Insurance industry outsourcing presents benefits and risks


Third parties can enable nimble market adaptability, reduce costs


The insurance industry could see astounding expansion in the coming years, with forecasted growth of 5.5% annually over the next 10 years, according to the Allianz Global Insurance Report. But the companies hoping to lead the way also must solve tough challenges related to staffing, market changes and more.


“The industry is facing talent shortages, rising costs, and an evolving market,” said Grant Thornton Risk Advisory Director Jim Grundy.


In a recent webinar, he joined fellow Grant Thornton leaders to explore when and why outsourcing and co-sourcing can be an effective solution. The webinar focused on how third-party partnerships can open growth avenues, cost savings and specialized skills, as well as associated risks and mitigations.


“To keep pace, insurance can leverage external expertise to achieve growth, optimize costs and gain diversified experience,” Grundy said.


As new third-party relationships blossom, however, it’s important to manage them with strong data security, well-defined metrics, and vigilant quality control practices.




Third-party relationships on the rise


Many insurance carriers see opportunities for rapid growth through the development of new segments and expansion in emerging markets, especially in the Asia-Pacific region. They’re working with managing general agents (MGAs) and third-party administrators (TPAs) for a variety of reasons:


Headshot of Jim Grundy

“Outsourcing can lead to significant cost reductions by minimizing reliance on in-house staff and infrastructure.”

Jim Grundy

Grant Thornton Director, Risk Advisory


  • Cost savings: “Outsourcing can lead to significant cost reductions by minimizing reliance on in-house staff and infrastructure,” Grundy said. “In addition, with this model, you gain access to shared resources and economies of scale offered by MGAs and TPAs.”
  • Efficiency: Third-party partners may specialize in specific areas such as claims handling or underwriting, allowing them to easily take on some of the insurance carrier’s business obligations. Grundy noted that this leads to improved efficiency and streamlined workflows.
  • Scalability: “You can scale up and do more, and you can supplement the current expertise that you have on your team, which would then allow the business to focus on growing and establishing the business plan,” said Grant Thornton Risk Advisory Principal Anders Land. A third-party partner, for example, may provide quick access to auditors with specialty in a new niche.
  • Compliance: Third-party partners can track and implement new regulations in a niche or a market, reducing the burden on the insurer. “MGAs and TPAs typically stay on top of the latest regulations and compliance requirements within the insurance industry,” Grundy said.

These benefits are appealing for companies in several different scenarios. For example, a large company may want to expand into a new niche or market. Alternatively, a small startup may choose to contract with an MGA or TPA to launch its initial operations, allowing it to get started more quickly.


“If you’re growing in a very niche market, it might be really difficult to find professionals that are in the control assurance space or governance assurance space to address that. By partnering up with a third party, you might be able to bring that into your organization,” Anders added.




Understanding the risks


Of course, bringing an outside partner into core operations comes with risks and disadvantages for any insurer.


There are several key concerns related to outsourcing. First, there is the potential loss of control. If the client does not have proper oversight of an MGA, the partner may tend toward adverse selections and moral hazards.


“Will the MGA be prudent in its selection of risks? If not, you run the risk of adverse selection and moral hazards. Setting a low bar for vetting applicants can lead to signing individuals who are more likely to file claims, leading to higher losses for the insurer,” Grundy explained.


A poorly structured agreement also may lead to conflicts of interest, with a third-party administrator prioritizing its own interests instead of the carrier’s.


“TPAs may have an incentive to prioritize their own interests, such as generating fees, over the insurer's interests in minimizing losses. This requires clean contractual agreements and monitoring activities to mitigate conflicts of interest,” Grundy noted.


Breakdowns in communication and quality control may pose a challenge, too. If a third-party does not ensure data integrity, it raises the risk that incomplete or inaccurate data will lead to underwriting errors.


“We do see data quality issues firsthand, where, for example, a year’s worth of data is disaggregated across 12 to 15 different Excel files, with unique formatting and mis-arranged fields,” said Grant Thornton Risk Advisory Senior Associate Veronica Oswald.


Finally, the client and partner must mutually balance the need for fraud prevention with the expectations of efficient customer service.


“Delays in claims processing can lead to customer dissatisfaction and potential legal issues. Ideally, you want to balance efficient claims resolution and thorough investigations to prevent paying fraudulent claims,” Grundy warned.




Mitigation through planning


The success of a third-party partnership begins with selecting the right partner and writing a contract that proactively addresses risks and challenges.


“Before outsourcing any underwriting or claims functions, the carriers should consider these risks and ensure that they are identified during the due diligence process,” Oswald said.


Clients should review any potential partner’s financial strength, financial statements and creditworthiness.


“We also look at experience and expertise in the relevant lines of business, including the team’s qualifications and track record,” Grundy said, adding: “You really can’t say enough about technology, infrastructure and security measures and the ability to handle the business securely and efficiently.”


The client should also check the potential partner’s history of regulatory compliance, looking out for red flags from regulators, and obtain references and client testimonials. The insurer ultimately is responsible for ensuring that the partner is properly licensed and in compliance with all applicable regulations.


The checklist and approach should be customized for the outsourced services and tailored to each third-party or MGA being reviewed, Oswald added.


Next comes the design of the contract. Agreements should generally include:

  • Clauses guaranteeing a right to audit.
  • Service-level agreements that outline clear expectations for service quality, turnaround times and reporting procedures.
  • Details of performance management expectations, including frequency and depth of reporting.
  • Data security provisions to verify the protection of sensitive client and customer information.
  • An outline for a process to resolve any disputes that may arise, whether it involves mediation, arbitration or litigation.
  • Details of termination processes, including conditions under which either party can terminate the contract and the process for the insurance company to move services back in-house or to another third party.

