PRA published a consultation paper CP30/19 that sets out proposals to modernize the regulatory framework on outsourcing and third-party risk management. These proposals are set out in the draft supervisory statement on outsourcing and third-party risk management in the Appendix to CP30/19. PRA proposes to publish the final policy on these proposals in the second half of 2020, with implementation of most the proposals shortly after. This consultation closes on April 03, 2020.
The proposals pursue the following objectives:
- Complement the policy proposals in CP29/19 on operational resilience.
- Facilitate greater resilience and adoption of the cloud and other new technologies, as set out in response of BoE to the "Future of Finance" report.
- Implement the EBA guidelines on outsourcing arrangements. The draft supervisory statement clarifies how PRA expects banks to approach the EBA Outsourcing Guidelines in the context of its requirements and expectations. In addition, certain chapters in the draft supervisory statement elaborate on the expectations in the EBA Outsourcing Guidelines.
- Take into account the draft EIOPA guidelines on outsourcing to cloud service providers and EBA guidelines on information and communication technology and security risk management.
Certain proposals, which derive from the EBA Outsourcing Guidelines or (if adopted in the current form) the draft EIOPA Cloud Guidelines, would be subject to longer implementation periods, particularly those that relate to the
- Register of outsourcing arrangements (Outsourcing Register)
- Revision by banks of outsourcing arrangements entered into before September 30 2019 and revision by insurers of cloud Outsourcing arrangements entered into before July 01, 2020 (Legacy Outsourcing Arrangements), to bring them into compliance with the EBA Outsourcing Guidelines and EIOPA Cloud Guidelines, respectively.
The consultation paper is relevant to all UK banks, building societies, and PRA-designated investment firms, insurance and reinsurance firms, groups in scope of Solvency II, including the Society of Lloyd’s and managing agents, and branches of overseas banks and insurers. Some of the proposals in CP30/19 are relevant to credit unions and non-directive firms namely those in paragraph 2.3 of CP30/19; PRA rules, statutory powers, and requirements referenced in tables 2, 5, and 6; and paragraphs 5.11-5.12. In line with the principle of proportionality, PRA proposes not to apply the remaining sections of the draft supervisory statement to credit unions and non-directive firms.
Comment Due Date: April 03, 2020
Keywords: Europe, UK, Banking, Insurance, Securities, Reinsurance, CP 30/19, Cloud Service Providers, Proportionality, Operational Resilience, Third-Party Arrangements, Operational Risk, Outsourcing Arrangements, EBA, EIOPA, PRA
Next ArticleBIS and MAS Launch Innovation Hub in Singapore
The UK authorities have published consultations with respect to the Basel requirements for banks. The Prudential Regulation Authority (PRA) published the consultation paper CP16/22 on rules for the implementation of Basel 3.1 standards.
The three European Supervisory Authorities (ESAs) issued a letter to inform about delay in the Sustainable Finance Disclosure Regulation (SFDR) mandate, along with a Call for Evidence on greenwashing practices.
The Financial Stability Board (FSB) and the Network for Greening the Financial System (NGFS) published a joint report that outlines the initial findings from climate scenario analyses undertaken by financial authorities to assess climate-related financial risks.
The Financial Stability Board (FSB) published a letter intended for the G20 leaders, highlighting the work that it will undertake under the Indian G20 Presidency in 2023 to strengthen resilience of the financial system.
The International Sustainability Standards Board (ISSB) of the IFRS Foundations made several announcements at COP27 and with respect to its work on the sustainability standards.
The International Organization for Securities Commissions (IOSCO), at COP27, outlined the regulatory priorities for sustainability disclosures, mitigation of greenwashing, and promotion of integrity in carbon markets.
The European Banking Authority (EBA) issued a statement in the context of COP27, clarified the operationalization of intermediate EU parent undertakings (IPUs) of third-country groups
The European Union has finalized and published, in the Official Journal of the European Union, a set of 13 Delegated and Implementing Regulations applicable to the European crowdfunding service providers.
The Office of the Superintendent of Financial Institutions (OSFI) published an annual report on its activities, a report on forward-looking work.
The Australian Prudential Regulation Authority (APRA) finalized amendments to the capital framework, announced a review of the prudential framework for groups.