Revised EBA guidelines on outsourcing arrangements
Entry into force will be on 30 September 2019
Financial institutions are adapting their operating model following digitalisation and given the increasing importance of new financial technology (Fintech) providers. Outsourcing is a way to get relatively easy access to new technologies, to achieve economies of scale or have recourse to service providers with a proven track record in specialized areas.
The Guidelines clarify that the management body always remains responsible and should ensure that resources are available to appropriately support and ensure the performance of these responsibilities, including overseeing all risks and managing the outsourcing arrangements. Outsourcing may never result in a situation in which an institution becomes an ‘empty shell'.
The Guidelines differentiate between requirements on critical and important outsourcing arrangements and “other” outsourcing arrangements. As the outsourcing of critical and important functions has a higher impact on the risk profile of the institution, requirements have been differentiated.
TriFinance can assist Financial Institutions in many ways:
- Drafting or challenging the outsourcing policy and framework
- Identification or challenging of the critical or important functions
- Assistance in the analysis, documentation and reporting of outsourcing risk for the own risk assessment for banks, insurance companies and asset management companies
- Setting up the internal control function for the different stages of the outsourcing life cycle.
- Identification of the outsourcing project and the qualification as material or not
- Setting up the process including the Request for proposal, contract negotiation and detailed Service Level Agreements
- Project Management during the transition phase
- Monitoring of the outsourcing contracts by the internal control bodies: performance monitoring via KPI and Risk Monitoring
- Business contingency plans, including exit strategies for outsourced critical or important functions or activities
About the Risk Management & Compliance Practice
The TriFinance Risk Management & Compliance practice is supporting banks and insurance undertakings in anticipating and addressing the tighter supervisory and internal Group standards relating to risk management and internal control. In this perspective, recommendations issued by the different supervisory bodies are closely monitored and translated into best practices. Simultaneously, TriFinance can help banks in all kinds of transformation processes in the area of Risk Management and Internal Control to be better prepared for the rapidly evolving external environment.