IRDA Draft Guidelines on Outsourcing
2 February 2011
See attached a copy of the Outsourcing Guidelines released by the IRDA.
Please note that these guidelines come into effect immediately and all present arrangements which are not
in consonance with these guidelines must be modified by 30th June 2011.
For further information on this topic please contact Tuli & Co
Tel +91 11 2464 0906, fax +91 2464 0904 or email lawyers@tuli.biz
www.tuli.biz
IRDA/Life/CIR/GLD/013/02/2011
Guidelines on Outsourcing of Activities by Insurance Companies
01st February, 2011
Reference: 1. INV/CIR/031/2004-05 dated 27th July, 2004
2. INV/CIR/058/2004-05 dated 28th December, 2004
3. RBI/2006/167 DBOD.NO.BO.40/21.04.158/2006-07
4. Regulation 7(c) of IRDA (Registration of Companies) Regulations,
2000
INTRODUCTION
1.
1.1
Insurers in India are increasingly using outsourcing, as a means of both
reducing cost and accessing expertise, not available internally and achieving
strategic aims. 'Outsourcing' may be defined as Insurers use of a third party
(either an affiliated entity within a corporate group or an entity that is external
to the corporate group) to perform activities on a continuing basis that would
normally be undertaken by the Insurer itself, now or in the future. These
outsourcing arrangements are becoming increasingly complex.
1.2
Joint Forum set up by Basel Committee on Banking Supervision, International
Organization of Securities Commissions and International Association of Insurance
Supervisors has devised high-level principles on outsourcing in financial firms which
gives guidance to firms, and to regulators, in effectively managing risks involved in
outsourcing without hindering the efficiency and effectiveness of firms. Reserve
Bank of India also brought out Guidelines on Managing Risk and Code of Conduct in
outsourcing of financial services vide reference 3 cited above. This circular is issued
based on best practices adopted internationally as outlined in above document.
These instructions are intended to provide direction and guidance to insurers to
adopt sound and responsible risk management practices for effective oversight.
1.3 Regulation 7 (c) of IRDA (Registration of Companies) Regulations, 2000,
clearly sates The applicant will carry on all functions in respect of insurance
business including management of Investment within its own organization. It has
been observed that certain insurers are outsourcing even core activities such as
Investment, Underwriting and Policy servicing. It is not desirable to outsource the
core and important activities which will affect corporate governance, protection of
policy holders, solvency and revenue flows of insurer.
1.4
In order to ensure proper corporate and regulatory oversight over the
outsourcing of activities of insurers, the Authority has decided to issue following
instructions under Section 14(2) of Insurance Regulatory and Development Authority
Act, 1999. These guidelines apply in addition to the instructions given vide reference
2 cited above.
1
1.5 However this circular supercedes the provisions of para 3 of reference 2 cited
above.
1.6
The insurer shall ensure that outsourcing arrangements neither diminish its
ability to fulfill its obligations to Policyholders nor impede effective supervision by
IRDA. Insurers therefore have to take steps to ensure that the service provider
employs the same standards in performing the services as would be employed by
them if the activities were conducted in house. Accordingly, insurers should not
engage in outsourcing that would result in their internal control, business conduct or
reputation being compromised or weakened.
Activities of insurers are broadly classified into two categories namely Core
1.7
and Non-Core, in accordance with Regulation 7(c) of IRDA (Registration of
companies) Regulation, 2000.
2.
2.1
CORE ACTIVITIES
All activities relating to:-
i. Underwriting,
ii. Product design and all Actuarial functions and Enterprise wide Risk
Management
Investment and related functions
iii.
iv. Fund Accounting including NAV calculations
v. Admitting or Repudiation of all Claims
vi. Bank Reconciliation
vii. Policyholder Grievances Redressal
viii. Approving Advertisements
ix. Market Conduct issues
x. Appointment of Surveyors and Loss Assessors
xi. Compliance with AML, KYC etc.
xii. All integral components of the above activities shall be treated as Core
Activities
2.2
2.3
Policy Servicing and related activities
Insurers shall not outsource any of the core activities listed in para 2.1.
3. NON CORE ACTIVITIES:
i.
ii.
iii.
Facility management i.e. Housekeeping, Security, Catering, etc.
PF Trust
Internal audit, Internal / branch /concurrent audit etc. (Note: However,
the Board of Directors shall appoint the internal /branch / concurrent
auditor based on the recommendation of the Audit Committee /
Investment Committee respectively as mandated by the Authority in
Corporate Governance Guidelines. The report of internal auditor /
concurrent auditor shall be placed before the Audit Committee /
Investment Committee / Board Meeting for their information and
necessary action)
2
iv.
v.
vi.
vii.
viii.
ix.
x.
xi.
xii.
xiii.
xiv.
xv.
xvi.
xvii.
xviii.
xix.
