We use necessary cookies to make our site work. We'd also like to set optional analytics cookies to help us improve it. We won't set optional cookies unless you enable them. Using this tool will set a cookie on your device to remember your preferences.
For more detailed information about the cookies we use, see our privacy policy
Necessary cookies
Necessary cookies enable core functionality such as security, network management, and accessibility. You may disable these by changing your browser settings, but this may affect how the website functions.
Analytics
We'd like to set Google Analytics cookies to help us to improve our website by collecting and reporting information on how you use it. The cookies collect information in a way that does not directly identify anyone.
Twitter feed
In order to display our tweets, Twitter uses cookies to remember things such as which links you clicked, etc. This does not use your Twitter ID.
Levelling the Playing Field: European Central Bank Guidelines on Outsourcing
August 2019
The EBA’s Outsourcing Guidelines currently in force were issued in 2006 and apply only to credit institutions (essentially banks and building societies) and the 2018 Recommendations apply to credit institutions and MiFID investment firms. This will be changed by the New Outsourcing Guidelines which will apply to payment institutions and e-money institutions as well as credit institutions and MiFID investment firms. The general aim of the New Outsourcing Guidelines is to create a level playing field and harmonise the outsourcing requirements which are set out in separate EU legislation for different types of firms (credit institutions under CRD IV, investment firms under MiFID II, payment institutions and electronic money institutions under PSD2). The first question to ask is do you have any outsourced any activities/functions and are these critical? As a general principle, institutions and payment institutions should not consider the following as outsourcing:
a function that is legally required to be performed by a service provider, e.g. statutory audit;
market information services (e.g. provision of data by Bloomberg, Moody’s, Standard & Poor’s, Fitch);
global network infrastructures (e.g. Visa, MasterCard);
clearing and settlement arrangements between clearing houses, central counterparties and settlement institutions and their members;
global financial messaging infrastructures that are subject to oversight by relevant authorities;
correspondent banking services; and
the acquisition of services that would otherwise not be undertaken by the institution or payment institution (e.g. advice from an architect, providing legal opinion and representation in front of the court and administrative bodies, cleaning, gardening and maintenance of the institution’s or payment institution’s premises, medical services, servicing of company cars, catering, vending machine services, clerical services, travel services, post-room services, receptionists, secretaries and switchboard operators), goods (e.g. plastic cards, card readers, office supplies, personal computers, furniture) or utilities (e.g. electricity, gas, water, telephone line).
So, then what would constitute outsourcing? The Central Bank considers outsourcing to be an arrangement of any form between an institution and a third party service provider by which that institution performs a process, a service or an activity on their behalf which could otherwise be undertaken by that institution. When engaging in outsourcing, that outsourcing should not detract from being in a position to demonstrate that its ‘mind and management’ is located in the institution and that it is not delegating responsibility for the operation or management of key functions to a third party. Once institutions have identified their outsourcing arrangements they will need to perform a risk assessment of materiality to assess whether these are critical and whether the outsourcing arrangement is directly connected to the provision of banking activities or payment services for which they are authorised; the potential impact of any disruption to the outsourced function or failure of the service provider to provide the service at the agreed service levels on a continuous basis on their resilience and viability. Finally, third party arrangements will require robust contractual arrangements to be put in place to allow for effective oversight and monitoring by the management of those third party services or functions by the institution in question. If you need help managing your outsourcing risk, please contact RegSol for assistance. Click HERE to view the EBA’s Outsourcing Guidelines By: Judy DeCastro - Regulatory Consultant
Enable Twitter feed in cookie preferences to see RegSol tweets here