Header graphic for print

Global Insurance Blog

International Insurance and Reinsurance News, Trends, and Cases

Posted in European Union, Regulatory and legislative updates, UK

EIOPA to produce cloud outsourcing guidelines for insurers

On 27 March 2019, the European Insurance and Occupational Pensions Authority (EIOPA) published a report that looks at outsourcing to the cloud by (re)insurers.

The report was issued in response to the European Commission’s request (through its FinTech Action Plan published on 3 March 2018) that the European Supervisory Authorities – EIOPA, the European Banking Authority (EBA) and the European Securities and Markets Authority (ESMA) – explore the need for guidelines on outsourcing by regulated entities to cloud service providers. As adoption of cloud computing in the financial sector increases, the Commission has concerns about the uncertainties of its interpretation by supervisory authorities within the scope of existing outsourcing requirements.

While all three of the European Supervisory Authorities launched initiatives to answer the Commission, the EBA lead the charge. It issued detailed Recommendations on outsourcing to cloud service providers (EBA Recommendations) that have applied to credit institutions and investment firms since 1 July 2018. The EIOPA report announces EIOPA’s intention to publish guidelines on cloud for the (re)insurance sector in the course of 2019. The report notes that EMSA is currently considering whether to issue any guidelines, although ESMA’s 2018 Annual Report and 2019 Work Programme summarises the work that it has already done as part of its supervisory project on cloud computing.

In addition to outlining EIOPA’s plans to provide guidance for (re)insurers that outsource to cloud service providers, the EIOPA report provides an overview of cloud computing and market practices in the EU, drawing on feedback from National Supervisory Authorities (NSAs).

Amongst the key takeaways outlined in the EIOPA report are that:

  • cloud services are not yet extensively used by (re)insurance undertakings in the EU, but that the level of use by (re)insurance companies differs between EU jurisdictions and the cloud services used are aligned to those used by the banking sector
  • cloud computing is used mainly by newcomers, by a niche of the market and by larger undertakings mainly for non-critical functions, but many large European (re)insurers are expanding their use of cloud as part of their wider digital transformation strategies
  • the impact of cloud computing on the (re)insurance market is assessed differently among jurisdictions, due to its complexity and level of technicality.

Cloud computing regulation

Under both banking and (re)insurance regulation, an outsourcing to a cloud service provider is covered by the same provisions that would apply to any other outsourcing for regulatory purposes.

For (re)insurers in the EU, this means compliance with the measures on outsourcing within the Solvency II framework. However, the report notes that the current level of national guidance on cloud outsourcing for the (re)insurance sector is not standardised across EU countries and is not being applied consistently.

For example, while certain regulators have already issued or are planning to issue national guidance on cloud outsourcing (e.g. the UK, France, Germany and Poland), other regulators rely on broader national standards to support the management of specific critical areas of cloud outsourcing (e.g. in Spain, Italy and the Netherlands) and others have no specific plans (e.g. Portugal and Ireland). The report also notes that NSAs take different views as to whether cloud computing is always outsourcing, and some NSAs have adopted a specific definition for cloud computing.

Despite this divergence, the EIOPA report finds that “most NSAs (banking and (re)insurance supervisors at the same time) declare that they are considering the EBA Recommendations as a reference for the management of cloud outsourcing”.

In determining whether separate guidance was needed for the (re)insurance sector, EIOPA carried out a gap analysis between the existing Solvency II regulations and the EBA Recommendations, and its findings are set out in the EIOPA report. EIOPA has concluded that:

  • the current Solvency II recommendations are sound to discipline outsourcing to cloud service providers and already cover most of the contents of the EBA Recommendations, which just appear to be more specific about certain areas
  • despite this, EIOPA should issue guidance on cloud outsourcing in order to provide legal transparency to regulated undertakings and service providers in the market and “to avoid potential regulatory arbitrage”. This guidance will be aligned with the EBA Recommendations and, where applicable, the EBA’s new Guidelines on outsourcing arrangements (as these incorporate and will repeal the EBA Recommendations when the Guidelines come into effect on 30 September 2019).

