LexGo

Benelux Regulators to Apply EIOPA Guidelines on Outsourcing to Cloud Service Providers by Insurance and Reinsurance Undertakings
14/08/2020

On 24 April 2020, the European Insurance and Occupational Pensions Authority (EIOPA) issued new guidelines on outsourcing to cloud service providers (the "Guidelines") which apply to insurance and reinsurance undertakings, supplementing the general regulatory framework based on the Solvency II Directive and Delegated Regulation 2015/35. 

Pursuant to Article 16(3) of Regulation (EU) No 1094/2010 establishing the EIOPA, which requires the competent authorities of the EU Member States to make every effort to comply with EIOPA guidelines and confirm that they intend to comply with them, the Benelux regulators have indicated their intention to apply the Guidelines. 

In Belgium, the prudential regulator for the insurance and reinsurance sector, the National Bank of Belgium ("NBB"), published a circular on 5 May 2020 (NBB_2020_018) implementing the Guidelines and clarifying the NBB's recommendations on outsourcing to cloud service providers active in the sector (available here). 

For many years, the prudential regulator of the Netherlands, the Dutch National Bank ("DNB"), has been actively been focusing on outsourcing by financial institutions, including insurance companies, to cloud service providers. EIOPA guidelines are deemed authoritative by the DNB, taken into account by the DNB and often form the basis for the DNB's own recommendations. One example is the DNB's Good Practice document for outsourcing insurers, issued in May 2019. In this document, the DNB refers extensively to the outsourcing provisions of the EIOPA Guidelines on System of Governance. The DNB applies these guidelines, specifically when supervising cloud outsourcing, to supplement the Good Practices. The DNB has indicated that it expects insurers to apply the Guidelines from 1 January 2021 to all cloud outsourcing agreements entered into or amended on or after this date. 

In Luxembourg, the supervisory authority for the insurance sector, the Commissariat aux Assurances ("CA"), confirmed in Circular 20/13 of 24 June 2020 that it will fully apply the Guidelines. Luxembourg insurance and reinsurance undertakings are therefore required to abide by the Guidelines. On this occasion, the Luxembourg regulator also recalled that outsourcing operations must comply with the obligation of professional secrecy set out in Article 300 of the amended Act of 7 December 2015 on the insurance sector. 

For further information about the scope, requirements and timeline for implementation of the Guidelines, please refer to our article on the EIOPA Guidelines on outsourcing to cloud service providers by insurance and reinsurance undertakings.

Zie ook : Nautadutilh Avocats Luxembourg Sàrl ( Mr. Vincent Wellens )

[+ http://www.nautadutilh.com]

Mr. Vincent Wellens Mr. Vincent Wellens
Partner
[email protected]

Alle artikels Bank -en Krediet recht

Laatste artikels Bank -en Krediet recht

CSSF guidance on virtual assets
03/12/2021

On 29 November 2021, the Commission de Surveillance du Secteur Financier (the “CSSF”), the Luxembour...

CSSF guidance on virtual assets Read more

Commission’s proposal for a Regulation amending the ELTIF Regulation
02/12/2021

On 25 November 2021, the European Commission published a proposal for a regulation amending the Regulation (EU) 2015/760 o...

Read more

Virtual assets: CSSF guidance and FAQs
02/12/2021

Further to its recent communications on financial innovation, the Commission de Surveillance du Secteur Financier&nbs...

Read more

Strengthening the integration and efficiency of capital markets to support economic growth
26/11/2021

Today, on 25 November 2021, the EU Commission published a package of legislative proposals. With the proposed measures, th...

Strengthening the integration and efficiency of capital markets to support economic growth Read more

Laatste artikels van Mr. Vincent Wellens

Why all companies should care about the UN's cybersecurity & software update regulations – less...
26/10/2021

Not in the automotive sector? It doesn't matter: two Regulations adopted by UNECE (a United Nations body) on cybersecu...

Read more

New rules on material IT outsourcing in the financial sector
15/10/2021

Effective 15 October 2021, financial institutions must notify the CSSF of any planned outsourcing of material IT activitie...

Read more

Insufficient cybersecurity measures under GDPR: 100k EUR fine in Belgium & key fines elsewhere
29/04/2021

On 26 April 2021, the Litigation Chamber of the Belgian Data Protection Authority (BDPA) handed down its first fine specif...

Read more

Regulatory changes in the audiovisual media sector
16/04/2021

The Act of 26 February 2021 and certain grand ducal regulations have transposed into Luxembourg law the Audiovisual Media ...

Read more

LexGO Network