The EBA’s Guidelines on outsourcing arrangements: Key points
They apply to all outsourcing arrangements entered into after 30 September 2019, and to all existing outsourcing arrangements at the first point they are renewed… Read more
- They apply to all outsourcing arrangements entered into after 30 September 2019, and to all existing outsourcing arrangements at the first point they are renewed or amended after 30 September 2019.
- They are much more granular than previous regulatory guidelines in this area. For example, there are provisions describing the due diligence measures that firms should apply when assessing a service provider.
- There is a distinction in the Guidelines between outsourcings of “critical or important” functions and other outsourcings, with the former attracting additional requirements.
- The Guidelines apply to intra-group outsourcing arrangements.
- There is a new requirement for firms to maintain an Outsourcing Register. This requires firms to extract certain details from its outsourcing agreements (e.g. renewal dates and BCDR provisions) and include them in the Outsourcing Register, which needs to be kept up to date and available for inspection by the FCA and/or PRA.
- Firms must have an Outsourcing Policy. Firms’ outsourcing agreements will need to reflect the provisions of the Outsourcing Policy. This is likely to require many firms to vary existing outsourcing agreements.
- Although this requirement is not entirely new, many firms will need to combine various policies in relation to outsourcing into a single policy.
- Firms and the FCA and PRA must make every effort to comply with the Guidelines, so they cannot be ignored and the regulators are already active in monitoring compliance.
- Suppliers who service firms within scope of the Guidelines should review their standard terms and processes in anticipation of EBA-related queries from clients.
Share this blog
Paul O’Hare
is the head of sourcing
Share this Blog
The hottest topics in technology
close
- Adtech & martech
- Agile
- Artificial intelligence
- EBA outsourcing
- Brexit
- Cloud computing
- Complex & sensitive investigations
- Connectivity
- Cryptocurrencies & blockchain
- Cybersecurity
- Data analytics & big data
- Data breaches
- Data rights
- Digital commerce
- Digital content risk
- Digital health
- Digital media
- Digital infrastructure & telecoms
- Emerging businesses
- Financial services
- Fintech
- Gambling
- GDPR
- KLick DPO
- KLick Trade Mark
- Open banking
- Retail
- SMCR
- Software & services
- Sourcing
- Travel