IOSCO Consults on Outsourcing Principles for Operational Resilience
IOSCO proposed updates to its principles for regulated entities that outsource tasks to service providers. The proposed Principles on Outsourcing are based on IOSCO´s 2005 Outsourcing Principles for Market Intermediaries and the 2009 Outsourcing Principles for Markets but their application has been expanded to include trading venues, market participants acting on a proprietary basis, credit rating agencies, and financial market infrastructures. The consultation period ends on October 01 2020.
The revised principles comprise a set of fundamental precepts and a set of seven principles. The consultation report contains sections on particular sectors and issues, with Annex A providing a report on outsourcing among credit rating agencies, including the use of cloud computing. The fundamental precepts cover issues such as the definition of outsourcing, the assessment of materiality and criticality, their application to affiliates, the treatment of sub-contracting, and outsourcing on a cross-border basis. The seven principles cover the following areas, with each of these principles being supplemented with guidance for implementation:
- Due diligence in the selection and monitoring of a service provider
- The contract with a service provider
- Information security, business resilience, continuity and disaster recovery
- Confidentiality Issues
- Concentration of outsourcing arrangements
- Access to data, premises, personnel, and associated rights of inspection
- Termination of outsourcing arrangements
Since the publication of IOSCO´s earlier principles on outsourcing for market intermediaries and for markets, developments in markets and technology have increased regulatory attention on risks related to outsourcing and the need to ensure the operational resilience of regulated entities. IOSCO prepared this report before the COVID-19 outbreak. However, on April 08, 2020, the IOSCO Board agreed to delay publication of its reports to allow firms and financial institutions to redirect their resources to focus on the challenges arising from the pandemic. As the initial stages of this crisis pass, the IOSCO Board has decided to publish this report now because the outbreak of COVID-19 has highlighted the need to ensure resilience in operational activities and to maintain business continuity in situations where both external and often unforeseen shocks impact both firms and their service providers. To account for the ongoing resource constraints on financial institutions, however, the consultation period goes well beyond the typical 90-day comment period and will end on October 01, 2020. The consultation report includes a set of questions, including one of particular relevance during the current COVID-19 pandemic: What measures for business continuity would be effective in situations where all, or a significant portion, of both the outsourcers’ and third-party providers’ work force is working remotely? In particular, what steps should be taken so Cyber Security and Operational Resilience can be ensured?”
Related Links
Comment Due Date: October 01, 2020
Keywords: International, Banking, Securities, PMI, Credit Rating Agencies, Operational Risk, Outsourcing, Third-party Arrangements, Cloud Computing, COVID-19, IOSCO
Previous Article
ECB Extends Certain Reporting Timelines Amid COVID-19 OutbreakRelated Articles
BIS and Central Banks Experiment with GenAI to Assess Climate Risks
A recent report from the Bank for International Settlements (BIS) Innovation Hub details Project Gaia, a collaboration between the BIS Innovation Hub Eurosystem Center and certain central banks in Europe
Nearly 25% G-SIBs Commit to Adopting TNFD Nature-Related Disclosures
Nature-related risks are increasing in severity and frequency, affecting businesses, capital providers, financial systems, and economies.
Singapore to Mandate Climate Disclosures from FY2025
Singapore recently took a significant step toward turning climate ambition into action, with the introduction of mandatory climate-related disclosures for listed and large non-listed companies
SEC Finalizes Climate-Related Disclosures Rule
The U.S. Securities and Exchange Commission (SEC) has finalized the long-awaited rule that mandates climate-related disclosures for domestic and foreign publicly listed companies in the U.S.
EBA Proposes Standards Related to Standardized Credit Risk Approach
The European Banking Authority (EBA) has been taking significant steps toward implementing the Basel III framework and strengthening the regulatory framework for credit institutions in the EU
US Regulators Release Stress Test Scenarios for Banks
The U.S. regulators recently released baseline and severely adverse scenarios, along with other details, for stress testing the banks in 2024. The relevant U.S. banking regulators are the Federal Reserve Bank (FED), the Federal Deposit Insurance Corporation (FDIC), and the Office of the Comptroller of the Currency (OCC).
Asian Governments Aim for Interoperability in AI Governance Frameworks
The regulatory landscape for artificial intelligence (AI), including the generative kind, is evolving rapidly, with governments and regulators aiming to address the challenges and opportunities presented by this transformative technology.
EBA Proposes Operational Risk Standards Under Final Basel III Package
The European Union (EU) has been working on the final elements of Basel III standards, with endorsement of the Banking Package and the publication of the European Banking Authority (EBA) roadmap on Basel III implementation in December 2023.
EFRAG Proposes XBRL Taxonomy and Standard for Listed SMEs Under ESRS
The European Financial Reporting Advisory Group (EFRAG), which plays a crucial role in shaping corporate reporting standards in European Union (EU), is seeking comments, until May 21, 2024, on the Exposure Draft ESRS for listed SMEs.
ECB to Expand Climate Change Work in 2024-2025
Banking regulators worldwide are increasingly focusing on addressing, monitoring, and supervising the institutions' exposure to climate and environmental risks.