Global Reinsurance, played host to a recent roundtable in London, where outsourcing was the topic of debate. A lively discussion ensued.

The participants were:

  • Alasdair Gillies, Elborne Mitchell

  • Elvin Patrick, Cathedral

  • Simon Ashby, Financial Services Authority

  • Robin McCoy, Capita London Market Services

  • Kevin Curtis, Room Solutions
  • Sarah Goddard: Good morning. I'm the editor of Global Reinsurance. Thank you all for joining us today. Before we start, perhaps everybody could introduce themselves.

    Alasdair Gillies: I'm a solicitor and the managing partner of Elborne Mitchell, which has been in the insurance industry for some 30-odd years. We are insurance lawyers and that's pretty much all we do - I'd like to say pure and simple, but it's neither pure nor simple.

    Elvin Patrick: I'm the chairman of a small reinsurance specialist operation in Lloyd's called Cathedral. I'm an ex-underwriter, ex-tearaway but now a totally respectable senior citizen.

    Simon Ashby: I'm currently a policy advisor at the Financial Services Authority (FSA). I was responsible for writing our future policy on outsourcing and also, more generally, our policy on operational risk systems and controls, and insurance risk systems and controls. Prior to working at the FSA, I worked at the University of Nottingham where I did an ABI sponsored PHD in risk management.

    Robin McCoy: I'm the managing director of Capita London Market Services, which, as the name suggests, is the London market arm of the Capita Group plc, the FTSE-100 outsourcing specialist. Within the London market, we provide services both to Lloyd's syndicates and to London market companies. We provide outsourcing for live operations and also - a sign of the times - a lot of run-off management to discontinued syndicates and companies.

    Kevin Curtis: I'm the director of Room Solutions. Room is the pre-eminent supplier of business and technology solutions to the Lloyd's marketplace and, increasingly, moving towards a wider London and international market.

    Sarah Goddard: Thank you. What I would like to do over the course of the day is have an open and frank discussion about where you see outsourcing being now, where you see it leading, the problems, the pitfalls, and the solutions it can provide. So, I think it's best to start with you, Robin, since you're the expert on it. What is outsourcing?

    Robin McCoy: I had a sneaky suspicion I might get asked this. Looking at a very crude definition, I think it's the provision by a third party of services, which an organisation either has or can form itself. That's a pretty standard or crude definition.

    Sarah Goddard: But why do you think organisations would prefer to go down an outsourcing route?

    Robin McCoy: Again, looking at it in very simple terms, we test an outsourcing proposition against some very simple standards. If it doesn't reach one of those, it doesn't tackle all its objectives and it's not an outsourcing solution in my view. The four tests we would apply are: is it going to remove indestructible barriers to entry and exit for a business? Is it going to reduce the running costs of a business? Is it going to allow management to focus on core activities - by which I mean, very simply, underwriting. And is it going to give the company or the syndicate access to a level of expertise it doesn't have in- house or can't afford to buy in-house? If something doesn't meet one of those four tests, then it's not a terribly effective outsourcing solution. Certainly, we wouldn't be out there promoting it.

    Sarah Goddard: Elvin, as somebody who has a fairly new agency within the Lloyd's environment, do you utilise outsourcing?

    Elvin Patrick: Oh yes. On the IT side we do a bit of both: we have a basic outsourced IT platform but we turbocharge it ourselves. Clearly there is a grey area between professional services - we wouldn't have our own actuary, for example. There is a second reason for outsourcing actuarial: in theory, it's more credible if it's an outside professional than if it's someone you pay yourself, since the purpose of the actuarial review is to test the management's own attempts to arrive at a realistic set of numbers. We probably ought to outsource personnel stuff. We don't.

    Sarah Goddard: Why don't you and why should you?

    Elvin Patrick: We generally don't think we need to. I would probably take a slightly more proactive view of what we should be doing on personnel, but of course it's like advertising: it's a cost that's not critically core. Where there's a bigger need for outsourcing is always on training and development.

    Any relatively small entity which engages in what it thinks is, or alleges to be, professional practices does not have the internal resource to do proper training and development. But it's not in terms of structure and what it should be or what it should look like, it's in terms of gearing, or organising, and ensuring it is done by the best people.

    Sarah Goddard: But how do you make the decision as to which parts are outsourced and which aren't? We have seen so many new entrants where they are basically underwriting entities and everything else within the organisation is done by a third party.

