CONSULTATION PAPER ON HIGH LEVEL PRINCIPLES ON OUTSOURCING COVER NOTE

Size: px
Start display at page:

Download "CONSULTATION PAPER ON HIGH LEVEL PRINCIPLES ON OUTSOURCING COVER NOTE"

Transcription

1 CEBS CP 02 April 2004 COMMITTEE OF EUROPEAN BANKING SUPERVISORS CONSULTATION PAPER ON HIGH LEVEL PRINCIPLES ON OUTSOURCING COVER NOTE Introduction 1. European banking supervisors began work in 2002 on developing high level principles (HLPs) that could be used to help converge supervisory approaches and practices in relation to outsourcing. It was agreed that the starting point for any set of principles should be based on widespread current practices and the common policy elements that have been elaborated to date in various Member States. 2. The Committee of European Banking Supervisors (CEBS) is now in a position to share its thinking with the industry. 1 This work is also timely as other committees, at the EU and global level, are also planning work in this field. CEBS is keen to promote these principles and to build on the work that has already been done. But more importantly CEBS wishes to be ambitious and to promote convergence across the financial services sectors and to aim for an international regulatory definition of outsourcing and commonly accepted principles. Overview 3. In large part these principles are addressed to institutions. They set out in broad terms what supervisory authorities should expect from institutions themselves, from a prudential point of view (HLPs I VIII), and also from the supervisory authorities (HLPs IX XI). Moreover, they could be used as guideline for respective legislative and other measures. 4. Respondents may want to note that CEBS has considered the issue of "materiality" and "pre-notification" of outsourcing. In particular, supervisors will want pre-notification of all material proposals for outsourcing so that they can analyse them from the standpoint of their impact on institutions' systems and controls and/or their effect on the risk profile of the institution. On the other hand, supervisors may not want to be pre-notified of non-material outsourcing, although institutions will still be obliged to ensure that they remain within the policy guidelines set by their supervisors. 5. CEBS is proposing a three-tier classification of activities: - Strategic or core activities which cannot be outsourced (HLP I); - Non-strategic but material activities, which should be pre-notified to the supervisory authority (see HLP III); and - Non-strategic and non-material activities, which do not have to be prenotified but for which the institution must remain responsible for ensuring any supervisory guidelines are still met (see HLP IV). 1 This convergence objective is in line with tasks set out by the European Commission in its Decision to establish CEBS, see 1 / 10

2 Further work 6. While this set of principles is fairly self-contained, CEBS acknowledges from the outset that there is scope to develop these principles further. In particular further work may be needed in developing more guidance on what (i) may be regarded as strategic or core activities and (ii) on the concept of a materiality test (see Principle IV) (e.g. some jurisdictions operate a scoring system to assess materiality). 7. Moreover, as part of CEBS' work on supervisory convergence, it intends to address further principles on supervisors own activities (Part 2 of the Principles), for example: The paper s primary focus is on financial institutions own risk management in the area of outsourcing and is lighter on supervisory measures. For example, under the draft principles, it is in principle the institution that, subject to certain conditions, decides whether it enters into or continues an outsourcing arrangement on the basis of the risk analysis prior to outsourcing and the monitoring post outsourcing. The paper does not address the circumstances in which the supervisor might intervene when, for instance, an outsourcing arrangement goes wrong or there are indications that the arrangement may go wrong after the arrangement is already in place. It may also be useful to add another key principle to cover the supervisory assessment of compliance with the principles. Consultation process 8. CEBS now welcomes comments from interested parties on these principles. Respondents may also wish to flag other areas where additional analysis or future work could prove useful. 9. The consultation process will be conducted on basis of CEBS draft Public Statement on Consultation Practices, which has been released for public consultation yesterday. It should be noted that this is CEBS' first consultation exercise on a specific convergence issue. As such industry practitioners and other interested parties should also regard the consultation process itself as a learning experience. CEBS intends to draw lessons from this exercise as it develops its open and transparent relations with the industry and others. 10. Please send your comments to CEBS, by by 31 July CEBS will make all comments available on its website (except where respondents specifically request that their comments remain confidential). Annex: CEBS Consultation Paper: High Level Principles on Outsourcing 2 / 10

3 Annex CEBS CONSULTATION PAPER HIGH LEVEL PRINCIPLES ON OUTSOURCING Introduction A number of European countries have, for some years, had in place formal outsourcing regimes. In order to assist European banking supervisors to converge their national policies and practices, they agree to adopt the following high level principles. These are based on a range of current practices and the common elements of policy that have been elaborated to date in various Member States. Part 1: Definitions It is acknowledged from the outset that there are a number of definitions of what constitutes outsourcing. For the purposes of these principles outsourcing is defined as follows: Outsourcing is the supply to an authorised institution by another entity (either intra-group or independent third party) of goods, service or facilities on a structural basis (i.e. the contractual supply of goods, service or facilities that form part of the business processes and which are necessary to support the provision of banking or other financial services). The supplier may itself be an authorised or unauthorised entity. This definition does not cover purchasing contracts, although as with outsourcing, firms should ensure that what they are buying is fit for purpose. Purchasing is defined, inter alia, as the supply of services, goods or facilities without information about or belonging to the purchasing institution coming within the control of the supplier; or of standardized products, such as market information or office inventory. In this context the supplier of goods, services or facilities is referred to as the outsourcing service provider, which may or may not be an authorised entity. The buyer of such goods, services or facilities is referred to as the outsourcing institution, and is for the purposes of these principles an authorised entity (e.g. a credit institution). Part 2: High level principles on outsourcing addressed to institutions I. Strategic and core management responsibility and functions cannot be outsourced. The outsourcing of core management functions is considered generally to be incompatible with the managers' obligation to run the enterprise under their 3 / 10

4 own responsibility. Hence core management functions such as strategic oversight, risk management and strategic control should not be outsourced. Outsourcing shall not affect managers' full and unrestricted responsibilities under the applicable law (e.g. under banking law). II. The ultimate responsibility for proper management of the risks associated with outsourcing lies with an outsourcing institution s senior executive management. All outsourcing regimes should ensure that the outsourcing of functions to an outsourcing service provider does not impair the supervision of an outsourcing institution. Responsibility for outsourced functions must always be retained by the outsourcing institution. The outsourcing of functions does not relieve an outsourcing institution of its regulatory responsibilities for its authorised activities or the function concerned. Outsourcing institutions should be encouraged to retain adequate core competence at a senior operational level to enable them to have the capability to resume direct control over an outsourced activity, in extremis. Exceptions for certain types of intra-group outsourcing may be allowed, provided the outsourcing institution can demonstrate that it can manage the risk (e.g. in connection with general instructions and decisions relating to central risk management) and where the outsourcing institution is a member of a group that is subject to supervision on a consolidated basis. (In the case of banking, such group-wide risk management refers to non-core functions and cannot result in elimination or limitation of risk management function on a solo basis in an outsourcing institution. In the case of outsourcing of non-core functions, domestic supervisory authorities, i.e. the host country, should also be involved in the decision to allow outsourcing, when needed.) Where such exceptions apply, and especially where the group covers more than one jurisdiction, the relevant regulations, documents, and other information on how the parent group manages the risk should be made available to the outsourcing institution. The outsourcing institution should also be able adequately to demonstrate to its own direct supervisory authority that it is compliant with risk management regulations. The supervisory authority should also be satisfied that it has adequate access to the outsourcing service provider. 4 / 10

