CONSULTATION PAPER ON HIGH LEVEL PRINCIPLES ON OUTSOURCING COVER NOTE
|
|
- Evelyn Carpenter
- 8 years ago
- Views:
Transcription
1 CEBS CP 02 April 2004 COMMITTEE OF EUROPEAN BANKING SUPERVISORS CONSULTATION PAPER ON HIGH LEVEL PRINCIPLES ON OUTSOURCING COVER NOTE Introduction 1. European banking supervisors began work in 2002 on developing high level principles (HLPs) that could be used to help converge supervisory approaches and practices in relation to outsourcing. It was agreed that the starting point for any set of principles should be based on widespread current practices and the common policy elements that have been elaborated to date in various Member States. 2. The Committee of European Banking Supervisors (CEBS) is now in a position to share its thinking with the industry. 1 This work is also timely as other committees, at the EU and global level, are also planning work in this field. CEBS is keen to promote these principles and to build on the work that has already been done. But more importantly CEBS wishes to be ambitious and to promote convergence across the financial services sectors and to aim for an international regulatory definition of outsourcing and commonly accepted principles. Overview 3. In large part these principles are addressed to institutions. They set out in broad terms what supervisory authorities should expect from institutions themselves, from a prudential point of view (HLPs I VIII), and also from the supervisory authorities (HLPs IX XI). Moreover, they could be used as guideline for respective legislative and other measures. 4. Respondents may want to note that CEBS has considered the issue of "materiality" and "pre-notification" of outsourcing. In particular, supervisors will want pre-notification of all material proposals for outsourcing so that they can analyse them from the standpoint of their impact on institutions' systems and controls and/or their effect on the risk profile of the institution. On the other hand, supervisors may not want to be pre-notified of non-material outsourcing, although institutions will still be obliged to ensure that they remain within the policy guidelines set by their supervisors. 5. CEBS is proposing a three-tier classification of activities: - Strategic or core activities which cannot be outsourced (HLP I); - Non-strategic but material activities, which should be pre-notified to the supervisory authority (see HLP III); and - Non-strategic and non-material activities, which do not have to be prenotified but for which the institution must remain responsible for ensuring any supervisory guidelines are still met (see HLP IV). 1 This convergence objective is in line with tasks set out by the European Commission in its Decision to establish CEBS, see 1 / 10
2 Further work 6. While this set of principles is fairly self-contained, CEBS acknowledges from the outset that there is scope to develop these principles further. In particular further work may be needed in developing more guidance on what (i) may be regarded as strategic or core activities and (ii) on the concept of a materiality test (see Principle IV) (e.g. some jurisdictions operate a scoring system to assess materiality). 7. Moreover, as part of CEBS' work on supervisory convergence, it intends to address further principles on supervisors own activities (Part 2 of the Principles), for example: The paper s primary focus is on financial institutions own risk management in the area of outsourcing and is lighter on supervisory measures. For example, under the draft principles, it is in principle the institution that, subject to certain conditions, decides whether it enters into or continues an outsourcing arrangement on the basis of the risk analysis prior to outsourcing and the monitoring post outsourcing. The paper does not address the circumstances in which the supervisor might intervene when, for instance, an outsourcing arrangement goes wrong or there are indications that the arrangement may go wrong after the arrangement is already in place. It may also be useful to add another key principle to cover the supervisory assessment of compliance with the principles. Consultation process 8. CEBS now welcomes comments from interested parties on these principles. Respondents may also wish to flag other areas where additional analysis or future work could prove useful. 9. The consultation process will be conducted on basis of CEBS draft Public Statement on Consultation Practices, which has been released for public consultation yesterday. It should be noted that this is CEBS' first consultation exercise on a specific convergence issue. As such industry practitioners and other interested parties should also regard the consultation process itself as a learning experience. CEBS intends to draw lessons from this exercise as it develops its open and transparent relations with the industry and others. 10. Please send your comments to CEBS, by (CP02@c-ebs.org), by 31 July CEBS will make all comments available on its website (except where respondents specifically request that their comments remain confidential). Annex: CEBS Consultation Paper: High Level Principles on Outsourcing 2 / 10
3 Annex CEBS CONSULTATION PAPER HIGH LEVEL PRINCIPLES ON OUTSOURCING Introduction A number of European countries have, for some years, had in place formal outsourcing regimes. In order to assist European banking supervisors to converge their national policies and practices, they agree to adopt the following high level principles. These are based on a range of current practices and the common elements of policy that have been elaborated to date in various Member States. Part 1: Definitions It is acknowledged from the outset that there are a number of definitions of what constitutes outsourcing. For the purposes of these principles outsourcing is defined as follows: Outsourcing is the supply to an authorised institution by another entity (either intra-group or independent third party) of goods, service or facilities on a structural basis (i.e. the contractual supply of goods, service or facilities that form part of the business processes and which are necessary to support the provision of banking or other financial services). The supplier may itself be an authorised or unauthorised entity. This definition does not cover purchasing contracts, although as with outsourcing, firms should ensure that what they are buying is fit for purpose. Purchasing is defined, inter alia, as the supply of services, goods or facilities without information about or belonging to the purchasing institution coming within the control of the supplier; or of standardized products, such as market information or office inventory. In this context the supplier of goods, services or facilities is referred to as the outsourcing service provider, which may or may not be an authorised entity. The buyer of such goods, services or facilities is referred to as the outsourcing institution, and is for the purposes of these principles an authorised entity (e.g. a credit institution). Part 2: High level principles on outsourcing addressed to institutions I. Strategic and core management responsibility and functions cannot be outsourced. The outsourcing of core management functions is considered generally to be incompatible with the managers' obligation to run the enterprise under their 3 / 10
