EIOPA consults on guidelines on outsourcing to cloud service providers
The European Insurance and Occupational Pension Authority (EIOPA) launched a consultation on guidelines on outsourcing to cloud service providers.
These guidelines shall provide guidance to market participants on how the outsourcing provisions set forth in the Directive 2009/138/EC, in the Commission's Delegated Regulation 2015/35 and in EIOPA's Guidelines on System of Governance need to be applied in the case of outsourcing to cloud service providers. The consultation is open until Monday, 30 September 2019.
In line with its contribution to the European Commission's FinTech Action Plan and taking into account the outcome of its Fourth InsurTech Roundtable on the use of cloud computing by (re)insurance undertakings, EIOPA developed these guidelines addressed to insurance and reinsurance undertakings as well as national supervisory authorities with the following objectives:
- To provide clarification and transparency to market participants avoiding potential regulatory arbitrages
- To foster supervisory convergence regarding the expectations and processes applicable in relation to cloud outsourcing
The use of cloud outsourcing is a common practice to all financial undertakings and not only to insurance and reinsurance undertakings. Moreover, the main associated risks are similar across sectors. Acknowledging these facts and recognising the potential risks of regulatory fragmentation, in developing these guidelines - in addition to the (re)insurance provisions on outsourcing - EIOPA also considered the most recent guidance published by the European Banking Authority.
EIOPA's Guidelines cover the following areas:
- Criteria to distinguish whether cloud services should be considered within the scope of outsourcing
- Principles and elements of governance of cloud outsourcing including documentation requirements and list of information part of the notification to supervisory authorities
- Pre-outsourcing analysis, including materiality assessment, risk assessment and due diligence on the service providers
- Contractual requirements
- Management of access and audit rights; security of data and systems; sub-outsourcing, monitoring and oversight of cloud outsourcing and exit strategies
- Principle based instructions for the national supervisory authorities on the supervision of cloud outsourcing arrangements including, where applicable, at group level
For responding to this consultation please use this link. The deadline for submission of feedback is Monday, 30 September 2019 at 23.59 hrs CET.
Unless requested otherwise, all contributions received will be published after the deadline for submission.
These guidelines have been developed according to Article 16 of the Regulation (EU) 1094/2010. Under this Article EIOPA may issue Guidelines and Recommendations addressed to competent authorities and financial institutions with a view to establish consistent, efficient and effective supervisory practices and ensuring the common, uniform and consistent application of Union law.
In accordance with Article 16(3) of that Regulation, competent authorities and financial institutions are required to make every effort to comply with those Guidelines and Recommendations.
Latest News from
ECB shuts down compromised BIRD website16/08/2019 10:20:00
The European Central Bank (ECB) said on Thursday that unauthorised parties had breached the security measures protecting its Banks’ Integrated Reporting Dictionary (BIRD) website, which is hosted by an external provider. As a result, it was possible that the contact data (but not the passwords) of 481 subscribers to the BIRD newsletter may have been captured.
rescEU assets mobilised to help Greece fight devastating forest fires15/08/2019 10:25:00
Following a request for assistance from Greece on 13 August 2019, rescEU assets have been mobilised to tackle forest fires ravaging several areas of Greece.
EU mobilises €9m to tackle the food crisis in Haiti14/08/2019 10:20:00
The European Union has released €9m in humanitarian aid in response to the deteriorating food & nutrition situation in Haiti. The humanitarian aid will cover the basic food & nutritional needs of more than 130,000 people living in the worst affected areas.
Asylum applications in the EU+ up by 10 % in the first half of 2019 from the same period in 201813/08/2019 11:10:00
Preliminary analyses reveal that in the first half of 2019 some 337 200 applications for asylum were lodged in the EU+, a 10 % increase from the same period a year earlier. In contrast to this upward trend, in June 2019 applications fell to the lowest level of the year, but there were fewer working days.
EC provides 20 cities with funding for innovative security, digital, environmental and inclusion projects07/08/2019 15:20:00
The European Regional Development Fund (ERDF) will finance 20 urban projects with €82m. These projects were put forward by cities under the 4th call for proposals of the Urban Innovative Actions which is implemented by French region Hauts-de-France.
Public consultation: chlorinated paraffins in food and feed07/08/2019 13:25:00
EFSA is seeking feedback from interested parties on its scientific opinion about the risks to human and animal health related to the presence of chlorinated paraffins in food and feed.
The EU and the United States sign an agreement on imports of hormone-free beef06/08/2019 13:25:00
The EU and the United States have signed an agreement reviewing the functioning of an existing quota to import hormone-free beef into the EU.
State aid: France to recover €8.5m of illegal aid to Ryanair at Montpellier airport05/08/2019 13:25:00
The EC has found that the marketing agreements concluded between the local Association for the Promotion of Touristic and Economic Flows (APFTE) and Ryanair at the airport of Montpellier are illegal under EU State aid rules. Ryanair now has to return €8.5m of illegal State aid.