Life insurance (prudential standard) determination No. 3 of 2006 - Prudential Standard LPS 231

Life insurance (prudential standard) determination No. 3 of 2006 - Prudential Standard LPS 231 - Outsourcing

Subscribe to a Global-Regulation Premium Membership Today!

Key Benefits:

Unlimited Searches
Weekly Updates on New Laws
Access to 5,345,848 Global Laws from 110 Countries
View the Original Law Side-by-Side with the Translation

Subscribe Now for only USD$40 per month.

Life insurance (prudential standard) determination No. 3 of 2006
Prudential standard LPS 231 Outsourcing
Life Insurance Act 1995

I, John Francis Laker, Chair of APRA, under subsection 230A(1) of the Life Insurance Act 1995 DETERMINE Prudential Standard LPS 231 Outsourcing, in the form set out in the Schedule, which shall apply to life companies.

This instrument takes effect from the later of 1 January 2007 and the date of registration on the Federal Register of Legislative Instruments.

Dated [29]    September 2006

[signed]
…………………...
John Francis Laker
Chair
Interpretation
In this instrument:

APRA means the Australian Prudential Regulation Authority.

life company has the meaning given in the Dictionary to the Act.

Note 1 A life company that does not comply with a standard may be issued with directions by APRA under subsection 230B(1) of the Act. Non-compliance with a direction is an offence attracting a penalty of up to 250 penalty units for a body corporate (currently $27,500) for each day that the offence continues. Officers of the life company may also be criminally liable (see section 230F).

Schedule

Prudential standard LPS 231 Outsourcing comprises the 8 pages commencing on the following page.

Prudential Standard LPS 231
Outsourcing
Objective and key requirements of this Prudential Standard
This Prudential Standard aims to ensure that all outsourcing arrangements involving material business activities entered into by a life company are subject to appropriate due diligence, approval and on-going monitoring. All risks arising from outsourcing material business activities must be appropriately managed to ensure that the life company is able to meet both its financial and service obligations to its policyholders.

The key requirements of this Prudential Standard include that a life company must:

