PINS S6.6 What is outsourcing risk?

(1) Outsourcing risk is the risk posed to an insurer's business by non-performance, or poor performance, by a service provider of a function transferred to the service provider under a material outsourcing arrangement (within the meaning of CTRL).
(2) An insurer should not outsource a function if the outsourcing would result in unduly increasing the operational risk of the insurer.

Note An insurer must assess the risks that a material outsourcing poses to its business (see CTRL, rule 8.2.2 (2) (a)), and the governing body of the insurer must review, at least once every 2 years, the insurer's outsourcing procedures for assessing the feasibility of a proposed outsourcing and the risks that the outsourcing poses to the insurer's business (see CTRL, rule 8.1.3 (4) (a) (i)).
(3) Financial firms frequently decide to outsource aspects of their operations to other parties, related or not. Outsourcing can bring significant benefits to an insurer in terms of efficiency, cost reduction and risk management. However, the process of implementing outsourcing arrangements and the outsourcing relationship itself may expose an insurer to additional risk. It is therefore important that insurers take care to supervise the conduct of activities that are outsourced.

Note CTRL, rule 8.2.4 (1) requires an authorised firm to inform the Regulatory Authority before entering into a material outsourcing arrangement.
(4) The activities of service providers have the ability to undermine the risk management activities of insurers. Insurers should take particular care in the outsourcing of activities such as underwriting and claims settlement, where inappropriate performance of the functions can expose the insurer to serious financial loss, for example through acceptance of inappropriate insurance risks, mis-pricing, failure to obtain appropriate reinsurance cover, or failure to detect invalid claims. These considerations apply to such arrangements as binding authorities and other agencies appointed by insurers.
(5) Insurers should take care to manage the risk that the sound and prudent management of the insurer's business may be compromised by conflicting incentives in an outsourcing agreement. In particular, insurers should consider whether the remuneration structure creates any perverse incentives. For example, a service provider with underwriting authority may have an incentive to accept poorer quality business if remuneration is based on commission (especially if bonuses are given for volume) but is not affected by the performance of the insurance contracts accepted.
(6) Intra-group outsourcing may be perceived as subject to lower risks than using service providers from outside a group. However it is not risk-free and an insurer must still assess the associated risks and make appropriate arrangements for their management.
Inserted by QFCRA RM/2013-1 (as from 1st January 2015).
Amended by QFCRA RM/2021-1 (as from 1st July 2021)