5 III. An outsourcing institution should take particular care when outsourcing material activities, i.e. activities of such importance that any weakness or failure in the provision of these activities could have a significant affect on its ability to meet its regulatory responsibilities and/or to continue in business. In such cases the outsourcing institution should pre-notify its supervisory authority. In principle, any area of activity of an outsourcing institution other than those identified in Principles I and II may be outsourced provided that such outsourcing does not impair: the orderliness of the outsourcing institution s business being conducted or the financial services provided; the senior executive management's ability to manage and monitor the business and its authorised activities; and the supervisory authority's right to require an audit of the business or its ability to supervise the business. An institution may not outsource services and activities that are covered by the institution's authorisation unless the outsourcing service provider either (i) has an authorisation that is comparable to the authorisation of the outsourcing institution; or (ii) is acting as agent of the outsourcing institution. An outsourcing institution should conduct its business in a controlled and sound manner at all times. These requirements do not affect the principle of managers' sole responsibility (Principle I) for all authorised activities. The managers of the outsourcing institution shall be fully responsible to the supervisory authority for any outsourced area. The managers should therefore take suitable measures to ensure that the outsourced areas continue to meet the performance and quality standards that would apply if their own institution were to perform the relevant activities in-house. An outsourcing institution should inform (by prior notification and/or regular report) its supervisory authority on any important activity to be outsourced, in order for the supervisor to evaluate the proposal. Outsourcing institutions should be aware that the supervisory authority may distinguish between important and less important activities, and may impose certain conditions on institutions that outsource important activities. These conditions may be determined by factors such as the size of the institution, or the nature of the outsourcing service provider. The supervisory authority may also wish to prevent potential conflicts of interest (e.g. the supervisory authority may wish to prohibit the outsourcing of the financial accounting and the preparation of the annual accounts to the outsourcing institution s external auditor, or to the office with which the external auditor is connected). Subject to the principles that apply to cross-border outsourcing (expressed under Principle IX) no special rules are needed in relation to the geographical location of an outsourcing service provider. However, due to possible data protection risks, institutions should be encouraged to take special care when 5 / 10

6 entering into and managing outsourcing agreements that are undertaken outside the EEA. IV. There should be no restrictions on the outsourcing of non-material activities of an outsourcing institution. No requirements or conditions should be imposed on institutions that wish to outsource non-core activities that have little or no implications for internal control or key authorised functions. In such cases the outsourcing institution does not need to inform its supervisory authority. Nevertheless, outsourcing institutions should ensure adequate risk management at all times irrespective of the type of outsourced activity. In line with Principle III, the managers of the outsourcing institution should be fully responsible for any outsourced area. Areas which could be regarded as non-core include: Areas which do not potentially constitute relevant risks and which, if outsourced, would not lead to an impairment of the orderliness of the business, or of the managers' ability to manage and monitor it, or of the supervisory authority's right to audit and ability to oversee it. Purely advisory services used by the institution. For example, this applies to legal and tax consulting, even where this is not limited to individual aspects or projects. V. The Outsourcing institution should have a policy on its approach to outsourcing, including contingency plans and exit strategies. Outsourcing institutions should have a general policy that covers all aspects of outsourcing, including non-core outsourcing. It should also cover intra-group and external outsourcing. When drawing up this policy the outsourcing institutions should take into consideration that no form of outsourcing is entirely risk free. The policy should also recognise that the management of non-core and intra-group outsourcing should be proportionate to the risks presented by these arrangements. This policy should explicitly take account of the potential effects of outsourcing on certain significant functions (e.g. the internal audit function, the compliance function and the risk management function) when conducting the risk analysis prior to outsourcing. The policy should ensure that the outsourcing service provider's performance is appropriately monitored and assessed by the outsourcing institution's 6 / 10

7 management so that any necessary corrective measures can be taken immediately. The outsourcing institution should specify an internal unit or individual that is responsible for supervising and managing each outsourcing measure. This policy should also reflect the main phases that make up the life cycle of an institution s outsourcing arrangements: The decision to outsource or change an existing outsourcing arrangement (the decision making phase). Due diligence checks on the outsourcing service provider. Drafting a written outsourcing contract and service level agreement (the contract drafting phase). The implementation, monitoring, and maintenance of an outsourcing arrangement (the contractual phase). Dealing with the expected or unexpected termination of a contract and other service interruptions (the post-contractual phase). In particular, outsourcing institutions should plan and implement arrangements to maintain the continuity of their business in the event that the provision of services by an outsourcing service provider fails or deteriorates to an unacceptable degree, or the firm experiences other changes. This policy should also include some form of contingency planning and the establishment of a clearly defined exit strategy, evaluated against the costs and benefits of such planning. VI. An outsourcing institution s policies should require it to manage the risks associated with its outsourcing arrangements. Compliance with this principle should include an assessment of the operational risks associated with outsourcing. Outsourcing institutions should bring all serious problems with an outsourcing service provider to the supervisory authority s attention. VII. All outsourcing arrangements should be subject to a formal and comprehensive contract. As mentioned under Principle V, any outsourcing solution should be based on a clear written contract. Outsourcing institutions should make sure that the written contract takes account of the following (bearing in mind other specific national rules and legislation): 7 / 10

8 The operational area that is to be outsourced should be clearly defined. The precise requirements concerning the service performance should be specified and documented, taking account of the objective of the outsourcing solution. The outsourcing service provider's ability to meet performance requirements in both quantitative and qualitative terms should be assessable in advance. The respective responsibilities and competencies of the outsourcing institution and the outsourcing service provider should be precisely defined and distinguished. In order to underpin an effective policy for managing and monitoring the outsourced areas, the contract should include a termination and exit management clause, where proportionate and if deemed necessary, which allows the activities being provided by the outsourcing service provider to be transferred to another outsourcing service provider or to be reincorporated into the outsourcing institution. The contract should ensure that the outsourcing service provider's performance is continuously monitored and assessed so that any necessary corrective measures can be taken immediately. The contract should consider granting the outsourcing institution's internal auditing department and its external auditors full and unrestricted rights of inspection and auditing at all times. In the case of outsourcing within a group, the outsourcing institution needs to ensure that it is able to give effective rights of access to information to the supervisory authority (see Principle IX). This may require obtaining consents from affected parties such as the parent company and relevant home supervisory authorities). When drafting the contract the outsourcing institution should bear in mind that the level of monitoring, assessment, inspection and auditing required by the contract should be proportionate to the risks involved and the size and complexity of the outsourced activity. VIII. In managing its relationship with an outsourcing service provider an outsourcing institution should ensure that a service level agreement (SLA) is put in place. A service level agreement should normally contain a mixture of quantitative and qualitative performance targets, to enable an outsourcing institution to assess the adequacy of service provision. An outsourcing institution should also consider the need to evaluate the performance of its outsourcing service provider using mechanisms such as 8 / 10