Website Development and Management / Software and other IT
Support
Pay Roll Management
HR Services
Service Tax Consultancy and Support
TDS filing
Compliance with labour laws
Data entry Including Scanning, Indexing Services
Printing and posting of reminders and other documents
Pre employment medical checkups
Reminders for Premium Payment
Call Centre and outbound calling for registering complaints or
answering enquiries
Claim Processing for Overseas Medical Insurance Contracts
Tele-marketing
Consultancy Services pertaining to Service Tax, Income Tax and any
other taxes payable by insurer
Other Employee Benefits
Deployment of personnel within the premises / offices of the Insurer
on a contract basis
4. ACTIVITIES SUPPORTING CORE ACTIVITIES:
4.1 Certain activities which support the core activities as listed in column 3 of
Annexure I may be outsourced as per risk management principles outlined in these
guidelines subject to reporting requirements.
4.2 Activities in column 4 of Annexure I, which insurers normally assign to outside
professionals, regulated either under different laws or provide outside expertise and
economies, may be outsourced to such entity as otherwise legally permitted to carry
out those activities.
5. PREMIUM COLLECTION & CHEQUE PICK-UP ACTIVITIES:
5.1 The insurer shall ensure that the entities, other than those referred at Sl No. 3
Column No. 4 of Annexure 1 shall be only a Company registered under Indian
Companies Act, 1956. Such entities engaged for cheque pick-up shall have a net
worth of at least Rs.10 Crores. However, these conditions are not applicable to
Scheduled Commercial Banks and Post Office.
5.2 In respect of outsourcing of premium collection, insurers shall strictly ensure that
the same is outsourced only to entities listed at Sl.No.2 of Column 4.
5.3 Notwithstanding what is stated at Sl No. 2 of Column 4 of Annexure 1 Insurers
are also permitted to outsource cheque pick up and premium collection to their
3
respective Individual Agents and Corporate Agents in respect of those policies that
are not sourced by such intermediaries. Such collection and pick up by agents who
have not procured such business is regarded as outsourcing. However, Insurers
shall carry out the due diligence on individual agents and corporate agents while
outsourcing the same. However, the activity of premium collection / cheque pick up
referred in this paragraph shall be subject to the following conditions.
5.4 The total amount entrusted to be collected and picked up by Agents and
Corporate Agents for a given financial year shall not exceed three times the renewal
commission that the said agent earned in the preceding financial year. Thus it is a
prerequisite for carrying out activity that such agents are in existence at least for a
period of 2 years.
5.5 The insurer shall assign this activity to agents and corporate agents by allocating
only a specified list of the policies, where the services of the agents that procured
the business are no longer available to the insurer.
5.6 The above referred conditions are not applicable in respect of Scheduled
Commercial Banks, Post Office when these activities are carried out in their capacity
as a collecting bank.
5.7 Where an insurer permits its agent to collect premiums on its behalf, it shall be
noted that in such instances the agent is acting on behalf of insurers. Insurer shall
remain accountable to the receipts issued by the authorised agents / intermediaries.
5.8 Insurers shall notify Policyholders about all the options available for payment of
premiums.
6. Bank Reconciliation: With reference to 2.1 (vi) the Insurer is solely responsible
for reconciling various Bank Accounts, cash and other instruments; and accountable
to any liabilities created through these accounts. However, Insurers are allowed to
outsource clerical activities like sorting and organizing the instruments to Scheduled
Commercial Banks. The activity of tallying that what is stated in the account and
actual availability of instrument shall not be outsourced. The Scheduled Commercial
Banks shall be required to submit the certified copies of compilation of various
assets inclusive of Cash / Fixed Deposits etc.
7.Policy Servicing and Related Activities: With regard to the activities referred in
para 2.2, the following components of the activities, referred at point no. 7.1, are
allowed to be outsourced to any service provider at the discretion of the Insurers and
as per these guidelines. However, it is reiterated that execution of these services
shall remain to be Core Activity to be carried out by the Insurers:
4
7.1 Receiving requests in physical/electronic/telephonic forms and transmitting
to the insurer without accessing the original data base of Insurers for the
following areas of Policy Servicing;
i.
ii.
iii.
iv.
v.
vi.
vii.
viii.
ix.
x.
xi.
xii.
xiii.
xiv.
xv.
xvi.
Issuance of Policy Document / Certificates of Insurance
Change of Name / Address
Fund Switching/ Premium Redirection
Surrender, Maturity, Withdrawals Free look Cancellations Payouts
Loan Against Policy
Change of Policy Terms and Conditions / Details Change
Registration of Assignment / Nomination
Revival / Cancellation of Policy
Transfer of Policy
Substitution of Vehicle Communications, Reports, Printouts
Policyholders / Claimants
Laid up Vehicles
Withdrawal of No Claim Bonus
Declarations Update
Extension of Cover
Duplicate Policy
Document Collection and Investigation for complying with AML and
KYC norms
to
8. General Principles: Outsourcing of activities allowed in these guidelines are
subject to following general principles.