·        have a policy relating to outsourcing of material business activities;
·        have sufficient monitoring processes in place to manage the outsourcing of material business activities;
·        for all outsourcing of material business activities with third parties, have a legally binding agreement in place, unless otherwise agreed by APRA;
·        consult with APRA prior to entering into agreements to outsource material business activities to service providers who conduct their activities outside Australia; and
·        notify APRA after entering into agreements to outsource material business activities.
Authority
1.             This Prudential Standard is made under section 230A of the Life Insurance Act 1995 (Life Insurance Act).
Application
2.             This Prudential Standard applies to all life companies authorised under the Life Insurance Act.
3.             Subject to the transition arrangements set out in this Prudential Standard, a life company must comply with this Prudential Standard from 1 January 2007 (referred to in this Prudential Standard as the effective date).
4.             This Prudential Standard only applies to outsourcing of a material business activity as defined in this Prudential Standard.
Interpretation
5.             By operation of section 13(1) of the Legislative Instruments Act 2003 terms not defined in this Prudential Standard but which are defined in the Life Insurance Act have the same meaning as in the Life Insurance Act.
6.             Outsourcing involves a life company entering into an agreement with another party (including a related body corporate) to perform, on a continuing basis, a business activity which currently is, or could be, undertaken by the life company itself.
7.             For the purposes of this Prudential Standard, a reference to a related body corporate of a life company is a reference to the meaning of “related body corporate” under section 50 of the Corporations Act 2001. A reference to a third party is a reference to an entity that is not the life company or a related body corporate of the life company. A reference to a service provider is a reference to the person providing the outsourced services to the life company.
8.             For the purposes of this Prudential Standard, offshoring means the outsourcing by a life company of a material business activity associated with its Australian business to a service provider (including a related body corporate) where the outsourced activity is to be conducted outside Australia. Offshoring includes arrangements where the service provider is incorporated in Australia, but the physical location of the outsourced activity is outside Australia. Offshoring does not include arrangements where the physical location of an outsourced activity is within Australia but the service provider is not incorporated in Australia.
Materiality
9.             A material business activity is one that has the potential, if disrupted, to have a significant impact on the life company’s business operations or its ability to manage risks effectively, having regard to such factors as:
(a)           the financial and operational impact and impact on reputation of a failure of the service provider to perform over a given period of time;
(b)          the cost of the outsourcing arrangement as a share of total costs;
(c)           the degree of difficulty, including the time taken, in finding an alternative service provider or bringing the business activity “in-house”;
(d)          the ability of the life company to meet regulatory requirements if there are problems with the service provider;
(e)           potential losses to the life company’s customers and other affected parties in the event of a service provider failure; and
(f)            affiliation or other relationship between the life company and the service provider.
10.         For the purposes of this Prudential Standard the internal audit function must be treated as a material business activity.
Outsourcing policy
11.         A life company must develop an outsourcing policy, approved by the Board,[1] that sets out its approach to outsourcing of material business activities, including a detailed framework for managing all such outsourcing arrangements.
12.         Although outsourcing may result in day-to-day managerial responsibility for a business activity moving to the service provider, the life company remains responsible for complying with all prudential requirements[2] that relate to the outsourced business activity.
13.         A life company must ensure that procedures are in place such that all relevant business units of the life company are fully aware of, and comply with, the outsourcing policy.
14.         The life company’s risk management framework[3] must deal with the risks associated with the outsourcing of a material business activity.
15.         A life company’s outsourcing policy must deal with specific requirements in relation to outsourcing to related bodies corporate and outsourcing to service providers conducting the material business activity outside Australia.
Assessment of outsourcing options
16.         A life company must be able to demonstrate that, in assessing the options for outsourcing a material business activity to a third party, it has:
(a)           prepared a business case for outsourcing the material business activity;
(b)          undertaken a tender or other selection process for service providers;
(c)           undertaken a due diligence review of the chosen service provider;
(d)          involved the Board, or Board committee or Compliance committee (in the case of an Eligible Foreign Life Insurance Company (EFLIC)) in approving the agreement;
(e)           considered all the matters outlined in paragraph 19, that must, at a minimum, be included in the outsourcing agreement itself;
(f)            established procedures for monitoring performance under the outsourcing agreement on a continuing basis;
(g)           addressed the renewal process for outsourcing agreements and how the renewal will be conducted; and
(h)           developed contingency plans that would enable the outsourced business activity to be provided by an alternative service provider or brought in-house if required.
17.         A life company must be able to demonstrate that, in assessing the options for outsourcing to related bodies corporate, it has considered:
(a)          the changes to the risk profile of the business activity that arise from outsourcing the activity to a related body corporate and how this changed risk profile is addressed within the life company’s risk management framework;
(b)          that the related body corporate has the ability to conduct the business activity on an ongoing basis;
(c)           the required monitoring procedures to ensure that the related body corporate is performing effectively and how potential inadequate performance would be addressed;
(d)          contingency issues in accordance with any policy or procedure the life company has in place relating to business continuity management should the outsourced activity need to be brought in-house; and
(e)           the need to apply any of the requirements set out in paragraph 16 to the extent they are relevant to outsourcing agreements with related bodies corporate.
The outsourcing agreement
18.         Except where otherwise provided, all outsourcing arrangements must be evidenced by a written, legally binding agreement. The agreement must be executed before the outsourcing arrangement commences.
19.         At a minimum, the agreement (including arrangements with related bodies corporate) must address the following matters:
(a)           the scope of the arrangement and services to be supplied;
(b)          commencement and end dates;
(c)           review provisions;
(d)          pricing and fee structure;
(e)           service levels and performance requirements;
(f)            audit and monitoring procedures;
(g)           business continuity management;
(h)           confidentiality, privacy and security of information;
(i)             default arrangements and termination provisions;
(j)            dispute resolution arrangements;
(k)          liability and indemnity;
(l)             subcontracting;
(m)         insurance; and
(n)           to the extent applicable, offshoring arrangements (including through subcontracting).
20.         A life company that outsources a material business activity must ensure that its outsourcing agreement includes an indemnity to the effect that any subcontracting by a third party service provider of the outsourced function will be the responsibility of the third party service provider including liability for any failure on the part of the subcontractor.
21.         The requirements in paragraph 18 do not apply to an outsourcing arrangement with a related body corporate unless
(a)           after having consulted with the life company, APRA notifies the life company in writing that the outsourcing arrangement must be evidenced by a written legally binding agreement; or
(b)          another prudential standard requires the arrangement to be undertaken using a written legally binding agreement.
22.         Where a life company enters into an outsourcing agreement as a result of an unexpected extreme event which results in:
(a)           the life company invoking its Business Continuity Plan; or
(b)          the sudden financial or operational failure of an existing service provider,
then paragraphs 16 to 21 inclusive, 26 and 27 need only be complied with to the extent that is reasonably possible having regard to the nature of the extreme event. The life company must notify APRA as soon as practicable of any such outsourcing arrangement.
APRA access to service providers
23.         An outsourcing agreement must include a clause that allows APRA access to documentation related to the outsourcing arrangement. In the normal course, APRA will seek to obtain whatever information it requires from the life company; however, the outsourcing agreement must include the right for APRA to conduct on-site visits to the service provider if APRA considers this necessary in its role as prudential supervisor. APRA expects service providers to cooperate with APRA’s requests for information and assistance. If APRA intends to undertake an on-site visit to a service provider, it will normally inform the life company of its intention to do so.
24.         Where a life company enters into an outsourcing arrangement with a related body corporate, the Board of the life company must ensure that access by APRA to the related body corporate will not be impeded.
25.         The life company must take all reasonable steps to ensure that a service provider will not disclose or advertise that APRA has conducted such a visit, except as necessary to coordinate with other institutions regulated by APRA which are existing clients of the service provider.
Notification requirement
26.         A life company must notify APRA as soon as possible after entering into an agreement to outsource a material business activity to a service provider conducting and in any event no later than 20 business days after execution of the agreement between the life company and the service provider. This notification requirement applies to all outsourcing of material business activities.
27.         Where a life company notifies APRA of a new outsourcing agreement, it must also provide a summary to APRA of the key risks involved in the outsourcing arrangement and the risk mitigation strategies put in place to address these risks. APRA may request additional material where it considers it necessary in order to assess the impact of the outsourcing arrangement on the life company’s risk profile.
Offshoring arrangements – requirement for consultation
28.         A life company must consult with APRA prior to entering into any offshoring agreement involving a material business activity so that APRA may satisfy itself that the impact of the offshoring arrangement has been adequately addressed as part of the life company’s risk management framework.
29.         If, in APRA’s view, the offshoring agreement involves risks that the life company is not managing appropriately, APRA may require the life company to make other arrangements for the outsourced activity as soon as practicable.
Monitoring the relationship
30.         The life company must ensure it has sufficient and appropriate resources to manage and monitor the outsourcing relationship at all times. The type and extent of resources required will depend on the materiality of the outsourced business activity. At a minimum, monitoring must include:
(a)     maintaining appropriate levels of regular contact with the service provider. This will range from daily operational contact to senior management involvement; and
(b)     a process for regular monitoring of performance under the agreement, including meeting criteria concerning service levels.
31.         The life company must advise APRA of any significant problems that have the potential to materially affect the outsourcing arrangement and, as a consequence, materially affect the business operations, profitability or reputation of the life company.
32.         When a life company terminates an outsourcing agreement it must notify APRA as soon as practicable, and provide a statement as to the transition arrangements and future strategies for carrying out the outsourced material business activity.
Audit arrangements
33.         The life company’s internal audit function must review any proposed outsourcing of a material business activity and regularly review and report to the Board or Board Audit Committee on compliance with the life company’s outsourcing policy. Where APRA has exempted a life company from having a dedicated internal audit function, or approved alternative arrangements under Prudential Standard LPS 510 Governance, APRA may also vary the requirements of this paragraph.
34.         APRA may request the external auditor of the life company, or an appropriate external expert, to provide an assessment of the risk management processes in place with respect to an arrangement to outsource a material business activity. This could cover areas such as IT systems, data security, internal control frameworks and business continuity plans. Such reports will be paid for by the life company and must be made available to APRA.

