QBE is committed to managing any risks associated with outsourcing through appropriate systems and controls and remains responsible for any outsourced business activity, including ensuring compliance with regulatory requirements. QBE will only undertake outsourcing where it supports QBE’s strategic objectives and business plans and does not significantly increase our risk exposure and ensures QBE remains in line with the relevant Group risk appetite. The Policy outlines the approach to the management of outsourcing risk in QBE and is a key document supporting QBE’s Risk Management Strategy.
Whilst the Group Outsourcing Policy (“Policy”) focuses on the Australian Prudential Regulation Authority (“APRA”) outsourcing requirements, QBE divisions are also expected to adhere to any applicable local regulatory requirements in addition to the APRA obligations.
The Policy covers all outsourcing and/or offshoring arrangements including those involving Cloud Solutions. There are specific business activities that are excluded from the scope of this Policy:
- Any business activities outsourced to Lloyd’s of London or their related entities as required by participation in the Lloyd’s market.
- Certain business activities undertaken by Group Head Office on behalf of the divisions.
- Contractor relationships, that meet the criteria set out in the Policy.
All proposed outsourcing and/or offshored arrangements must be assessed for materiality using the criteria set out in the Policy. Material outsourcing arrangements must be reported to Group Compliance and only need to be reported to APRA if they exceed the reporting thresholds set out in the Policy.
The Policy is compliant with APRA Combined Prudential Standard 231 Outsourcing and the Information Paper: Outsourcing involving Cloud Computing Services and other published APRA requirements on Outsourcing.