77 officer roles, all coveredArt. 33 GDPR, 72 hours to report a breach93 controls under ISO/IEC 27001:2022905 ready-to-run audit templates in the workspace§ 130 OWiG, supervisory duty of the management boardOfficer appointment letter, signed, filed, evidencedOne workspace for tasks, trainings, audits, documentationDIN 14095 fire protection plans, standardisedEU AI Act, the first horizontal AI regulation worldwide77 officer roles, all coveredArt. 33 GDPR, 72 hours to report a breach93 controls under ISO/IEC 27001:2022905 ready-to-run audit templates in the workspace§ 130 OWiG, supervisory duty of the management boardOfficer appointment letter, signed, filed, evidencedOne workspace for tasks, trainings, audits, documentationDIN 14095 fire protection plans, standardisedEU AI Act, the first horizontal AI regulation worldwide
civac.
ENDE
Get started
All officer roles
AGL

Spin-Off / Outsourcing Officer

Governance of outsourced functions and material service providers at the insurer. Risk assessment before outsourcing, contractual safeguards and audit rights, ongoing monitoring per MaGo and EIOPA guidelines.

Focus areas
OutsourcingService providersMaGoMonitoring
Legal basis

VAG § 47 · MaGo · EIOPA guidelines

Quick contact

Talk to us about Spin-Off / Outsourcing Officer

Three lines and you are in our inbox. We reply within one business day.

By sending you agree to our privacy notice. We use the data only to reply to you.

What is a Spin-Off / Outsourcing Officer?

A Spin-Off / Outsourcing Officer (Ausgliederungsbeauftragter) governs the outsourcing of functions and the use of material service providers at an insurance undertaking. The role sits within the governance system required by the Insurance Supervision Act (VAG), with outsourcing specifically addressed in VAG Section 47, the supervisory minimum requirements for governance (MaGo) issued by BaFin, and the relevant EIOPA guidelines on outsourcing and system of governance.

Under Solvency II as transposed into the VAG, outsourcing does not transfer the undertaking's responsibility. The insurer remains fully responsible for an outsourced function as if it performed it itself, and outsourcing of critical or important functions must not materially impair governance, increase operational risk unduly, or hinder supervision. The outsourcing officer is the person who makes that principle operational.

Before an outsourcing is entered into, the officer ensures a documented risk assessment: whether the function is critical or important, the risks involved, the suitability of the provider, and any concentration or sub-outsourcing concerns. The written outsourcing agreement must then contain the safeguards the framework demands, including clear service definitions, information and audit rights for the undertaking and the supervisor, and provisions for termination and exit.

Once live, the relationship is monitored on an ongoing basis: service levels, the provider's continued suitability, sub-outsourcing changes, and incidents. Material outsourcing of critical or important functions is notified to the supervisor as required. The officer maintains an outsourcing register and keeps the evidence that each arrangement was assessed, contracted and monitored in line with VAG Section 47, MaGo and the EIOPA guidelines.

Duties of the Outsourcing Officer

  • Assess and document, before outsourcing, whether a function is critical or important under VAG Section 47 and MaGo.
  • Conduct pre-outsourcing risk and provider due-diligence assessments.
  • Ensure the written outsourcing agreement contains the required safeguards, audit and information rights.
  • Maintain the outsourcing register of all material arrangements and service providers.
  • Notify the supervisor of material outsourcing of critical or important functions as required.
  • Monitor service levels, provider suitability and sub-outsourcing changes on an ongoing basis.
  • Assess concentration risk and dependence on individual providers.
  • Ensure exit and contingency arrangements are defined and remain workable.
  • Coordinate with risk management, compliance and internal audit on outsourced functions.
  • Report on the outsourcing portfolio to the management board and document the monitoring.

Appointment and qualification

Responsibility for the governance of outsourcing rests with the management board of the insurance undertaking. The VAG requires an effective system of governance, and MaGo expects clear responsibility for outsourcing within it. Many undertakings concentrate this in an outsourcing officer or central outsourcing management function, although the board cannot delegate away its own responsibility for outsourced functions.

There is no single fixed appointment date; the need arises as soon as the undertaking outsources, or plans to outsource, functions, particularly any that are critical or important. From that point there must be clear ownership of the pre-outsourcing assessment, the contractual safeguards and the ongoing monitoring.

The qualification is functional. The officer needs a sound understanding of the undertaking's operations and risk profile, the outsourcing requirements of VAG Section 47, MaGo and the EIOPA guidelines, and the contractual and monitoring tools to apply them. Independence of judgement matters, since the officer must be able to flag arrangements that do not meet the requirements. The scope of the role scales with the size and complexity of the outsourcing portfolio: a small undertaking with limited outsourcing needs less structure than a large insurer with extensive material arrangements and sub-outsourcing chains.

  • Entering into a new outsourcing of a critical or important function.
  • Material change to an existing outsourcing arrangement or provider.
  • Onboarding a new material service provider.
  • A provider introducing or changing sub-outsourcing.
  • Findings from monitoring, incidents or supervisory feedback.
  • Updated MaGo or EIOPA guidance affecting outsourcing governance.

Where the role is needed

  • Life insurance undertakings
  • Non-life and property-casualty insurers
  • Health insurance undertakings
  • Reinsurance undertakings
  • Pension funds (Pensionskassen) and Pensionsfonds
  • Insurance groups with shared service and outsourcing structures
  • Specialty and run-off insurers relying on external administration
CIVAC

How CIVAC supports the Outsourcing Officer role

CIVAC turns the outsourcing portfolio into a maintained register rather than a folder of contracts. Each arrangement can carry its classification as critical or important, the pre-outsourcing risk assessment, the contractual safeguards and audit rights, and the monitoring status, so the governance of every provider is visible in one place. The documentation pillar holds the assessment and contract evidence retrievably for the management board, internal audit and the supervisor. Tasks route recurring duties, such as annual provider reviews, audit-right exercises and supervisory notifications, to the responsible owner with reminders, so monitoring does not lapse. CIVAC also makes coverage and accountability clear, showing who owns each material outsourcing under VAG Section 47, MaGo and the EIOPA guidelines.

Frequently asked questions

Need this officer role for your organisation?

Appoint our experts as your external officer or license CIVAC for your in-house team. Get in touch and we walk you through the right setup.

Talk to CIVACSee all 77 roles
Other officer roles