EBF advisor: Blazej Blasikiewicz
iii
Publication date: 24 September 2018
iii
Key points:
Outsourcing arrangements are widely used by the banking industry as they contribute to the efficiency and to the competitiveness of banks’ business models. Outsourcing indeed helps banks focus on their core business and gives them access to skills and services that are not available in house at the same level of efficiency and/or effectiveness.
Against this background, it is crucial that the Guidelines (GLs) strike the right balance between necessary safeguards preserving the integrity of outsourcing institutions, and the required flexibility to adapt to a fast-moving economic and technological environment. In particular, we assume that the specific requirements (should) only apply to outsourcings classified as critical/important.
The EBF’s key points relate to the following issues:
Scope of outsourcing: The draft EBA GLs provide for outsourcing requirements that are in line with MiFID II. MiFID II only provides for requirements for the ‘performance of operational functions which are critical for the provision of continuous and satisfactory services.
Definition and examples of what is or is not outsourcing: The current definition is extremely broad and risks encapsulating all activities performed by third parties for regulated institutions as outsourcing.
Intragroup outsourcing: Intragroup outsourcing should be subject to lower obligations than extra-group third-party outsourcing agreements.
Standard contractual clauses will be necessary for outsourcing agreements: Financial institutions may find difficulty in negotiating and getting some of the terms required by these GLs to be accepted by some large suppliers, such as, inter alia, the exercise of unrestricted access rights, or ex ante notification requirements in the sub-outsourcing of critical functions.
Sub-outsourcing assessment: Institutions may find it difficult to perform the risk assessment of sub-outsourcing activities.
Notification requirements: Given that the EBA has reiterated publicly that no upfront approval of outsourcing activities is necessary, in our view it would be sufficient for any bank to have a repository available which could be delivered upon request to the NCAs.
Summary table of requirements: Across the GLs it is not clear which requirements apply to general outsourcing, which to outsourcing of a critical or important function and which to intragroup arrangements respectively.
Cloud: The consideration of cloud services as outsourcing and, in case it is considered as such, as general outsourcing or outsourcing of critical functions should follow the same principles than the rest of services and technologies. It should depend on the nature of the activities outsourced.
Subscribe to the EBF Weekly + FinReg Agenda
Every Friday at noon you can receive the EBF Weekly + Financial Regulation Agenda. This agenda presents an overview of upcoming European and international meetings and conferences in financial regulation, as well as important general financial and economic events and key EBF meetings for the week ahead. CLICK HERE TO SUBSCRIBE
Subscribe to the EBF Morning Brief
The EBF Morning Brief is published Monday through Friday morning and brings you the top banking headlines, relevant announcements from the EU institutions and the latest from the EBF and its members, national banking associations in 32 countries in Europe. CLICK HERE TO SUBSCRIBE
EU Banks for Ukraine