9 service delivery reports, self-certification or independent review by the outsourcing institution s or the outsourcing service provider's internal and or external auditors. An outsourcing institution should be prepared to take remedial action if the outsourcing service provider's performance is inadequate. Part 3: Other supervisory principles on outsourcing IX. Supervisory authorities should aim to establish a right to information, and to conduct, or order, on-site inspections in an outsourcing service provider s premises. 2 Supervisory authorities should aim to be satisfied that outsourcing institutions ensure that their outsourcing contracts with outsourcing service providers grant the supervisory authority the rights to information, inspection, admittance and access (including access to databases) as well as the instruction and monitoring rights which the supervisory authority needs to exercise its surveillance functions. Supervisory authorities should also encourage outsourcing institutions to ensure that information may also be made available to the supervisory authority by the outsourcing service provider's external auditor. Supervisory authorities should aim to ensure that their ability to order or instruct the outsourcing institution can be reliably enforced, directly and irrespective of any conflicting instruction rights, so as to ensure the orderly performance of the outsourced activities and functions. The supervisory authorities should aim to ensure that they maintain control and can obtain detailed information about any outsourcing processes which might undermine the stability of the consolidated group whose overall supervision is, ultimately, their responsibility In the case of outsourcing to service providers abroad, the outsourcing institution should be responsible for ensuring that the supervisory authority can exercise its information rights, including its right to demand documents, and its auditing rights. 2 At present most supervisors do not have such legal rights, and must resort to other more indirect methods to ensure that information is forthcoming. It is suggested that these HLPs encourage supervisors to have the same powers including on-site inspections regardless of the type of outsource provider chosen by the outsourcing institution (e.g. whether this is internal or a third party). Some regimes rely on the supervisory authority to require the outsourcing institution to include relevant access rights in the outsourcing agreement. Directly imposing the obligations on the outsourcing service providers would require an expansion of such regimes. It may be useful to establish this principle as a legal power. 9 / 10

10 The supervisory authority should be able to cancel the outsourcing measure if the outsourcing institution cannot ensure the exercise or enforcement of the rights of supervisors (as mentioned in this principle). The outsourcing institution may prior to outsourcing consider in consultation with the supervisory authority what alternative measures could adequately mitigate the risks involved. If this is considered appropriate, and there are clear safeguards, the supervisory authority may grant a dispensation from the requirement in the previous paragraph. X. Supervisory authorities should take account of concentration risk, where one outsourcing service provider provides outsourcing services to several authorised outsourcing institutions. 3 Supervisory authorities should be aware of any concentration risks and manage and monitor these risks at a systemic level. XI. Supervisory authorities should take account of the risks associated with chain outsourcing (whereby the outsourcing service provider subcontracts elements of the service to other providers). The sub-outsourcing of outsourced activities and functions to third parties (sub-contractors) should be treated by the outsourcing institution like a primary outsourcing measure. The supervisory authority should encourage the outsourcing institution to agree to this only if the sub-contractor will also fully comply with the obligations existing between the outsourcing institution and the outsourcing service provider, including obligations incurred in favour of the supervisory authority. Compliance with these conditions should be ensured contractually, for example by a clause in the outsourcing contract requiring the prior consent of the outsourcing institution to the possibility and the modalities of sub-outsourcing. Supervisors should ensure that the outsourcing institution takes appropriate steps to address the risk of any weakness or failure in the provision of the subcontracted activities having a significant effect on the outsourcing service provider's ability to meet its responsibilities under the outsourcing agreement and SLA. Supervisory authorities should encourage the outsourcing institution to ensure that the outsourcing service provider agrees that the contractual terms agreed with the sub-contractor will always conform, or at least not be contradictory, to the provisions of the agreement with the outsourcing institution. 3 There are currently no restrictions on this. 10 / 10

Outsourcing Risk Guidance Note for Banks

Outsourcing Risk Guidance Note for Banks Outsourcing Risk Guidance Note for Banks Part 1: Definitions Guideline 1 For the purposes of these guidelines, the following is meant by: a) outsourcing: an authorised entity s use of a third party (the

More information

14 December 2006 GUIDELINES ON OUTSOURCING

14 December 2006 GUIDELINES ON OUTSOURCING 14 December 2006 GUIDELINES ON OUTSOURCING CEBS presents its Guidelines on Outsourcing. The proposed guidelines are based on current practices and also take into account international, such as the Joint

More information

BANKING UNIT BANKING RULES OUTSOURCING BY CREDIT INSTITUTIONS AUTHORISED UNDER THE BANKING ACT 1994

BANKING UNIT BANKING RULES OUTSOURCING BY CREDIT INSTITUTIONS AUTHORISED UNDER THE BANKING ACT 1994 BANKING UNIT BANKING RULES OUTSOURCING BY CREDIT INSTITUTIONS AUTHORISED UNDER THE BANKING ACT 1994 Ref: BR/14/2009 OUTSOURCING BY CREDIT INSTITUTIONS AUTHORISED UNDER THE BANKING ACT 1994 INTRODUCTION

More information

Mapping of outsourcing requirements

Mapping of outsourcing requirements Mapping of outsourcing requirements Following comments received during the first round of consultation, CEBS and the Committee of European Securities Regulators (CESR) have worked closely together to ensure

More information

Financial Services Guidance Note Outsourcing

Financial Services Guidance Note Outsourcing Financial Services Guidance Note Issued: April 2005 Revised: August 2007 Table of Contents 1. Introduction... 3 1.1 Background... 3 1.2 Definitions... 3 2. Guiding Principles... 5 3. Key Risks of... 14

More information

GUIDELINE ON THE APPLICATION OF THE OUTSOURCING REQUIREMENTS UNDER THE FSA RULES IMPLEMENTING MIFID AND THE CRD IN THE UK

GUIDELINE ON THE APPLICATION OF THE OUTSOURCING REQUIREMENTS UNDER THE FSA RULES IMPLEMENTING MIFID AND THE CRD IN THE UK GUIDELINE ON THE APPLICATION OF THE OUTSOURCING REQUIREMENTS UNDER THE FSA RULES IMPLEMENTING MIFID AND THE CRD IN THE UK This Guideline does not purport to be a definitive guide, but is instead a non-exhaustive

More information

Fédération Bancaire Européenne European Banking Federation. Le Secrétaire Général. Consultation Paper on the High Level Principles on Outsourcing

Fédération Bancaire Européenne European Banking Federation. Le Secrétaire Général. Consultation Paper on the High Level Principles on Outsourcing Fédération Bancaire Européenne European Banking Federation Le Secrétaire Général N 0537 COK E-mail Mr José María Roldán Chairman Committee of European Banking Supervisors Banco de España, Alcalà 50 28014

More information

OUTSOURCING GUIDELINES FOR BANKS AND FINANCIAL INSTITUTIONS, 2008

OUTSOURCING GUIDELINES FOR BANKS AND FINANCIAL INSTITUTIONS, 2008 OUTSOURCING GUIDELINES FOR BANKS AND FINANCIAL INSTITUTIONS, 2008 BANK OF TANZANIA PART I PRELIMINARY 1 These guidelines may be cited as the Outsourcing Guidelines for Banks and Financial Institutions,

More information

Statement of Guidance: Outsourcing All Regulated Entities

Statement of Guidance: Outsourcing All Regulated Entities Statement of Guidance: Outsourcing All Regulated Entities 1. STATEMENT OF OBJECTIVES 1.1. 1.2. 1.3. 1.4. This Statement of Guidance ( Guidance ) is intended to provide guidance to regulated entities on