    Elvin Patrick: I think that's a matter of temperament. For example, many years ago I was in the computer industry, I used to work for ICL. Even then, there was the argument about outsourcing your IT function and that argument still stands. And it all has to do with resourcing and capability. I think that a major issue is capability. Outsourcing is a necessity if you want the best capability, particularly on technical stuff. The problem with outsourcing is very simple: you lose control.

    Kevin Curtis: Is this always true? Because in my mind, one of the benefits of outsourcing is that you actually get control of competencies that you don't have.

    Elvin Patrick: I can see your argument. But if I wanted to be awkward about this, the fact is that if I outsourced something to you and you were good at it, then I would be lucky. The fact is, I'm handing control of it over to you, and the only control I've got is sacking you.

    Kevin Curtis: And necessarily the contract would be prejudiced against that.

    Elvin Patrick: Yes, but it's pretty awkward if you're charging down a major development avenue - either on technology or on training and development - and you run into a headbanging session with your outsourcing provider. That, to me, can cause colossal difficulties.

    Robin McCoy: I think it's largely to do with the structure of a particular outsourcing deal. Being slightly perverse, when I present on outsourcing, the first thing I talk about is why outsourcing doesn't work. I think the very first thing we always hit on is lack of control. From my view of an outsourcing arrangement, the first thing you should be talking to your customer about is how the thing ends. It's a slightly perverse way of looking at it, but we say that outsourcing arrangements are on a turn-key basis where it's always known that the goal is that we are going to run it for one, two, three or four years - while the infrastructure is built and as the business is building. At the very forefront of our minds is to see how the thing goes. It's as true for a relationship which you think will be ongoing - it's just like having a prenuptial agreement within a marriage. I think you need to know how you get out of this thing before you get into it. Otherwise, I think you're going into an outsourcing arrangement pretty blind. And I think that's one of the key reasons why outsourcing can fail.

    Kevin Curtis: I think it's also a boundary between the outsourcer and the outsourcing company - people perceive it as being a very fixed boundary.

    Simon Ashby: The FSA believes that control risk is probably the major issue in terms of outsourcing. But that's not to say that you can't manage that risk - that's the key thing. If you are entering outsourcing for the right reasons and if you're managing your outsourcing arrangements properly, then of course the level of risk that you face should go down - particularly the level of operational risk - because you've got somebody there providing a particular service that they are an expert in doing, that they do for a lot of people, in large volumes.

    Elvin Patrick: You're tapping into a resource that you don't have yourself.

    Simon Ashby: Exactly, you have got to manage that.

    Robin McCoy: We are currently negotiating a very large outsourcing arrangement for a fairly political organisation. And while we are building a relationship and have a great time working together, the one thing we have already defined is the data structure of their data when we hand it back and the cost of us handing back that data. While we will be doing some forecasts about the long-term working relationship, we have already tightly defined the exit point and the costs associated with it. So they are very much managing the situation. If for whatever reason the relationship doesn't work, if we can't achieve what they want us to do, if they sense there's a lack of control, or anything else of that nature, it's a very straightforward mechanism: there's your data back, in an industry standard format.

    Elvin Patrick: But you need that protection yourselves as well, because it's entirely possible that the management of the client will alter either because they are acquired or because the guy who you are close to gets the sack. You're talking as if it's the client that needs all the protection.

    Robin McCoy: We have built unilateral protection ourselves. As you say, they might change their management. We've seen this before where one team of management will embrace outsourcing as a concept, and then a new team insists on insourcing absolutely everything. These are all `cool managers' who want to do it all themselves and they cancel all the outsourcing contracts. Clearly we are not a charity. We're looking at protecting ourselves in terms of the main operations, as opposed to what the costs are. The client is clearly protected as they can have all their data back in a format that will allow them to use a different system or outsourcer. There you go, you've agreed the price already - we haven't even started work but we've already agreed the price for getting out.

    Simon Ashby: There is a human issue as well. For example, say we have a company which has outsourced a particular activity that it previously did in-house. It's quite likely that the staff doing that service in-house will actually go to work for the outsource service provider. As a matter of law, there is the TUPE (Transfer of Undertakings (Protection of Employment)). But at the end of the contract, what arrangements are there perhaps to transfer the staff back into the original firm? If there aren't any, the firm has then lost those staff and therefore it's lost the capability of doing it in-house and then it's in trouble.

    Robin McCoy: I would look for legal help here. Let's say that we are performing reinsurance management for a customer, and the customer decides that they want it back. Again, there's a matter of law.

    Alasdair Gillies: Back or elsewhere?

    Robin McCoy: If it's elsewhere, the expertise must exist or you wouldn't move it elsewhere. If it's back, then the staff will transfer back and TUPE will apply.

