EIOPA consults on guidelines on outsourcing to cloud service providers
The European Insurance and Occupational Pension Authority (EIOPA) launched a consultation on guidelines on outsourcing to cloud service providers.
These guidelines shall provide guidance to market participants on how the outsourcing provisions set forth in the Directive 2009/138/EC, in the Commission's Delegated Regulation 2015/35 and in EIOPA's Guidelines on System of Governance need to be applied in the case of outsourcing to cloud service providers. The consultation is open until Monday, 30 September 2019.
In line with its contribution to the European Commission's FinTech Action Plan and taking into account the outcome of its Fourth InsurTech Roundtable on the use of cloud computing by (re)insurance undertakings, EIOPA developed these guidelines addressed to insurance and reinsurance undertakings as well as national supervisory authorities with the following objectives:
- To provide clarification and transparency to market participants avoiding potential regulatory arbitrages
- To foster supervisory convergence regarding the expectations and processes applicable in relation to cloud outsourcing
The use of cloud outsourcing is a common practice to all financial undertakings and not only to insurance and reinsurance undertakings. Moreover, the main associated risks are similar across sectors. Acknowledging these facts and recognising the potential risks of regulatory fragmentation, in developing these guidelines - in addition to the (re)insurance provisions on outsourcing - EIOPA also considered the most recent guidance published by the European Banking Authority.
EIOPA's Guidelines cover the following areas:
- Criteria to distinguish whether cloud services should be considered within the scope of outsourcing
- Principles and elements of governance of cloud outsourcing including documentation requirements and list of information part of the notification to supervisory authorities
- Pre-outsourcing analysis, including materiality assessment, risk assessment and due diligence on the service providers
- Contractual requirements
- Management of access and audit rights; security of data and systems; sub-outsourcing, monitoring and oversight of cloud outsourcing and exit strategies
- Principle based instructions for the national supervisory authorities on the supervision of cloud outsourcing arrangements including, where applicable, at group level
For responding to this consultation please use this link. The deadline for submission of feedback is Monday, 30 September 2019 at 23.59 hrs CET.
Unless requested otherwise, all contributions received will be published after the deadline for submission.
These guidelines have been developed according to Article 16 of the Regulation (EU) 1094/2010. Under this Article EIOPA may issue Guidelines and Recommendations addressed to competent authorities and financial institutions with a view to establish consistent, efficient and effective supervisory practices and ensuring the common, uniform and consistent application of Union law.
In accordance with Article 16(3) of that Regulation, competent authorities and financial institutions are required to make every effort to comply with those Guidelines and Recommendations.
Latest News from
President Michel’s MFF proposal not acceptable for Parliament21/02/2020 09:25:00
Ahead of a special summit on 20 February, the EP’s negotiating team expresses its opposition to President Michel’s proposal for the next long-term budget.
Budgetary Control Committee asks for stronger measures to protect EU spending20/02/2020 15:25:00
On Wednesday, the Budgetary Control Committee signed off on the Commission’s 2018 budget, but rules to fight fraud and conflict of interest must be strengthened.
COVID-19 outbreak: Commission supports repatriation of EU citizens from cruise ship in Japan20/02/2020 12:25:00
The EU is co-financing the repatriation of EU citizens from the Diamond Princess cruise ship docked in Yokohama, Japan, thanks to flights from Italy mobilised through the EU Civil Protection Mechanism.
Shaping Europe's digital future: Commission presents strategies for data and Artificial Intelligence20/02/2020 11:38:00
The EC has unveiled its ideas and actions for a digital transformation that works for all, reflecting the best of Europe: open, fair, diverse, democratic and confident.
Fabio Panetta: Deepening & widening Economic and Monetary Union: finding the right speed19/02/2020 13:20:00
Introductory remarks by Fabio Panetta, Member of the Executive Board of the ECB, at the European Parliamentary Week.
"EU Budget risks being a failure for people & a gift to populism" warns CoR President19/02/2020 12:20:00
The European Committee of the Regions (CoR) asks to preserve funds for hospitals, schools, local transport, environment, universities and small businesses.
Council sets its priorities for the 2021 EU budget19/02/2020 11:20:00
The Council adopted the following conclusions setting out its priorities for the 2021 EU budget.
Human rights: EU adopts conclusions on EU priorities at UN Human Rights Fora in 202018/02/2020 13:25:00
On the occasion of the year marking the 75th anniversary of the entry into force of the UN Charter, the Council conclusions reaffirm EU's commitment to the rule-based international order – human rights protection being an important part of it.
Consultation on Air Quality - Executive Summary14/02/2020 12:20:00
The Secretariat of the Commission for Environment, Climate Change and Energy (ENVE) of the CoR is in the process of informing other EU institutional and non institutional actors about the Implementation Report of the consultation on Air Quality, whose Executive Summary is already available here.