More information

CAYMAN ISLANDS. Supplement No. 5 published with Gazette No. 19 dated 14 September, STATEMENT OF GUIDANCE: OUTSOURCING REGULATED ENTITIES

CAYMAN ISLANDS. Supplement No. 5 published with Gazette No. 19 dated 14 September, STATEMENT OF GUIDANCE: OUTSOURCING REGULATED ENTITIES CAYMAN ISLANDS Supplement No. 5 published with Gazette No. 19 dated 14 September, 2015. STATEMENT OF GUIDANCE: OUTSOURCING REGULATED ENTITIES Statement of Guidance: Outsourcing Regulated Entities 1. STATEMENT

More information

Managing Outsourcing Arrangements

Managing Outsourcing Arrangements Guidance Note GGN 221.1 Managing Outsourcing Arrangements 1. This Guidance Note provides further detail on the requirements for managing material outsourcing arrangements (refer Prudential Standard GPS

More information

Guidance on Arrangements to Support Operational Continuity in Resolution. Consultative Document

Guidance on Arrangements to Support Operational Continuity in Resolution. Consultative Document Guidance on Arrangements to Support Operational Continuity in Resolution Consultative Document 3 November 2015 ii The Financial Stability Board ( FSB ) is seeking comments on its Consultative Document

More information

POV on Draft Guidelines on Managing Risks and Code of Conduct in Outsourcing of Financial Services by NBFCs

POV on Draft Guidelines on Managing Risks and Code of Conduct in Outsourcing of Financial Services by NBFCs POV on Draft Guidelines on Managing Risks and Code of Conduct in Outsourcing of Financial Services by NBFCs April 2015 For private circulation only Draft Guidelines on Managing Risks and Code of Conduct

More information

NOTICE ON OUTSOURCING

NOTICE ON OUTSOURCING CONSULTATION PAPER P018-2014 SEPTEMBER 2014 NOTICE ON OUTSOURCING PREFACE 1 MAS first issued the Guidelines on Outsourcing in 2004 1 ( Guidelines ) to promote sound risk management practices for the outsourcing

More information

Principles on Outsourcing by Markets

Principles on Outsourcing by Markets Principles on Outsourcing by Markets Final Report TECHNICAL COMMITTEE OF THE INTERNATIONAL ORGANIZATION OF SECURITIES COMMISSIONS July 2009 CONTENTS I. Introduction 3 II. Survey Results 5 A. Outsourced

More information

Banking Guidance Note No. 1 Outsourcing of Services or Functions by Gibraltar- Licensed Banks. Date of Paper : 31 January 2000 Version Number : 1.

Banking Guidance Note No. 1 Outsourcing of Services or Functions by Gibraltar- Licensed Banks. Date of Paper : 31 January 2000 Version Number : 1. No. 1 of Services or Functions by Gibraltar- Licensed Banks Date of Paper : 31 January 2000 Version Number : 1.00 Table of Contents Introduction... 3 Submissions to FSC... 3 Assessment of Proposals...

More information

SUPERVISORY AND REGULATORY GUIDELINES: PU48-0809 GUIDELINES ON MINIMUM STANDARDS FOR THE OUTSOURCING OF MATERIAL FUNCTIONS

SUPERVISORY AND REGULATORY GUIDELINES: PU48-0809 GUIDELINES ON MINIMUM STANDARDS FOR THE OUTSOURCING OF MATERIAL FUNCTIONS SUPERVISORY AND REGULATORY GUIDELINES: PU48-0809 ISSUED: 4 th May 2004 REVISED: 27 th August 2009 GUIDELINES ON MINIMUM STANDARDS FOR THE OUTSOURCING OF MATERIAL FUNCTIONS I. INTRODUCTION The Central Bank

More information

Proposed guidance for firms outsourcing to the cloud and other third-party IT services

Proposed guidance for firms outsourcing to the cloud and other third-party IT services Guidance consultation 15/6 Proposed guidance for firms outsourcing to the cloud and other third-party IT services November 2015 1. Introduction and consultation 1.1 The purpose of this draft guidance is

More information

System of Governance

System of Governance CEIOPS-DOC-29/09 CEIOPS Advice for Level 2 Implementing Measures on Solvency II: System of Governance (former Consultation Paper 33) October 2009 CEIOPS e.v. Westhafenplatz 1-60327 Frankfurt Germany Tel.

More information

GUIDANCE NOTE ON OUTSOURCING

GUIDANCE NOTE ON OUTSOURCING GN 14 GUIDANCE NOTE ON OUTSOURCING Office of the Commissioner of Insurance Contents Page I. Introduction.. 1 II. Application...... 1 III. Interpretation.... 2 IV. Legal and Regulatory Obligations... 3

More information

THE TRANSFER OF PERSONAL DATA ABROAD

THE TRANSFER OF PERSONAL DATA ABROAD THE TRANSFER OF PERSONAL DATA ABROAD MARCH 2014 THIS NOTE CONSIDERS THE SITUATION OF AN IRISH ORGANISATION OR BUSINESS SEEKING TO TRANSFER PERSONAL DATA ABROAD FOR STORAGE OR PROCESSING, IN LIGHT OF THE

More information

Perspectives. Outsourcing and its supervision. for IORPs

Perspectives. Outsourcing and its supervision. for IORPs Perspectives Outsourcing and its supervision for IORPs As outlined in IORP Review a shift of focus, this series of publications considers aspects of the IORP Directive review other than capital adequacy

More information

Outsourcing by UK-based Fund Managers: Identifying and Applying the Rules

Outsourcing by UK-based Fund Managers: Identifying and Applying the Rules Outsourcing by UK-based Fund Managers: Identifying and Applying the Rules Amanda Lewis, Partner and Rosali Pretorius, Partner, Dentons 1 October 2014 UK-based fund managers must comply with increasingly

More information

Basel Committee on Banking Supervision. Consolidated KYC Risk Management

Basel Committee on Banking Supervision. Consolidated KYC Risk Management Basel Committee on Banking Supervision Consolidated KYC Risk Management October 2004 Table of contents Introduction...4 Global process for managing KYC risks...5 Risk management...5 Customer acceptance

More information

GUIDANCE NOTE OUTSOURCING OF FUNCTIONS BY ENTITIES LICENSED UNDER THE PROTECTION OF INVESTORS (BAILIWICK OF GUERNSEY) LAW, 1987

GUIDANCE NOTE OUTSOURCING OF FUNCTIONS BY ENTITIES LICENSED UNDER THE PROTECTION OF INVESTORS (BAILIWICK OF GUERNSEY) LAW, 1987 GUIDANCE NOTE OUTSOURCING OF FUNCTIONS BY ENTITIES LICENSED UNDER THE PROTECTION OF INVESTORS (BAILIWICK OF GUERNSEY) LAW, 1987 CONTENTS Page 1. Introduction 3-4 2. The Commission s Policy 5 3. Outsourcing

More information

PROPERTY OF THE SECURITIES COMMISSION OF THE BAHAMAS

PROPERTY OF THE SECURITIES COMMISSION OF THE BAHAMAS SUPERVISORY AND REGULATORY GUIDE: APPLICABLE LEGISLATION: OUTSOURCING OF MATERIAL FUNCTIONS SIA, 2011; IFA, 2003; FCSPA, 2000. ISSUED: 15 MAY 2012 LAST AMENDED: REFERENCE NUMBER: 31 DECEMBER SPG1-0512