    Alasdair Gillies: That doesn't necessarily follow. `No', is the simplistic answer even to that question. Let's take it entirely out of context and look at security. Suppose you sack Company A and hire Company B. There might be an issue that you want the staff that Company A had on the site to remain on the site but now in the employment of Company B. Alternatively you might not want them but you might be stuck with them. It can't actually answer those questions just at the moment because there's a clutch of cases kicking through the system, with at least one of them on its way to the European Court of Justice, in Strasbourg, and a couple on their way to the House of Lords. There's another one, which is highly bizarre, involving the Ministry of Defence, which wanted to bring the security function back in-house, largely because it wanted soldiers to do it, complete with guns. Unsurprisingly, private security organisations are not allowed to be armed. You would think there was a massive distinction but there is a fine argument going on about it. The answer is not simple.

    Robin McCoy: A more general comment: if the client is seeking protection, get it in the contract - whether that applies to termination clauses or service levels or performance penalties. That's very much the way outsourcing is moving in this market: strong penal arrangements for non-performance. I think there are a number of clear concerns in terms of outsourcing, but there are pretty clear ways of addressing them, and most of them can be contained in a properly structured contract. I think the secret is to be very open about the threats and concerns from day one, rather than get to the end of the game.

    Alasdair Gillies: Quite apart from the legalities of it, you're absolutely right to take the approach of, `let's talk about what happens if it goes wrong or it doesn't go wrong and it just comes to an end because it's reached its natural conclusion'. If you talk about what will happen and what the consequences will be at that time, and if you reach a commercial agreement about it, translating it into legal words is relatively straightforward, because at least the parties know where they stand. Accepting Elvin's point about change of control, change of management, or the boss getting sacked or whatever, the parties have at least discussed that, and it's worth a million pages of legal agreement.

    Robin McCoy: If you're not clear on day, one what it is that you're trying to achieve, then, frankly, it's not an arrangement worth starting.

    Elvin Patrick: You have two things there. One: I would say that more than half the managers haven't got a clue what they want, even out of their own businesses. Secondly, there's a particular risk in IT where you find that your business develops in an unexpected way or where you arrive at a point where you need extra data or analysis: you find the basic system that you bought from somebody else can't cope with the complexity of the analysis that you want out of it.

    Simon Ashby: I think you're drawing on a key point. Clearly, the contract is important and having a good contract is vital. Particularly, having a good exit strategy written into that contract. However, you also have to have that on-going relationship with your service provider.

    Kevin Curtis: Absolutely. It appears to me that what has come out of this conversation is that we are talking about outsourcing as if it was like going to a supermarket and buying a tin of beans. I don't believe it's anything like that at all.

    Elvin Patrick: That's how we want it to be.

    Kevin Curtis: I think it's about the boundary between the two organisations. Earlier on we said that one of the measures of doing this was having access to competency, and you can't have access to competency if it's a hands-off arrangement. I see outsourcing as getting the outsourcer to sit with you while you try to determine how they need to react to your strategy. You don't see that much of that.

    Simon Ashby: Exactly. It may even be that the employees of the outsource service provider will work in your own organisation. And your employees will work hand-in-hand with theirs. You will work out the problems and your strategy will change and, of course, they will change in order to enable you to meet your goals. These are the kinds of things you can't easily write into a contract.

    Kevin Curtis: I think one of the great enablers is to actually sit down; go through a business process and say: `Why do you want to outsource a particular part of the process or the entire process? What's your expectation about the outcome of this? Who's responsible for updating the currency conversion tables? When should that be done? Does it match your current process?'

    Robin McCoy: I think the closer you get to the underwriting end of outsourcing, the more clarity you need. We do a lot of aggregate modeling and risk entry, and you need a clear definition as to what point the underwriter stops being responsible for that process. And what point the outsourcer starts doing the work.

    Simon Ashby: That's another good point - the nature of service that's being outsourced. If you were outsourcing your catering, then clearly the controls that you would need for that would be somewhat less than if you were outsourcing your underwriting, which is clearly a core function. That's not to say that organisations might not outsource aspects of their core functions like underwriting. Clearly, depending on the activity that you outsource, you need different levels of systems and controls.

    Robin McCoy: I think you're absolutely right. It's about understanding the risk. To use your example of catering, if we provided catering - which we don't - the harm we could inflict on a business would be pretty limited: a bit of food poisoning, disgruntled staff, perhaps.

    Simon Ashby: But that depends on who gets the food poisoning.

