ECB Issues Opinion on German Law on Outsourcing Arrangements by Banks
On request from the German Ministry of Finance, ECB delivered an opinion, containing its observations, on a draft law that concerns the supervision of outsourcing arrangements by BaFin. ECB notes that it understands that the new powers for the supervision of external service providers are granted to BaFin without prejudice to the supervisory responsibilities established under the EU Regulation 1024/201321; this EU regulation assigns, to ECB, responsibilities as competent authority for the supervision of significant credit institutions, including the supervision of the outsourcing arrangements entered into by credit institutions with third parties. ECB also notes that once the Digital Operational Resilience Act (DORA) is adopted at the EU level, the German legislator will need to review this draft law.
In specific, the ECB opinion was requested on Article 5 of the draft German law, which introduces changes to the Law on banking, and on Article 8 of the draft law, which introduces changes to the Law on capital investment. ECB has confined its opinion to Article 5 of the draft law, which introduces changes to the Law on banking concerning BaFin’s supervision of outsourcing arrangements entered into by credit institutions. The draft law introduces a wide definition of what is regarded as an "external service provider," a term that includes any company to which a credit institution has outsourced activities or processes to execute its ordinary services. In general, ECB notes that enhancing the digital operational resilience of credit institutions by extending supervisory powers directly to external service providers is a topical issue that needs to be addressed. Thus, it is understood that the German legislator will review the draft law once the DORA proposal of EC is adopted to ensure full consistency with the EU legislation. However, once EU legislation is adopted, the draft law will require additional adaptation, not just by the legislator but also on the part of credit institutions and their external service providers.
Additionally, ECB observes that certain aspects of the draft law go beyond the scope of the EBA guidelines on outsourcing arrangements (EBA/GL/2019/02), such as the obligation on credit institutions to ensure contractually that the external service provider appoints an authorized agent in Germany to whom BaFin may serve documents and notifications. Some of these requirements, such as the new power granted to BaFin to issue orders directly to external service providers to which material activities and processes have been outsourced, combined with the power to impose sanctions if such orders are not complied with, go beyond the traditional construct of the Capital Requirements Directive, where the role of the competent authorities is articulated exclusively vis-à-vis the credit institution, which is the addressee of potential decisions or supervisory measures aimed at reducing the risk posed by a particular outsourcing arrangement.
Related Link: Opinion (PDF)
Keywords: Europe, EU, Germany, Banking, Opinion, Outsourcing Arrangements, DORA, Cloud Computing, Operational Resilience, CRD, ECB
Previous ArticleEBA Publishes Single Rulebook Q&A Updates in February 2021
FINMA Approves Merger of Credit Suisse and UBS
The Swiss Financial Market Supervisory Authority (FINMA) has approved the takeover of Credit Suisse by UBS.
BOE Sets Out Its Thinking on Regulatory Capital and Climate Risks
The Bank of England (BOE) published a working paper that aims to understand the climate-related disclosures of UK financial institutions.
OSFI Finalizes on Climate Risk Guideline, Issues Other Updates
The Office of the Superintendent of Financial Institutions (OSFI) is seeking comments, until May 31, 2023, on the draft guideline on culture and behavior risk, with final guideline expected by the end of 2023.
APRA Assesses Macro-Prudential Policy Settings, Issues Other Updates
The Australian Prudential Regulation Authority (APRA) published an information paper that assesses its macro-prudential policy settings aimed at promoting stability at a systemic level.
BIS Paper Examines Impact of Greenhouse Gas Emissions on Lending
BIS issued a paper that investigates the effect of the greenhouse gas, or GHG, emissions of firms on bank loans using bank–firm matched data of Japanese listed firms from 2006 to 2018.
HMT Mulls Alignment of Ring-Fencing and Resolution Regimes for Banks
The HM Treasury (HMT) is seeking evidence, until May 07, 2023, on practicalities of aligning the ring-fencing and the banking resolution regimes for banks.
MFSA Sets Out Supervisory Priorities, Issues Reporting Updates
The Malta Financial Services Authority (MFSA) outlined its supervisory priorities for 2023
German Regulators Issue Multiple Reporting Updates for Banks
Deutsche Bundesbank published the nationally deactivated validation rules for the German Commercial Code (HGB) users on the taxonomy 3.2, which became valid from December 31, 2022
BCBS Report Examines Impact of Basel III Framework for Banks
The Basel Committee on Banking Supervision (BCBS) published results of the Basel III monitoring exercise based on the June 30, 2022 data.
PRA Consults on Prudential Rules for "Simpler-Regime" Firms
Among the recent regulatory updates from UK authorities, a key development is the first-phase consultation, from the Prudential Regulation Authority (PRA), on simplifications to the prudential framework that would apply to the simpler-regime firms.