Insurance : Draft Guidelines on Outsourcing of activities by Insurance Companies
Reference: 1. INV/CIR/031/2004-05 dated 27th July, 2004
2. INV/CIR/058/2004-05 dated 28th December, 2004
3. RBI/2006/167 DBOD.NO.BO.40/21.04.158/2006-07
4. Regulation 7(c) of IRDA (Registration of Companies) Regulations, 2000
1.1. All Insurers are increasingly using outsourcing, as a means of both reducing cost and accessing specialist expertise, not available internally and achieving strategic aims. ‘Outsourcing’ may be defined as Insurer’s use of a third party (either an affiliated entity within a corporate group or an entity that is external to the corporate group) to perform activities on a continuing basis that would normally be undertaken by the Insurer itself, now or in the future. These outsourcing arrangements are becoming increasingly complex.
Joint Forum set up by Basel Committee on Banking Supervision, International Organization of Securities Commissions and International Association of Insurance Supervisors has devised high-level principles on outsourcing in financial firms which gives guidance to firms, and to regulators, in effectively managing risks involved in outsourcing without hindering the efficiency and effectiveness of firms. This circular is issued based on best practices adopted internationally as outlined in above document. These instructions are intended to provide direction and guidance to Insurers to adopt sound and responsive risk management practices for effective oversight. Reserve Bank of India also brought out Guidelines on Managing Risk and Code of Conduct in outsourcing of financial services vide reference 3 cited above.
1.2. It has been observed that Insurers are Outsourcing even core activities such as Investment, underwriting and policy servicing. It is not desirable to outsource the Core and important activities which will affect corporate governance guidelines set by both Insurer as well as IRDA, protection of policy holders, solvency and revenue flows of Insurer, further Regulation 7(c) of IRDA (Registration of Companies) Regulations, 2000, clearly states “The applicant will carry on “all functions” in respect of insurance business including “management of investment” within its own organization.”
1.3. In order to ensure control over the outsourcing of activities of Insurers and to mitigate the risks involved in outsourcing, the Authority has in addition to the Regulations, Guidelines and Circulars already in force, decided to issue following instructions under section 14(2) of Insurance Regulatory and Development Authority Act, 1999 for compliance by Insurance Companies while Outsourcing their activities. These guidelines apply in addition to the instructions given in two references cited.
1.4. The insurer shall ensure that outsourcing arrangements neither diminish its ability to fulfil its obligations to customers and IRDA nor impede effective supervision by IRDA. Insurers therefore have to take steps to ensure that the service provider employs the same high standard of care in performing the services as would be employed by them if the activities were conducted in-house and not outsourced. Accordingly Insurers should not engage in outsourcing that would result in their internal control, business conduct or reputation being compromised or weakened.
2. Activities of Insurers are broadly classified into two categories, in accordance with Regulation 7(c) of IRDA (Registration of Companies) Regulation, 2000.
Ø Product design, and all Actuarial functions
Ø Premium collections,
Ø Data storage (physical and image),
Ø Cheque pick up and banking of cheques,
Ø Admitting or repudiation of all claims,
Ø Bank reconciliation,
Ø Policy servicing except registering complaints/grievances/enquiries,
Ø Approving advertisements,
Ø Market conduct issued,
Ø Appointment of Surveyors and Loss Assessors,
Ø Fund accounting including NAV calculations,
Ø Compliance with AML, KYC etc.,
Ø All other activities not specified herein as non-core activities.
Ø Facility management i.e. House keeping, security, office boys etc.,
Ø PF Trust,
Ø Internal audit, Internal/branch/concurrent audit etc.,
Ø However, internal/branch/concurrent auditor shall be appointed by the Audit Committee as mandated by the Authority in Corporate Governance Guidelines. The report of internal auditor/concurrent auditor shall be placed before the Audit Committee for their information and necessary action,
Ø Website development and management,
Ø Pay roll management,
Ø HR services,
Ø Service tax consultancy and support,
Ø TDS filing,
Ø Compliance with labour laws,
Ø Data entry including scanning, indexing services,
Ø Printing and posting of remainders and other documents,
Ø Pre-employment medical check ups,
Ø Call centre and outbound calling for registering complaints or answering enquiries,
Ø Claim processing for overseas medical insurance contracts
3. No Insurer shall outsource any of the core activities listed in para 2. Every Insurer shall file with the Authority a certificate, signed by CEO/Managing Director and Compliance Officer, on 31st March every year, stating that no core activity is outsourced.
With respect to each of any outsourced, non-core activities (as in para 2 above) all Insurers should file a report in Form A (attached as Annexure-I) within 45 days from the end of each quarter (June, September, December and March) in the following formation along with a soft copy (scanned) of outsourcing agreements entered during quarter.
3.1: The Third Party Service Providers engaged by insurers are subject to the various provisions of Insurance Act, 1938, Rules, Regulations or any other order issued thereunder.
4. The third party service provider shall comply with provisions of Regulations, Guidelines and any other law under force and the Insurer shall be responsible for all acts of omission and commission of its third party service providers in this regard.
