In a speech published this week on insurance risk management, the PRA reaffirmed that it is planning to issue a new supervisory statement on outsourcing in October. Charlotte Gerken noted that “The supervisory statement is intended to provide a one-stop source of reference on outsourcing and third-party risk management, bringing together previously issued guidance. It also sets out additional guidance on business continuity and exit strategies.”  

The PRA made this commitment in June of this year to publish a modernised policy framework on outsourcing arrangements for all firms in its response to the van Steenis review on the Future of Finance.Q4 is set to be a very busy time for insurers then in relation to their operational arrangements as we are also awaiting the outcome of the joint regulators’ paper on Operational Resilience later this year.  

This is another example of the UK regulators fast-forwarding the agenda and aligning the regulatory frameworks between banking, insurance, asset management etc. Contrast EIOPA, who is currently consulting on the more specific topic of outsourcing to the cloud and has just recently published its  current thinking on cyber resilience. It will be interesting to see how the PRA and EIOPA positions on outsourcing and operational resilience are aligned.