    Robin McCoy: Absolutely, but if we get aggregate modeling wrong we expose our clients to substantial underwriting risks. The higher the risk, the greater the clarity of definition of service.

    Sarah Goddard: What does happen if you do get the aggregate modeling wrong?

    Robin McCoy: Potentially - and Elvin will express this better than I can - you will have customers buying the wrong level of reinsurance, carrying risks which are outside their business plan and exposing their capital to losses which they might not have thought they were exposed to.

    Sarah Goddard: But then if a loss did turn up, and the modeling was wrong, what responsibility would Capita have for the fact that it misadvised?

    Robin McCoy: Well again, it's a contractual matter. Be very clear about liability, and limit liability.

    Alasdair Gillies: Actually, to use your catering example, it highlights, in a way, the regulatory problem. There is a thing called the Food Act 1994 which has in it responsibility for failure to comply with provision of hygienic standards and proper catering facilities, and that liability can be visited on individuals who are directors and officers of that company as well as the company itself. Interesting question: what happens to, an organisation has outsourced its catering? `Who carries the can?' is the question you're posing. What about in the insurance situation? The answer, I think, is going to be that both the outsourcer and the client company are going to carry the can. Both of them will find themselves in the fray, but who actually bears the liability that flows from that is going to be a contractual thing.

    Simon Ashby: From the FSA's point of view, it is the authorised firm that is responsible. To a firm that may not be authorised, then we, the FSA, still hold you responsible - you, the firm doing the outsourcing - and it's the senior management that we hold responsible. This is outlined in one of our high-level source books, Senior Management Arrangements, Systems and Controls. We state there that when you outsource something you cannot outsource your responsibility for that activity, you remain responsible for it. As far as we are concerned it's quite clear.

    Alasdair Gillies: Are you going to get to the point where you can only get outsourcing from an authorised firm?

    Simon Ashby: It's not something that we have discussed at this point, and we certainly could not say that at this point. At the current time we have no plans to do that. However, if there were issues with unauthorised firms that were providing services, and those services were not up to standard, then clearly we would have to consider how we were going to address that. One option would be to regulate the outsource service providers directly, as they do in the US, but that's not something that we have any plans to do at this point in time. As I say, as far as we are concerned, it is the authorised firms' responsibility. If you have permission to undertake a particular activity then it's your responsibility to ensure that all the processes that go into completing that activity are done appropriately and in accordance with our rules and our guidance.

    Robin McCoy: Albeit that there is some regulation in the Lloyd's market about outsourcing. Particularly in the

    run-off arena.

    Simon Ashby: Lloyd's at the current time is a different animal in that we have a separate source book for it. However, as you know, in CP140 [Consultation paper 140, The Interim Prudential Sourcebooks for Insurers and Friendly Societies and the Lloyd's Sourcebook: Guidance on Systems and Controls] we are looking at Lloyd's and how we are going to regulate Lloyd's, and it's quite possible that Lloyd's will fall under our integrated prudential source book. I should also say that the policy that we are going to be bringing out in 2004, which is going to be in the `Senior Management Arrangements, Systems and Controls' source book, applies to all firms and that includes Lloyd's firms, so the policy on outsourcing will apply to Lloyd's firms from 2004.

    Robin McCoy: I take a simplistic view of this, based purely on risk, that if a board of directors is fit and proper to underwrite x billion dollars of exposure around the world, I would have thought that whoever regulated them to do that would also recognise that they were fit and proper to outsource their IT to a competent IT provider, to outsource their catering, and so on.

    Simon Ashby: Let's remind ourselves of the FSA statutory duties in this. As you know, under the Financial Services and Markets Act, we have the power to make rules and guidance. However, whenever we do that we have to conduct a cost benefit analysis - we have to consider the impact of what we do, on firms. Now, I stress that we have no current plans to regulate outsource service providers. What we do expect is that the firm retains responsibility. If you as a firm have been authorised, we have approved you. You then decide you want to outsource a particular activity. That's fine. However, we still expect you to follow the guidance that deals with that. Now, guidance is not quite the same as a rule in that if we say something in a rule, then you must do it. Guidance is something that you should do or something you should consider, and the policy that we are proposing on outsourcing is all guidance. How you interpret that guidance will depend on the situation that is presented. So if you are outsourcing your catering, then the level of systems and controls that you would expect would be less than if you were outsourcing some vital activity that was crucial to you continuing in business. We say it is a responsibility of management in a firm to interpret guidance. We are giving you an aide memoir of issues to consider, if you like, and then it's for you to decide how you are going to manage them. Of course, we may or may not want to see what you have done. The action that we take and the interest that we take is risk based and will depend very much on who you are and the extent to which you represent a threat to our statutory objectives. So again, if you're outsourcing your catering, then we probably don't even need to be told about it. However, if you're going to outsource some crucial back office function, then we certainly do want to know about it and we will most certainly want to make sure that you are managing that properly. So, it's just for us to make sure that you're managing your outsourcing arrangements properly.

