Insurance outsourcing arrangements in Luxembourg will require more attention

Silvia Bracaloni by Pinsent Masons in Luxembourg, commented that new guidance will come into force that will be relevant to agreements entered into by insurers and reinsurers for the outsourcing of critical or important operational functions and activities on or after November 1, 2022.

Insurers and reinsurers are required to notify the Luxembourg insurance regulator, the Commissariat aux Assurances (CAA), of their intention to outsource critical or important outsourcing under Luxembourg insurance law, as well as any subsequent material developments in relation to those functions or activities. The CAA’s guidance, set out in a circular (7 pages / 346KB PDF), clarifies what it expects of insurance or reinsurance companies when making such outsourcing arrangements.

The CAA expects insurers and reinsurers to conduct a “pre-outsourcing analysis” to, among other things, “assess whether the outsourcing arrangement affects an important or critical operational function or activity.” As part of this exercise, the CAA encouraged companies to consider how outsourcing would affect their business plan, governance, branding and public perception.

The CAA has developed a standardized reporting form for insurers and reinsurers to complete and submit, and its letter provides guidance on what type of information companies should include in their written reports. The reporting form consists of six sections that require information about the insurance or reinsurance undertaking; the outsourced activity or function; general information about the service provider; duty of care towards the service provider; the outsourcing agreement with the service provider; and outsourcing control and management.

Insurers and reinsurers are also expected to make a number of representations to the CAA in relation to their critical or important outsourcing agreements – including that the agreements do not violate any law, that they have conducted due diligence on the service provider and that they Have established means to regularly monitor the performance and results of the Service Provider.

The CAA has stated that its letter does not apply to IT outsourcing or cloud-based outsourcing chains – in this situation insurers and reinsurers need to refer to separate guidance in Circular 21/15 (15-page / 298KB PDF) and meet the requirements listed therein.

Bracaloni said: “The CAA guidelines do not introduce any significant changes to requirements that insurers and reinsurers are already familiar with from the Luxembourg Insurance Law, EU regulations and the guidelines issued by the European Insurance and Occupational Pensions Authority (EIOPA). are. However, insurers and reinsurers are required to better structure the information about their outsourcing arrangements when reporting to the CAA.”

“The CAA intends to be able to effectively and concretely verify compliance by insurance and reinsurance companies with the conditions laid down by the Luxembourg Insurance Act, e.g. She said.

“Insurance and reinsurance companies remain fully responsible for the activities performed, and it is also their responsibility to determine whether the outsourced function or activity is critical or important,” she said.