EIOPA believes that, due to the rapidly-developing nature of cloud computing, cloud outsourcing regulation should not attempt to regulate all (re)insurance-related aspects, but should instead be principles-based. This suggests that EIOPA’s guidance will not be as prescriptive as aspects of the EBA Recommendations and Guidelines, but it will be interesting to see:

  • if EIOPA adopts a similar approach to the monitoring of such outsourcings, e.g. the requirement to keep a register of cloud outsourcings containing prescribed minimum information, and to make this available to regulators
  • if EIOPA deems all cloud services to be ‘an outsourcing’ and subject to its guidance. The report suggests this might be the case, with the executive summary containing statements such as “the purchase of cloud computing services falls within the broader scope of outsourcing” and “as to applicable regulation, cloud computing is considered as an outsourcing”. Concerns about this approach were raised in feedback to the EBA’s consultation on its draft Guidelines (which now incorporate the EBA Recommendations), in response to which the EBA highlighted that its Guidelines do not say that all cloud services are also outsourcing arrangements.

Timeline

EIOPA’s current plan is to draft its own guidelines on cloud outsourcing during the first half of 2019, with those being issued for consultation and finalised by the end of 2019.

There will also be a public roundtable on the use of cloud computing by (re)insurance undertakings, where representatives from the (re)insurance industry, cloud service providers and the supervisory community can discuss their views on cloud outsourcing in a Solvency II and post-EBA Recommendations environment.

EIOPA, the EBA and ESMA have also agreed to start a joint market monitoring activity in the second half of 2019. This is aimed at developing policy views on how cloud outsourcing in the finance sector should be treated in the future. The group will consider the increasing use of cloud technology, and the potential for large cloud service providers to be a single point of failure.

Next steps

Please contact us if you have any questions on the EIOPA report or to find out how we can help you with your cloud outsourcing issues.

Posted in Regulatory and legislative updates, UK

FCA warns GI firms to place greater focus on customer outcomes

FCA publishes the results of its Thematic Review into GI insurance distribution chains

The FCA’s Thematic Review into GI insurance distribution chains (published on 10 April 2019) has concluded that certain GI sector manufacturing, sales and distribution approaches can lead to customers purchasing inappropriate products, paying excessive prices or receiving poor service.

The report highlights how the remuneration of all the parties in the distribution chain can result in customers paying significantly higher prices than the production and delivery costs of the products they are buying.  In some distribution chains there can also be a high risk of unsuitable sales (e.g. where an insurance product is sold alongside a non-financial product, such as a car).

The FCA has warned the sector to closely review its practices in light of the recent findings and make immediate improvements or face further regulatory intervention.  Continue Reading

Posted in Case reports, UK

UK: We didn’t start the fire: Motor insurer not liable for property damage caused by car repair fire on private premises

In R&S Pilling t/a Phoenix Engineering v UK Insurance Limited [2019] UKSC 16, the Supreme Court addressed the question of whether or not a motor insurer should be liable for property damage caused by a fire which was started whilst a vehicle insured by it was being repaired on private land.

The Facts

Mr Holden, a mechanic employed by Phoenix Engineering, was working overtime and asked to use the loading bay at the premises to do some work on his car. Whilst welding some plates onto the underside of the car, a fire started and spread inside the car, then to some rubber mats lying close to the car. The fire then spread to Phoenix’s premises and the adjoining building.

AXA, Phoenix’s insurer, paid out over £2m to Phoenix and the owner of the adjoining property for the damage. Subrogated to Phoenix’s rights, AXA brought a claim against Mr Holden’s motor insurers, UK Insurance Limited (“UKI”), having undertaken not to pursue Mr Holden personally. UKI commenced proceedings for a declaration that it was not liable to indemnify Mr Holden. Continue Reading

Posted in Regulatory and legislative updates, UK

UK: Changes to Financial Ombudsman Service (FOS): (1) increased award limit of £350,000; (2) jurisdiction extended to SMEs

From 1 April 2019 two significant changes take effect:

  • The jurisdiction of the FOS is extended to cover small and medium-sized enterprises, certain charities and trusts and personal guarantors; and
  • The FOS award limit is increased from £150,000 to £350,000 (an increase of 133%).

