EIOPA publishes peer review on outsourcing

The European Insurance and Occupational Pensions Authority (EIOPA) published today the report of the peer review on outsourcing.

The peer review assessed the overall maturity of the framework implemented by national supervisory authorities (NSAs) to supervise the outsourced activities of insurance and reinsurance undertakings. The objective of the peer review was to identify gaps, areas of improvements and best practices to promote consistent and effective supervision in this regard.

The findings show that European undertakings make an increasing use of outsourcing, mainly in the field of technology, and that the level of outsourcing varies greatly across the European Economic Area. These differences in the penetration of outsourcing help explain why Member States’ supervisory frameworks are also at different stages of maturity.

The majority of NSAs focus their supervisory assessment of outsourcing-related risks at notification, that is, before undertakings would outsource certain functions, whereas others opted for a lighter notification process combined with more intensive ongoing supervision. A few authorities implemented both a robust notification assessments together with intensive ongoing supervision.

An analysis of the tools used by NSAs reveals that even though on-site inspections are both time and effort-intensive, they are the most effective tool to verify the overall governance structure around outsourcing and to confirm whether undertakings comply with Solvency II requirements regarding outsourced activities. Nevertheless, on-site inspections specifically focused on outsourcing are not among the most frequently used instruments by NSAs. While NSA do undertake such inspections, a review of the outsourcing frameworks is more common during the overall review of undertakings’ system of governance.

The peer review found that segments of the outsourcing framework and certain supervisory practices need improvement. To address these, EIOPA has recommended actions to NSAs in a number of areas. These include aspects of the outsourcing framework, the structure of the notification process as well as NSAs’ supervision of the notification content, information management and supervisory procedures for both off-site and on-site inspections.

EIOPA has also identified areas where higher supervisory convergence and/or more clarity regarding supervisory expectations could be achieved. Therefore, EIOPA will consider conducting further analysis in three domains:

As a follow-up of this peer review, EIOPA will monitor and assess NSAs’ compliance with the recommended actions. A detailed run-down of each recommended action and the NSAs to whom they are addressed can be found in the final report of the peer review.

EIOPA will also consider how to best reflect the overall findings of the peer review in its work on supervisory convergence and take the results into account in the implementation of the Digital Operational Resilience Act (DORA), when applicable.

In the context of enhancing supervisory convergence and in accordance with its mandate, EIOPA regularly conducts peer reviews in close collaboration with NSAs and with the aim of strengthening both the convergence of supervisory practices across Europe and the capacity of NSAs to conduct high-quality and effective supervision.