    Robin McCoy: I think primary responsibility lies with the manager, albeit if there is an environment of minimum standards that assists the processes. If it's only guidance, you need to consider the capitalisation of the outsourcer, you need to consider the growth of the outsourcer. Insurance is a risk business and I don't see how having the FSA stamp on it will allow management to walk away from making those decisions.

    Simon Ashby: It's for the firm to decide how much risk it wants to take. One firm may decide it wants to take a lot of risk and another firm may decide it doesn't want to take very much risk at all. That's fine and we don't dictate a maximum level of risk, but we do say, firstly, that you must understand the risks that you're taking. I think that's fundamental. If you don't understand the risks that you're taking then you're in trouble. And secondly, that you ensure that those risks remain acceptable. So if you are engaging in an activity with a potentially high risk outsource service provider, then yes, we clearly expect you to manage that risk and ensure that the level of risk is acceptable. Now, there are two issues there: what is acceptable to the firm itself and what is acceptable to the FSA. In many cases those two things will coincide. However, we have our statutory objectives of protecting consumers, maintaining market confidence, preventing financial crime and educating consumers, and clearly, sometimes we will be more concerned, perhaps, about market confidence than you. But in many cases those issues will coincide and yes, if we are concerned about a level of risk that a firm is taking then obviously we would have to consider that situation, and if we believe there was a breach of one of our rules then that of course would trigger enforcement action. But again, that would be a course against the firm that we have authorised, it would not be against the outsource service provider.

    Sarah Goddard: Out of interest, how does a smaller company, like yours Elvin, identify the best outsourcer to use? Do you do a due diligence? The vast majority of your people are focused on the core practice of underwriting - that's what your guys do. So how do you go about finding the best outsourcer and getting the best system.

    Elvin Patrick: The fact is that you operate out of prejudice. Our financial director has got a very clear idea, before he even starts, of who he trusts and who he wants to use, even down to choosing the auditors. People like us operate out of sheer prejudice.

    Sarah Goddard: Based on years of experience?

    Robin McCoy: It's a bit of a mixed bag. There are people who clearly have preferred suppliers, often built off the back of long-standing relationships. We see people using quite sophisticated scoring systems, that go all the way from market capitalisation down to number of skills in a particular area. It's pretty much, `horses for courses'.

    Elvin Patrick: A firm our size probably wouldn't engage in the formal process. We probably wouldn't bother as we know who we want to run the syndicate funds.

    Robin McCoy: Putting Elvin's operations to one side, the majority of the big participants in London are typically subsidiaries of substantial worldwide organisations which tend to have the infrastructure and the oversight to push down a more rigorous route. Some of the big American carriers, that have Lloyd's syndicates or insurance companies, do get teams in from the US to come and crawl all over the place and give the ticks in the right boxes. I think there are some fairly sophisticated levels of due diligence done.

    Sarah Goddard: What about the potential conflict of interest of putting parts of your business into an outsourcer that is also dealing with competing businesses? Are there any concerns around this?

    Robin McCoy: My view is, if you don't have potential conflict, you're probably not qualified to do the work in the first place. It's all about very clear recognition of what the conflicts are and protocols for resolutions.

    Elvin Patrick: The conflict is much more likely to be in terms of resource allocation rather than confidentiality. If you don't trust your outsourcer to achieve confidentiality you shouldn't be using them.

    Sarah Goddard: What happens, for example, if the management of your outsourcer changes? You have suddenly got a potentially different dynamic in that relationship half-way through a contract.

    Robin McCoy: Well contractually you would want change of control as a provision in your contract.

    Alasdair Gillies: Exactly. You would put change of control provisions in contracts for that sort of thing.

    Robin McCoy: We have seen contracts as detailed as, `This account will be run by X, and you can only replace X with our prior consent'. So if, for example, Elvin outsourced, it would probably be based on personal relationships, and you would have a contract that says the service will be provided by only certain people.

    Simon Ashby: That is exactly the kind of thing we would expect in the contract as well.

    Sarah Goddard: So, we're basically talking about best practice - making sure that everything is tied up, and dried and dusted before you are anywhere near the business.

