Governance, risk management and monitoring of outsourcing arrangements are getting a lot of focus of late from regulators and companies. There is an industrywide push to improve policies, processes and procedures. The Central Bank of Ireland has placed an increased focus on outsourcing since the thematic inspection conducted over 2017, and the European Banking Authority has also been focussing on outsourcing, publishing updated guidelines.
But how should outsourcing be defined? The definition will set the scope for what activities or arrangements should fall within the boundaries of governance and monitoring exercises.
The Solvency II Directive’s definition includes service providers that perform a process, a service or an activity which would otherwise be performed by the insurance or reinsurance undertaking itself.
Outsourcing should be defined within the company’s outsourcing policy. One sensible approach is to also define the scope of the activities the company would perform itself within the outsourcing policy of the company. Defining the scope of activities sets the universe of processes, services or activities that could fall under outsourcing.