Levelling the Playing Field: European Central Bank Guidelines on OutsourcingAugust 2019The EBA’s Outsourcing Guidelines currently in force were issued in 2006 and apply only to credit institutions (essentially banks and building societies) and the 2018 Recommendations apply to credit institutions and MiFID investment firms. This will be changed by the New Outsourcing Guidelines which will apply to payment institutions and e-money institutions as well as credit institutions and MiFID investment firms. The general aim of the New Outsourcing Guidelines is to create a level playing field and harmonise the outsourcing requirements which are set out in separate EU legislation for different types of firms (credit institutions under CRD IV, investment firms under MiFID II, payment institutions and electronic money institutions under PSD2).
The first question to ask is do you have any outsourced any activities/functions and are these critical?
As a general principle, institutions and payment institutions should not consider the following as outsourcing:
So, then what would constitute outsourcing?
- a function that is legally required to be performed by a service provider, e.g. statutory audit;
- market information services (e.g. provision of data by Bloomberg, Moody’s, Standard & Poor’s, Fitch);
- global network infrastructures (e.g. Visa, MasterCard);
- clearing and settlement arrangements between clearing houses, central counterparties and settlement institutions and their members;
- global financial messaging infrastructures that are subject to oversight by relevant authorities;
- correspondent banking services; and
- the acquisition of services that would otherwise not be undertaken by the institution or payment institution (e.g. advice from an architect, providing legal opinion and representation in front of the court and administrative bodies, cleaning, gardening and maintenance of the institution’s or payment institution’s premises, medical services, servicing of company cars, catering, vending machine services, clerical services, travel services, post-room services, receptionists, secretaries and switchboard operators), goods (e.g. plastic cards, card readers, office supplies, personal computers, furniture) or utilities (e.g. electricity, gas, water, telephone line).
The Central Bank considers outsourcing to be an arrangement of any form between an institution and a third party service provider by which that institution performs a process, a service or an activity on their behalf which could otherwise be undertaken by that institution. When engaging in outsourcing, that outsourcing should not detract from being in a position to demonstrate that its ‘mind and management’ is located in the institution and that it is not delegating responsibility for the operation or management of key functions to a third party.
Once institutions have identified their outsourcing arrangements they will need to perform a risk assessment of materiality to assess whether these are critical and whether the outsourcing arrangement is directly connected to the provision of banking activities or payment services for which they are authorised; the potential impact of any disruption to the outsourced function or failure of the service provider to provide the service at the agreed service levels on a continuous basis on their resilience and viability. Finally, third party arrangements will require robust contractual arrangements to be put in place to allow for effective oversight and monitoring by the management of those third party services or functions by the institution in question.
If you need help managing your outsourcing risk, please contact RegSol for assistance.
Click HERE to view the EBA’s Outsourcing Guidelines
By: Judy DeCastro - Regulatory Consultant