PINS S6.7 Risk management policy — outsourcing risk

An insurer's risk management policy for outsourcing risk should include:

(a) a process for negotiating or assessing outsourcing agreements with service providers;
(b) the setting and monitoring of authority limits and referral requirements;
(c) the identification and assessment of performance targets;
(d) the procedures for evaluation of performance against targets;
(e) the provisions for remedial action;
(f) the reporting requirements imposed on the service providers (including content and frequency of reports);
(g) the ability of the insurer and its external auditors to obtain access to the service providers and their records;
(h) the protection of intellectual property rights;
(i) the protection of customers' and the insurer's confidentiality;
(j) the adequacy of any guarantees, indemnities or insurance cover that a service provider agrees to provide;
(k) the ability of a service provider to provide continuity of business; and
(l) the arrangements to change, or terminate, outsourcing agreements.
Inserted by QFCRA RM/2013-1 (as from 1st January 2015).