PRA published a consultation paper CP30/19 that sets out proposals to modernize the regulatory framework on outsourcing and third-party risk management. These proposals are set out in the draft supervisory statement on outsourcing and third-party risk management in the Appendix to CP30/19. PRA proposes to publish the final policy on these proposals in the second half of 2020, with implementation of most the proposals shortly after. This consultation closes on April 03, 2020.
The proposals pursue the following objectives:
- Complement the policy proposals in CP29/19 on operational resilience.
- Facilitate greater resilience and adoption of the cloud and other new technologies, as set out in response of BoE to the "Future of Finance" report.
- Implement the EBA guidelines on outsourcing arrangements. The draft supervisory statement clarifies how PRA expects banks to approach the EBA Outsourcing Guidelines in the context of its requirements and expectations. In addition, certain chapters in the draft supervisory statement elaborate on the expectations in the EBA Outsourcing Guidelines.
- Take into account the draft EIOPA guidelines on outsourcing to cloud service providers and EBA guidelines on information and communication technology and security risk management.
Certain proposals, which derive from the EBA Outsourcing Guidelines or (if adopted in the current form) the draft EIOPA Cloud Guidelines, would be subject to longer implementation periods, particularly those that relate to the
- Register of outsourcing arrangements (Outsourcing Register)
- Revision by banks of outsourcing arrangements entered into before September 30 2019 and revision by insurers of cloud Outsourcing arrangements entered into before July 01, 2020 (Legacy Outsourcing Arrangements), to bring them into compliance with the EBA Outsourcing Guidelines and EIOPA Cloud Guidelines, respectively.
The consultation paper is relevant to all UK banks, building societies, and PRA-designated investment firms, insurance and reinsurance firms, groups in scope of Solvency II, including the Society of Lloyd’s and managing agents, and branches of overseas banks and insurers. Some of the proposals in CP30/19 are relevant to credit unions and non-directive firms namely those in paragraph 2.3 of CP30/19; PRA rules, statutory powers, and requirements referenced in tables 2, 5, and 6; and paragraphs 5.11-5.12. In line with the principle of proportionality, PRA proposes not to apply the remaining sections of the draft supervisory statement to credit unions and non-directive firms.
Comment Due Date: April 03, 2020
Keywords: Europe, UK, Banking, Insurance, Securities, Reinsurance, CP 30/19, Cloud Service Providers, Proportionality, Operational Resilience, Third-Party Arrangements, Operational Risk, Outsourcing Arrangements, EBA, EIOPA, PRA
Next ArticleBIS and MAS Launch Innovation Hub in Singapore
The Australian Prudential Regulation Authority (APRA) released an update on the timelines for revisions to the market risk prudential standards and the implications for the broader capital framework.
Three global standard-setters launched a joint consultation that reviews the margining practices during the COVID-19 pandemic and identifies potential areas for further policy work.
The Bank of England (BoE) published the Statistical Notice 2021/09 requiring additional information from firms and software vendors to assist in the onboarding and testing phases for migrating statistical reporting to the BEEDS portal.
The European Banking Authority (EBA) published the final draft regulatory technical standards on gross jump-to-default amounts and on residual risk add-on under the Capital Requirements Regulation or CRR.
The Financial Conduct Authority (FCA) published the final rules on the Investment Firms Prudential Regime (IFPR) to streamline and simplify the prudential requirements for solo-regulated UK firms authorized under the Markets in Financial Instruments Directive (MiFID).
The European Supervisory Authorities (ESAs) have delivered to the European Commission (EC) the final report on the draft regulatory technical standards for disclosures under the Sustainable Finance Disclosure Regulation (SFDR).
The European Banking Authority (EBA) published an advice to the European Commission (EC) on funding in resolution and insolvency as part of the review of the crisis management and deposit insurance (CMDI) framework.
The Financial Stability Oversight Council (FSOC) released a report in response to the U.S. President's Executive Order on climate-related financial risk.
The Bank for International Settlements (BIS) published a paper that examines the business models and the associated risks posed by big technology firms foraying into financial services sector.
The Bank for International Settlements (BIS) announced the development of an Asian Green Bond Fund, in collaboration with the development financing community, to channel global central bank reserves to green projects in Asia Pacific.