Featured Product

    IOSCO Consults on Outsourcing Principles for Operational Resilience

    May 28, 2020

    IOSCO proposed updates to its principles for regulated entities that outsource tasks to service providers. The proposed Principles on Outsourcing are based on IOSCO´s 2005 Outsourcing Principles for Market Intermediaries and the 2009 Outsourcing Principles for Markets but their application has been expanded to include trading venues, market participants acting on a proprietary basis, credit rating agencies, and financial market infrastructures. The consultation period ends on October 01 2020.

    The revised principles comprise a set of fundamental precepts and a set of seven principles. The consultation report contains sections on particular sectors and issues, with Annex A providing a report on outsourcing among credit rating agencies, including the use of cloud computing. The fundamental precepts cover issues such as the definition of outsourcing, the assessment of materiality and criticality, their application to affiliates, the treatment of sub-contracting, and outsourcing on a cross-border basis. The seven principles cover the following areas, with each of these principles being supplemented with guidance for implementation:

    • Due diligence in the selection and monitoring of a service provider
    • The contract with a service provider
    • Information security, business resilience, continuity and disaster recovery
    • Confidentiality Issues
    • Concentration of outsourcing arrangements
    • Access to data, premises, personnel, and associated rights of inspection
    • Termination of outsourcing arrangements 

    Since the publication of IOSCO´s earlier principles on outsourcing for market intermediaries and for markets, developments in markets and technology have increased regulatory attention on risks related to outsourcing and the need to ensure the operational resilience of regulated entities. IOSCO prepared this report before the COVID-19 outbreak. However, on April 08, 2020, the IOSCO Board agreed to delay publication of its reports to allow firms and financial institutions to redirect their resources to focus on the challenges arising from the pandemic. As the initial stages of this crisis pass, the IOSCO Board has decided to publish this report now because the outbreak of COVID-19 has highlighted the need to ensure resilience in operational activities and to maintain business continuity in situations where both external and often unforeseen shocks impact both firms and their service providers. To account for the ongoing resource constraints on financial institutions, however, the consultation period goes well beyond the typical 90-day comment period and will end on October 01, 2020. The consultation report includes a set of questions, including one of particular relevance during the current COVID-19 pandemic: What measures for business continuity would be effective in situations where all, or a significant portion, of both the outsourcers’ and third-party providers’ work force is working remotely? In particular, what steps should be taken so Cyber Security and Operational Resilience can be ensured?” 

     

    Related Links

    Comment Due Date: October 01, 2020

    Keywords: International, Banking, Securities, PMI, Credit Rating Agencies, Operational Risk, Outsourcing, Third-party Arrangements, Cloud Computing, COVID-19, IOSCO

    Related Articles
    News

    BoE Seeks Information Before Migrating Statistical Reporting to BEEDS

    The Bank of England (BoE) published the Statistical Notice 2021/09 requiring additional information from firms and software vendors to assist in the onboarding and testing phases for migrating statistical reporting to the BEEDS portal.

    October 25, 2021 WebPage Regulatory News
    News

    FCA Publishes Final Rules on Investment Firms Prudential Regime

    The Financial Conduct Authority (FCA) published the final rules on the Investment Firms Prudential Regime (IFPR) to streamline and simplify the prudential requirements for solo-regulated UK firms authorized under the Markets in Financial Instruments Directive (MiFID).

    October 25, 2021 WebPage Regulatory News
    News

    CFRF Publishes Guides to Manage Financial Risks from Climate Change

    The working groups of the Climate Financial Risk Forum (CFRF) published a second round of guides (or Session 2 guides), written by the industry for the industry, to help financial firms manage climate-related financial risks.

    October 21, 2021 WebPage Regulatory News
    News

    PRA Finalizes Policy for Non-Performing Exposure Securitizations

    The Prudential Regulation Authority (PRA) published the final Policy Statement PS24/21 that contains the new Non-Performing Exposures Securitization Part of the PRA Rulebook and an updated Supervisory Statement SS10/18 on the general requirements and capital framework with respect to securitizations.

    October 21, 2021 WebPage Regulatory News
    News

    EBA Updates Filing Rules for Supervisory Reporting

    The European Banking Authority (EBA) published version 5.1 of the filing rules for supervisory reporting.

    October 19, 2021 WebPage Regulatory News
    News

    ECB Amends Guideline on Procedures for Collection of AnaCredit Data

    The European Central Bank (ECB) Guideline 2021/1829 on the procedures for the collection of granular credit and credit risk data has been published in the Official Journal of European Union.

    October 19, 2021 WebPage Regulatory News
    News

    ECB Amends Guideline on Procedures for Collection of AnaCredit Data

    The European Central Bank (ECB) Guideline 2021/1829 on the procedures for the collection of granular credit and credit risk data has been published in the Official Journal of European Union.

    October 19, 2021 WebPage Regulatory News
    News

    EBA Publishes Standards on Disclosure of Investment Policy Under IFR

    The European Banking Authority (EBA) published the final draft regulatory technical standards on disclosure of investment policy by investment firms, under the Investment Firms Regulation (IFR).

    October 19, 2021 WebPage Regulatory News
    News

    EU to Explore Potential of Establishing a Joint Cyber Unit

    The European Council adopted conclusions inviting the European Union (EU) and the member states to further develop the cybersecurity crisis management framework.

    October 19, 2021 WebPage Regulatory News
    News

    EC Sets Out Work Program for 2022

    The European Commission (EC) adopted the work program for 2022.

    October 19, 2021 WebPage Regulatory News
    RESULTS 1 - 10 OF 7598