Outsourcing arrangements entered into by regulated financial service providers (RFSPs) continue to be an area of increased scrutiny by the Central Bank of Ireland. This is due to the growing prevalence of outsourced functions across the financial services sector and the potential threat it poses to the operational resilience of RFSPs.

To ensure all RFSPs have robust and effective outsourcing risk management processes in place, the Central Bank has issued a consultation paper on its proposed Cross-Industry Guidance on Outsourcing.

Scope of the Guidance

The Guidance, as currently envisaged, has been aligned with existing guidelines applicable to certain industry sectors, including payment services and insurance. However, the Central Bank still expects RFSPs to refer to the Guidance once introduced for the purposes of understanding what is deemed to be good practice for the effective management of outsourcing activities.

Some of the key points that the Guidance seeks to address are:

1. The Central Bank’s specific expectations regarding the management of those risks connected to the outsourcing functions relating to information and communications technology

2. Sub-outsourcing, also referred to as chain outsourcing, and how these arrangements can become overly complex, resulting in the increased need for appropriate governance and risk management arrangements

3. The off-shoring of outsourcing, and in particular off-shoring outside the EU/EEA, and the increased need in these situations for robust contractual arrangements, processes and monitoring of the outsourced functions and the operation of recovery and exit strategies

4. Concentration risk and how the Central Bank expects RFSPs to identify and manage such a risk

In addition, the Guidance sets out detail on:

• The completion of assessments on the criticality or importance of outsourced functions

• How intragroup arrangements should be approached

• The due diligence to be collated on outsourced service providers, and

• The introduction of a requirement to submit periodic returns to the Central Bank setting out the details of the contents of outsourcing registers to be maintained under the Guidance

Consultation process

The Central Bank has invited interested stakeholders to provide feedback on the Guidance and specific questions aimed at identifying any perceived gaps in the Guidance.

The consultation will remain open for responses until 26 July 2021. RFSPs should review the Guidance, accessible here, and consider whether they wish to provide feedback to the Central Bank.

Conclusion

The inevitable introduction of the Guidance will require RFSPs to take steps now to prepare for compliance with the requirements.

We can assist RFSPs with ensuring their current practices are in line with current Irish and European sectoral requirements, and indeed the Guidance, and this may include:

• A review of any existing outsourcing agreements and/or service level agreements

• An assessment of outsourced functions to determine if they are critical or important functions

• A review of outsourcing policies

• Ensuring that outsourcing frameworks are well designed, operating effectively and are sufficiently robust to oversee and manage the associated risks

• Determining how best to prepare and maintain an outsourcing register

If you have any queries, please contact a member of our Financial Regulation Team.

The content of this article is provided for information purposes only and does not constitute legal or other advice.