Outsourcing to cloud and other IT service providers

On 6 February 2020, the European Insurance and Occupational Pensions Authority (EIOPA) published final Guidelines on outsourcing to cloud service providers for insurance and reinsurance undertakings. 

The FCA has notified the European Insurance and Occupational Pensions Agency (EIOPA) that these are not applicable to regulated activities within the UK’s jurisdiction, as they are effective from 1 January 2021, which is after the EU withdrawal transition period is expected to end. 

Instead, the FCA will continue to apply its existing guidance as detailed in FG16/5 – Guidance for firms outsourcing to the cloud and other third-party IT services in the UK.

This guidance was first published in 2016 and most recently updated in September 2019. It will be kept under review to ensure it remains consistent with relevant international standards. 

FG16/5 sets out who the guidance relates to and includes a list of areas that firms should consider when selecting and monitoring third parties in the delivery of IT services that are essential to the effective functioning of the regulated firm’s business operations, including:

  • Legal and Regulatory considerations;
  • Risk Management;
  • International Standards;
  • Oversight of service provider;
  • Data security;
  • Data Protection Act 2018 (DPA) and General Data Protection Regulation (GDPR);
  • Effective access to data;
  • Access to business premises;
  • Relationships between service providers;
  • Change management;
  • Continuity and business planning;
  • Resolution (where applicable);
  • Exit plan.

Other useful information is available. The FCA’s SYSC sourcebook contains general outsourcing requirements (SYSC 8.1) and the ICO  provides guidance on the use of cloud computing here.

You can read our previous article on the topic here.

Important Note: ATEB news is intended to provide general information ONLY. The content, including any views expressed or guidance provided, does not replace the need to comply fully with FCA Rules and Guidance. Unless you have discussed news article content with ATEB, and specifically how it relates to your circumstances, then ATEB disclaims all liability and responsibility and actions arising from any reliance placed upon it. For the avoidance of doubt therefore, any reliance you place on such information without our consultation is at your own risk.

ATEB Compliance offers compliance and regulatory advice.

ATEB Suitability provides report writing software for the financial services market.

Our View

For information.

Action Required By You

  • It would be prudent to read the updated FG16/5 and ensure that processes to select and monitor any outsourced services reflect the FCA’s guidance;

  • Contact ATEB if you need further clarification or assistance.

About the Author

Technical Manager - Often referred to as the Oracle or the Sage, Alistair has a wealth of financial services experience. He is our go-to Technical Manager and enjoys nothing more than a complicated conundrum. Feel free to test his renowned knowledge by getting in touch.

Contact Us

Explore more articles in this category

Other articles that you might be interested in