LexGo

Benelux Regulators to Apply EIOPA Guidelines on Outsourcing to Cloud Service Providers by Insurance and Reinsurance Undertakings
14/08/2020

On 24 April 2020, the European Insurance and Occupational Pensions Authority (EIOPA) issued new guidelines on outsourcing to cloud service providers (the "Guidelines") which apply to insurance and reinsurance undertakings, supplementing the general regulatory framework based on the Solvency II Directive and Delegated Regulation 2015/35. 

Pursuant to Article 16(3) of Regulation (EU) No 1094/2010 establishing the EIOPA, which requires the competent authorities of the EU Member States to make every effort to comply with EIOPA guidelines and confirm that they intend to comply with them, the Benelux regulators have indicated their intention to apply the Guidelines. 

In Belgium, the prudential regulator for the insurance and reinsurance sector, the National Bank of Belgium ("NBB"), published a circular on 5 May 2020 (NBB_2020_018) implementing the Guidelines and clarifying the NBB's recommendations on outsourcing to cloud service providers active in the sector (available here). 

For many years, the prudential regulator of the Netherlands, the Dutch National Bank ("DNB"), has been actively been focusing on outsourcing by financial institutions, including insurance companies, to cloud service providers. EIOPA guidelines are deemed authoritative by the DNB, taken into account by the DNB and often form the basis for the DNB's own recommendations. One example is the DNB's Good Practice document for outsourcing insurers, issued in May 2019. In this document, the DNB refers extensively to the outsourcing provisions of the EIOPA Guidelines on System of Governance. The DNB applies these guidelines, specifically when supervising cloud outsourcing, to supplement the Good Practices. The DNB has indicated that it expects insurers to apply the Guidelines from 1 January 2021 to all cloud outsourcing agreements entered into or amended on or after this date. 

In Luxembourg, the supervisory authority for the insurance sector, the Commissariat aux Assurances ("CA"), confirmed in Circular 20/13 of 24 June 2020 that it will fully apply the Guidelines. Luxembourg insurance and reinsurance undertakings are therefore required to abide by the Guidelines. On this occasion, the Luxembourg regulator also recalled that outsourcing operations must comply with the obligation of professional secrecy set out in Article 300 of the amended Act of 7 December 2015 on the insurance sector. 

For further information about the scope, requirements and timeline for implementation of the Guidelines, please refer to our article on the EIOPA Guidelines on outsourcing to cloud service providers by insurance and reinsurance undertakings.

Related : Nautadutilh Avocats Luxembourg SĂ rl ( Mr. Vincent Wellens )

[+ http://www.nautadutilh.com]


Click here to see the ad(s)
All articles Banking law

Lastest articles Banking law

CSSF Carried Out a COVID-19 Thematic Review of Issuers’ Reporting
27/11/2020

The COVID-19 pandemic has hit Luxembourg as other European countries since the beginning of the year 2020 and has adversel...

Read more

FCA communication to Luxembourg-based entities about the UK temporary permissions regime
23/11/2020

On 19 November 2020 the Luxembourg supervisory authority for the financial sector, the CSSF, issued press release 20/...

Read more

ELTIF Reform European Commission publishes consultation
02/11/2020

On 19 October 2020, the European Commission published a public consultation on the review of the European long-term invest...

Read more

New Luxembourg Draft Law Transposing CRD V and BRRD II
20/10/2020

The purpose of the draft law 7638, submitted to the Luxembourg Parliament (Chambre des Députés) on 27 July 2...

New Luxembourg Draft Law Transposing CRD V and BRRD II Read more

Lastest articles by Mr. Vincent Wellens

Finally some practical EDPB guidance on how to make international data transfers lawful
13/11/2020

After a long, four-month wait, we finally have recommendations from the European Data Protection Board (EDPB) on “su...

Read more

The Court of Justice of the EU clarifies the assessment of position marks for services
15/10/2020

The Court of Justice of the EU recently clarified the criteria to take into account when assessing the distinctive charact...

Read more

New controller-processor guidelines: beware of impact on data processing agreements
14/09/2020

Armed with useful flowcharts to help organisations determine their role, the European Data Protection Board (EDPB) has pub...

Read more

Luxembourg law on e-signature and other trust e-services now fully consistent with the eIDAS Re...
30/07/2020

Bill No 7427 was adopted on 17 July 2020 and published on 28 July 2020 (click here). The new law modifies the Luxembo...

Read more

LexGO Network