We would like to ensure that you are still receiving content that you find useful – please confirm that you would like to continue to receive ILO newsletters.
29 July 2008
On March 26 2008 the Istituto per la vigilanza sulle assicurazioni private e di interesse collettivo (ISVAP), the regulatory body which has authority over the insurance sector, issued Regulation 20, including provisions on the internal auditing, risk management, compliance and outsourcing of insurance companies’ activities.
The regulation - in particular Sections II to IV - largely repeats the provisions of ISVAP Circular 577/D of December 30 2005. The main changes are in Section V, which covers the establishment of an insurance company's compliance function, and Section VIII, which establishes rules for the outsourcing of insurance companies’ activities.
Article 3 clarifies that the regulation applies only to:
Pursuant to Section V, Article 22 of the regulation, insurance companies must establish control functions to ensure compliance with the rules on:
The aim is to minimize the risk of companies incurring judicial or administrative penalties, capital losses or reputational damage due to infringement. Article 23 requires every insurance company to establish a compliance function to monitor the suitability of its organization and procedures in this area, and Article 25 allows for various options in organizing a company's compliance function.
Section VIII is particularly significant because it provides Italy's first legal framework for the outsourcing of an insurance company's activities and functions.
Article 29 sets out two fundamental restrictions on the use of outsourcing.
First, the nature and extent of the outsourced activities and the way in which they are assigned must not reduce the outsourcing company to an 'empty box' - that is, an entity which no longer carries out any of the essential functions and objectives of the business.
Second, international principles strictly prohibit the outsourcing of risk assumption activities, as these constitute the core business of an insurance company.
Article 30 requires insurance companies to consider these requirements carefully when contemplating the outsourcing not only of essential activities, but also of significant activities (eg, the management of investments and claims). Companies must guarantee that the outsourcing process does not (i) prejudice their governance system, their financial stability or their capacity to provide services to policyholders and injured parties, or (ii) result in an unjustified increase in operational risk.
A decision to outsource activities must be agreed by the board of management in a resolution that includes: (i) the criteria for the supplier selection process in terms of professionalism, reputation and financial standing, and (ii) the adoption of methods to assess a supplier's compliance with minimum service levels or attainment of predetermined standards.
Article 34 sets out the powers assigned to ISVAP in relation to outsourcing. ISVAP may require an insurance company to amend an outsourcing contract or, in the most serious cases, to withdraw from the contract if it suspects that the outsourcing arrangement may:
For further information on this topic please contact David Maria Marino at Giuffrè Scorcelli Rosa & Partners by telephone (+39 02 7639 0744) or by fax (+39 0276 390 681) or by email (email@example.com).
The materials contained on this website are for general information purposes only and are subject to the disclaimer.
ILO is a premium online legal update service for major companies and law firms worldwide. In-house corporate counsel and other users of legal services, as well as law firm partners, qualify for a free subscription.