More information

INSURANCE CORE PRINCIPLES, STANDARDS, GUIDANCE AND ASSESSMENT METHODOLOGY

INSURANCE CORE PRINCIPLES, STANDARDS, GUIDANCE AND ASSESSMENT METHODOLOGY INSURANCE CORE PRINCIPLES, STANDARDS, GUIDANCE AND ASSESSMENT METHODOLOGY ICP 4 Draft revisions for consultation June 2015 (Clean version) ICP 4 Licensing A legal entity which intends to engage in insurance

More information

PRINCIPLES ON OUTSOURCING OF FINANCIAL SERVICES FOR MARKET INTERMEDIARIES

PRINCIPLES ON OUTSOURCING OF FINANCIAL SERVICES FOR MARKET INTERMEDIARIES PRINCIPLES ON OUTSOURCING OF FINANCIAL SERVICES FOR MARKET INTERMEDIARIES TECHNICAL COMMITTEE OF THE INTERNATIONAL ORGANIZATION OF SECURITIES COMMISSIONS FEBRUARY 2005 Preamble The IOSCO Technical Committee

More information

Consultation: Auditing and ethical standards

Consultation: Auditing and ethical standards Consultation Financial Reporting Council December 2014 Consultation: Auditing and ethical standards Implementation of the EU Audit Directive and Audit Regulation The FRC is responsible for promoting high

More information

Decision on outsourcing. Article 1

Decision on outsourcing. Article 1 Pursuant to Article 166 of the Credit Institutions Act (Official Gazette 117/2008), and Article 29 and Article 43, paragraph (2), item (9) of the Croatian National Bank Act (Official Gazette 75/2008),

More information

BANKS AND DEPOSIT COMPANIES ACT 1999: The Outsourcing of Services or Functions by Institutions Licensed under the Banks and Deposit Companies Act 1999

BANKS AND DEPOSIT COMPANIES ACT 1999: The Outsourcing of Services or Functions by Institutions Licensed under the Banks and Deposit Companies Act 1999 THE BERMUDA MONETARY AUTHORITY BANKS AND DEPOSIT COMPANIES ACT 1999: The Outsourcing of Services or Functions by Institutions Licensed under the Banks and Deposit May 2007 Introduction 1 This paper revises

More information

Solvency Assessment and Management: Pillar II Sub Committee Governance Task Group Discussion Document 81 (v 3)

Solvency Assessment and Management: Pillar II Sub Committee Governance Task Group Discussion Document 81 (v 3) Solvency Assessment and Management: Pillar II Sub Committee Governance Task Group Discussion Document 81 (v 3) Governance, Risk Management, and Internal Controls INTERIM REQUIREMENTS CONTENTS 1. INTRODUCTION

More information

GUIDANCE FOR MANAGING THIRD-PARTY RISK

GUIDANCE FOR MANAGING THIRD-PARTY RISK GUIDANCE FOR MANAGING THIRD-PARTY RISK Introduction An institution s board of directors and senior management are ultimately responsible for managing activities conducted through third-party relationships,

More information

Objective and key requirements of this Prudential Standard

Objective and key requirements of this Prudential Standard Prudential Standard CPS 231 Outsourcing Objective and key requirements of this Prudential Standard This Prudential Standard requires that all outsourcing arrangements involving material business activities

More information

PART I - PRELIMINARY...1 Objective...1 Applicability...2 Legal and Regulatory Provision...2

PART I - PRELIMINARY...1 Objective...1 Applicability...2 Legal and Regulatory Provision...2 PART I - PRELIMINARY...1 Objective...1 Applicability...2 Legal and Regulatory Provision...2 PART II POLICY REQUIREMENTS...3 Investment and Risk Management Policy...3 Monitoring and Control...5 Roles of

More information

Article 29 Working Party Issues Opinion on Cloud Computing

Article 29 Working Party Issues Opinion on Cloud Computing Client Alert Global Regulatory Enforcement If you have questions or would like additional information on the material covered in this Alert, please contact one of the authors: Cynthia O Donoghue Partner,

More information

THE COMMITTEE OF EUROPEAN SECURITIES REGULATORS

THE COMMITTEE OF EUROPEAN SECURITIES REGULATORS THE COMMITTEE OF EUROPEAN SECURITIES REGULATORS Before printing this document, please be aware of its size! Regarding the provisions quoted in the response below, as far as possible, hyperlinks to these

More information

Prudential Standard CPS 231 Outsourcing

Prudential Standard CPS 231 Outsourcing Prudential Standard CPS 231 Outsourcing Objective and key requirements of this Prudential Standard This Prudential Standard requires that all outsourcing arrangements involving material business activities

More information

Guidance Note on Outsourcing/Delegation of Functions

Guidance Note on Outsourcing/Delegation of Functions Guidance Note on Outsourcing/Delegation of Functions Supervision Division Financial Supervision Commission 7 May 2002 1 Introduction Guidance Note on Outsourcing/Delegation of Functions This Guidance applies

More information

CEBS Guidelines for the Operational Functioning of Supervisory Colleges (GL 34)

CEBS Guidelines for the Operational Functioning of Supervisory Colleges (GL 34) 15 June 2010 CEBS Guidelines for the Operational Functioning of Supervisory Colleges (GL 34) Table of contents Introductory statements... 3 Executive summary... 5 Chapter 1: Operational organisation of

More information

Guidance note on Outsourcing/Delegation of Functions and inward outsourcing

Guidance note on Outsourcing/Delegation of Functions and inward outsourcing Financial Services Rule Book Rules 8.13, 8.9 and 8.9A Guidance note on Outsourcing/Delegation of Functions and inward outsourcing Supervision Division Financial Supervision Commission September 2012 Guidance

More information

GUIDELINES ON OUTSOURCING ARRANGEMENTS

GUIDELINES ON OUTSOURCING ARRANGEMENTS GUIDELINES ON OUTSOURCING ARRANGEMENTS STATE BANK OF PAKISTAN BANKING POLICY & REGULATIONS DEPARTMENT KARACHI CONTENTS Page No I INTRODUCTION:... 1 II APPLICABILITY:... 1 III DEFINITION OF OUTSOURCING:...

