The UK Financial Conduct Authority (FCA) announced on July 8 that the guidelines issued by the European Insurance and Occupational Pension Authority (EIOPA) on outsourcing to cloud service providers are not applicable to regulated activities (in this instance, insurance and reinsurance undertakings) within the UK jurisdiction.

In its statement, the FCA noted that this is due to the fact that the EIOPA guidelines will enter into force on January 1, 2021, which is after the end of the EU withdrawal transition period. The FCA also confirmed that it will continue to apply its own guidance on firms engaging in cloud and other third-party IT outsourcing in the United Kingdom (FG16/5). FG16/5 has been in force since 2016 and was last updated in September 2019. This guidance is continually under review by the FCA, and the FCA has noted that, where appropriate, it will consult to update this guidance to ensure that it is consistent with the relevant international standards.

The FCA’s announcement creates some interesting challenges for the UK and European regulatory framework. In the United Kingdom, the European Banking Authority’s (EBA’s) guidance on outsourcing, published in February 2019, will continue to apply to banks and other institutions.

The EIOPA guidelines are largely aligned with the EBA guidance, the intention being that at an EU-wide level, the regime for insurers would not differ materially from that for banks. It may be that while the EIOPA guidelines will not be formally adopted by the FCA, perhaps the regulator’s approach will in practice be to implement rules and guidelines for insurers that are similar to the EBA guidance and indeed the EIOPA guidelines. Also following the lead of the EBA and EIOPA, the European Securities and Markets Authority published its draft guidelines on outsourcing to cloud service providers on June 3.

Read more @Lexology