4 own responsibility. Hence core management functions such as strategic oversight, risk management and strategic control should not be outsourced. Outsourcing shall not affect managers' full and unrestricted responsibilities under the applicable law (e.g. under banking law). II. The ultimate responsibility for proper management of the risks associated with outsourcing lies with an outsourcing institution s senior executive management. All outsourcing regimes should ensure that the outsourcing of functions to an outsourcing service provider does not impair the supervision of an outsourcing institution. Responsibility for outsourced functions must always be retained by the outsourcing institution. The outsourcing of functions does not relieve an outsourcing institution of its regulatory responsibilities for its authorised activities or the function concerned. Outsourcing institutions should be encouraged to retain adequate core competence at a senior operational level to enable them to have the capability to resume direct control over an outsourced activity, in extremis. Exceptions for certain types of intra-group outsourcing may be allowed, provided the outsourcing institution can demonstrate that it can manage the risk (e.g. in connection with general instructions and decisions relating to central risk management) and where the outsourcing institution is a member of a group that is subject to supervision on a consolidated basis. (In the case of banking, such group-wide risk management refers to non-core functions and cannot result in elimination or limitation of risk management function on a solo basis in an outsourcing institution. In the case of outsourcing of non-core functions, domestic supervisory authorities, i.e. the host country, should also be involved in the decision to allow outsourcing, when needed.) Where such exceptions apply, and especially where the group covers more than one jurisdiction, the relevant regulations, documents, and other information on how the parent group manages the risk should be made available to the outsourcing institution. The outsourcing institution should also be able adequately to demonstrate to its own direct supervisory authority that it is compliant with risk management regulations. The supervisory authority should also be satisfied that it has adequate access to the outsourcing service provider. 4 / 10
5 III. An outsourcing institution should take particular care when outsourcing material activities, i.e. activities of such importance that any weakness or failure in the provision of these activities could have a significant affect on its ability to meet its regulatory responsibilities and/or to continue in business. In such cases the outsourcing institution should pre-notify its supervisory authority. In principle, any area of activity of an outsourcing institution other than those identified in Principles I and II may be outsourced provided that such outsourcing does not impair: the orderliness of the outsourcing institution s business being conducted or the financial services provided; the senior executive management's ability to manage and monitor the business and its authorised activities; and the supervisory authority's right to require an audit of the business or its ability to supervise the business. An institution may not outsource services and activities that are covered by the institution's authorisation unless the outsourcing service provider either (i) has an authorisation that is comparable to the authorisation of the outsourcing institution; or (ii) is acting as agent of the outsourcing institution. An outsourcing institution should conduct its business in a controlled and sound manner at all times. These requirements do not affect the principle of managers' sole responsibility (Principle I) for all authorised activities. The managers of the outsourcing institution shall be fully responsible to the supervisory authority for any outsourced area. The managers should therefore take suitable measures to ensure that the outsourced areas continue to meet the performance and quality standards that would apply if their own institution were to perform the relevant activities in-house. An outsourcing institution should inform (by prior notification and/or regular report) its supervisory authority on any important activity to be outsourced, in order for the supervisor to evaluate the proposal. Outsourcing institutions should be aware that the supervisory authority may distinguish between important and less important activities, and may impose certain conditions on institutions that outsource important activities. These conditions may be determined by factors such as the size of the institution, or the nature of the outsourcing service provider. The supervisory authority may also wish to prevent potential conflicts of interest (e.g. the supervisory authority may wish to prohibit the outsourcing of the financial accounting and the preparation of the annual accounts to the outsourcing institution s external auditor, or to the office with which the external auditor is connected). Subject to the principles that apply to cross-border outsourcing (expressed under Principle IX) no special rules are needed in relation to the geographical location of an outsourcing service provider. However, due to possible data protection risks, institutions should be encouraged to take special care when 5 / 10
6 entering into and managing outsourcing agreements that are undertaken outside the EEA. IV. There should be no restrictions on the outsourcing of non-material activities of an outsourcing institution. No requirements or conditions should be imposed on institutions that wish to outsource non-core activities that have little or no implications for internal control or key authorised functions. In such cases the outsourcing institution does not need to inform its supervisory authority. Nevertheless, outsourcing institutions should ensure adequate risk management at all times irrespective of the type of outsourced activity. In line with Principle III, the managers of the outsourcing institution should be fully responsible for any outsourced area. Areas which could be regarded as non-core include: Areas which do not potentially constitute relevant risks and which, if outsourced, would not lead to an impairment of the orderliness of the business, or of the managers' ability to manage and monitor it, or of the supervisory authority's right to audit and ability to oversee it. Purely advisory services used by the institution. For example, this applies to legal and tax consulting, even where this is not limited to individual aspects or projects. V. The Outsourcing institution should have a policy on its approach to outsourcing, including contingency plans and exit strategies. Outsourcing institutions should have a general policy that covers all aspects of outsourcing, including non-core outsourcing. It should also cover intra-group and external outsourcing. When drawing up this policy the outsourcing institutions should take into consideration that no form of outsourcing is entirely risk free. The policy should also recognise that the management of non-core and intra-group outsourcing should be proportionate to the risks presented by these arrangements. This policy should explicitly take account of the potential effects of outsourcing on certain significant functions (e.g. the internal audit function, the compliance function and the risk management function) when conducting the risk analysis prior to outsourcing. The policy should ensure that the outsourcing service provider's performance is appropriately monitored and assessed by the outsourcing institution's 6 / 10
