Technology and Security
The LMA communicates with a wide range of organisations and individuals across the market on information technology subjects covering both day to day operational issues and market modernisation projects. Within the Lloyd's managing agent community there exists many diverse ranges of IT configurations to support business needs. These are often implemented and run by a broad range of service providers, all adding up to a complex picture across the whole market.
Examples of the types of systems benefiting managing agents include: complete underwriting packages, finance (general ledger) systems, workflow and document handling, and catastrophe modeling. However, the selection and implementation of software and services is an individual managing agent's choice and the LMA is not involved in this activity.
There also exists central infrastructure and service provision that is common to all parties in the market, for example: DXC - Xchanging - Insurance Services, ISO - Market Wordings Database, Lloyd's ITG for The Lloyd's Room, LIMOSS.
The LMA administers two technology committees that meet on a regular basis:
- Technology Group - (formerly known as Systems Group) attended by selected Heads of IT from managing agents : presentations on topics of interest, and a general open forum for any technology activity.
- CISO Committee - attended by IT security officers from managing agents with a focus on all things InfoSec, cyber security threats and cyber resilience.
- CISO Forum - open to all senior IT security professionals from member organisations
3rd Party information security assurance
Download the guidance here
A common challenge for many managing agents is in having a common and consistent measure of information security assurance for 3rd parties, in particular coverholders and delegated claims authorities. A sub-group of the LMA CISO Committee wrote this guidance which, whilst primarily aimed at Lloyd's delegated authority partners of coverholders and DCAs, could in fact be used as a basis for any 3rd party vendor.
The guidance sets out a simple framework for assessing a 3rd party :
1/ a common question set of 17 questions to the third party, to which the answer should be 'yes' to each
2/ considerations for the managing agent on how materiality may be assessed
3/ suggestions for additional assurance from the 3rd party, if they are deemed to be 'high risk' by the managing agent
This guidance was finalised in December 2022 and will be reviewed periodically by the CISO Committee sub-group as required.
As at February 2023, this guidance has not yet been formally adopted by Lloyd's for presentation to every coverholder and DCA who either beings a new relationship with Lloyd's at due diligence stage, or upon subsequent audit. This is the ambition of the guidance, so that this consistent approach can be taken across the market, which furthermore is also better for the 3rd party entity, consistent with the LMA 'DARE' principles.