MaGo – Insurance Outsourcing

Written by p400123 on 17. February 2022. Posted in Compliance News, Uncategorized.

MaGo – spin-off – terms

MaGo – Insurance Outsourcing- In this post, the term “spin-off” is used interchangeably with the term “outsourcing”, both terms are used synonymously in legal sources. Further outsourcing from one service provider to another service provider is referred to as sub-delegation. Pursuant to § 7 No. 2 VAG, a defining feature of the outsourcing is that the issued process or the issued service or activity would otherwise be provided by the company itself.

All typical insurance functions or activities that a company outsources are subject to specific outsourcing supervision by the supervisory authority. The general maladministration supervision by the supervisory authority also covers all other circumstances that could endanger the interests of insured persons. This also includes service relationships that are not typical of insurance and are therefore not subject to the outsourcing requirements. – Example: The operation of a canteen by an external service provider does not fall under the definition of outsourcing – because it is not a typical insurance activity – and therefore does not fall under the specific outsourcing control by the supervisory authority. If, however, hygienic deficiencies repeatedly lead to staff absences and jeopardize proper operations, this may constitute an instance of maladministration that entitles the supervisory authority to intervene.

MaGo – Insurance Outsourcing

The criteria for differentiating between outsourcing and other service relationships are, in addition to the content of the activity concerned, above all its scope and duration as well as the frequency with which the service provider is used. The terms cannot be quantified in general, but depend on how substantial the respective activity is for the specific company.

MaGo – Insurance Outsourcing

The more substantial or frequent a service or consultancy used by a third party is, the more likely it is that a spin-off has occurred. The thresholds for the assumption of permanence or frequency are to be set lower the more substantial the area concerned is for the company.
If a service provider is only used on a case-by-case basis for operational or consultative purposes, this does not generally constitute a spin-off. On the other hand, recurring use of the same service provider or frequent use of the same service provider for the same type of activity under a framework agreement with the service provider may be indicative of a spin-off. Conversely, constellations of circumstances are conceivable, albeit rare, in which typical insurance activities are outsourced and the criteria of duration or frequency of use of a service provider are also met, but the outsourced area is of completely secondary importance for the company. Such circumstances may justify the assessment that there is no outsourcing.

MaGo – Insurance Outsourcing

The agreement between an outsourcing company and a service provider required for an outsourcing is not bound to a specific form, a specific type of contract or a specific contract designation for the purpose of qualifying as an outsourcing agreement.

MaGo – Insurance Outsourcing

MaGo – Insurance Outsourcing- If you´re interested in this topic, the following seminars might be just right for you!

Certified Compliance Officer (S+P) course

Are you newly appointed as a compliance officer in a non-financial company? With the Certified Compliance Officer course, the S+P Entrepreneur Forum conducts training to become a certified Compliance Officer (S+P). This certified program offers well-founded training at the highest level with top-class speakers with practical experience – with maximum reference to entrepreneurial practice.

Your added value with the S+P certification program:

Our certification offer with a focus on your company:

Fast and direct implementation instructions from practice for practice
Modular structure of the certification
Flexible scheduling of the individual modular building blocks
The S+P Tool Box provides you with assistance for safe implementation in your own company practice
Sample guidelines, assessment tools and checklists guide you in putting what you have learned into practice.

Your practical implementation is our goal and with the certification offer we pave the way for you.

Book the Certified Compliance Officer (S+P) course. Convenient and easy with the online seminar form and product no. A 14.

IT Compliance Manager

Are you fit & proper as an IT compliance manager? With the New IT Compliance Manager course, participants learn the following technical skills:

Implementing IT compliance securely
IT governance: Risk analysis to determine the need for IT protection
Obligations in data protection : Actively control interfaces between compliance, information security, money laundering prevention and data protection

Book the New IT Compliance Manager course conveniently and easily with the online seminar form and product no. A16.