More information

Basel Committee on Banking Supervision. The Joint Forum. Outsourcing in Financial Services

Basel Committee on Banking Supervision. The Joint Forum. Outsourcing in Financial Services Basel Committee on Banking Supervision The Joint Forum Outsourcing in Financial Services February 2005 THE JOINT FORUM BASEL COMMITTEE ON BANKING SUPERVISION INTERNATIONAL ORGANIZATION OF SECURITIES COMMISSIONS

More information

NOTICE 158 OF 2014 FINANCIAL SERVICES BOARD REGISTRAR OF LONG-TERM INSURANCE AND SHORT-TERM INSURANCE

NOTICE 158 OF 2014 FINANCIAL SERVICES BOARD REGISTRAR OF LONG-TERM INSURANCE AND SHORT-TERM INSURANCE STAATSKOERANT, 19 DESEMBER 2014 No. 38357 3 BOARD NOTICE NOTICE 158 OF 2014 FINANCIAL SERVICES BOARD REGISTRAR OF LONG-TERM INSURANCE AND SHORT-TERM INSURANCE LONG-TERM INSURANCE ACT, 1998 (ACT NO. 52

More information

PRINCIPLES ON OUTSOURCING OF FINANCIAL SERVICES FOR MARKET INTERMEDIARIES

PRINCIPLES ON OUTSOURCING OF FINANCIAL SERVICES FOR MARKET INTERMEDIARIES PRINCIPLES ON OUTSOURCING OF FINANCIAL SERVICES FOR MARKET INTERMEDIARIES A CONSULTATION REPORT OF THE INTERNATIONAL ORGANIZATION OF SECURITIES COMMISSIONS STANDING COMMITTEE 3 ON MARKET INTERMEDIARIES

More information

I S O I E C 2 7 0 0 2 2 0 1 3 I N F O R M A T I O N S E C U R I T Y A U D I T T O O L

I S O I E C 2 7 0 0 2 2 0 1 3 I N F O R M A T I O N S E C U R I T Y A U D I T T O O L 15.1 ESTABLISH SECURITY AGREEMENTS WITH SUPPLIERS 15.1.1 EXPECT SUPPLIERS TO COMPLY WITH RISK MITIGATION AGREEMENTS Do you clarify the information security risks that exist whenever your suppliers have

More information

ECB-PUBLIC OPINION OF THE EUROPEAN CENTRAL BANK. of 19 October on the regulation of financial leasing and financial leasing companies activities

ECB-PUBLIC OPINION OF THE EUROPEAN CENTRAL BANK. of 19 October on the regulation of financial leasing and financial leasing companies activities EN ECB-PUBLIC OPINION OF THE EUROPEAN CENTRAL BANK of 19 October 2015 on the regulation of financial leasing and financial leasing companies activities (CON/2015/37) Introduction and legal basis On 4 September

More information

Outsourcing. FSA Regulated firms (including offshore outsourcing) Contents. March 2004

Outsourcing. FSA Regulated firms (including offshore outsourcing) Contents. March 2004 Outsourcing FSA Regulated firms (including offshore outsourcing) March 2004 Contents 2. Introduction 2. How do the regulations impact an outsourcing? 3. Prudential Sourcebooks 4. Service Level Agreements

More information

GUIDANCE NOTE ON THE CONCEPT OF RELIANCE

GUIDANCE NOTE ON THE CONCEPT OF RELIANCE Final version of 23/02/2009 COCOF 09/0002/01-EN EUROPEAN COMMISSION DIRECTORATE-GENERAL REGIONAL POLICY GUIDANCE NOTE ON THE CONCEPT OF RELIANCE ON THE WORK OF OTHER AUDITORS DISCLAIMER This is a Working

More information

CONSULTATION PAPER CP 41 CORPORATE GOVERNANCE REQUIREMENTS FOR CREDIT INSTITUTIONS AND INSURANCE UNDERTAKINGS

CONSULTATION PAPER CP 41 CORPORATE GOVERNANCE REQUIREMENTS FOR CREDIT INSTITUTIONS AND INSURANCE UNDERTAKINGS CONSULTATION PAPER CP 41 CORPORATE GOVERNANCE REQUIREMENTS FOR CREDIT INSTITUTIONS AND INSURANCE UNDERTAKINGS 2 PROPOSAL 1.1 It is now widely recognised that one of the causes of the international financial

More information

GUIDELINES ON OUTSOURCING

GUIDELINES ON OUTSOURCING CONSULTATION PAPER P019-2014 SEPTEMBER 2014 GUIDELINES ON OUTSOURCING PREFACE 1 MAS first issued the Guidelines on Outsourcing ( the Guidelines ) in 2004 1 to promote sound risk management practices for

More information

SUPERVISION GUIDELINE

SUPERVISION GUIDELINE G u i d e l i n e s o n O u t s o u r c i n g P a g e 1 SUPERVISION GUIDELINE G10: GUIDELINES ON OUTSOURCING Issued To All Licensed Financial Institutions G u i d e l i n e s o n O u t s o u r c i n g

More information

Personal data and cloud computing, the cloud now has a standard. by Luca Bolognini

Personal data and cloud computing, the cloud now has a standard. by Luca Bolognini Personal data and cloud computing, the cloud now has a standard by Luca Bolognini Lawyer, President of the Italian Institute for Privacy and Data Valorization, founding partner ICT Legal Consulting Last

More information

Statement of Guidance

Statement of Guidance Statement of Guidance Internal Audit Unrestricted Trust Companies 1. Statement of Objectives 1.1. To provide specific guidance on Internal Audit Functions as called for in section 3.6 of the Statement

More information

Bank of Papua New Guinea Prudential Standard BPS252: Outsourcing of Business Activities, Functions and Processes

Bank of Papua New Guinea Prudential Standard BPS252: Outsourcing of Business Activities, Functions and Processes Bank of Papua New Guinea Prudential Standard BPS252: Outsourcing of Business Activities, Functions and Processes Issued under Section 27 of the Banks and Financial Institutions Act 2000 Overview and Key

More information

Core Principles for Effective Banking Supervision: New Edition Released

Core Principles for Effective Banking Supervision: New Edition Released News Bulletin September 17, 2012 Core Principles for Effective Banking Supervision: New Edition Released Last Friday, September 14, 2012, the Basel Committee on Banking Supervision published a new set

More information

Draft Guidelines on Outsourcing of activities by Insurance Companies

Draft Guidelines on Outsourcing of activities by Insurance Companies November 8, 2010 To All Insurers Draft Guidelines on Outsourcing of activities by Insurance Companies Reference: 1. INV/CIR/031/2004-05 dated 27 th July, 2004 2. INV/CIR/058/2004-05 dated 28 th December,

More information

Guidelines on the Application of the Supervisory Review Process under Pillar 2 (CP03 revised)

Guidelines on the Application of the Supervisory Review Process under Pillar 2 (CP03 revised) 25 January 2006 Guidelines on the Application of the Supervisory Review Process under Pillar 2 (CP03 revised) Table of contents Executive Summary...2 Chapter 1: Introduction...4 Chapter 2. Guidance for

More information

RS Official Gazette, No 23/2013 and 113/2013

RS Official Gazette, No 23/2013 and 113/2013 RS Official Gazette, No 23/2013 and 113/2013 Pursuant to Article 15, paragraph 1 and Article 63, paragraph 2 of the Law on the National Bank of Serbia (RS Official Gazette, Nos 72/2003, 55/2004, 85/2005

More information

General Protocol relating to the collaboration of the insurance supervisory authorities of the Member States of the European Union March 2008

General Protocol relating to the collaboration of the insurance supervisory authorities of the Member States of the European Union March 2008 CEIOPS-DOC-07/08 General Protocol relating to the collaboration of the insurance supervisory authorities of the Member States of the European Union March 2008 CEIOPS e.v. - Westhafenplatz 1 60327 Frankfurt

More information

¼ããÀ ããè¾ã ¹ãÆãä ã¼ãîãä ã ããõà ãäìããä ã½ã¾ã ºããñ Ã

¼ããÀ ããè¾ã ¹ãÆãä ã¼ãîãä ã ããõà ãäìããä ã½ã¾ã ºããñ à CIRCULAR CIR/MIRSD/24/2011 December 15, 2011 All intermediaries registered with SEBI Merchant Bankers/Registrars to An issue and Share Transfer Agents/Debenture Trustees/Bankers to An Issue/Underwriters/Credit

More information

OVERVIEW. stakeholder engagement mechanisms and WP29 consultation mechanisms respectively.

