Outsourcing- How to make sure it does not end in disaster

Home / Danny Joffe / Outsourcing- How to make sure it does not end in disaster

With careful due diligence outsourcing is still a very effective way of providing quality service to customers

There are many reasons for Insurers, if and when they decide to outsource functions that are integral to the various insurance products that they sell. Circumstances have changed a lot over the years from the time when Insurers would be able to supplement any gaps they may have had in their administration capacity or processes with outsourced entities. Over time many critical functions became outsourced by Insurers including claims, underwriting, recovery and even what we call today, the control functions being compliance, actuarial and risk. That was before the days of the regulator enforcing full responsibility onto Insurers for poor customer conduct or breach of regulations and protection of data, cyber security and strict solvency legislation. Governance Insurance standards have been legislated which dictates how outsourcing can take place and in 2020 Insurers are being forced to be far more careful in the way they operationally handle the outsourcing of insurance functions as well they governance and oversight that is required.

There are various risks that Insurers must consider before making a decision to outsource to a third party. If such risks are not properly considered it will contribute to the arrangement ending up in disaster for one of the parties. These would include reputational risk (which in the world of social media and increased consumerism must be taken very seriously) termination or divorce risk or operational risk where the Insured will need to guard against losses, they can also suffer as a result of operational failures by the entity to whom functions have been outsourced. If an insurer outsources binder functions such as entering into or varying policies on its behalf or settling claims, any poor or incorrect decisions made by the outsourced entity will bind the insurer. This risk can be significant with policies that have larger exposure and Insurers would need to be comfortable that they have conducted a thorough due diligence and consistently monitor the ongoing performance of the functions to guard against these risks. The due diligence should be performed prior to entering into any arrangement and would check issues such as potential conflict of interests, what fee would be commensurate with the functions being performed, as well as the ability of the system and staff to perform the functions.

I believe however that compliance risks remain the highest in today’s insurance universe. Breaches of regulations such as the Policy Holder Protection Rules, Binder regulations or The Insurance Acts will be deemed to be the Insurer’s breaches in many cases and large fines and enforcement action can follow as a result of such breaches. Cyber risks and protection of personal information is becoming increasingly a common threat to all entities who rely on IT systems to manage large amount of data on their behalf. With The Protection of Personal Information Act not far away and the reputational risk of losing or having one’s data hacked becoming more real, serious ongoing oversight is required for the outsourced entity’s IT systems. This would include intermediaries, claims service providers and third-party IT systems who all manage and hold large amounts of Insurer’s data. The system also will need to be able to transmit the data to the insurer and have and have credible back up procedures given that most files and information is held electronically and the stability of the system is critical to the entity being able to perform its operational requirements. It is becoming very expensive to keep ahead of hackers and cyber criminals as well as make sure proper disaster recovery procedures in place but when one outsources, one must look at the worst scenarios and how these entities would be able to recover in the event of disaster. Strong agreements must be put in place prior to such outsourcing taking place and insurers as mentioned above, must keep ongoing checks and oversight on the activities, processes and staff. As one can see, expertise is required to govern these risks which have increased dramatically in the recent past. I would suggest insurers strongly acquaint themselves with governance standard five of The Insurance Act which will inform what risks need to be fully considered and mitigated and thresholds for material arrangements carefully considered. Having said all this, if an insurer get it right, outsourcing is still a very effective way of providing quality service to customers as well as managing core functions with increased focus.

by Danny Joffe