7 management so that any necessary corrective measures can be taken immediately. The outsourcing institution should specify an internal unit or individual that is responsible for supervising and managing each outsourcing measure. This policy should also reflect the main phases that make up the life cycle of an institution s outsourcing arrangements: The decision to outsource or change an existing outsourcing arrangement (the decision making phase). Due diligence checks on the outsourcing service provider. Drafting a written outsourcing contract and service level agreement (the contract drafting phase). The implementation, monitoring, and maintenance of an outsourcing arrangement (the contractual phase). Dealing with the expected or unexpected termination of a contract and other service interruptions (the post-contractual phase). In particular, outsourcing institutions should plan and implement arrangements to maintain the continuity of their business in the event that the provision of services by an outsourcing service provider fails or deteriorates to an unacceptable degree, or the firm experiences other changes. This policy should also include some form of contingency planning and the establishment of a clearly defined exit strategy, evaluated against the costs and benefits of such planning. VI. An outsourcing institution s policies should require it to manage the risks associated with its outsourcing arrangements. Compliance with this principle should include an assessment of the operational risks associated with outsourcing. Outsourcing institutions should bring all serious problems with an outsourcing service provider to the supervisory authority s attention. VII. All outsourcing arrangements should be subject to a formal and comprehensive contract. As mentioned under Principle V, any outsourcing solution should be based on a clear written contract. Outsourcing institutions should make sure that the written contract takes account of the following (bearing in mind other specific national rules and legislation): 7 / 10
8 The operational area that is to be outsourced should be clearly defined. The precise requirements concerning the service performance should be specified and documented, taking account of the objective of the outsourcing solution. The outsourcing service provider's ability to meet performance requirements in both quantitative and qualitative terms should be assessable in advance. The respective responsibilities and competencies of the outsourcing institution and the outsourcing service provider should be precisely defined and distinguished. In order to underpin an effective policy for managing and monitoring the outsourced areas, the contract should include a termination and exit management clause, where proportionate and if deemed necessary, which allows the activities being provided by the outsourcing service provider to be transferred to another outsourcing service provider or to be reincorporated into the outsourcing institution. The contract should ensure that the outsourcing service provider's performance is continuously monitored and assessed so that any necessary corrective measures can be taken immediately. The contract should consider granting the outsourcing institution's internal auditing department and its external auditors full and unrestricted rights of inspection and auditing at all times. In the case of outsourcing within a group, the outsourcing institution needs to ensure that it is able to give effective rights of access to information to the supervisory authority (see Principle IX). This may require obtaining consents from affected parties such as the parent company and relevant home supervisory authorities). When drafting the contract the outsourcing institution should bear in mind that the level of monitoring, assessment, inspection and auditing required by the contract should be proportionate to the risks involved and the size and complexity of the outsourced activity. VIII. In managing its relationship with an outsourcing service provider an outsourcing institution should ensure that a service level agreement (SLA) is put in place. A service level agreement should normally contain a mixture of quantitative and qualitative performance targets, to enable an outsourcing institution to assess the adequacy of service provision. An outsourcing institution should also consider the need to evaluate the performance of its outsourcing service provider using mechanisms such as 8 / 10
9 service delivery reports, self-certification or independent review by the outsourcing institution s or the outsourcing service provider's internal and or external auditors. An outsourcing institution should be prepared to take remedial action if the outsourcing service provider's performance is inadequate. Part 3: Other supervisory principles on outsourcing IX. Supervisory authorities should aim to establish a right to information, and to conduct, or order, on-site inspections in an outsourcing service provider s premises. 2 Supervisory authorities should aim to be satisfied that outsourcing institutions ensure that their outsourcing contracts with outsourcing service providers grant the supervisory authority the rights to information, inspection, admittance and access (including access to databases) as well as the instruction and monitoring rights which the supervisory authority needs to exercise its surveillance functions. Supervisory authorities should also encourage outsourcing institutions to ensure that information may also be made available to the supervisory authority by the outsourcing service provider's external auditor. Supervisory authorities should aim to ensure that their ability to order or instruct the outsourcing institution can be reliably enforced, directly and irrespective of any conflicting instruction rights, so as to ensure the orderly performance of the outsourced activities and functions. The supervisory authorities should aim to ensure that they maintain control and can obtain detailed information about any outsourcing processes which might undermine the stability of the consolidated group whose overall supervision is, ultimately, their responsibility In the case of outsourcing to service providers abroad, the outsourcing institution should be responsible for ensuring that the supervisory authority can exercise its information rights, including its right to demand documents, and its auditing rights. 2 At present most supervisors do not have such legal rights, and must resort to other more indirect methods to ensure that information is forthcoming. It is suggested that these HLPs encourage supervisors to have the same powers including on-site inspections regardless of the type of outsource provider chosen by the outsourcing institution (e.g. whether this is internal or a third party). Some regimes rely on the supervisory authority to require the outsourcing institution to include relevant access rights in the outsourcing agreement. Directly imposing the obligations on the outsourcing service providers would require an expansion of such regimes. It may be useful to establish this principle as a legal power. 9 / 10
