You are here:
28 October 2020 / news

A regulator’s perspective: cloud outsourcing in the insurance sector

The National Bank of Belgium (NBB) has issued fifteen recommendations for cloud service providers in the insurance sector, which will apply as from 1 January 2021.

binary code

The recommendations cover the entire outsourcing process and build in higher standards in case critical or important functions and activities are outsourced. They reflect the opportunities that outsourcing can offer, but equally recognise the risks inherent thereto, especially in respect to cloud outsourcing. Successful (cloud) outsourcing strategies in the insurance sector will therefore require an integrated and pro-active approach.

In summary, the NBB recommends insurers to:

  1. Ask themselves whether or not the contemplated arrangement constitutes outsourcing;
  2. Ensure that any decision to outsource critical or important functions/activities is based on a through risk assessment;
  3. Update the written outsourcing policy;
  4. Carry out a pre-outsourcing analysis;
  5. Assess whether it concerns a critical or important function/activity;
  6. Identify and assess the potential impact of cloud outsourcing in order to adopt an proportionate risk approach;
  7. Perform a due diligence on the cloud service provider;
  8. Clearly allocate the rights and obligations of the company resp. cloud service provider;
  9. Preserve access and audit rights in order to comply with their regulatory obligations;
  10. Ensure regulatory compliance (incl. ICT security standards) by cloud service providers;
  11. Consider and insert arrangements on sub-outsourcing (if permitted);
  12. Monitor the cloud outsourcing arrangements and set up the necessary mechanisms to do so;
  13. Have a clearly defined exit strategy clause to terminate the agreement (if necessary);
  14. In case the cloud service provider’s data are located outside the EEA, ensure (and enforce) access and audit rights;
  15. Retain original copies of certain documents at the registered office. 



EC published its long-waited Q&A clarifying the scope of SFDR disclosures for AIFMs

EC Q&A on the scope of SFDR disclosures for AIFMs

the EC clarified that both non-EU AIFMs and sub-threshold AIFMs must ensure compliance with the disclosure obligations of the SFDR. read more
Kevaka bypass

Loyens & Loeff congratulates TIIC, ACB & Binders on reaching financial close on the first large PPP project in Latvia, the Kekava Bypass

On 16 July 2021, the consortium signed the PPP contract with the Latvian Ministry of Transport and secured funding by the European Investment Bank and the Nordic... read more
Coronavirus - Belgian measures for businesses

Coronavirus | Belgian measures for businesses

Since 3 March 2020 different authorities (EU, national, local) took measures in Belgium to reduce the spreading of the COVID-19 virus. In order to overcome the... read more
Stay informed

Don't miss out. Stay up to date about our latest news and events.

Stay informed