    Robin McCoy: Yes, let's say we won a deal because people had a particular respect for my team in a particular area. I would expect them to say, `We will buy claims management off you in accident/health because we know you have the best accident/health team in the market. And that means we expect to see these people providing the service, and you only replace them with our prior consent.' We can't sell something based on a particular pitch and then just change our minds because it's more efficient for us and we'd make more money. It should be in the contract anyway, and there are reputational issues which could be hugely damaging. The one thing that still works very well in this market is the speed of information. This is such a small, physical marketplace and what we do, whether it's well or badly, travels extremely fast around the syndicates and the companies.

    Simon Ashby: That's the market working and I think that's the crucial thing. If the firms doing the outsourcing are sensible, rational consumers, if there are plenty of service providers out there and if information is freely available, then everything should work really

    quite well.

    Sarah Goddard: We have had new capital coming into London. In the past year or so particularly, there's been a fair influx. Have you seen what sort of models these organisations are using? Are they going much more with the core values and outsource?

    Robin McCoy: I think there's a change in sentiment. I think the new entrants are considering outsourcing and see no need to dismiss it. I think in the past they went straight into building permanent infrastructures but the new entrants have to think about how long they are going to be here for. I think everybody who has come in has at least considered outsourcing.

    Kevin Curtis: I think that's very true. I think a lot of new entrants see it as a very quick way of getting up and starting to use their capital. And it's an effective way of using the limited capital they're receiving.

    Sarah Goddard: From your point of view, as someone involved in the systems side, what could be a `start to finish' program for setting up a new London market operation at this point in time?

    Kevin Curtis: Most systems' implementation time is really concerned with moving from one supplier to another. `What do I do with my historical data? And how does that fit the format of the new system?' At the start-up, you have the fantastic advantage that you have no history, so you can go straight into it.

    Robin McCoy: I would say, subject to the FSA, if it was standard products, you could be up-and-running in six weeks.

    Sarah Goddard: A lot of the new entrants are part of larger organisation. Are they bringing, for example, the Bermuda feeling over to London, or are they effectively setting up as standalone operations?

    Kevin Curtis: I think that's a very interesting question in the sense that, I think that a lot of the larger organisations are acting almost as outsourcers to their own new start-ups. They are saying, `We have the capital in place, we already have an infrastructure and you can use that infrastructure to get you up and running'.

    Elvin Patrick: That's a control issue. Any central management operation that does not have absolute control of the data flows is asking for trouble. I think there is a control issue here and I would guess that a big central operation would say, `Off you go, get cracking, but you use our systems'.

    Kevin Curtis: There is more corporate capital coming in and the corporates are saying, `Actually we want a common business process, a bigger common platform to support that process'. So that's the driver.

    Robin McCoy: In terms of globalisation of the market, I think the days of the London market operation doing what it likes - with its parent being ignorant of what it's doing - are pretty much gone.

    We have done a lot of run-offs in the past, where the parent has been astounded as to what was written in London. They had no clue of the aggregation of risk they had, because the London market was considered quite clever and they had been told to get on with it. Those days are long since gone.

    Kevin Curtis: If I could just jump in here - I think that one of the beauties of outsourcing is that if you have a number of companies under an outsourcing umbrella, working in the same marketplace, what they actually benefit from is that the providers collectively will start to enhance their solutions significantly because there is a wider base for them to address. There's more commonality, and the companies will actually end up with a much better solution than if they decided not to outsource. The collective weight of those companies will help address questions like, `How do we provide aggregation?' `How do we do regulatory reviews?' and, `How do we monitor performance levels?'

    Elvin Patrick: I would add to that and say there is obviously a big benefit from that interplay between firms on development matters.

    Robin McCoy: The market has changed. If we step back in time slightly, the best example we had is when we processed one claim for 46 syndicates in one go. While it didn't reduce the costs that much for each syndicate, just the pure process was much cheaper for the market.

    Elvin Patrick: I was also going to say that the idea that outsourcing absolves the management from the job of managing the process is the wrong attitude. The way in which you manage your business, with outsourcers in place, should be every bit as active. But you're dealing with interface management as well, so you've still got a time-consuming management job to do. Your outsourcer doesn't take away 100% of the requirement time and capability, it simply alters the focus, alters the balance of what you should be doing. That's another place where outsourcing does go wrong, the management just says, `Fine - it's all been done', but you have to expect things to go wrong all the time.

    Sarah Goddard: This is where the FSA's consultation paper preventing management from hiding behind the outsourcing provider comes in.

