Short Reads

DNB publishes guidelines for outsourcing notifications by insurers

DNB publishes guidelines for outsourcing notifications by insurers

DNB publishes guidelines for outsourcing notifications by insurers

04.12.2020 NL law

Requirements applicable to outsourcing (including intra-group arrangements as well as outsourcing to the cloud) under Dutch and EU financial regulatory regimes have become more stringent in recent years. Outsourcing has therefore been a priority on the Dutch regulators’ supervision agenda.

On 30 November 2020, the Dutch Central Bank (De Nederlandsche Bank, “DNB”) published new guidance with the aim of improving the quality of outsourcing notifications submitted by Dutch insurers.  On the same date, DNB issued a press release indicating that outsourcing contracts between various regulated undertakings and a large IT supplier are structurally non-compliant, for instance because a proper ‘right to audit’ or ‘right to examine’ was not appropriately catered for (link), alerting Dutch financial markets to the paramount importance of compliance with the applicable outsourcing requirements.

Outsourcing activities

The Solvency II Directive sets the requirements applicable to (cloud and non-cloud) outsourcing by insurers. The requirements state that DNB must be informed in a timely manner when a Dutch insurer decides to outsource activities to a third party. Importantly, outsourcing arrangements that qualify as ‘critical or important’ must be reported to DNB before the agreement with the third party to whom the services are outsourced takes effect, or the actual provision of services commences.

Points of attention

In its update, DNB notes that it will continue to focus on the quality of the outsourcing and the timely and correct notification of outsourcing arrangements to DNB. In order to improve the quality of outsourcing notifications, DNB recommends that insurers take the following points of attention into account:

  • In order to examine an outsourcing notification directly in the right context, DNB requests insurers include with their notification a full schematic overview of the outsourcing chain, including a detailed explanation.
  • DNB expects insurers to ensure that the scope and depth of the information they receive from third parties is sufficient to allow them to determine the outsourced parties’ standard of control. For an adequate evaluation of the risk that a service provider may not comply with the agreed quality standards, DNB asks insurers to use DNB’s template when preparing their risk analysis, as DNB states that assurance reports, certifications or in-house audits do not always provide sufficient assurance regarding the service provider's internal control. An ISO27001 certificate, for example, is by itself insufficient to demonstrate the effectiveness of control measures.
  • The rights to audit and examine, which are referred to in the 'outsourcing notification form', extend beyond the service provider with whom the agreement is concluded. DNB emphasises the need for these rights to cover all critical or important outsourced activities throughout the outsourcing chain. Recent cases have provided examples where the rights to audit and examine service providers were not provided for in the outsourcing agreement, meaning that insurers were non-compliant when entering into the outsourcing arrangement (and may remain non-compliant to the present date). These agreements must be updated and amended.

Finally, DNB reiterates that it is important to evaluate the extent to which outsourcing contracts meet the requirements set out in Article 274 of the Solvency II Regulation and the EIOPA Guidelines on outsourcing to cloud service providers.

Given the fact that outsourcing is a key point of supervision by the Dutch regulators, we recommend financial undertakings to ensure that they fully comply with the applicable outsourcing regulations and that they assess whether their outsourcing notifications to DNB comply with the above guidelines.

Team

Related news

15.10.2021 NL law
BRRD II implementation in the Netherlands

Short Reads - Recently, the Dutch bill for the implementation of BRRD II (i.e. Directive (EU) 2014/59 establishing a framework for the recovery and resolution of credit institutions and investment firms, as amended by Directive (EU) 2019/879) in the Netherlands was submitted to Dutch Parliament, where it is currently under debate.

Read more

01.10.2021 NL law
Vanaf 1 oktober strengere regelgeving voor verkoop van turbo’s aan particuliere beleggers

Short Reads - Turbobeleggers nemen veel risico’s en verliezen gemiddeld veel geld. De AFM vindt dat particuliere beleggers onvoldoende beschermd worden tegen de risico’s van turbo’s. De verkoop van turbo’s aan deze beleggers wordt daarom aan banden gelegd. Met ingang van 1 oktober geldt een hefboombeperking, een verplichte risicowaarschuwing en een verbod op handelsbonussen. Daarmee wil de Autoriteit Financiële Markten (AFM) particuliere beleggers beter beschermen tegen de risico’s van turbo’s.

Read more

14.10.2021 NL law
NFTs: New legal challenges on the horizon

Short Reads - Non-Fungible Tokens, widely known as NFTs, have recently gained much attention due to their role in the transfer of digital artworks. The market for NFTs grew from USD 13.5m in the first six months of 2020 to USD 2.5bn in the first half of 2021 and is still growing at an expansive rate. Notwithstanding their increasing popularity in the world of art, NFTs have many potential applications. In this blog Maciek Bednarski, Annemijn Witkam and Roderik Vrolijk explain what NFTs are and describe some of the legal challenges they will bring about.

Read more

20.09.2021 NL law
AFM: Beleggingsfondsen kunnen beleggers beter informeren over duurzaamheid

Articles - Beleggingsfondsen kunnen beleggers beter informeren over duurzaamheid. De informatieverschaffing van fondsen over duurzaamheidsrisico’s en duurzaamheidskenmerken is nog vaak te algemeen, daardoor krijgen beleggers te weinig inzicht in waar ze in investeren. Dat is een van de conclusies van de Autoriteit Financiële Markten (AFM) in een verkennend onderzoek naar de toepassing van de Sustainable Finance Disclosure Regulation (SFDR).

Read more

11.10.2021 NL law
Vervolgonderzoek van de AFM naar incidentmeldingen door asset managers

Articles - Sinds de uitbraak van het coronavirus wordt ook in de financiële sector meer op afstand samengewerkt. Dat brengt specifieke risico’s met zich mee. De Autoriteit Financiële Markten (AFM) gaat daarom vervolgonderzoek doen naar het melden van incidenten door asset managers. De reden is het uitblijven van een stijging van het aantal incidentmeldingen ondanks herhaalde oproepen daartoe.

Read more