2017

2021

Firms are required to conduct a criticality assessment prior to making an outsourcing appointment and on an ongoing basis. Firms must have a defined methodology for conducting this assessment which clearly sets out the factors and rationale that are considered in making this determination; can be applied consistently across all outsourcing decisions and is in line with relevant sectoral regulations and guidance; and considers the nature, scale and complexity of the firm’s business.

Firms must also produce an outsourcing register, implement KPIs and SLAs, undertake due diligence and put in place a reporting framework in relation to outsourced activities. One of the main challenges is to implement a common framework across organisations that have a global or cross border operating model, which considers the Central Bank’s requirements.

Delegation & Outsourcing are the same thing according to the CBI

Historically there has been some ambiguity as to whether delegation and outsourcing amounted to the same thing. The regulator has clarified that, in its view, they are equal and therefore the Central Bank’s expectation is that its rules on outsourcing would apply to all delegates.

Intragroup Outsourcing-  The same level of controls apply to it as to 3^rd party outsourcing

The CBI has emphasised that it expects the same level of rigor in place with intragroup arrangements as when utilising a 3^rd party provider. Historically, intragroup arrangements may not have received the same level of attention and governance arrangements as 3^rd party outsourcing. Detailed KPIs and SLAs are often more challenging to implement on an intragroup basis.

Global operating models will also pose a challenge for Irish entities as the Irish entity may not have been central to the decision-making process notwithstanding that it is required to ensure that the policies and procedures applied at group level comply with Irish requirements. The Irish entity is also often relying on centralised oversight teams to consider the requirements of the Irish entity to demonstrate oversight compliance.

Exit planning strategy for outsourcing arrangements

Resiliency and exit-planning are key considerations in outsourcing arrangements. Intragroup concentrates on resiliency and work shifts between different locations across the world when required, while 3^rd party focus is on ongoing resiliency, having solutions and alternatives lined up and tested.

In considering exit planning the EBA and UK acknowledge that there is commonality in terms of systems and oversight policies and procedures in an intragroup arrangement which gives rise to a different risk profile, than an arrangement with a 3^rd party element. As noted above the Central Bank’s view is a similar process should apply to both intragroup arrangements and 3^rd party providers. This is a point the industry has highlighted in its feedback to the CBI.

Application of the Guidelines to the Depositary/Custody network

Clarification has been sought that custody services and the use of sub-custodians should be outside the scope of the Guidelines. The PRA in the UK has excluded custodial services from the scope of its outsourcing guidelines and the EBA has also excluded other key parts of market infrastructure such as clearing and settlement from its guidelines. In the absence of such exclusion there is concern that different requirements could apply to the delegation of custody activities to those outlined in the UCITS and AIFMD frameworks. There are already robust network management frameworks in place which govern custodial relationships on a global basis.

Next steps

The deadline for comments on the Guidelines closed in July 2021. Feedback from the Central Bank is expected in due course.

Firms will need to ensure that they have an outsourcing register, reflecting the Guidelines in place by year-end, as it is proposed that submission of registers will be required from regulated firms on a cyclical basis commencing in January 2022.

We await further guidance from the CBI on an implementation date for the remainder of the Guidelines, but firms have plenty to consider between now and then.