OVERVIEW. stakeholder engagement mechanisms and WP29 consultation mechanisms respectively. Joint work between experts from the Article 29 Working Party and from APEC Economies, on a referential for requirements for Binding Corporate Rules submitted to national Data Protection Authorities in

More information

Corporate Policy. Data Protection for Data of Customers & Partners.

Corporate Policy. Data Protection for Data of Customers & Partners. Corporate Policy. Data Protection for Data of Customers & Partners. 02 Preamble Ladies and gentlemen, Dear employees, The electronic processing of virtually all sales procedures, globalization and growing

More information

Insolvency Practitioners Association of Singapore Limited Code of Professional Conduct and Ethics

Insolvency Practitioners Association of Singapore Limited Code of Professional Conduct and Ethics PRELIMINARY DRAFT Insolvency Practitioners Association of Singapore Limited Code of Professional Conduct and Ethics Sections 1 to 6 only T:\Committees\IPAS\Extracts of IPAS Code of Ethics ver 6.draft (clean).doc

More information

ECB-PUBLIC OPINION OF THE EUROPEAN CENTRAL BANK. of 12 November 2015. on the regulation of companies acquiring credit (CON/2015/45)

ECB-PUBLIC OPINION OF THE EUROPEAN CENTRAL BANK. of 12 November 2015. on the regulation of companies acquiring credit (CON/2015/45) EN ECB-PUBLIC OPINION OF THE EUROPEAN CENTRAL BANK of 12 November 2015 on the regulation of companies acquiring credit (CON/2015/45) Introduction and legal basis On 5 November 2015 the European Central

More information

STANDARDS OF BEST PRACTICE ON COUNTRY AND TRANSFER RISK

STANDARDS OF BEST PRACTICE ON COUNTRY AND TRANSFER RISK STANDARDS OF SOUND BUSINESS PRACTICES COUNTRY AND TRANSFER RISK 2005 The. All rights reserved 1 STANDARDS OF BEST PRACTICE ON COUNTRY AND TRANSFER RISK A. PURPOSE/OBJECTIVE This document sets out the minimum

More information

GUIDELINES ON OUTSOURCING

GUIDELINES ON OUTSOURCING Monetary Authority of Singapore GUIDELINES ON OUTSOURCING ISSUED IN OCTOBER 2004 (Last Updated 1 July 2005) Monetary Authority of Singapore TABLE OF CONTENTS 1 INTRODUCTION... 1 2 APPLICATION OF GUIDELINES...

More information

Cloud Computing: Legal Risks and Best Practices

Cloud Computing: Legal Risks and Best Practices Cloud Computing: Legal Risks and Best Practices A Bennett Jones Presentation Toronto, Ontario Lisa Abe-Oldenburg, Partner Bennett Jones LLP November 7, 2012 Introduction Security and Data Privacy Recent

More information

Capital Adequacy: Advanced Measurement Approaches to Operational Risk

Capital Adequacy: Advanced Measurement Approaches to Operational Risk Prudential Standard APS 115 Capital Adequacy: Advanced Measurement Approaches to Operational Risk Objective and key requirements of this Prudential Standard This Prudential Standard sets out the requirements

More information

Prudential Practice Guide

Prudential Practice Guide Prudential Practice Guide PPG 231 Outsourcing October 2006 www.apra.gov.au Australian Prudential Regulation Authority Disclaimer and copyright This prudential practice guide is not legal advice and users

More information

Regulation for Establishing the Internal Control System of an Investment Management Company

Regulation for Establishing the Internal Control System of an Investment Management Company Unofficial translation Riga, 11 November 2011 Regulation No. 246 (Minutes No. 43 of the meeting of the Board of the Financial and Capital Market Commission, item 8) Regulation for Establishing the Internal

More information

AIRBUS GROUP BINDING CORPORATE RULES

AIRBUS GROUP BINDING CORPORATE RULES 1 AIRBUS GROUP BINDING CORPORATE RULES 2 Introduction The Binding Corporate Rules (hereinafter BCRs ) of the Airbus Group finalize the Airbus Group s provisions on the protection of Personal Data. These

More information

UCITS NOTICES UCITS NOTICES

UCITS NOTICES UCITS NOTICES 2013 UCITS NOTICES UCITS NOTICES Undertakings for Collective Investment in Transferable Securities authorised under European Communities (Undertakings for Collective Investment in Transferable Securities)

More information

Final Draft Guidelines

Final Draft Guidelines EBA/GL/2015/06 20 May 2015 Final Draft Guidelines on the minimum list of services or facilities that are necessary to enable a recipient to operate a business transferred to it under Article 65(5) of Directive

More information

EUROPEAN CENTRAL BANK

EUROPEAN CENTRAL BANK 17.2.2005 C 40/9 EUROPEAN CTRAL BANK OPINION OF THE EUROPEAN CTRAL BANK of 4 February 2005 at the request of the Council of the European Union on a proposal for a directive of the European Parliament and

More information

Statement of Principles

Statement of Principles Statement of Principles Bank Registration and Supervision Prudential Supervision Department Document Issued: 2 TABLE OF CONTENTS Subject Page A. INTRODUCTION... 3 B. PURPOSES OF BANK REGISTRATION AND SUPERVISION...

More information

Policy on the Management of Country Risk by Credit Institutions

Policy on the Management of Country Risk by Credit Institutions 2013 Policy on the Management of Country Risk by Credit Institutions 1 Policy on the Management of Country Risk by Credit Institutions Contents 1. Introduction and Application 2 1.1 Application of this

More information

APES GN 30 Outsourced Services

APES GN 30 Outsourced Services APES GN 30 Outsourced Services Prepared and issued by Accounting Professional & Ethical Standards Board Limited ISSUED: March 2013 Copyright 2013 Accounting Professional & Ethical Standards Board Limited

More information

OUTSOURCING. I. Outsourcing in the E.U. Banking Sector. a. What is Outsourcing? Seminar for US clients P. billot September 2007

OUTSOURCING. I. Outsourcing in the E.U. Banking Sector. a. What is Outsourcing? Seminar for US clients P. billot September 2007 OUTSOURCING Outsourcing has become a widespread phenomenon in Europe's corporate sector. A recent survey by the United Nations Conference on Trade and Development ( UNCTAD ) revealed that nearly half of

More information

FG 16/5 - Guidance for firms outsourcing to the cloud and other third-party IT services

FG 16/5 - Guidance for firms outsourcing to the cloud and other third-party IT services Finalised guidance FG 16/5 - Guidance for firms outsourcing to the cloud and other third-party IT services July 2016 Background 1.1 1.2 1.3 The purpose of this guidance is to clarify the requirements on