These changes follow a short consultation process in late 2018.  For more information on the detail of the changes and the FCA responses to the consultation see the FCA policy statement PS19/8 published in March 2019. Continue Reading

Posted in Italy, Regulatory and legislative updates

Brexit: Italian measures for UK insurers and intermediaries

Last night the Italian Government approved the law decree aimed at ensuring financial stability and market integrity in the event of hard Brexit (the “Decree”). The final version of the Decree is expected to be issued soon and will enter into force upon the publication on the Official Journal. Amendments in the final version of the Decree cannot be excluded at this stage, but significant deviations from the below are not expected as the Decree was presented and approved on the same day.

In relation to UK insurance undertakings and intermediaries, these are the main provisions of the draft version of the Decree examined by the Government yesterday:

Click here for the full Newsflash

Posted in Case reports, Market developments, Regulatory and legislative updates, South Africa

South Africa: Purpose and simple language take precedence

On 14 March 2019, the Supreme Court of Appeal (SCA) dismissed an appeal by Centriq Insurance Company Ltd (Centriq) against a ruling of the Free State High Court holding liable a financial advisor under a professional indemnity insurance policy. The SCA held that Centriq could not rely on an exclusion in the policy that was at odds with its purpose, which was to indemnify a financial advisor for breach in connection with negligent financial advice.

The financial advisor, Mr Jose Francisco Castro (the insured), had advised a widow, Mrs Marisa Vogel Oosthuizen (Oosthuizen), to invest the proceeds of her deceased husband’s policy in an amount of ZAR2 million in Sharemax Investments (Pty) Ltd (Sharemax) in a property development scheme known as “The Villa Retail Parks Holding 2”. The villa was a yet to be completed shopping complex, a fact that the insured did not draw to Oosthuizen’s attention. The development failed following a Reserve Bank investigation, which found that Sharemax was contravening the Banks Act 94 of 1990 by taking deposits illegally.

Click here to read the full newsletter.

Posted in Market developments, Regulatory and legislative updates, USA

US: A look at the impact and insurance regulatory challenges of InsurTech innovations, AI, machine learning, blockchain, and smart contracts

Hogan Lovells counsel Robert Fettman discusses the challenges and opportunities that InsurTech innovations and technologies like blockchain, distributed ledger technology (DLT), and smart contracts present to the U.S. insurance industry.

Click here to read the full interview.

Posted in Italy, Regulatory and legislative updates

Unit-linked policies: a new judgement of the Italian Supreme Court

On 5 March the Italian Supreme Court issued a new important judgment on unit-linked policies and their nature.

Unlike previous decisions rendered over the past years, in which the Supreme Court merely referred to the lower courts the task of assessing the features of the disputed policies so as to verify whether they could be considered as financial or insurance products, this time the Supreme Court set out detailed and precise guidelines.

Click here to continue reading…

Posted in Regulatory and legislative updates, Spain

Spain: Contingency measures following no-deal Brexit published –and they guarantee continuity of insurance contracts and smooth adaptation to new regime for British insurers

What is all about?

Brexit month is finally here –or is it? Interests at stake on both sides of the Channel, fearing consequences of a no-deal Brexit, may end up cristalysing in a delay and extension to Article 50 of the TEU.

Whatever the case, as things stand now, the UK is due to leave the EU on 29 March, 2019, regardless of whether there is a deal with the EU or not.

In an effort to mitigate consequences for citizens and businesses of a no-deal Brexit the Spanish Council of Ministers approved last 1 March a Royal Decree on Brexit contingency measures covering a wide range of issues –from healthcare to travel to financial services and insurance. Continue Reading

Posted in Regulatory and legislative updates, UK

UK: Corporate Insurance Newsletter – February 2019

The Hogan Lovells’ Corporate Insurance Newsletter for February  has been published.  This provides a round-up of UK, EU and international regulatory developments relevant to UK based insurance market participants.  In this issue, amongst other items, we cover:

  • Latest Brexit related consultation papers and other material from the HM Treasury, PRA and FCA
  • The FCA’s final report on its review of the wholesale insurance brokers market review
  • The European Commission’s request to EIOPA for technical advice on the review of the Solvency II Directive