Transition arrangements
Application for transitional relief
35.         Upon application by a life company, APRA may grant transitional relief by exempting a life company from the operation of any of the provisions of this Prudential Standard or by varying their operation in relation to a life company. APRA will only do so if it is satisfied that the life company will not able to comply with the provisions of this Prudential Standard by the effective date and that, in APRA’s view, the Board and senior management have made all reasonable attempts to comply with this Prudential Standard.
36.         When assessing requests for transitional relief the criteria that APRA will consider will include assessment of whether the life company:
(a)           has submitted the application to APRA at least 20 business days before the effective date; and
(b)          can demonstrate that it is, and has been, taking reasonable actions to enable it to comply with this Prudential Standard and that events beyond the direct control of the life company have prevented it from being able to comply by the effective date.
Existing outsourcing agreements
37.         A life company must notify APRA of all existing outsourcing agreements involving material business activities both within and outside Australia within 20 business days of the effective date.
38.         This Prudential Standard does not apply to an outsourcing agreement entered into prior to the effective date until the next scheduled review date of the outsourcing agreement provided the Board is satisfied that the existing outsourcing agreement is generally compliant with the requirements of this Prudential Standard.
39.         Where the Board is not satisfied that an existing outsourcing agreement is generally compliant with the requirements of this Prudential Standard, the life company will have until 31 December 2007 to comply, unless granted transitional relief by APRA under paragraph 35.

[1]           For the purposes of this Prudential Standard, a reference to the “Board” in the case of an Eligible Foreign Life Insurance Company that operates as a branch in Australia is to be read as a reference to the Compliance Committee as per Prudential Standard LPS 510 Governance.
[2]           Prudential requirements include all requirements under the Life Insurance Act, regulations made under the Life Insurance Act 1995, prudential standards, the Financial Sector (Collection of Data) Act 2001, reporting standards, conditions on a life company registration and any other requirements imposed by APRA in writing.
[3]           While ADIs are not, at present, subject to formal prudential requirements with regard to their risk management framework, APRA nevertheless expects that an ADI’s risk management framework will cover the risks associated with outsourcing a material business activity.