Insurers may also consider the following early steps:

  • Collecting and reviewing data privacy and handling policies, and business continuity and disaster recovery plans
  • Obtaining SOC reports for any systems or applications in use. 



Data management and security


From the initial phases through the length of the contract, data security is paramount.


“Insurers should identify their own data security standards and ensure the MGA/TPA is aligned by reviewing their security protocols, including data encryption, access controls and incident response plans,” Oswald said.


She added, “Additionally, contractual agreements should clearly outline data security responsibilities as well as potential liabilities and reporting requirements in case of a breach.”


In the early stages, it’s critical to establish a common scheme for data management. One option is to have the partner use standard reporting templates during onboarding to enable data compatibility with the carrier’s systems.


“During the onboarding due diligence process, requiring a standard template for reporting premium or claims data can help ensure compatibility with the carrier’s reporting system,” Oswald said.


In some cases, the third-party administrator may have its own data management practices and systems that differ from the insurer’s — or, in some cases, the partner simply may not have good data hygiene.

Headshot of Anders Land

“Every carrier that I’ve worked with is investing in data management tools and adopting new technologies to ingest data.”

Anders Land

Grant Thornton Principal, Risk Advisory


In those cases, the two partners may need to use automation tools that can read, rearrange and aggregate data into usable formats to overcome data quality issues.


“Every carrier that I’ve worked with is investing in data management tools and adopting new technologies to ingest data,” Land said.


The insurance business — and especially these partnerships — can generate tremendous volumes of highly sensitive data. Both the client and the third-party partner will need to implement granular access controls — allowing only personnel with legitimate business needs to tap into data pools.


Oswald pointed out that while modern claims processing systems are designed to suppress personal and private information, that data might inadvertently be exposed when it is transmitted from partner to client.


“Ensure all data transmission and storage adhere to encryption standards to minimize the risk of unauthorized access,” Grundy said. “When collecting documents, it’s a good idea to upload to a file sharing platform where you own the security.”’


These security practices aren’t just “set and forget.” The obligation ultimately falls upon the client to regularly monitor and audit the partner’s data privacy practices and its overall security posture.


That oversight should include “penetration testing, vulnerability scanning and adherence to industry best practices,” Grundy said. 




Maintaining vigilance


Once the partnership is underway, a few key strategies will help keep it on track.


First, the client will need to select and define metrics for success. “Establishing clear KPIs is crucial for effectively monitoring the MGA’s or TPA’s performance and to ensure alignment with your business objectives,” Grundy said.


KPIs should be tied to business objectives, such as:

  • Claims processing efficiency
  • Customer satisfaction
  • Underwriting profitability
  • Regulatory compliance

Often, the metrics might include loss ratios, combined ratios, and average cost per claim. Each metric should fulfill the SMART (Specific, Measurable, Achievable, Relevant, and Time-based) framework — but it’s also important to remember that not all business activities, including long-tail or litigated claims, can be easily quantified.

Headshot of Veronica Oswald

“Establish and maintain regular communication with the MGA to discuss performance and address any concerns.”

Veronica Oswald

Grant Thornton Senior Associate, Risk Advisory


Once the partnership is underway, a regular cadence of communication can help identify problems before they escalate. “Establish and maintain regular communication with the MGA to discuss performance and address any concerns,” Oswald said.


A successful partnership also needs a compliance backbone. The client must conduct regular audits to verify adherence to service standards and address deficiencies. These audits can range from specific topics, such as data security, to the overall performance of the contract.


“Regular quality control audits and assessments are essential for verifying adherence to agreed-upon service standards and identifying areas for improvement,” Grundy said.


He explained that it’s important to “define the scope of the audits to encompass critical areas such as underwriting, claims processing, customer service and financial reporting… Keep the audit methodology standardized to ensure consistent, objective evaluation across different engagements and over time.”


Grundy also emphasized the need for a mix of compliance-style audits and full performance-style audits to get a balanced view of the business’s performance and to address any deficiencies promptly.


“There’s a lot of lip service that's paid to some of the contractual obligations, and then when you go in to take a look, too often you don't really see very good execution on them. So I think it’s about enforcement,” Grundy said.




Preparing for a decade of growth


An outsource arrangement can help an insurance carrier move quickly and efficiently in a new market, whether they’re a fast-growing startup or a major company with a new niche.


“What we anticipate is that there will be continued reliance on the third-party relationships to maintain the business, particularly as you're looking into the growth,” Land said.


Like any business strategy, it comes with a range of risks. Success begins with a deliberate selection of a partner and careful planning of the contract, including clearly detailing expectations and requirements for data security and performance management.


And when it’s done right, outsourcing can allow carriers large and small to adapt quickly to new markets, establishing a prime position for a decade of growth.



Content disclaimer

This Grant Thornton Advisors LLC content provides information and comments on current issues and developments. It is not a comprehensive analysis of the subject matter covered. It is not, and should not be construed as, accounting, legal, tax, or professional advice provided by Grant Thornton Advisors LLC. All relevant facts and circumstances, including the pertinent authoritative literature, need to be considered to arrive at conclusions that comply with matters addressed in this content.

Grant Thornton Advisors LLC and its subsidiary entities are not licensed CPA firms.

For additional information on topics covered in this content, contact a Grant Thornton Advisors LLC professional.


Our insurance featured industry insights