MaGo – Insurance Outsourcing- Target group for the New IT Compliance Manager course

Board members and managing directors at banks, financial service providers, capital investment and fund companies, leasing and factoring companies
Executives and specialists from the areas of information security management, outsourcing controlling, risk controlling, compliance, data protection and internal auditing

MaGo – Insurance Outsourcing- Your advantage over the New IT Compliance Manager course

Each participant receives the following S+P products with the seminar:

+ Organization manual for the information security guideline (approx. 30 pages)

+ S+P Tool Risk Assessment: Determination of IT protection requirements

+ S+P Check: User authorization management

+ S+P organization handbook data protection management (approx. 40 pages)

+ S+P Check: data protection, IT security and cyber risks

Program for the New IT Compliance Manager course

Implementing IT compliance securely

You need to know these “red lines”: implement the minimum requirements from BAIT, VAIT, DIN EN ISO 2700x and BSI basic protection in an audit-proof manner
Which risks are “material”? Differentiation of terms from Section 25b KWG; § 26 ZAG and § 32VAG
Outsourcing or outsourcing? Correct evaluation of software and IT services
IT compliance at a glance: dovetailing of IT strategy, IT governance, information security and information risk management
AT 7: Audit focus on IT compliance : IT strategy, IT environment and IT organization in the focus of the new MaRisk, MaGO, KAMaRisk and BCBS 239

With the New IT Compliance Manager course, participants receive the S+P Tool Box:

+ S+P Test: Is the IT system compliant?

+ Organization manual for the information security guideline (approx. 30 pages)

+ S+P Check: Systemprüfung zum IT-System

IT governance: Risk analysis to determine the need for IT protection

Risk analysis in information management
Implementation of the qualitatively tightened IT risk analysis based on uniform scoring criteria
Assessment of the need for protection with a view to integrity, availability, confidentiality and authenticity
New BaFin requirements for cloud computing: strategy, risk analysis and materiality assessment
Information security management: Creation of the catalog of target measures and derivation of risk-reducing measures

With the New IT Compliance Manager course, participants receive the S+P Tool Box:

+ S+P Tool Risk Assessment: IT protection requirements with scoring and risk-oriented derivation of the catalog of target measures

Obligations in data protection: Actively control interfaces between compliance, information security, money laundering prevention and data protection

Modules of an effective data protection system: Interface management to
- Processing directory Art. 30 EU-DSGVO
- Data protection impact assessment Art. 35 EU-DSGVO
- Deletion concept Art. 17 EU-DSGVO and DIN standard 66398
Safe handling of self-developed IT applications, access rights, IT approvals and changes in the IT system
Efficient communication to outsourcing, data protection, money laundering and information security officers
Compliance control plan – The most important monitoring and control actions
Compliance requirements for control and reporting obligations in the IT area

Each participant receives the S+P Tool Box with the New IT Compliance Manager course:

+ Checklist: data protection for practitioners in accordance with the new GDPR

+ Checklist: Monitoring and documentation of control actions

+ Job description for information security officer

In addition to the New IT Compliance Manager course, the participants were also interested in the following seminars:

Compliance management in the company

Compliance Update 2019

Outsourcing in the focus of banking supervision

MaRisk 2017 – risk-bearing capacity – SREP – ICAAP

MaRisk 6.0 – new requirements for risk management

Risk management and internal control system

Compliance and risk management for entrepreneurs

Quality management course with certification

Data protection – duties for directors and compliance

MaGo – Insurance Outsourcing

Name	Borlabs Cookie
Provider	Eigentümer dieser Website, Imprint
Purpose	Speichert die Einstellungen der Besucher, die in der Cookie Box von Borlabs Cookie ausgewählt wurden.
Cookie Name	borlabs-cookie
Cookie Expiry	1 Jahr

Name	phpSession-Cookie
Provider	Eigentümer dieser Website
Purpose	Um einem Benutzer während der Nutzung zusammengehörige Anfragen zuordnen zu können.
Privacy Policy	https://sp-unternehmerforum.de/datenschutz-sp-recht/
Host(s)	sp-unternehmerforum.de
Cookie Name	PHPSESSID
Cookie Expiry	1 Jahr