The Bank of England (BoE) published a policy statement on outsourcing and third-party risk management for financial market infrastructures or FMIs, along with three supervisory statements for central counterparties or CCPs, central securities depositaries or CSDs, and recognized payment system operators (RPSOs) and specified service providers (SSPs), in addition to the Code of Practice applicable for RPSOs and SSPs.
The policy statement provides feedback to the three consultation papers covering outsourcing and third-party risk management for financial market infrastructures. As part of the consultations, BoE proposed to update its expectations and requirements on outsourcing and third-party risk management; this update is in response to the evolving business models and industry practices of financial market infrastructures that place increasing reliance on services and technologies provided by third parties. Based on the responses received, BoE highlights that the respondents were generally supportive of the proposals and welcomed the efforts to clarify regulatory expectations and requirements and bolster the operational resilience of financial market infrastructures. The vast majority of substantive feedback focused on the expectations or requirements described in the consultation papers and did not disagree with the overall direction of the policy. Thus, BoE made only minor changes to the final policy text, supervisory statements, and Code of Practice for RPSOs and SSPs, which can be summarized as follows:
- Clarification in the final supervisory statements that third parties providing testing summaries and financial market infrastructures providing redacted or summarized policies also meet the expectations
- Small changes to the definitions of "Outsourcing Agreement," "Third Party," and "Sub-outsourcing" across the three supervisory statements and the Code of Practice to ensure alignment across the final policy documents
- Changes in the text of the central counterparties supervisory statement that describe the UK European Market Infrastructure Regulation, or EMIR Article 35(1) so that it refers to "major activities linked to risk management" in alignment with the UK EMIR text
- Amended Paragraph 10.17 in the supervisory statements, so that it applies to business continuity plans as well as stressed exit plans and moved the paragraph to the introductory part of the chapter to Paragraph 10.4
BoE expects financial market infrastructures to comply with the expectations in the relevant supervisory statements and the requirements in the Code of Practice for RPSOs and SSPs, by February 09, 2024. Outsourcing arrangements entered into on or after February 08, 2023 should meet the expectations in the relevant supervisory statement and the Code of Practice by February 09, 2024. Financial market infrastructures should seek to review and update legacy outsourcing agreements entered into before February 08, 2023 at the first appropriate contractual renewal or revision point to meet the expectations in the relevant supervisory statement as soon as possible on or after February 09, 2023.
Keywords: Europe, UK, Banking, Securities, Outsourcing, Third-Party Risk, Supervisory Statement, Central Counterparties, Code Of Practice, Operational Resilience, EMIR, FMI, Regtech, BoE
Previous ArticleFED and OCC Release Stress Test Scenarios for 2023
The European Banking Authority (EBA) has published the final templates, and the associated guidance, for collecting climate-related data for the one-off Fit-for-55 climate risk scenario analysis.
The European Banking Authority (EBA) recently published a report that recommends enhancements to the Pillar 1 framework, under the prudential rules, to capture environmental and social risks.
As a follow on from its prudential standard on the treatment of crypto-asset exposures, the Basel Committee on Banking Supervision (BCBS) proposed disclosure requirements for crypto-asset exposures of banks.
The Basel Committee on Banking Supervision (BCBS) and the European Banking Authority (EBA) have published results of the Basel III monitoring exercise.
The Prudential Regulation Authority (PRA) recently issued a few regulatory updates for banks, with the updated Basel implementation timelines being the key among them.
The U.S. Department of the Treasury has recently set out the principles for net-zero financing and investment.
The European Commission (EC) launched a stakeholder survey on the draft International Guiding Principles for organizations developing advanced artificial intelligence (AI) systems.
The finalization of the two sustainability disclosure standards—IFRS S1 and IFRS S2—is expected to be a significant step forward in the harmonization of sustainability disclosures worldwide.
Decentralized finance (DeFi) is expected to increase in prominence, finding traction in use cases such as lending, trading, and investing, without the intermediation of traditional financial institutions.
The Basel Committee on Banking Supervision (BCBS) published reports that assessed the overall implementation of the net stable funding ratio (NSFR) and the large exposures rules in the U.S.