10 The supervisory authority should be able to cancel the outsourcing measure if the outsourcing institution cannot ensure the exercise or enforcement of the rights of supervisors (as mentioned in this principle). The outsourcing institution may prior to outsourcing consider in consultation with the supervisory authority what alternative measures could adequately mitigate the risks involved. If this is considered appropriate, and there are clear safeguards, the supervisory authority may grant a dispensation from the requirement in the previous paragraph. X. Supervisory authorities should take account of concentration risk, where one outsourcing service provider provides outsourcing services to several authorised outsourcing institutions. 3 Supervisory authorities should be aware of any concentration risks and manage and monitor these risks at a systemic level. XI. Supervisory authorities should take account of the risks associated with chain outsourcing (whereby the outsourcing service provider subcontracts elements of the service to other providers). The sub-outsourcing of outsourced activities and functions to third parties (sub-contractors) should be treated by the outsourcing institution like a primary outsourcing measure. The supervisory authority should encourage the outsourcing institution to agree to this only if the sub-contractor will also fully comply with the obligations existing between the outsourcing institution and the outsourcing service provider, including obligations incurred in favour of the supervisory authority. Compliance with these conditions should be ensured contractually, for example by a clause in the outsourcing contract requiring the prior consent of the outsourcing institution to the possibility and the modalities of sub-outsourcing. Supervisors should ensure that the outsourcing institution takes appropriate steps to address the risk of any weakness or failure in the provision of the subcontracted activities having a significant effect on the outsourcing service provider's ability to meet its responsibilities under the outsourcing agreement and SLA. Supervisory authorities should encourage the outsourcing institution to ensure that the outsourcing service provider agrees that the contractual terms agreed with the sub-contractor will always conform, or at least not be contradictory, to the provisions of the agreement with the outsourcing institution. 3 There are currently no restrictions on this. 10 / 10
Outsourcing Risk Guidance Note for Banks
Outsourcing Risk Guidance Note for Banks Part 1: Definitions Guideline 1 For the purposes of these guidelines, the following is meant by: a) outsourcing: an authorised entity s use of a third party (the
More information14 December 2006 GUIDELINES ON OUTSOURCING
14 December 2006 GUIDELINES ON OUTSOURCING CEBS presents its Guidelines on Outsourcing. The proposed guidelines are based on current practices and also take into account international, such as the Joint
More informationBANKING UNIT BANKING RULES OUTSOURCING BY CREDIT INSTITUTIONS AUTHORISED UNDER THE BANKING ACT 1994
BANKING UNIT BANKING RULES OUTSOURCING BY CREDIT INSTITUTIONS AUTHORISED UNDER THE BANKING ACT 1994 Ref: BR/14/2009 OUTSOURCING BY CREDIT INSTITUTIONS AUTHORISED UNDER THE BANKING ACT 1994 INTRODUCTION
More informationMapping of outsourcing requirements
Mapping of outsourcing requirements Following comments received during the first round of consultation, CEBS and the Committee of European Securities Regulators (CESR) have worked closely together to ensure
More informationFinancial Services Guidance Note Outsourcing
Financial Services Guidance Note Issued: April 2005 Revised: August 2007 Table of Contents 1. Introduction... 3 1.1 Background... 3 1.2 Definitions... 3 2. Guiding Principles... 5 3. Key Risks of... 14
More informationGUIDELINE ON THE APPLICATION OF THE OUTSOURCING REQUIREMENTS UNDER THE FSA RULES IMPLEMENTING MIFID AND THE CRD IN THE UK
GUIDELINE ON THE APPLICATION OF THE OUTSOURCING REQUIREMENTS UNDER THE FSA RULES IMPLEMENTING MIFID AND THE CRD IN THE UK This Guideline does not purport to be a definitive guide, but is instead a non-exhaustive
More informationFédération Bancaire Européenne European Banking Federation. Le Secrétaire Général. Consultation Paper on the High Level Principles on Outsourcing
Fédération Bancaire Européenne European Banking Federation Le Secrétaire Général N 0537 COK E-mail Mr José María Roldán Chairman Committee of European Banking Supervisors Banco de España, Alcalà 50 28014
More informationOUTSOURCING GUIDELINES FOR BANKS AND FINANCIAL INSTITUTIONS, 2008
OUTSOURCING GUIDELINES FOR BANKS AND FINANCIAL INSTITUTIONS, 2008 BANK OF TANZANIA PART I PRELIMINARY 1 These guidelines may be cited as the Outsourcing Guidelines for Banks and Financial Institutions,
More informationStatement of Guidance: Outsourcing All Regulated Entities
Statement of Guidance: Outsourcing All Regulated Entities 1. STATEMENT OF OBJECTIVES 1.1. 1.2. 1.3. 1.4. This Statement of Guidance ( Guidance ) is intended to provide guidance to regulated entities on
More informationManaging Outsourcing Arrangements
Guidance Note GGN 221.1 Managing Outsourcing Arrangements 1. This Guidance Note provides further detail on the requirements for managing material outsourcing arrangements (refer Prudential Standard GPS
More informationPOV on Draft Guidelines on Managing Risks and Code of Conduct in Outsourcing of Financial Services by NBFCs
POV on Draft Guidelines on Managing Risks and Code of Conduct in Outsourcing of Financial Services by NBFCs April 2015 For private circulation only Draft Guidelines on Managing Risks and Code of Conduct
More informationPrinciples on Outsourcing by Markets
Principles on Outsourcing by Markets Final Report TECHNICAL COMMITTEE OF THE INTERNATIONAL ORGANIZATION OF SECURITIES COMMISSIONS July 2009 CONTENTS I. Introduction 3 II. Survey Results 5 A. Outsourced
More informationBasel Committee on Banking Supervision. Consolidated KYC Risk Management
Basel Committee on Banking Supervision Consolidated KYC Risk Management October 2004 Table of contents Introduction...4 Global process for managing KYC risks...5 Risk management...5 Customer acceptance
More informationBanking Guidance Note No. 1 Outsourcing of Services or Functions by Gibraltar- Licensed Banks. Date of Paper : 31 January 2000 Version Number : 1.
No. 1 of Services or Functions by Gibraltar- Licensed Banks Date of Paper : 31 January 2000 Version Number : 1.00 Table of Contents Introduction... 3 Submissions to FSC... 3 Assessment of Proposals...
More informationGUIDANCE NOTE ON OUTSOURCING
GN 14 GUIDANCE NOTE ON OUTSOURCING Office of the Commissioner of Insurance Contents Page I. Introduction.. 1 II. Application...... 1 III. Interpretation.... 2 IV. Legal and Regulatory Obligations... 3
More informationNOTICE ON OUTSOURCING
CONSULTATION PAPER P018-2014 SEPTEMBER 2014 NOTICE ON OUTSOURCING PREFACE 1 MAS first issued the Guidelines on Outsourcing in 2004 1 ( Guidelines ) to promote sound risk management practices for the outsourcing
More informationGuidance on Arrangements to Support Operational Continuity in Resolution. Consultative Document
Guidance on Arrangements to Support Operational Continuity in Resolution Consultative Document 3 November 2015 ii The Financial Stability Board ( FSB ) is seeking comments on its Consultative Document
More informationConsultation: Auditing and ethical standards
Consultation Financial Reporting Council December 2014 Consultation: Auditing and ethical standards Implementation of the EU Audit Directive and Audit Regulation The FRC is responsible for promoting high
More informationSystem of Governance
CEIOPS-DOC-29/09 CEIOPS Advice for Level 2 Implementing Measures on Solvency II: System of Governance (former Consultation Paper 33) October 2009 CEIOPS e.v. Westhafenplatz 1-60327 Frankfurt Germany Tel.
