regulator was the use of third-party consultancies to undertake annual reviews of OSPs on behalf of insurers.
As for governance, systems, and controls, the FCA said one good practice it observed was having clearly defined group policies in place. An example of poor practice would be a company’s failure to take timely action in respect of identified issues.
In conclusion, the FCA stated: “While we have not found evidence of widespread failure to manage the risks to customers arising from outsourcing, we can see areas for improvement.
“We encourage firms to review their current systems and controls in light of our findings and good and poor practice examples, where relevant to their particular characteristics and the nature, scale, and complexity of their activities.”
The watchdog, meanwhile, clarified that it is not proposing any new rules or guidance at this time.
Commenting on the review, former FCA deputy chief risk officer Paul Dyer had this to say: “The complexity of life operations and in many cases aging technological infrastructure creates a big challenge for these firms in managing continuity, particular with third parties.
“Several firms may be creating a risk of poor outcomes for customers arising from poor management and governance of outsourced activities. Firms should ensure best practice by integrating customer outcomes into all compliance-related issues.”
Dyer, who is now head of regulatory risk and assurance at regulatory specialist Huntswood, stressed that understanding and appropriately addressing potential consumer harm should be an essential part of any process, regardless of whether they’re outsourced or not.
“It is critical that any third-party arrangements are well vetted, monitored, and assured across the gamut of risks they pose,” he said.
Activities outsourced in the sector include annuities payroll administration, claims processing, and queries resolution.