LexGo

Benelux Regulators to Apply EIOPA Guidelines on Outsourcing to Cloud Service Providers by Insurance and Reinsurance Undertakings
14/08/2020

On 24 April 2020, the European Insurance and Occupational Pensions Authority (EIOPA) issued new guidelines on outsourcing to cloud service providers (the "Guidelines") which apply to insurance and reinsurance undertakings, supplementing the general regulatory framework based on the Solvency II Directive and Delegated Regulation 2015/35. 

Pursuant to Article 16(3) of Regulation (EU) No 1094/2010 establishing the EIOPA, which requires the competent authorities of the EU Member States to make every effort to comply with EIOPA guidelines and confirm that they intend to comply with them, the Benelux regulators have indicated their intention to apply the Guidelines. 

In Belgium, the prudential regulator for the insurance and reinsurance sector, the National Bank of Belgium ("NBB"), published a circular on 5 May 2020 (NBB_2020_018) implementing the Guidelines and clarifying the NBB's recommendations on outsourcing to cloud service providers active in the sector (available here). 

For many years, the prudential regulator of the Netherlands, the Dutch National Bank ("DNB"), has been actively been focusing on outsourcing by financial institutions, including insurance companies, to cloud service providers. EIOPA guidelines are deemed authoritative by the DNB, taken into account by the DNB and often form the basis for the DNB's own recommendations. One example is the DNB's Good Practice document for outsourcing insurers, issued in May 2019. In this document, the DNB refers extensively to the outsourcing provisions of the EIOPA Guidelines on System of Governance. The DNB applies these guidelines, specifically when supervising cloud outsourcing, to supplement the Good Practices. The DNB has indicated that it expects insurers to apply the Guidelines from 1 January 2021 to all cloud outsourcing agreements entered into or amended on or after this date. 

In Luxembourg, the supervisory authority for the insurance sector, the Commissariat aux Assurances ("CA"), confirmed in Circular 20/13 of 24 June 2020 that it will fully apply the Guidelines. Luxembourg insurance and reinsurance undertakings are therefore required to abide by the Guidelines. On this occasion, the Luxembourg regulator also recalled that outsourcing operations must comply with the obligation of professional secrecy set out in Article 300 of the amended Act of 7 December 2015 on the insurance sector. 

For further information about the scope, requirements and timeline for implementation of the Guidelines, please refer to our article on the EIOPA Guidelines on outsourcing to cloud service providers by insurance and reinsurance undertakings.

Voir aussi : Nautadutilh Avocats Luxembourg Sàrl ( Mr. Vincent Wellens )

[+ http://www.nautadutilh.com]


Click here to see the ad(s)
Tous les articles Droit bancaire

Derniers articles Droit bancaire

CSSF fast-track procedure for fund managers to comply with SFDR disclosure rules
04/01/2021

The Commission de Surveillance du Secteur Financier (the CSSF), has issued a communication (the CSSF C...

Read more

With the implementation of SFDR approaching, the CSSF sets-up a fast track procedure
22/12/2020

With less less than 3 months to go until the Sustainable Finance Disclosure Regulation (“SFDR”) comes int...

Read more

Luxembourg - ESG update
22/12/2020

Creation of a new CSSF fast track procedure for fund managers when implementing EU ESG rules

Read more

CSSF press release relating to central administration internal governance and risk management for...
21/12/2020

The Commission de Surveillance du Secteur Financier (the « CSSF») published on 7 December 2020 ...

Read more

Derniers articles de Mr. Vincent Wellens

Adoption of New Secondment Act
18/12/2020

On 9 December 2020, the Luxembourg Parliament adopted a new secondment act, the purpose of which is to transpose into nati...

Read more

Finally some practical EDPB guidance on how to make international data transfers lawful
13/11/2020

After a long, four-month wait, we finally have recommendations from the European Data Protection Board (EDPB) on “su...

Read more

The Court of Justice of the EU clarifies the assessment of position marks for services
15/10/2020

The Court of Justice of the EU recently clarified the criteria to take into account when assessing the distinctive charact...

Read more

New controller-processor guidelines: beware of impact on data processing agreements
14/09/2020

Armed with useful flowcharts to help organisations determine their role, the European Data Protection Board (EDPB) has pub...

Read more

LexGO Network