It highlights four ways in which companies can position themselves to succeed when outsourcing IT:

1. Examine your current technology stack.
2. Make strategic investments in team training.
3. Invest in data security.
4. Kick off with a pilot project.

Notably, in relation to artificial intelligence (AI) trends, Forbes Advisor says that 64% of businesses expect AI will boost productivity. It adds that 60% of organisations are leveraging existing third-party vendors for AI-powered outsourcing and 57% of organisations are developing new outsourcing relationships with a focus on AI.

This is important as it is likely to also impact how organisations contract under outsourced IT arrangements and how industry standards have to be incorporated into these strategies.

Outsourcing in South Africa for insurers

In South Africa, when examining a general outsourcing strategy, insurers and other regulated entities must carefully navigate the regulatory landscape, particularly with the release of the Joint Standard 1 of 2024: Outsourcing by Insurers (Joint Standard), which sets out updated requirements for governance and risk management around outsourcing. 

The Joint Standard took effect on 1 December 2024. Outsourcing arrangements entered into before 1 December 2024 must comply by 30 November 2026 or upon renewal/renegotiation of the arrangement, whichever is earlier. Furthermore, insurers are required to comply with the Joint Standard within six months from 1 December 2024, but in that period must continue to comply with Prudential Standard GOI 5 as if it had not been repealed.

Many of the requirements under the Joint Standard are provided for under the Prudential Standard GOI 5. The new definition of “material function” expands the number of outsourced arrangements that will potentially be included under the Joint Standard, and insurers must have a board-approved policy in place for assessing the risks involved with outsourcing business activities. Furthermore, when outsourcing any function or activity in relation to a material function, insurers are required to identify and manage all the risks which may arise from the outsourcing arrangements. 

Tips on how to practically manage IT outsourcing risks

In light of the anticipated increased spend on IT for organisations in the coming years, and considering the heightened compliance and governance requirements of the Joint Standard, it is important to scrutinise organisations’ outsourced IT functions. Here are some tips for managing this:

1. Implement and/or update policies on outsourcing.
2. Do a due diligence on outsourced providers.
3. Conduct a materiality assessment on all legacy and future outsourced arrangements, including a business impact assessment.
4. Document and risk profile legacy and future outsourced arrangements.
5. Ensure that all contracts with vendors meet regulatory requirements and cover service standards, information security, risk management and performance metrics.
6. Implement and update business continuity plans or contingency plans in respect of every outsourced material function.
7. Ensure that AI tools are risk profiled and that appropriate provisions are included to mitigate the risk.

Conclusion

Increased cybersecurity threats, data breaches and system failures are likely to complicate outsourcing arrangements for IT functions. This is especially important in the case of organisations that rely heavily on technology resources to perform critical functions, including in relation to the Joint Standards. 

In South Africa, the size of the AI market is projected to reach $1,20 billion in 2025. The improper management of AI and AI risks has the potential to negatively impact business continuity and poses further challenges, such as data security, privacy, bias, and ethical implications.

Organisations should be actively considering how to manage outsourced IT risks, especially in the insurance industry, as the compliance journey to mitigate IT risks and AI risks is likely to be a long and arduous process.