More information

ARTICLE 29 DATA PROTECTION WORKING PARTY

ARTICLE 29 DATA PROTECTION WORKING PARTY ARTICLE 29 DATA PROTECTION WORKING PARTY 00658/13/EN WP 204 Explanatory Document on the Processor Binding Corporate Rules Adopted on 19 April 2013 This Working Party was set up under Article 29 of Directive

More information

6/8/2016 OVERVIEW. Page 1 of 9

6/8/2016 OVERVIEW. Page 1 of 9 OVERVIEW Attachment Supervisory Guidance for Assessing Risk Management at Supervised Institutions with Total Consolidated Assets Less than $50 Billion [Fotnote1 6/8/2016 Managing risks is fundamental to

More information

Principles of Best Practice applicable to the distribution of Life Insurance Products on a Cross-border Basis within the EU or a Third Country

Principles of Best Practice applicable to the distribution of Life Insurance Products on a Cross-border Basis within the EU or a Third Country 2015 Principles of Best Practice applicable to the distribution of Life Insurance Products on a Cross-border Basis within the EU or a Third Country 1 Principles of Best Practice applicable to the distribution

More information

Frequently Asked Questions. Unannounced audits for manufacturers of CE-marked medical devices. 720 DM 0701-53a Rev 1 2014/10/02

Frequently Asked Questions. Unannounced audits for manufacturers of CE-marked medical devices. 720 DM 0701-53a Rev 1 2014/10/02 Frequently Asked Questions Unannounced audits for manufacturers of CE-marked medical devices 720 DM 0701-53a Rev 1 2014/10/02 What is an unannounced audit?... 6 Are unannounced audits part of a new requirement?...

More information

Guidelines on supervisory review process

Guidelines on supervisory review process EIOPA-BoS-14/179 EN Guidelines on supervisory review process EIOPA Westhafen Tower, Westhafenplatz 1-60327 Frankfurt Germany - Tel. + 49 69-951119-20; Fax. + 49 69-951119-19; email: info@eiopa.europa.eu

More information

Notification Process for (Re)Insurance Undertakings when Outsourcing Critical or Important Functions or Activities under Solvency II

Notification Process for (Re)Insurance Undertakings when Outsourcing Critical or Important Functions or Activities under Solvency II Functions or Activities 2016 Notification Process for (Re)Insurance Undertakings when Outsourcing Critical or Important Functions or Activities under Solvency II 1 Functions or Activities Contents 1. Background

More information

MULTILATERAL MEMORANDUM OF UNDERSTANDING CONCERNING CO-OPERATION IN THE EXCHANGE OF INFORMATION FOR AUDIT OVERSIGHT

MULTILATERAL MEMORANDUM OF UNDERSTANDING CONCERNING CO-OPERATION IN THE EXCHANGE OF INFORMATION FOR AUDIT OVERSIGHT MULTILATERAL MEMORANDUM OF UNDERSTANDING CONCERNING CO-OPERATION IN THE EXCHANGE OF INFORMATION FOR AUDIT OVERSIGHT INTERNATIONAL FORUM OF INDEPENDENT AUDIT REGULATORS Adopted on June 30, 2015 1 Table

More information

Discussion Paper DP1/14. Ensuring operational continuity in resolution

Discussion Paper DP1/14. Ensuring operational continuity in resolution Discussion Paper DP1/14 Ensuring operational continuity in resolution October 2014 Prudential Regulation Authority 20 Moorgate London EC2R 6DA Prudential Regulation Authority, registered office: 8 Lothbury,

More information

GUIDELINES ON SOUND REMUNERATION POLICIES EBA/GL/2015/22 27/06/2016. Guidelines

GUIDELINES ON SOUND REMUNERATION POLICIES EBA/GL/2015/22 27/06/2016. Guidelines EBA/GL/2015/22 27/06/2016 Guidelines on sound remuneration policies under Articles 74(3) and 75(2) of Directive 2013/36/EU and disclosures under Article 450 of Regulation (EU) No 575/2013 1 EBA guidelines

More information

Supervisory Policy Manual

Supervisory Policy Manual This module should be read in conjunction with the Introduction and with the Glossary, which contains an explanation of abbreviations and other terms used in this Manual. If reading on-line, click on blue

More information

Reducing the moral hazard posed by systemically important financial institutions. FSB Recommendations and Time Lines

Reducing the moral hazard posed by systemically important financial institutions. FSB Recommendations and Time Lines Reducing the moral hazard posed by systemically important financial institutions FSB Recommendations and Time Lines 20 October 2010 Table of Contents I. Overall policy framework to reduce moral hazard

More information

August 10, 2015. Many of these principles will be familiar to U.S. readers, but these are global principles that would be new to many countries.

August 10, 2015. Many of these principles will be familiar to U.S. readers, but these are global principles that would be new to many countries. August 10, 2015 Author: David W. Powell If you have questions, please contact your regular Groom attorney or one of the attorneys listed below: Louis T. Mazawey lmazawey@groom.com (202) 861-6608 David

More information

on Asset Management Management

on Asset Management Management 2008 Guidelines for for Insurance Insurance Undertakings Undertakings on Asset on Asset Management Management 2 Contents Context...3 1. General...3 2. Introduction...3 3. Regulations and guidelines for

More information

The Auditor s Communication With Those Charged With Governance

The Auditor s Communication With Those Charged With Governance The Auditor s Communication With Governance 2083 AU Section 380 The Auditor s Communication With Those Charged With Governance (Supersedes SAS No. 61.) Source: SAS No. 114. Effective for audits of financial

More information

Standard 4.1. Establishment and maintenance of internal control and risk management. Regulations and guidelines

Standard 4.1. Establishment and maintenance of internal control and risk management. Regulations and guidelines Standard 4.1 Establishment and maintenance of internal control and risk management Regulations and guidelines THE FINANCIAL SUPERVISION AUTHORITY 4 Capital adequacy and risk management until further notice

More information

Final Draft Guidelines

Final Draft Guidelines EBA/GL/2015/04 20 May 2015 Final Draft Guidelines on factual circumstances amounting to a material threat to financial stability and on the elements related to the effectiveness of the sale of business

More information

White Paper on Financial Institution Vendor Management

White Paper on Financial Institution Vendor Management White Paper on Financial Institution Vendor Management Virtually every organization in the modern economy relies to some extent on third-party vendors that facilitate business operations in a wide variety

More information

(28 February 2014 to date) CREDIT RATING SERVICES ACT 24 OF 2012

(28 February 2014 to date) CREDIT RATING SERVICES ACT 24 OF 2012 (28 February 2014 to date) [This is the current version and applies as from 28 February 2014, i.e. the date of commencement of the Financial Services Laws General Amendment Act 45 of 2013 to date] CREDIT

More information

(a) the kind of data and the harm that could result if any of those things should occur;

(a) the kind of data and the harm that could result if any of those things should occur; Cloud Computing This information leaflet aims to advise organisations on the factors they should take into account in considering engaging cloud computing. It explains the relevance of the Personal Data

More information

Guidelines for Financial Institutions Outsourcing of Business Activities, Functions, and Processes Date: July 2004

Guidelines for Financial Institutions Outsourcing of Business Activities, Functions, and Processes Date: July 2004 Guidelines for Financial Institutions Outsourcing of Business Activities, Functions, and Processes Date: July 2004 1. INTRODUCTION Financial institutions outsource business activities, functions and processes

More information