More informationSUPERVISORY AND REGULATORY GUIDELINES: PU48-0809 GUIDELINES ON MINIMUM STANDARDS FOR THE OUTSOURCING OF MATERIAL FUNCTIONS
SUPERVISORY AND REGULATORY GUIDELINES: PU48-0809 ISSUED: 4 th May 2004 REVISED: 27 th August 2009 GUIDELINES ON MINIMUM STANDARDS FOR THE OUTSOURCING OF MATERIAL FUNCTIONS I. INTRODUCTION The Central Bank
More informationProposed guidance for firms outsourcing to the cloud and other third-party IT services
Guidance consultation 15/6 Proposed guidance for firms outsourcing to the cloud and other third-party IT services November 2015 1. Introduction and consultation 1.1 The purpose of this draft guidance is
More informationOutsourcing by UK-based Fund Managers: Identifying and Applying the Rules
Outsourcing by UK-based Fund Managers: Identifying and Applying the Rules Amanda Lewis, Partner and Rosali Pretorius, Partner, Dentons 1 October 2014 UK-based fund managers must comply with increasingly
More informationPerspectives. Outsourcing and its supervision. for IORPs
Perspectives Outsourcing and its supervision for IORPs As outlined in IORP Review a shift of focus, this series of publications considers aspects of the IORP Directive review other than capital adequacy
More informationGUIDANCE NOTE OUTSOURCING OF FUNCTIONS BY ENTITIES LICENSED UNDER THE PROTECTION OF INVESTORS (BAILIWICK OF GUERNSEY) LAW, 1987
GUIDANCE NOTE OUTSOURCING OF FUNCTIONS BY ENTITIES LICENSED UNDER THE PROTECTION OF INVESTORS (BAILIWICK OF GUERNSEY) LAW, 1987 CONTENTS Page 1. Introduction 3-4 2. The Commission s Policy 5 3. Outsourcing
More informationDecision on outsourcing. Article 1
Pursuant to Article 166 of the Credit Institutions Act (Official Gazette 117/2008), and Article 29 and Article 43, paragraph (2), item (9) of the Croatian National Bank Act (Official Gazette 75/2008),
More informationTHE TRANSFER OF PERSONAL DATA ABROAD
THE TRANSFER OF PERSONAL DATA ABROAD MARCH 2014 THIS NOTE CONSIDERS THE SITUATION OF AN IRISH ORGANISATION OR BUSINESS SEEKING TO TRANSFER PERSONAL DATA ABROAD FOR STORAGE OR PROCESSING, IN LIGHT OF THE
More informationPRINCIPLES ON OUTSOURCING OF FINANCIAL SERVICES FOR MARKET INTERMEDIARIES
PRINCIPLES ON OUTSOURCING OF FINANCIAL SERVICES FOR MARKET INTERMEDIARIES TECHNICAL COMMITTEE OF THE INTERNATIONAL ORGANIZATION OF SECURITIES COMMISSIONS FEBRUARY 2005 Preamble The IOSCO Technical Committee
More informationSolvency Assessment and Management: Pillar II Sub Committee Governance Task Group Discussion Document 81 (v 3)
Solvency Assessment and Management: Pillar II Sub Committee Governance Task Group Discussion Document 81 (v 3) Governance, Risk Management, and Internal Controls INTERIM REQUIREMENTS CONTENTS 1. INTRODUCTION
More informationINSURANCE CORE PRINCIPLES, STANDARDS, GUIDANCE AND ASSESSMENT METHODOLOGY
INSURANCE CORE PRINCIPLES, STANDARDS, GUIDANCE AND ASSESSMENT METHODOLOGY ICP 4 Draft revisions for consultation June 2015 (Clean version) ICP 4 Licensing A legal entity which intends to engage in insurance
More informationPROPERTY OF THE SECURITIES COMMISSION OF THE BAHAMAS
SUPERVISORY AND REGULATORY GUIDE: APPLICABLE LEGISLATION: OUTSOURCING OF MATERIAL FUNCTIONS SIA, 2011; IFA, 2003; FCSPA, 2000. ISSUED: 15 MAY 2012 LAST AMENDED: REFERENCE NUMBER: 31 DECEMBER SPG1-0512
More informationPART I - PRELIMINARY...1 Objective...1 Applicability...2 Legal and Regulatory Provision...2
PART I - PRELIMINARY...1 Objective...1 Applicability...2 Legal and Regulatory Provision...2 PART II POLICY REQUIREMENTS...3 Investment and Risk Management Policy...3 Monitoring and Control...5 Roles of
More informationGUIDANCE FOR MANAGING THIRD-PARTY RISK
GUIDANCE FOR MANAGING THIRD-PARTY RISK Introduction An institution s board of directors and senior management are ultimately responsible for managing activities conducted through third-party relationships,
More informationBasel Committee on Banking Supervision. The Joint Forum. Outsourcing in Financial Services
Basel Committee on Banking Supervision The Joint Forum Outsourcing in Financial Services February 2005 THE JOINT FORUM BASEL COMMITTEE ON BANKING SUPERVISION INTERNATIONAL ORGANIZATION OF SECURITIES COMMISSIONS
More informationGuidance Note on Outsourcing/Delegation of Functions
Guidance Note on Outsourcing/Delegation of Functions Supervision Division Financial Supervision Commission 7 May 2002 1 Introduction Guidance Note on Outsourcing/Delegation of Functions This Guidance applies
More informationArticle 29 Working Party Issues Opinion on Cloud Computing
Client Alert Global Regulatory Enforcement If you have questions or would like additional information on the material covered in this Alert, please contact one of the authors: Cynthia O Donoghue Partner,
More informationObjective and key requirements of this Prudential Standard
Prudential Standard CPS 231 Outsourcing Objective and key requirements of this Prudential Standard This Prudential Standard requires that all outsourcing arrangements involving material business activities
More informationCEBS Guidelines for the Operational Functioning of Supervisory Colleges (GL 34)
15 June 2010 CEBS Guidelines for the Operational Functioning of Supervisory Colleges (GL 34) Table of contents Introductory statements... 3 Executive summary... 5 Chapter 1: Operational organisation of
More informationTHE COMMITTEE OF EUROPEAN SECURITIES REGULATORS
THE COMMITTEE OF EUROPEAN SECURITIES REGULATORS Before printing this document, please be aware of its size! Regarding the provisions quoted in the response below, as far as possible, hyperlinks to these
More informationNOTICE 158 OF 2014 FINANCIAL SERVICES BOARD REGISTRAR OF LONG-TERM INSURANCE AND SHORT-TERM INSURANCE
STAATSKOERANT, 19 DESEMBER 2014 No. 38357 3 BOARD NOTICE NOTICE 158 OF 2014 FINANCIAL SERVICES BOARD REGISTRAR OF LONG-TERM INSURANCE AND SHORT-TERM INSURANCE LONG-TERM INSURANCE ACT, 1998 (ACT NO. 52
More informationI S O I E C 2 7 0 0 2 2 0 1 3 I N F O R M A T I O N S E C U R I T Y A U D I T T O O L
15.1 ESTABLISH SECURITY AGREEMENTS WITH SUPPLIERS 15.1.1 EXPECT SUPPLIERS TO COMPLY WITH RISK MITIGATION AGREEMENTS Do you clarify the information security risks that exist whenever your suppliers have
