PRA Consults on Framework to Manage Outsourcing and Third-Party Risk
PRA published a consultation paper CP30/19 that sets out proposals to modernize the regulatory framework on outsourcing and third-party risk management. These proposals are set out in the draft supervisory statement on outsourcing and third-party risk management in the Appendix to CP30/19. PRA proposes to publish the final policy on these proposals in the second half of 2020, with implementation of most the proposals shortly after. This consultation closes on April 03, 2020.
The proposals pursue the following objectives:
- Complement the policy proposals in CP29/19 on operational resilience.
- Facilitate greater resilience and adoption of the cloud and other new technologies, as set out in response of BoE to the "Future of Finance" report.
- Implement the EBA guidelines on outsourcing arrangements. The draft supervisory statement clarifies how PRA expects banks to approach the EBA Outsourcing Guidelines in the context of its requirements and expectations. In addition, certain chapters in the draft supervisory statement elaborate on the expectations in the EBA Outsourcing Guidelines.
- Take into account the draft EIOPA guidelines on outsourcing to cloud service providers and EBA guidelines on information and communication technology and security risk management.
Certain proposals, which derive from the EBA Outsourcing Guidelines or (if adopted in the current form) the draft EIOPA Cloud Guidelines, would be subject to longer implementation periods, particularly those that relate to the
- Register of outsourcing arrangements (Outsourcing Register)
- Revision by banks of outsourcing arrangements entered into before September 30 2019 and revision by insurers of cloud Outsourcing arrangements entered into before July 01, 2020 (Legacy Outsourcing Arrangements), to bring them into compliance with the EBA Outsourcing Guidelines and EIOPA Cloud Guidelines, respectively.
The consultation paper is relevant to all UK banks, building societies, and PRA-designated investment firms, insurance and reinsurance firms, groups in scope of Solvency II, including the Society of Lloyd’s and managing agents, and branches of overseas banks and insurers. Some of the proposals in CP30/19 are relevant to credit unions and non-directive firms namely those in paragraph 2.3 of CP30/19; PRA rules, statutory powers, and requirements referenced in tables 2, 5, and 6; and paragraphs 5.11-5.12. In line with the principle of proportionality, PRA proposes not to apply the remaining sections of the draft supervisory statement to credit unions and non-directive firms.
Related Links
Comment Due Date: April 03, 2020
Keywords: Europe, UK, Banking, Insurance, Securities, Reinsurance, CP 30/19, Cloud Service Providers, Proportionality, Operational Resilience, Third-Party Arrangements, Operational Risk, Outsourcing Arrangements, EBA, EIOPA, PRA
Featured Experts
María Cañamero
Skilled market researcher; growth strategist; successful go-to-market campaign developer
Nicolas Degruson
Works with financial institutions, regulatory experts, business analysts, product managers, and software engineers to drive regulatory solutions across the globe.
Patrycja Oleksza
Applies proficiency and knowledge to regulatory capital and reporting analysis and coordinates business and product strategies in the banking technology area
Previous Article
OSFI Publishes Guideline on LICAT Public Disclosure RequirementsRelated Articles
OSFI Issues Phase2 Consultation on Climate Scenario Exercise for Banks
The Office of the Superintendent of Financial Institutions (OSFI) recently announced a consultation on the second phase of the Standardized Climate Scenario Exercise (SCSE) for banks and other financial institutions it regulates in Canada.
BIS and Central Banks Experiment with GenAI to Assess Climate Risks
A recent report from the Bank for International Settlements (BIS) Innovation Hub details Project Gaia, a collaboration between the BIS Innovation Hub Eurosystem Center and certain central banks in Europe
Nearly 25% G-SIBs Commit to Adopting TNFD Nature-Related Disclosures
Nature-related risks are increasing in severity and frequency, affecting businesses, capital providers, financial systems, and economies.
Singapore to Mandate Climate Disclosures from FY2025
Singapore recently took a significant step toward turning climate ambition into action, with the introduction of mandatory climate-related disclosures for listed and large non-listed companies
SEC Finalizes Climate-Related Disclosures Rule
The U.S. Securities and Exchange Commission (SEC) has finalized the long-awaited rule that mandates climate-related disclosures for domestic and foreign publicly listed companies in the U.S.
EBA Proposes Standards Related to Standardized Credit Risk Approach
The European Banking Authority (EBA) has been taking significant steps toward implementing the Basel III framework and strengthening the regulatory framework for credit institutions in the EU
US Regulators Release Stress Test Scenarios for Banks
The U.S. regulators recently released baseline and severely adverse scenarios, along with other details, for stress testing the banks in 2024. The relevant U.S. banking regulators are the Federal Reserve Bank (FED), the Federal Deposit Insurance Corporation (FDIC), and the Office of the Comptroller of the Currency (OCC).
Asian Governments Aim for Interoperability in AI Governance Frameworks
The regulatory landscape for artificial intelligence (AI), including the generative kind, is evolving rapidly, with governments and regulators aiming to address the challenges and opportunities presented by this transformative technology.
EBA Proposes Operational Risk Standards Under Final Basel III Package
The European Union (EU) has been working on the final elements of Basel III standards, with endorsement of the Banking Package and the publication of the European Banking Authority (EBA) roadmap on Basel III implementation in December 2023.
EFRAG Proposes XBRL Taxonomy and Standard for Listed SMEs Under ESRS
The European Financial Reporting Advisory Group (EFRAG), which plays a crucial role in shaping corporate reporting standards in European Union (EU), is seeking comments, until May 21, 2024, on the Exposure Draft ESRS for listed SMEs.