The following is an opinion article from Daniel Liptrott, managing director at NCC Group.
More insurers and brokers than ever are relying on third-parties to deliver business critical software as a service. Many of the best innovations in the sector are coming from technology companies delivering disruptive software through the cloud, rather than the more traditional on-premises model of IT.
However this poses potential problems if the software vendor ever suffers an outage. Not only would this have a clear impact on productivity and customer service, there is also the potential for disciplinary action from the Financial Conduct Authority (FCA) for not carrying out work during these times.
Although this may sound harsh, the FCA released guidelines last year which state that subscribers to outsourced services are responsible for ensuring that these services are continuously available. This means taking care of legal considerations, risk management and data availability. Subscribers are also required to comply with international standards, which can include ensuring that software providers have sufficient measures in place to constantly monitor risks to sensitive data, and be compliant with the Data Protection Act.
These precautions are understandable when considering the risks of adopting software from third parties. Creating a relationship with cloud-hosted solution vendors often means placing sensitive and business-critical data in the hands of another company, which could put insurers and their business operations at risk if the service provider goes out of business or experiences an outage.
However, with businesses in the sector frequently facing competition from emerging insurtech start-ups, some might argue that it’s essential for insurers to invest in technology. And it’s true that there are plenty of benefits. Using these systems can be cost efficient, increase productivity and can streamline operations.
As attractive as these benefits sound, it’s important to consider that vendors of third-party services often rely on external data centres for storage and software hosting, and have links to other companies. This adds a further layer of complexity to regulatory compliance, as it makes tracking the safe handling and storage of this data difficult. It also makes it more complicated for insurers to ensure that their software is constantly available.
This is why it’s often simpler to work with a third-party to monitor the relationships between the cloud vendor and the data centre or cloud service provider that it works with. This means that the customer will be warned ahead of time if the vendor isn’t making payments, which can often be the first sign of potential financial issues, and be made aware of any problems regarding the availability of their service and the data.
If the vendor does go out of business, it’s crucial that organisations can retrieve their data quickly, in order to minimise disruption to the business. Therefore, as well as being aware of these relationships that vendors have with external data centres, insurers should perhaps have agreements in place with these data centres independently.
Organisations also need to consider backing up their important data so that it is always accessible, as well as having a copy of the systems source code/snapshot of the application environment so that these applications can be easily recovered.
These steps will provide businesses with peace of mind and ensure that they’re still able to access the applications that they need in any situation.
As technology becomes central to businesses in every sector, including insurance, it’s becoming more attractive to invest in outsourced services as a way to increase efficiency and stay ahead of the competition. However, it’s incredibly important to be aware of the risks and prepare for the worst, as sticking their heads in the sand could send businesses back a long way.
The preceding article was an opinion piece from Daniel Liptrott, managing director at NCC Group. The views expressed do not necessarily reflect those of Insurance Business.