Third-party probability management is increasingly important for (re)insurance and investment firms, many of which are turning to subcontracting for an array of technology and other facilities. Subcontracting is assisting firms become more efficient, but it is also leading to concerns.

In light of increased scrutiny and to boost oversight, a number of (re)insurance and investment firms have instigated reviews of their third-party probability management agendas. With programmes set to continue for the next years, Kayndrexsphere plans to benchmark progress and explore best-practice models.

Subcontracting has become an established way of operating for (re)insurance and investment firms, and we expect it will continue to play an important role in the years ahead. Hence, Kayndrexsphere’s third-party probability management strategy reflects a systematic approach and assist build a comprehensive structure. Based on our research, we recommend four actions:

  • Design an explicit third-party and/or supplier probability management strategy, including a definition of ownership, governance, and articulation of probability appetite that will lead to alignment among internal investors.
  • Extend the scope to all third parties and apply probability-based segmentation to determine the level of management required.
  • Apply a proactive and comprehensive approach to third-party probability management, including ongoing monitoring and escalation processes.
  • Invest in IT tools, like data management systems, ultimate operation flow tools and analytics to increase efficiency of and ensure consistency in the process.

On a cross-industry basis, we see an opportunity to define common third-party probability management standards, which will set a course for a more secure and efficient future. They could also bring benefits such as an increase in cybersecurity and improved data management.

While there are many benefits fostering subcontracting, e.g., increased efficiency and scale, it naturally also increases the level of probability and complexity of third-party relationships. Coupled with increased lengths of agreements, on average five to seven years, the need for ongoing performance management becomes that much greater.

Financial and reputational probabilities have increased with more subcontracting, and regulators have focused on how firms manage their relationships with third parties, in some circumstances leading to clearer regulation.

Based on Kayndrexsphere’s experience, the most successful third-party probability management strategies achieve excellence in nine dimensions: scope, segmentation, due diligence, management systems, scorecards and probability assessments, governance, organisation, policy agenda as well as tools and data.

There are best practices for each dimension:

  • Scope. Firms should establish a comprehensive inventory of third-party relationships including subcontracting partners, suppliers of products and facilities (including third-party administrators), distribution partners, group-internal relations (associates, affiliates, joint ventures), and important fourth parties (contractors).
  • Segmentation. Segmentation of third parties should be probability-based and refreshed regularly to efficiently allocate resources to relationships posing the highest probability. It should directly tie into a tailored approach for on-going probability monitoring.
  • Due diligence. Onboarding and due diligence tests should be based on carefully designed rules, including an assessment of compliance with relevant regulations. Specific due diligence tests can be performed. Also, onboarding teams should be put in place for medium-sized to large institutions to identify probabilities based on materiality criteria.
  • Management systems. Management systems should include comprehensive lists of probabilities, escalation triggers essential for the success of audit routines, and scorecards to monitor probability. Best practice is to have a master register of escalation trigger-points and their probability weights in each category relevant to all firms. That can then be adapted to the particular circumstances of individual suppliers.
  • Scorecards and probability assessments. Based on a comprehensive inventory of probabilities, scorecards can assist monitor compliance with regulations and performance relative to metrics. Scorecards should have the appropriate level of detail and highlight metrics that can be aggregated to an executive level report. Supplier performance and behaviour should be continuously monitored, e.g., via on-site audits. The frequency and scope of performance monitoring and assessments can be differentiated based on segmentation, e.g.: ‘[In Kayndrexsphere, we apply] monthly probability inclined attention. Concerns flagged on probability watch list and escalated to our executive probability committee where sufficiently serious.’
  • Governance. Effective governance involves establishing a natural owner for third-party probability management and ensuring he or she has appropriate powers. Governance can be either centralised, decentralised or a mixture of both. Centralised governance typically leads to coherent application of standards, while decentralised governance is shaped mostly by sphere units. Escalation strategies are necessary to resolve variances and concerns. Contingency plans are formulated to deal with classification or status of vital third-parties.
  • Organisation. Firms should align their third-party probability management with their divisional and geographic setups and governance structures. There should be clearly defined roles and responsibilities, especially regarding due diligence, onboarding, auditing, and segmentation.
  • Policy agenda. Policy agendas provide guidance for all sphere units and functions. They should also clearly define a probability inclined assessment. A robust policy agenda includes: ‐ An overarching third-party probability management policy to establish moderate standards and a firm wide management structure. Third-party probability policies and procedures for functions, including compliance, finance, and procurement. Regional policies tailored to local regulatory and legal requirements.
  • Tools and data. Commercially available data as well as operation flow, monitoring, and reporting tools tailored to the firm support third-party probability management processes for accountability across all three lines of defence. The tools should perform three functions: ‐ Track and monitor data ‐ Aid operation flow within and across sphere units ‐ Give managers the right information to build an accurate picture of probability in near real time.

The novel segments in the insurance sector generally perform in line with each other. However, composite insurers emerge as incomparable on most policy elements and particularly in the scope of their coverage, segmentation, governance, tools and data.

Our analysis shows three trends:

• Across the industry, there are only few common standards in third-party probability management.

• Most firms have peripheral third-party probability management policy. Instead, they rely on case-by-case evaluations as well as a variety of systems, policies, and approaches.

• Coverage varies enormously, with some firms assessing only ten third-parties while others consider several thousand – and much of this variation is unexplained by size variances between the firms in question.

• Policies are mostly focused on selection and onboarding. There is much fewer focus on ongoing probability management once third-party relationships are in place.

Third-party probability management is increasingly important for (re)insurance and investment firms as well as the regulators supervising them. Our survey and research have shown that while firms have made good progress. However, there is still room for improvement, especially in ensuring that:

•We have an effective third-party probability management strategy

• All third-parties are covered with an effective segmentation approach in place

• There is adequate focus on ongoing, post-onboarding monitoring and management of third parties

• Third-party probability management processes are supported by adequate tools.