More informationGUIDELINES ON OUTSOURCING
CONSULTATION PAPER P019-2014 SEPTEMBER 2014 GUIDELINES ON OUTSOURCING PREFACE 1 MAS first issued the Guidelines on Outsourcing ( the Guidelines ) in 2004 1 to promote sound risk management practices for
More informationGUIDANCE NOTE ON THE CONCEPT OF RELIANCE
Final version of 23/02/2009 COCOF 09/0002/01-EN EUROPEAN COMMISSION DIRECTORATE-GENERAL REGIONAL POLICY GUIDANCE NOTE ON THE CONCEPT OF RELIANCE ON THE WORK OF OTHER AUDITORS DISCLAIMER This is a Working
More informationSUPERVISION GUIDELINE
G u i d e l i n e s o n O u t s o u r c i n g P a g e 1 SUPERVISION GUIDELINE G10: GUIDELINES ON OUTSOURCING Issued To All Licensed Financial Institutions G u i d e l i n e s o n O u t s o u r c i n g
More informationCONSULTATION PAPER CP 41 CORPORATE GOVERNANCE REQUIREMENTS FOR CREDIT INSTITUTIONS AND INSURANCE UNDERTAKINGS
CONSULTATION PAPER CP 41 CORPORATE GOVERNANCE REQUIREMENTS FOR CREDIT INSTITUTIONS AND INSURANCE UNDERTAKINGS 2 PROPOSAL 1.1 It is now widely recognised that one of the causes of the international financial
More informationPRINCIPLES ON OUTSOURCING OF FINANCIAL SERVICES FOR MARKET INTERMEDIARIES
PRINCIPLES ON OUTSOURCING OF FINANCIAL SERVICES FOR MARKET INTERMEDIARIES A CONSULTATION REPORT OF THE INTERNATIONAL ORGANIZATION OF SECURITIES COMMISSIONS STANDING COMMITTEE 3 ON MARKET INTERMEDIARIES
More informationGuidance note on Outsourcing/Delegation of Functions and inward outsourcing
Financial Services Rule Book Rules 8.13, 8.9 and 8.9A Guidance note on Outsourcing/Delegation of Functions and inward outsourcing Supervision Division Financial Supervision Commission September 2012 Guidance
More informationBANKS AND DEPOSIT COMPANIES ACT 1999: The Outsourcing of Services or Functions by Institutions Licensed under the Banks and Deposit Companies Act 1999
THE BERMUDA MONETARY AUTHORITY BANKS AND DEPOSIT COMPANIES ACT 1999: The Outsourcing of Services or Functions by Institutions Licensed under the Banks and Deposit May 2007 Introduction 1 This paper revises
More informationGUIDELINES ON OUTSOURCING ARRANGEMENTS
GUIDELINES ON OUTSOURCING ARRANGEMENTS STATE BANK OF PAKISTAN BANKING POLICY & REGULATIONS DEPARTMENT KARACHI CONTENTS Page No I INTRODUCTION:... 1 II APPLICABILITY:... 1 III DEFINITION OF OUTSOURCING:...
More informationOutsourcing. FSA Regulated firms (including offshore outsourcing) Contents. March 2004
Outsourcing FSA Regulated firms (including offshore outsourcing) March 2004 Contents 2. Introduction 2. How do the regulations impact an outsourcing? 3. Prudential Sourcebooks 4. Service Level Agreements
More informationUCITS NOTICES UCITS NOTICES
2013 UCITS NOTICES UCITS NOTICES Undertakings for Collective Investment in Transferable Securities authorised under European Communities (Undertakings for Collective Investment in Transferable Securities)
More informationGuidelines on the Application of the Supervisory Review Process under Pillar 2 (CP03 revised)
25 January 2006 Guidelines on the Application of the Supervisory Review Process under Pillar 2 (CP03 revised) Table of contents Executive Summary...2 Chapter 1: Introduction...4 Chapter 2. Guidance for
More informationCore Principles for Effective Banking Supervision: New Edition Released
News Bulletin September 17, 2012 Core Principles for Effective Banking Supervision: New Edition Released Last Friday, September 14, 2012, the Basel Committee on Banking Supervision published a new set
More informationGeneral Protocol relating to the collaboration of the insurance supervisory authorities of the Member States of the European Union March 2008
CEIOPS-DOC-07/08 General Protocol relating to the collaboration of the insurance supervisory authorities of the Member States of the European Union March 2008 CEIOPS e.v. - Westhafenplatz 1 60327 Frankfurt
More informationStatement of Guidance
Statement of Guidance Internal Audit Unrestricted Trust Companies 1. Statement of Objectives 1.1. To provide specific guidance on Internal Audit Functions as called for in section 3.6 of the Statement
More informationGUIDELINES ON OUTSOURCING
Monetary Authority of Singapore GUIDELINES ON OUTSOURCING ISSUED IN OCTOBER 2004 (Last Updated 1 July 2005) Monetary Authority of Singapore TABLE OF CONTENTS 1 INTRODUCTION... 1 2 APPLICATION OF GUIDELINES...
More informationCloud Computing: Legal Risks and Best Practices
Cloud Computing: Legal Risks and Best Practices A Bennett Jones Presentation Toronto, Ontario Lisa Abe-Oldenburg, Partner Bennett Jones LLP November 7, 2012 Introduction Security and Data Privacy Recent
More informationCapital Adequacy: Advanced Measurement Approaches to Operational Risk
Prudential Standard APS 115 Capital Adequacy: Advanced Measurement Approaches to Operational Risk Objective and key requirements of this Prudential Standard This Prudential Standard sets out the requirements
More informationStatement of Principles
Statement of Principles Bank Registration and Supervision Prudential Supervision Department Document Issued: 2 TABLE OF CONTENTS Subject Page A. INTRODUCTION... 3 B. PURPOSES OF BANK REGISTRATION AND SUPERVISION...
More informationPersonal data and cloud computing, the cloud now has a standard. by Luca Bolognini
Personal data and cloud computing, the cloud now has a standard by Luca Bolognini Lawyer, President of the Italian Institute for Privacy and Data Valorization, founding partner ICT Legal Consulting Last
More informationPrudential Practice Guide
Prudential Practice Guide PPG 231 Outsourcing October 2006 www.apra.gov.au Australian Prudential Regulation Authority Disclaimer and copyright This prudential practice guide is not legal advice and users
More informationPolicy on the Management of Country Risk by Credit Institutions
2013 Policy on the Management of Country Risk by Credit Institutions 1 Policy on the Management of Country Risk by Credit Institutions Contents 1. Introduction and Application 2 1.1 Application of this
More informationCorporate Policy. Data Protection for Data of Customers & Partners.