5. The regulated activities of the agents, corporate agents, brokers, TPA’s, Surveyors and other regulated entities, as provided in the Insurance Act, 1938, IRDA Act, 1999 and Regulations, guidelines made thereunder, are not covered by these guidelines.
5.1 Agents, Corporate Agents, Brokers, TPA’s and Surveyors and other regulated entities shall not be contracted to perform any Outsourced activity other than those permitted by the respective regulations/instructions governing their licensing and functioning.
6. Evaluating the Capability of the Service Provider: In considering or renewing an outsourcing arrangement, appropriate due diligence should be performed to assess the capability of the service provider to comply with obligations in the outsourcing agreement. Due diligence should take into consideration qualitative and quantitative, financial, operational and reputational factors. Insurers should consider whether the service providers’ systems are compatible with their own and also whether their standards of performance including in the area of customer service are acceptable to it. Where possible, the Insurer should obtain independent reviews and market feedback on the service provider to supplement its own findings.
Due diligence should involve an evaluation of all available information about the service provider, including but not limited to:–
7. While Outsourcing activities every insurer shall abide by criteria laid down in following principles:
7.1 An Insurer intending to outsource any of its activities shall put in place a comprehensive outsourcing policy, approved by its Board, which incorporates, inter alia, criteria for selection of such activities as well as service providers, delegation of authority depending on risks and materiality and systems to monitor and review the operations of these activities.
7.2 In case any of the Third Party Service Provider becomes a group entity as defined vide IRDA (Investment) Regulations, 2000, the Insurer shall report the fact to the Authority within 30 days of such an event.
7.3 The Board of Directors of Insurer shall review the performance of all Third Party Service Providers every year with respect to compliance with provisions of Insurance Act, 1938, Regulations, Rules or any other order issued thereunder.
7.4 In case of termination of contract between Insurer and Third Party Service Provider, the compensation or penalty or any payment in lieu of foreclosure shall be reasonable and shall not be excessive.
7.5 Insurer shall establish a comprehensive outsourcing risk management programme to address the outsourced activities and the relationship with the service provider.
Some factors that could help in considering materiality in a risk management programme include the following:
Data protection, security and other risks may be adversely affected by the geographical location of an outsourcing service provider. To this end, specific risk management expertise in assessing country risk related, for example, to political or legal conditions, could be required when entering into and managing outsourcing arrangements that are taken outside of the home country.
7.6 Insurer shall ensure that outsourcing arrangements neither diminish its ability to fulfil its obligations to customers and regulators, nor impede effective supervision by regulators.
7.7 Outsourcing relationships shall be governed by written contracts that clearly describe all material aspects of the outsourcing arrangement, including the rights, responsibilities and expectations of all parties.
7.8 Insurer and its service providers shall establish and maintain contingency plans, including a plan for disaster recovery and periodic testing of backup facilities.
7.9 The Insurer shall take appropriate steps to require that service providers protect confidential information of both the Insurer and its clients from intentional or inadvertent disclosure to unauthorized persons.
7.10 The Insurer shall ensure that the third party service provider does not have any conflict of interest. The third party service provider or any of their group entities shall not be able to derive any benefit by causing loss to the insurer or policyholder. For instance the third party service provider shall not have the responsibility of repairing the damaged vehicle, supply of spare parts and marketing of the policy. In case of existence of conflict of interest among group entities, the insurer shall avoid outsourcing to such entities.
7.11 The Insurer shall ensure that there is no risk of loss of control over outsourced activity and potential impersonal treatment of policy holder/agents, before outsourcing any activity.
7.12 The Insurer shall obtain a confirmation that none of the Directors of the outsourced entity is a Director in any of the entities in Promoter’s Group.
8. Redressal of Grievances related to Outsourced services: Every Insurer shall direct in house Grievance Redressal Machinery to deal with grievances relating to services provide by the outsourced agencies. Wide publicity has to be given through print and electronic media about this. The Grievance Redressal Machinery shall deal with every grievance in a fair, objective and just manner and issue reasoned speaking reply for every grievance rejected. It shall also analyse grievances received to help identification of the problem areas in which modification of policies and procedures could be undertaken with a view to making the delivery of services easier and more expeditious. The TAT’s for redressal of grievances shall be as notified by the Authority from time to time
9. Centralised list of Outsourced Agents: If a service provider services are terminated by an Insurer, they shall inform the Authority with reasons for such termination. The Authority would be maintaining a caution list of such service providers for the entire insurance industry for sharing among insurers.
10. These guidelines shall not be construed to be authorising, any activity which otherwise is prohibited by any law under force and/or Regulation and Guidelines of the Authority.
11. These guidelines come into force with immediate effect. The Insurers shall terminate all outsourcing contracts entered into in contravention of these guidelines before 1st April, 2011.
Comments / Suggestions, if any, may please be sent to email@example.com latest by 15th November, 2010
(See point No. 3)
|S. No.||Particulars||For the quarter||Up to the quarter||For the corresponding quarter of the preceding year||Up to the quarter of the preceding year|
|1.||Specification of activity out sourced (detailed description)|
|Name of the Vendor|
|Total Amount Agreed|
|Amount Paid so far|
|Whether vendor belongs to insurer group|
|% of outsourcing payments to Operating Expense|