IOSCO proposed updates to its principles for regulated entities that outsource tasks to service providers. The proposed Principles on Outsourcing are based on IOSCO´s 2005 Outsourcing Principles for Market Intermediaries and the 2009 Outsourcing Principles for Markets but their application has been expanded to include trading venues, market participants acting on a proprietary basis, credit rating agencies, and financial market infrastructures. The consultation period ends on October 01 2020.
The revised principles comprise a set of fundamental precepts and a set of seven principles. The consultation report contains sections on particular sectors and issues, with Annex A providing a report on outsourcing among credit rating agencies, including the use of cloud computing. The fundamental precepts cover issues such as the definition of outsourcing, the assessment of materiality and criticality, their application to affiliates, the treatment of sub-contracting, and outsourcing on a cross-border basis. The seven principles cover the following areas, with each of these principles being supplemented with guidance for implementation:
- Due diligence in the selection and monitoring of a service provider
- The contract with a service provider
- Information security, business resilience, continuity and disaster recovery
- Confidentiality Issues
- Concentration of outsourcing arrangements
- Access to data, premises, personnel, and associated rights of inspection
- Termination of outsourcing arrangements
Since the publication of IOSCO´s earlier principles on outsourcing for market intermediaries and for markets, developments in markets and technology have increased regulatory attention on risks related to outsourcing and the need to ensure the operational resilience of regulated entities. IOSCO prepared this report before the COVID-19 outbreak. However, on April 08, 2020, the IOSCO Board agreed to delay publication of its reports to allow firms and financial institutions to redirect their resources to focus on the challenges arising from the pandemic. As the initial stages of this crisis pass, the IOSCO Board has decided to publish this report now because the outbreak of COVID-19 has highlighted the need to ensure resilience in operational activities and to maintain business continuity in situations where both external and often unforeseen shocks impact both firms and their service providers. To account for the ongoing resource constraints on financial institutions, however, the consultation period goes well beyond the typical 90-day comment period and will end on October 01, 2020. The consultation report includes a set of questions, including one of particular relevance during the current COVID-19 pandemic: What measures for business continuity would be effective in situations where all, or a significant portion, of both the outsourcers’ and third-party providers’ work force is working remotely? In particular, what steps should be taken so Cyber Security and Operational Resilience can be ensured?”
Comment Due Date: October 01, 2020
Keywords: International, Banking, Securities, PMI, Credit Rating Agencies, Operational Risk, Outsourcing, Third-party Arrangements, Cloud Computing, COVID-19, IOSCO
Previous ArticleFSI Examines Financial Stability Implications of Payment Deferrals
BIS Innovation Hub published the work program for 2021, with focus on suptech and regtech, next-generation financial market infrastructure, central bank digital currencies, open finance, green finance, and cyber security.
In an article published by SRB, Mairead McGuinness, the European Commissioner for Financial Services, Financial Stability, and Capital Markets Union, discussed the progress and next steps toward completion of the Banking Union.
EBA finalized the two sets of draft regulatory technical standards on the identification of material risk-takers and on the classes of instruments used for remuneration under the Investment Firms Directive (IFD).
EC published, in the Official Journal of the European Union, a notification that the European Court of Auditors (ECA) has published a special report on resolution planning in the Single Resolution Mechanism.
BoE published a scenario against which it will be stress testing banks in 2021, in addition to setting out the key elements of the 2021 stress test, guidance on the 2021 stress test, and the variable paths for the 2021 stress test.
PRA published a consultation paper (CP3/21) proposes rules regarding the timing of identity verification required for eligibility of depositor protection under the Financial Services Compensation Scheme (FSCS).
FSB published the work program for 2021, which reflects a strategic shift in priorities in the COVID-19 environment.
FCA announced that 50% firms have started using the new data collection platform RegData, which is slated to replace the existing platform known Gabriel.
Bundesbank published Version 5.0 of the derivation rules for completeness check at the form level, with respect to the data quality of the European harmonized reporting system.
FED finalized a rule that updates capital planning requirements to reflect the new framework from 2019 that sorts large banks into categories, with requirements that are tailored to the risks of each category.