Corporate Policy. Data Protection for Data of Customers & Partners. 02 Preamble Ladies and gentlemen, Dear employees, The electronic processing of virtually all sales procedures, globalization and growing
More informationDraft Guidelines on Outsourcing of activities by Insurance Companies
November 8, 2010 To All Insurers Draft Guidelines on Outsourcing of activities by Insurance Companies Reference: 1. INV/CIR/031/2004-05 dated 27 th July, 2004 2. INV/CIR/058/2004-05 dated 28 th December,
More informationOVERVIEW. stakeholder engagement mechanisms and WP29 consultation mechanisms respectively.
Joint work between experts from the Article 29 Working Party and from APEC Economies, on a referential for requirements for Binding Corporate Rules submitted to national Data Protection Authorities in
More informationFinal Draft Guidelines
EBA/GL/2015/06 20 May 2015 Final Draft Guidelines on the minimum list of services or facilities that are necessary to enable a recipient to operate a business transferred to it under Article 65(5) of Directive
More informationFG 16/5 - Guidance for firms outsourcing to the cloud and other third-party IT services
Finalised guidance FG 16/5 - Guidance for firms outsourcing to the cloud and other third-party IT services July 2016 Background 1.1 1.2 1.3 The purpose of this guidance is to clarify the requirements on
More informationECB-PUBLIC OPINION OF THE EUROPEAN CENTRAL BANK. of 12 November 2015. on the regulation of companies acquiring credit (CON/2015/45)
EN ECB-PUBLIC OPINION OF THE EUROPEAN CENTRAL BANK of 12 November 2015 on the regulation of companies acquiring credit (CON/2015/45) Introduction and legal basis On 5 November 2015 the European Central
More informationRegulatory Compliance Management (RCM) (formerly Legislative Compliance Management (LCM))
Guideline Subject: Category: (RCM) (formerly Legislative Compliance Management (LCM)) Sound Business & Financial Practices No: E-13 Date: November 2014 I. Purpose and Scope of the Guideline The purpose
More information¼ããÀ ããè¾ã ¹ãÆãä ã¼ãîãä ã ããõà ãäìããä ã½ã¾ã ºããñ Ã
CIRCULAR CIR/MIRSD/24/2011 December 15, 2011 All intermediaries registered with SEBI Merchant Bankers/Registrars to An issue and Share Transfer Agents/Debenture Trustees/Bankers to An Issue/Underwriters/Credit
More informationInsolvency Practitioners Association of Singapore Limited Code of Professional Conduct and Ethics
PRELIMINARY DRAFT Insolvency Practitioners Association of Singapore Limited Code of Professional Conduct and Ethics Sections 1 to 6 only T:\Committees\IPAS\Extracts of IPAS Code of Ethics ver 6.draft (clean).doc
More informationARTICLE 29 DATA PROTECTION WORKING PARTY
ARTICLE 29 DATA PROTECTION WORKING PARTY 00658/13/EN WP 204 Explanatory Document on the Processor Binding Corporate Rules Adopted on 19 April 2013 This Working Party was set up under Article 29 of Directive
More informationGuidelines for Financial Institutions Outsourcing of Business Activities, Functions, and Processes Date: July 2004
Guidelines for Financial Institutions Outsourcing of Business Activities, Functions, and Processes Date: July 2004 1. INTRODUCTION Financial institutions outsource business activities, functions and processes
More informationSTANDARDS OF BEST PRACTICE ON COUNTRY AND TRANSFER RISK
STANDARDS OF SOUND BUSINESS PRACTICES COUNTRY AND TRANSFER RISK 2005 The. All rights reserved 1 STANDARDS OF BEST PRACTICE ON COUNTRY AND TRANSFER RISK A. PURPOSE/OBJECTIVE This document sets out the minimum
More informationFrequently Asked Questions. Unannounced audits for manufacturers of CE-marked medical devices. 720 DM 0701-53a Rev 1 2014/10/02
Frequently Asked Questions Unannounced audits for manufacturers of CE-marked medical devices 720 DM 0701-53a Rev 1 2014/10/02 What is an unannounced audit?... 6 Are unannounced audits part of a new requirement?...
