What are the regulatory and legal implications of insurance outsourcing

by Mark A. Fitzperik.
Share
|
Homepage | Submit your article | Contact | TOS
More articles on insurance  

You are here: Categories » Legal and finance » Insurance

FSA requirements

The FSA has developed detailed sets of principles that insurance firms should adopt in any outsourcing arrangements. They outline:

- the factors to be considered before deciding whether to outsource any activities;

- the issues to be covered in the contract with the service provider;

- the ongoing management of the relationship with the service provider.

Behind them is the general principle that a company does not abdicate responsibility for a service by handing it over to someone else. The overriding obligation of an insurance firm is to take reasonable care to organise and control its affairs responsibly and effectively with adequate riskmanagement systems.

Insurance companies are responsible for ensuring that:

- claims are handled fairly;

- claims are settled promptly;

- customers are provided with information on the claims handling procedure, and with an explanation if a claim is rejected or not settled in full;

- insurance intermediaries disclose and manage any conflicts of interest. An insurance firm cannot, by outsourcing or delegating its activities to a service provider, avoid any of its legal or regulatory obligations.

Firms are therefore advised by the FSA to have ‘appropriate safeguards’ for any outsourcing or delegation of activities to a service provider, bearing in mind that different safeguards will be appropriate for different activities, and will depend on the scale, nature and complexity of the activities. Safeguards should be comprehensive and proportionate and should be backed up by regular assessment of whether the service provider is achieving the right standards. Firms should:

- identify, assess and manage the risks arising from an outsourcing arrangement;

- ensure, both contractually and operationally, that there are appropriate access rights to the service provider’s premises, people and information for themselves, their auditors and the regulators;

- consider contingencies to protect business continuity;

- have an exit strategy.

Under FSA regulations, if an insurance firm is intending to enter into, or significantly change, a material outsourcing arrangement it is required to notify the FSA and ensure that the outsourcing does not restrict the FSA in exercising its supervisory powers. Firms are required to take particular care to manage material outsourcing arrangements.

A material outsourcing is one where the services are of such importance that their weakness or failure would cast serious doubt upon the firm’s continuing satisfaction of the conditions for FSA authorization.

Materiality needs to be judged by the firm in relation to the impact of the outsourced service on its activities. The outsourcing of internal audit or compliance and most front-office functions is considered to be material. Many firms regard delegation of underwriting authority on any significant scale as material outsourcing since it exposes them to increased risks. Amember of the firm’s senior management should take responsibility for each material outsourced function. Direct communication lines between this designated person and the individuals responsible for the material outsourced services should be established. The parties should be aware that material outsourcing may be indicative of an agency relationship and may be treated differently in law.

Depending on the nature of the function that is being outsourced, the service provider may itself be carrying on a regulated activity. If that is the case, the service provider should either be authorised by the FSA to carry on that outsourced activity or fall within one of the relevant exemptions (for example, by being the appointed representative of another authorised firm). The insurance firm has responsibility for checking that its proposed service provider has the right FSA authorisations or exemptions. The fact that the service provider itself is regulated for the outsourced services does not release the insurance firm from its own regulatory obligations.

Data-protection requirements

The insurance outsourcings described above have obvious implications for data protection. They will inevitably involve the transfer of information about customers and their policies – much of it personal and/or sensitive in nature. For example, in some cases, details of medical records will need to be passed on. In most cases, the service provider will be processing this information on behalf of the insurance company (ie as a data processor) and the comments below apply to such a scenario.

If an insurance company asks a service provider to process personal information on its behalf, it remains liable for the security of the data and is deemed to retain control over it. This, of course, reflects the principle that you cannot outsource regulatory responsibility.

The Data Protection Act 1998 (DPA) requires the contract between the client and the service provider to impose certain data-security requirements. Firms should obtain guarantees from the service provider that there are project-specific plans to protect customer information. But relying on the contract is not enough: they should also carry out audits and quality assurance tests to check that security requirements are being met.

The outsourcing client’s responsibilities for data security apply even if the service provider is based overseas. When the outsourcing arrangement is with a company based elsewhere in the EEA, consideration of the adequacy of the data-protection rules in the other country does not come into play. The situation gets more complex when the service provider is outside the EEA. Under the Data Protection Directive of 1995, implemented in the UK by the DPA, European firms are restricted in terms of the data that can be transferred or stored outside the EEA without equivalent rules and enforcement. The principle is that policyholders should be guaranteed the level of protection they would have inside the EEA. Some countries have been deemed to be ‘safe’ by the European Commission, for example, Canada and Argentina.

Often, the simplest compliance solution will be for the insurance company to enter into a contract that requires the data processor (ie the relevant service provider) to respect the same data-protection obligations that the company is under. The European Commission has issued a set of model contract clauses that should be used for this purpose.

The importance of data protection cannot be over-emphasised. In 2007, financial services firms received hefty fines for data-security lapses. The FSA campaigned for more effective controls and, the following April, published ‘Data Security in Financial Services’. The report, which includes a specific section on managing third-party suppliers, does not represent formal guidance, but the FSA has indicated that it expects firms to use its findings in assessing risk.

Firms that fail to protect data face the prospect not only of action by the Information Commissioner’s Office, which enforces the DPA, FSA fines and compensation claims from individuals but also of damaging publicity. Few people want to do business with someone who exposes them to the risks of financial crime.

Share
Leave a comment or ask a question
Total comments: 0

Insurance Disclaimer

  • The e-articles directory is not responsible for any and all copyright infringements by writers and authors. If you suspect the information contained by this page for any copyright infringements, please contact us to investigate the issue
General guide to Virginia Health insurance - Being a resident of Virginia and looking for information about health insurance? You might have flipped reams of pages and clicked a lot of online links while searching of Google or Yahoo! with var (more...)
Health insurance in California - It goes without saying that you should have a good healthcare coverage if you are a resident of California. If you don't, you will end up paying all the cost of your healthcare needs out of your ow (more...)
Finding Cheap Florida Health Insurance Rates - Being a resident of Florida, you can avail two types of health insurance policies-individual health insurance and group health insurance. Group health insurance is offered by employers while indi (more...)
Do Agent Marketers really care about your interest - Insurance industry can be regarded as one complicated world. Insurance that used to be a simple concept now has developed in to vast category with multiple further specializations and classificat (more...)
Insurance quotes and what do they mean - Insurance quote is something that describes that what actually you are going to pay as a premium on your insurance coverage. Looking it at practically that's a very bookish definition for it and (more...)
Owner Builder Insurance Advice for Owner Builders - There are few insurance brokers out there who take the time to understand your needs and assist you throughout the building cycle process. It is vital that you know what kind of insurance to buy an (more...)
Medical Coding Services And Doctors Get Ready Now For Change To ICD 10 - You've probably heard that the mandated switch to using ICD-10 codes for claims filing has been delayed by a few years until October 2013. You can breathe a little easier for now, but it is a good (more...)
How to Compare Insurance Companies - The Insurance Information Institute lists several things that a home owner should consider when evaluating insurance companies before deciding on a policy. Shopping for a home owne (more...)
What Is not Covered in Different Home Insurance Plans - It takes a thorough review of insurance plans to understand what types of damages may or may not be covered in certain home insurance policies. (more...)
Tips for Preventing Fires in the Home - House fires are one of the leading causes of home insurance claims. Learn how you can protect yourself and your family against a possible devastating fire. One of the most common c (more...)
 
free content
    Copyright © 2006 - 2012 e-articles.info.
The texts, articles and tutorials in the directory are property of their respective owners and authors.