ECB Issues Opinion on German Law on Outsourcing Arrangements by Banks
On request from the German Ministry of Finance, ECB delivered an opinion, containing its observations, on a draft law that concerns the supervision of outsourcing arrangements by BaFin. ECB notes that it understands that the new powers for the supervision of external service providers are granted to BaFin without prejudice to the supervisory responsibilities established under the EU Regulation 1024/201321; this EU regulation assigns, to ECB, responsibilities as competent authority for the supervision of significant credit institutions, including the supervision of the outsourcing arrangements entered into by credit institutions with third parties. ECB also notes that once the Digital Operational Resilience Act (DORA) is adopted at the EU level, the German legislator will need to review this draft law.
In specific, the ECB opinion was requested on Article 5 of the draft German law, which introduces changes to the Law on banking, and on Article 8 of the draft law, which introduces changes to the Law on capital investment. ECB has confined its opinion to Article 5 of the draft law, which introduces changes to the Law on banking concerning BaFin’s supervision of outsourcing arrangements entered into by credit institutions. The draft law introduces a wide definition of what is regarded as an "external service provider," a term that includes any company to which a credit institution has outsourced activities or processes to execute its ordinary services. In general, ECB notes that enhancing the digital operational resilience of credit institutions by extending supervisory powers directly to external service providers is a topical issue that needs to be addressed. Thus, it is understood that the German legislator will review the draft law once the DORA proposal of EC is adopted to ensure full consistency with the EU legislation. However, once EU legislation is adopted, the draft law will require additional adaptation, not just by the legislator but also on the part of credit institutions and their external service providers.
Additionally, ECB observes that certain aspects of the draft law go beyond the scope of the EBA guidelines on outsourcing arrangements (EBA/GL/2019/02), such as the obligation on credit institutions to ensure contractually that the external service provider appoints an authorized agent in Germany to whom BaFin may serve documents and notifications. Some of these requirements, such as the new power granted to BaFin to issue orders directly to external service providers to which material activities and processes have been outsourced, combined with the power to impose sanctions if such orders are not complied with, go beyond the traditional construct of the Capital Requirements Directive, where the role of the competent authorities is articulated exclusively vis-à-vis the credit institution, which is the addressee of potential decisions or supervisory measures aimed at reducing the risk posed by a particular outsourcing arrangement.
Related Link: Opinion (PDF)
Keywords: Europe, EU, Germany, Banking, Opinion, Outsourcing Arrangements, DORA, Cloud Computing, Operational Resilience, CRD, ECB
Previous Article
EBA Publishes Single Rulebook Q&A Updates in February 2021Related Articles
BIS and Central Banks Experiment with GenAI to Assess Climate Risks
A recent report from the Bank for International Settlements (BIS) Innovation Hub details Project Gaia, a collaboration between the BIS Innovation Hub Eurosystem Center and certain central banks in Europe
Nearly 25% G-SIBs Commit to Adopting TNFD Nature-Related Disclosures
Nature-related risks are increasing in severity and frequency, affecting businesses, capital providers, financial systems, and economies.
Singapore to Mandate Climate Disclosures from FY2025
Singapore recently took a significant step toward turning climate ambition into action, with the introduction of mandatory climate-related disclosures for listed and large non-listed companies
SEC Finalizes Climate-Related Disclosures Rule
The U.S. Securities and Exchange Commission (SEC) has finalized the long-awaited rule that mandates climate-related disclosures for domestic and foreign publicly listed companies in the U.S.
EBA Proposes Standards Related to Standardized Credit Risk Approach
The European Banking Authority (EBA) has been taking significant steps toward implementing the Basel III framework and strengthening the regulatory framework for credit institutions in the EU
US Regulators Release Stress Test Scenarios for Banks
The U.S. regulators recently released baseline and severely adverse scenarios, along with other details, for stress testing the banks in 2024. The relevant U.S. banking regulators are the Federal Reserve Bank (FED), the Federal Deposit Insurance Corporation (FDIC), and the Office of the Comptroller of the Currency (OCC).
Asian Governments Aim for Interoperability in AI Governance Frameworks
The regulatory landscape for artificial intelligence (AI), including the generative kind, is evolving rapidly, with governments and regulators aiming to address the challenges and opportunities presented by this transformative technology.
EBA Proposes Operational Risk Standards Under Final Basel III Package
The European Union (EU) has been working on the final elements of Basel III standards, with endorsement of the Banking Package and the publication of the European Banking Authority (EBA) roadmap on Basel III implementation in December 2023.
EFRAG Proposes XBRL Taxonomy and Standard for Listed SMEs Under ESRS
The European Financial Reporting Advisory Group (EFRAG), which plays a crucial role in shaping corporate reporting standards in European Union (EU), is seeking comments, until May 21, 2024, on the Exposure Draft ESRS for listed SMEs.
ECB to Expand Climate Change Work in 2024-2025
Banking regulators worldwide are increasingly focusing on addressing, monitoring, and supervising the institutions' exposure to climate and environmental risks.