8.1 To avoid a potential conflict of interest no insurer shall outsource the internal
audit to their respective statutory auditors.
8.2. The third party service providers engaged by insurers are subject to the
various provisions of Insurance Act, 1938, IRDA Act, 1999, Rules, Regulations or
any other orders issued there under. The third party service provider shall comply
with provisions of Regulations, Guidelines and any other law under force and the
insurer shall be responsible for all acts of omission and commission of its third party
service providers in this regard.
8.3. The regulated activities of the Agents, Corporate Agents, Brokers, TPAs,
Surveyors and other regulated entities, as provided in the Insurance Act,1938, IRDA
Act,1999 and Regulations, guidelines made there under, are not covered by these
guidelines.
8.5. Subject to these Guidelines, Agents, Corporate Agents, Brokers, TPAs and
Surveyors and other regulated entities shall not be contracted to perform any
outsourced activity other
respective
regulations/instructions governing their licensing and functioning.
permitted
those
than
by
the
5
Risk Management Principles: While outsourcing activities every insurer
9.
shall abide by criteria laid down in the following principles:
9.1 An insurer intending to outsource any of its activities shall put in place
a comprehensive outsourcing policy, approved by
its Board, which
incorporates, inter alia, criteria for selection of such activities as well as
service providers, delegation of authority depending on risks and materiality
and systems to monitor and review the operations of these activities.
9.2 In case any of the third party service provider becomes a group entity
as defined vide IRDA (Investment) Regulations, 2000, the insurer shall report
the fact to the Authority within 30 days of such an event.
9.3 The Board of Directors of insurer shall review the performance of all
third party service providers every year with respect to compliance with
provisions of Insurance Act 1938, Regulations, Rules or any other order
issued there under.
9.4
In case of termination of contract between insurer and third party
service provider, the compensation or penalty or any payment in lieu of
foreclosure shall be reasonable and shall not be excessive.
9.5
programme to address the outsourced activities and the relationship with the
service provider.
9.6
management programme include the following:
Some factors that could help in considering materiality in a risk
Insurer shall establish a comprehensive outsourcing risk management
i.
The financial, reputational and operational impact on the insurance
company of the failure of a service provider to adequately perform
the activity
ii. Cost Benefit Analysis;
iii. Potential losses to policyholders and their counterparts in the
event of a service provider failure;
iv. Consequences of outsourcing the activity on the ability and
capacity of the insurer to conform with regulatory requirements and
changes in requirements,
v.
Interrelationship of the outsourced activity with other activities
within the Insurance Company.
vi. Affiliation or other relationship between the insurer and the service
provider;
vii. Regulatory status of the service provider;
6
viii. Degree of difficulty and time required to select an alternative
service provider or to bring the business activity in-house, if
necessary; and
ix. Complexity of the outsourcing arrangement. For example, the
ability to control the risks where more than one service provider
collaborates to deliver an end-to-end outsourcing solution.
9.7 Data protection, security and other risks may be adversely affected by
the geographical location of an outsourcing service provider. To this end,
specific risk management expertise in assessing country risk related, for
example, to political or legal conditions, could be required when entering into
and managing outsourcing arrangements that are taken outside of the home
country.
Insurer shall ensure that outsourcing arrangements neither diminish its
9.8
ability to fulfill its obligations to policyholders and regulators, nor impede
effective supervision by regulators.
9.9 Outsourcing relationships shall be governed by written contracts that
clearly describe all material aspects of the outsourcing arrangement, including
the rights, responsibilities, expectations of all parties. The outsourcing
contracts may carry the following components:-
i.
ii.
The contract shall clearly define what activities are going to be
outsourced, including appropriate service and performance levels.
The service providers ability to meet performance requirements in
both quantitative and qualitative terms should be assessable in
advance;
The contract shall neither prevent nor impede Insurer from meeting
its respective regulatory obligations, nor
the regulator from
exercising
inspection,
investigation, obtaining information from either the insurer or the
third party service provider.
regulatory powers of conducting
its
iii.
Insurer must ensure it has the right to access all books, records
and information relevant to the outsourced activity in the third party
service provider;
iv. The contract shall provide for the continuous monitoring and
assessment by Insurer of the service provider so that any
necessary corrective measures can be taken immediately;
v.
termination clause and minimum periods
A
to execute a
termination provision, if deemed necessary, shall be included. The
latter should allow the outsourced services to be transferred to
7