More informationRegulation for Establishing the Internal Control System of an Investment Management Company
Unofficial translation Riga, 11 November 2011 Regulation No. 246 (Minutes No. 43 of the meeting of the Board of the Financial and Capital Market Commission, item 8) Regulation for Establishing the Internal
More informationDiscussion Paper DP1/14. Ensuring operational continuity in resolution
Discussion Paper DP1/14 Ensuring operational continuity in resolution October 2014 Prudential Regulation Authority 20 Moorgate London EC2R 6DA Prudential Regulation Authority, registered office: 8 Lothbury,
More informationRS Official Gazette, No 23/2013 and 113/2013
RS Official Gazette, No 23/2013 and 113/2013 Pursuant to Article 15, paragraph 1 and Article 63, paragraph 2 of the Law on the National Bank of Serbia (RS Official Gazette, Nos 72/2003, 55/2004, 85/2005
More informationABI RESPONSE TO CP140: INTERIM PRUDENTIAL SOURCEBOOK FOR INSURERS: GUIDANCE ON SYSTEMS AND CONTROLS, AND CP142: OPERATIONAL RISK SYSTEMS AND CONTROLS
ABI RESPONSE TO CP140: INTERIM PRUDENTIAL SOURCEBOOK FOR INSURERS: GUIDANCE ON SYSTEMS AND CONTROLS, AND CP142: OPERATIONAL RISK SYSTEMS AND CONTROLS 1 EXECUTIVE SUMMARY 1.1 FSA Proposals 1.1.1 These are
More informationGuideline on risk management and other aspects of internal control in central securities depository
until further notice 1 (11) Applicable to central securities depositories Guideline on risk management and other aspects of internal control in central securities depository By virtue of section 4, paragraph
More informationAIRBUS GROUP BINDING CORPORATE RULES
1 AIRBUS GROUP BINDING CORPORATE RULES 2 Introduction The Binding Corporate Rules (hereinafter BCRs ) of the Airbus Group finalize the Airbus Group s provisions on the protection of Personal Data. These
More informationon Asset Management Management
2008 Guidelines for for Insurance Insurance Undertakings Undertakings on Asset on Asset Management Management 2 Contents Context...3 1. General...3 2. Introduction...3 3. Regulations and guidelines for
More informationEUROPEAN CENTRAL BANK
17.2.2005 C 40/9 EUROPEAN CTRAL BANK OPINION OF THE EUROPEAN CTRAL BANK of 4 February 2005 at the request of the Council of the European Union on a proposal for a directive of the European Parliament and
More informationMULTILATERAL MEMORANDUM OF UNDERSTANDING CONCERNING CO-OPERATION IN THE EXCHANGE OF INFORMATION FOR AUDIT OVERSIGHT
MULTILATERAL MEMORANDUM OF UNDERSTANDING CONCERNING CO-OPERATION IN THE EXCHANGE OF INFORMATION FOR AUDIT OVERSIGHT INTERNATIONAL FORUM OF INDEPENDENT AUDIT REGULATORS Adopted on June 30, 2015 1 Table
More informationAPES GN 30 Outsourced Services
APES GN 30 Outsourced Services Prepared and issued by Accounting Professional & Ethical Standards Board Limited ISSUED: March 2013 Copyright 2013 Accounting Professional & Ethical Standards Board Limited
More informationFinal Draft Guidelines
EBA/GL/2015/04 20 May 2015 Final Draft Guidelines on factual circumstances amounting to a material threat to financial stability and on the elements related to the effectiveness of the sale of business
More informationSupervisory Policy Manual
This module should be read in conjunction with the Introduction and with the Glossary, which contains an explanation of abbreviations and other terms used in this Manual. If reading on-line, click on blue
More informationAugust 10, 2015. Many of these principles will be familiar to U.S. readers, but these are global principles that would be new to many countries.
August 10, 2015 Author: David W. Powell If you have questions, please contact your regular Groom attorney or one of the attorneys listed below: Louis T. Mazawey lmazawey@groom.com (202) 861-6608 David
More informationWhite Paper on Financial Institution Vendor Management
White Paper on Financial Institution Vendor Management Virtually every organization in the modern economy relies to some extent on third-party vendors that facilitate business operations in a wide variety
More informationCENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT
CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT JANUARY 2008 GUIDELINE ON BUSINESS CONTINUITY GUIDELINE CBK/PG/14
More informationPrinciples of Best Practice applicable to the distribution of Life Insurance Products on a Cross-border Basis within the EU or a Third Country
2015 Principles of Best Practice applicable to the distribution of Life Insurance Products on a Cross-border Basis within the EU or a Third Country 1 Principles of Best Practice applicable to the distribution
More informationSCHEDULE 16. Exit Plan. sets out the strategy to be followed on the termination (including Partial Termination) or expiry of this Agreement; and
SCHEDULE 16 Exit Plan 1. Scope 1.1 This schedule: (A) sets out the strategy to be followed on the termination (including Partial Termination) or expiry of this Agreement; and requires the Service Provider
More informationREFORM OF STATUTORY AUDIT
EU BRIEFING 14 MARCH 2012 REFORM OF STATUTORY AUDIT Assessing the legislative proposals This briefing sets out our initial assessment of the legislative proposals to reform statutory audit published by
More informationREGULATION ON RISK MANAGEMENT AND OTHER ASPECTS OF INTERNAL CONTROL IN INVESTMENT FIRMS
until further notice 1 (5) Applicable to investment firms REGULATION ON RISK MANAGEMENT AND OTHER ASPECTS OF INTERNAL CONTROL IN INVESTMENT FIRMS By virtue of section 29, paragraph 2, of the Investment
More informationGuideline on risk management and other aspects of internal control in stock exchange
until further notice 1 (11) Applicable to stock exchanges Guideline on risk management and other aspects of internal control in stock exchange By virtue of section 4, paragraph 2, of the Act on the Financial
More informationTO ALL CHIEF EXECUTIVE OFFICERS OF BANKS, BRANCHES OF FOREIGN BANKS AND MUTUAL BANKS
2004-09-20 BANKS ACT CIRCULAR 14/2004 TO ALL CHIEF EXECUTIVE OFFICERS OF BANKS, BRANCHES OF FOREIGN BANKS AND MUTUAL BANKS OUTSOURCING OF FUNCTIONS WITHIN BANKS This Office has received several approaches
More informationReducing the moral hazard posed by systemically important financial institutions. FSB Recommendations and Time Lines
Reducing the moral hazard posed by systemically important financial institutions FSB Recommendations and Time Lines 20 October 2010 Table of Contents I. Overall policy framework to reduce moral hazard
More informationElectronic Payment Schemes Guidelines
BANK OF TANZANIA Electronic Payment Schemes Guidelines Bank of Tanzania May 2007 Bank of Tanzania- Electronic Payment Schemes and Products Guidleness page 1 Bank of Tanzania, 10 Mirambo Street, Dar es
More informationGuidelines on supervisory review process
EIOPA-BoS-14/179 EN Guidelines on supervisory review process EIOPA Westhafen Tower, Westhafenplatz 1-60327 Frankfurt Germany - Tel. + 49 69-951119-20; Fax. + 49 69-951119-19; email: info@eiopa.europa.eu
More information-17 2015 OUTSOURCING POLICY
Outsourcing Policy TABLE OF CONTENTS EXECUTIVE SUMMARY... 3 Aim & Introduction... 3 POLICY PARAMETERS... 4 Key Terms... 4 Outsourcing Agreement Requirements... 5 MATERIAL OUTSOURCING AGREEMENTS... 6 Board
More informationBITS GUIDE TO CONCENTRATION RISK
BITS GUIDE TO CONCENTRATION RISK IN OUTSOURCING RELATIONSHIPS BITS A DIVISION OF THE FINANCIAL SERVICES ROUNDTABLE 1001 PENNSYLVANIA AVENUE, NW SUITE 500 SOUTH WASHINGTON, DC 20004 202-289-4322 WWW.BITS.ORG
More information