Home Knowledge EBA Publishes Final Guidelines on Outsourcing Arrangements

EBA Publishes Final Guidelines on Outsourcing Arrangements


WHO is subject to the Guidelines?

The Guidelines apply to credit institutions and investment firms which are subject to the Capital Requirements Directive and to payment institutions and electronic money institutions.

WHEN do the Guidelines enter into force?

The Guidelines will take effect on 30 September 2019 (the Effective Date) and will apply to all outsourcing arrangements entered into, reviewed or amended on or after the Effective Date (with the exception of an outsourced banking or payment activity to a third country service provider which requires a cooperation agreement between competent authorities).

The EBA Guidelines on Outsourcing Arrangements (the “Guidelines”) are significantly more prescriptive than the 2006 CEBS Guidelines.

WHAT are the key reforms?

  • Critical or important functions’ assessment: The Guidelines impose stricter requirements on outsourcing arrangements where ‘critical or important’ functions are being outsourced and the definition of ‘critical or important functions’ is based on the wording of MiFID II. The Guidelines contain a list of considerations that Firms should consider when determining whether a function is critical or important.
  • Outsourcing arrangement registers: Firms must maintain a comprehensive internal register of all outsourcing arrangements which distinguishes between critical and non-critical outsourced functions.
  • Sub-outsourcing: Firms must be aware of the degree and nature of sub-outsourcing by their outsourced service providers (OSPs) and include such information in their outsourcing registers. Firms must know certain facts about sub-outsourced activities, such as the location of the sub-outsourced service provider.
  • Focus on FinTech and cloud service providers (CSPs): The Guidelines are particularly concerned with the ability of CSPs to adequately protect data confidentiality and to adhere to relevant data protection regulatory requirements.

Click below to read our briefing in full.













Follow us @WilliamFryLaw