The Insurance Regulatory and Development Authority of India (“IRDAI”) has notified the Insurance Regulatory and Development Authority of India (Outsourcing of Activities by Indian Insurers) Regulations, 2017 (“New Regulations”), superseding the Guidelines on Outsourcing of Activities by Insurance Companies notified by circular IRDA/Life/CIR/GLD/013/02/2011 dated 01-02-2011,to ensure sound and responsive management practices for effective oversight and adequate due diligence with regard to outsourcing of activities by Insurers.
The New Regulations are in force from 20th April, 2017 and are applicable to the following:
1) Registered Insurers, excluding those engaged in reinsurance business. If an Insurer is engaged in both direct Insurance as well as Reinsurance business, these regulations are applicable only in respect of direct Insurance business of such Insurers.
2) These Regulations are applicable to outsourcing arrangements entered into by an Insurer with an outsourcing service provider located in India or outside India.
‘Outsourcing’ under the New Regulations is defined as the use of third party services by the Insurer to perform activities that would normally be undertaken by the Insurer, either now or in future, but does not include services which are generally not expected to be carried out internally by the insurers such as Legal services, Banking Services, Courier services, medical examination, forensic analysis.
The highlights of the New Regulations are as follows:
i)The New Regulations stipulates activities which are prohibited from outsourcing, some of those are:
a) Investment and related functions ii. Fund Management Including NAV.
b) Fund Management Including NAV calculations.
ii ) Compliance with AML and KYC, etc.ii) The Board of Directors of the Insurer are required to put in an
Outsourcing Policy covering the following:
a) Framework for assessment of risks involved in outsourcing including the confidentiality of data, quality of services rendered under outsourcing contracts.
b) Parameters for determining the cost-benefit analysis for each outsourced activity.
c) Guiding principles for evaluation of the outsourced service provider including its ability and capability to provide the required services.
iii) An outsourcing arrangement will be considered material under the New Regulations, if the estimated annual expenditure under an outsourcing contract is likely to exceed 5 % of the total expenditure incurred during preceding financial year on all outsourcing activities.
iv)Outsourcing Agreement under the New Regulations are mandated to be governed by written agreements that are legally binding for a specified period, subject to periodical renewals, if necessary, that clearly describe all important aspects of the outsourcing arrangement, including the rights and obligations of all parties.
v) Insurers are required to satisfy itself that the outsourcing service provider’s security policies, procedures and controls will enable the insurer to protect confidentiality and security of policyholders’ information even after the contract terminates.
vi)The New Regulations confer a responsibility on the insurer to ensure that the data or information parted to any outsourcing service provider under the outsourcing agreements remains confidential.
vii) An Insurer under the New Regulations is required to conduct periodic inspection or audit on the outsourcing service providerseither by internal auditors or by Chartered Accountant firms to examine the compliance of the outsourcing agreement while carrying out the activities outsourced.
viii) An Insurer is required to ensure adequate documentation to support the Insurer’s satisfaction of the expectations under the New Regulations.
ix) An Insurer under the New Regulations are required to report all the outsourcing arrangements where annual pay-out either per outsourcing service provider or per activity is One Crore rupees or more, every year within 45 days from the close of the financial year.