    Simon Ashby: We already say that. We already have policy for adequate systems and controls, but we already say, in `Senior Management Arrangements, Systems and Controls', that it's your responsibility. All we are doing here is providing some further guidance.

    Elvin Patrick: Putting it in a simple form, if we outsource our IT and we don't have an IT person in the office, then we're in trouble. Because what we've done there is to make the interface unmanageable. The outsourcing interface needs to lock. You don't give away the means to have capability because you have outsourced the main function.

    Robin McCoy: We agree on this. Where we do a lot of aggregate work, it works best when a client has a dedicated aggregate manager. So, while all the work is being outsourced to us, there is someone within the client who understands what we're doing. What we don't want is a problem arriving two years after we've started, because they didn't pay attention to what we were doing, because they outsourced it. I think we're all in agreement that outsourcing is not about moving away from responsibility. If anything, outsourcing is giving the management the information and the resources to enable it to take that responsibility more fully.

    Sarah Goddard: The outsourcer can potentially become a centre of expertise for a certain sector of market experience. How much is that being used at the moment? Are there organisations which are seen as being the expert on XYZ?

    Robin McCoy: I think you can cut it either by product line or size. There are a limited number of big outsourcing companies which have the ability to take big contracts - we class ourselves as one - and there is also a stack of niche players who can provide particular services.

    Sarah Goddard: At what stage does the boundary between two outsourcing companies that work in partnership become so blurred that people don't know the difference between them and they're effectively one organisation?

    Kevin Curtis: We actually have a very rigorous partnership program. It's a series of guidance steps that enable us to articulate the proposition to each other and a joint proposition to the market. It's not having a plaque on the wall but our feet on the floor: working together, resolving problems together, working with the clients. We see the clients as becoming another entity within the partnership. Because at the end of the day you are providing a service to the customer.

    Simon Ashby: Coming back to big outsource service providers, I totally accept that there are a lot of benefits with using these larger providers, especially where they have particular comparative advantages in certain areas. However, we also need to be aware that if all the firms in one particular area use one single outsourced service provider to provide a particular service, and that provider then experiences some kind of continuity problem, temporary or permanent, then clearly there is a concentration risk there, and we need to be aware of that. Certainly, as regulators this is something we need to be aware of, in terms of maintaining market.

    Elvin Patrick: The most likely continuity difficulty is going to be some disaster. And it's for the management to satisfy themselves that the outsourcer has some catastrophe provision for carrying on, even if the place burns down. Fire is the obvious biggest risk. The landscape is changing so fast in our business particularly. I am not sure that the concentration thing is a big deal.

    Simon Ashby: I am not saying it's a big deal. I'm just saying it's an issue that we need to be aware of.

    Sarah Goddard: Alasdair, what legally do you see as the biggest issues that are coming up on the agenda?

    Alasdair Gillies: The problems are things like confidentiality. But Robin is quite right to say that if you can't trust your outsourcer to have in place the appropriate divisions and separations of information, then you shouldn't be using them. That, if you like, is a due diligence issue. Due diligence is a very grand expression. It implies a team of guys flying in from New York with briefcases, palm pilots, checklists and clipboards. But it can be as simple as Elvin described: asking the right questions of the people you know. Do they have a disaster recovery programme and confidentiality separators? Who will be the people actually doing the job? That's what due diligence is really about. Providing you cover those key issues, and you have actually agreed them in the commercial context, the legal context should follow. The words of the model contract shouldn't be the driver of the relationship. The driver of the relationship should be entirely about the parties understanding what each other is about, what they actually want to achieve from it. Get that right and the legalities should follow. I have long said that the best contract you have is the one you sign, put in a drawer and never look at again. It doesn't always work like that and it is, I'm afraid, work for lawyers when it does go wrong.

    Sarah Goddard: But how successful do these arrangements tend to be? Have you seen any indication of contracts that have gone wrong, where they have gone wrong, why they have gone wrong?

    Alasdair Gillies: Happily, I can say that I have seen relatively few. That must be an indication that most of them have worked. Robin has alluded to the fact that one or two have fallen apart and I suspect that with a debriefing, you can point out why and where they went wrong. In 99.9% of cases it comes down to communication.

    Robin McCoy: That's right. In ten years, we've been to court once. It was very clear: lack of definition of purpose and service. If it had been agreed from day one, we would never have gone to court, it would have been resolved within the framework of the contract.

    Alasdair Gillies: The only other thing that the parties have to watch out for, is a changing regulatory landscape. There are changes - fortunately they are well signalled, and the opportunities for consultation are there. They need to be flexible enough to take account of the fact that when they go into the deal, the reporting requirement and the regulatory structure are likely to change. They need to have a plan to deal with that.

