You are here:
28 October 2020 / news

A regulator’s perspective: cloud outsourcing in the insurance sector

The National Bank of Belgium (NBB) has issued fifteen recommendations for cloud service providers in the insurance sector, which will apply as from 1 January 2021.

binary code

The recommendations cover the entire outsourcing process and build in higher standards in case critical or important functions and activities are outsourced. They reflect the opportunities that outsourcing can offer, but equally recognise the risks inherent thereto, especially in respect to cloud outsourcing. Successful (cloud) outsourcing strategies in the insurance sector will therefore require an integrated and pro-active approach.

In summary, the NBB recommends insurers to:

  1. Ask themselves whether or not the contemplated arrangement constitutes outsourcing;
  2. Ensure that any decision to outsource critical or important functions/activities is based on a through risk assessment;
  3. Update the written outsourcing policy;
  4. Carry out a pre-outsourcing analysis;
  5. Assess whether it concerns a critical or important function/activity;
  6. Identify and assess the potential impact of cloud outsourcing in order to adopt an proportionate risk approach;
  7. Perform a due diligence on the cloud service provider;
  8. Clearly allocate the rights and obligations of the company resp. cloud service provider;
  9. Preserve access and audit rights in order to comply with their regulatory obligations;
  10. Ensure regulatory compliance (incl. ICT security standards) by cloud service providers;
  11. Consider and insert arrangements on sub-outsourcing (if permitted);
  12. Monitor the cloud outsourcing arrangements and set up the necessary mechanisms to do so;
  13. Have a clearly defined exit strategy clause to terminate the agreement (if necessary);
  14. In case the cloud service provider’s data are located outside the EEA, ensure (and enforce) access and audit rights;
  15. Retain original copies of certain documents at the registered office. 

Temporary statutory moratorium on creditors rights

Belgium imposes second temporary statutory moratorium on creditors’ rights

During this second wave of COVID, new lock-down measures have been taken. Belgium has already provided for numerous measures to mitigate the economic impact... read more
Coronavirus - Belgian measures for businesses

Coronavirus | Belgian measures for businesses

Since 18 March different authorities (EU, national, local) took measures in Belgium to reduce the spreading of the COVID-19 virus. In order to overcome the economic... read more
Initiatives taken by European and Belgian regulatory authorities in the context of the coronavirus

Initiatives taken by international, European and Belgian banking, investment and insurance supervisors in the context of the coronavirus crisis

The corona crisis is having a major impact on banks, insurers and financial markets. The shortage of liquidity is described as unprecedented. Regulators are... read more