    Robin McCoy: I think getting the whole `change of management' thing documented is important because we're dealing with a moving landscape. What we would do in year one, in terms of support for a syndicate, may be very different in years two or three - particularly if they change the book of business that they write. With greater capital mobility, their requirements are going to change. So there are three things you need to agree on: what you're going to do, on day one; how you're going to change it, if you need to; and how you're going to walk away from it, if you have to. If you can't agree those things, then you're probably wasting your time.

    Sarah Goddard: There is also the whole issue of change anyway. It's happening so much faster nowadays than it did five years ago. We have seen the London market change extensively in the last 12 months. How can this rate of change be managed by both sides?

    Robin McCoy: I think this rate of change plays into the outsourcers' hands. We have customers who have decided, for a variety of reasons, to massively increase their capacity. By themselves, they might struggle to put in place the infrastructure. We have always said, `Where there is turbulence, there is opportunity', and I think that is still true.

    Elvin Patrick: Well in a sense you're renting the conceptual capital, aren't you? I think you make a brilliant point that in fact you're renting a resource in the same was as you would pull in new capital. And it's very flexible as well.

    Robin McCoy: To use a housing analogy, when you decide to move out of a house, someone pays you for the house, but when you decide to move out of a line of business, you pay to get out of it. It's a fundamental distinction. We talked about why outsourcing works: it's not just about removing the barriers to entry but removing the barriers to exit. If we do a deal with somebody and then they decide to pull out of London or out of a line of business, it's unlikely to cost them very much. That's not the case if they have built up a large infrastructure, with IT, long leases and expensive people. We have seen, in run-offs, the costs of exiting a business. While there is big underwriting loss, just the administrative costs of walking out of London can be huge.

    Sarah Goddard: Another interesting market dynamic is that we now seem to be in an environment where there is much more opportunistic capital, which appears to want to dip in for a few years, take advantage of the hard market, and then go again.

    Elvin Patrick: What's happening now is quite interesting. I think the industry has been consolidating at a frightening speed. Although there have been some victims from ill-judged consolidations, I think there is going to be another bout of major consolidation starting soon. Because the analysts want top line growth. Now, where does that leave the outsourcers? Answer: manna from heaven. Because every one of these things is a complete mess. It's well known that most managers engage in a major consolidation play for the benefit of their stock options. But they actually end up in a major mess, with bits of the business that they want to come out of, that they want to change and that they want to merge. It's manna from heaven for outsourcers, as I see it.

    Robin McCoy: We certainly see opportunity out there. Let's say you're seeing rates halving in particular lines of business and you're seeing underwriters using that capacity at a phenomenal rate. What you will see in a traditional Lloyd's syndicate or IUA company is the back office being overrun. What you will see is an operation that has no idea what its exposures are, no idea what it should be running, or what it should be underwriting. If you move to the outsource model, where you've got the resource to ramp up those rather important bits of back office, I think you then see the risks being substantially minimised.

    Simon Ashby: Provided the outsourcing relationship is managed properly, then yes, I would agree.

    Robin McCoy: I agree with you. If outsourcing was to become popular because it was `flavour of the month', you would then see a whole raft of unsuitable outsourcing arrangements. If it was the sexy, `management consultant' thing to do, I think you would see arrangements fail for all the reasons that we have talked about.

    Elvin Patrick: It doesn't follow that a management that refuses to outsource is automatically highly competent.

    Simon Ashby: The decision not to outsource may be the wrong one. All we are concerned about is that management is responsible. We are concerned that management runs the business effectively and in a way that meets our statutory objectives. If some firms go bankrupt and they don't represent a threat to our statutory objectives, then that's fine. If they go out of business and that's done in an orderly way, then so be it. That's a sign of a healthy market, we would expect to see some firms coming in and some firms going out.

    Sarah Goddard: Any final thoughts?

    Simon Ashby: I would certainly encourage everybody to read CP140 and CP142. I think 142 is the one that's really going to be fundamental - the starting point for the FSA's work on operational risk. That policy, in 142, is going to be in `Senior Management Arrangements, Systems and Controls'. It will apply to all firms, including Lloyd's firms. The important thing to stress is that we recognise that outsourcing is a senior management concern. It's something that senior managers need to be actively involved in, both in deciding whether their particular activity is right for outsourcing, but also in maintaining an ongoing relationship with an outsource service provider. So I encourage you to look at it, and I'd like to remind you that we are still in the consultation period. Please, get in touch with me if you do have comments.