Outsourcing Register Templates published by the Central Bank
On 09 August 2022, the Central Bank of Ireland published a set of guidance (including an outsourcing register template) for each of the following sectors: • Markets firms or regulated financial service providers • Payments institutions and electronic money institutions • (Re)insurance undertakings • Banks categorised as less significant institutions.

On 09 August 2022, the Central Bank of Ireland (the Central Bank) published a set of guidance (including an outsourcing register template) for each of the following sectors:

  • Markets firms or regulated financial service providers 
  • Payments institutions and electronic money institutions
  • (Re)insurance undertakings
  • Banks categorised as less significant institutions.

Please see the guidance/templates here.

This is a further step in advancing the Central Bank's strategy of maintaining financial system resilience. In the context of outsourcing, the Central Bank's key focus areas are the interconnectedness of the financial sector with third-party service providers and potential concentration risk at an institution and sectoral level.

Background

The Central Bank Cross-Industry Guidance on Outsourcing, published on 17 December 2021 (CBI Guidance) sets out the Central Bank's expectation that each regulated firm will establish and maintain an outsourcing register. Please see our December 2021 briefing on the CBI Guidance here.

The CBI Guidance is underpinned by the EBA Guidelines on outsourcing arrangements dated 25 February 2019 (EBA Guidelines). The CBI Guidance also outlines good practice for the governance, risk management and business continuity management of outsourcing arrangements in line with existing sectoral rules applicable to regulated financial service providers (RFSPs).  

The Central Bank's consultation (CP138) feedback statement accompanying the CBI Guidance, indicated that the Central Bank would publish sector-specific template registers along with guidance for completion of those templates. The Central Bank will conduct an analysis and assessment based on the information contained within the completed registers. 

Submission Dates

All RFSPs whose PRISM impact rating is medium low or above (or its equivalent) will be required to submit their completed reporting template to the Central Bank via the Online Reporting System (ONR) by close of business on 7 October 2022 (referencing arrangements in place as of 31 Dec 2021).  

All other RFSPs may use the relevant industry template to guide the completion of their registers and should be prepared to provide the register to the Central Bank. 
The Central Bank will confirm the outsourcing register submission deadline for 2023 in due course and the submission deadline from 2024 onwards will be end-February of each year.

Recommendation

As the CBI Guidance has been in effect since December 2021, regulated firms should promptly address completion of the relevant template register and, where required, arrange to make the necessary ONR filing by the 7 October 2022 deadline. 


Register completion guidance 

The outsourcing register template comprises the following sections:

  1. Cover – records RFSP's details including name, legal entity identifier (LEI), level of consolidation and reference date (e.g. first submission date 31 December 2021).
  2. R01 – contains specifics of all outsourcing arrangements with additional details required for outsourcing of critical or important functions. Firms will be required to confirm whether contracts in respect of outsourcing of critical or important operational functions have been reviewed and are in compliance with the EBA Guidelines and existing laws, regulations and regulatory guidance (including the CBI Guidance).
  3. Entity Signing – outsourcing arrangements are to be recorded on a contract-by-contract basis and an internal reference assigned to each of the entities signing the contract should be recorded in the register along with available identity codes and country of location.
  4. Supervised Entity – the internal reference number assigned to each of the Irish supervised entities signing the outsourcing contract should be recorded along with available identity codes and country of location.
  5. Service Provider – the internal reference number assigned to each of the service providers signing the outsourcing contract should be recorded along with identity details for each service provider.
  6. Additional General Information – additional details required by the Central Bank are required to be recorded to facilitate the performance of its regulatory responsibility, including the assessment of concentration risk. Details required include information in respect of retention of records of terminated arrangements, business continuity planning and exit strategy testing (both of the RFSP and of the outsourced service providers), the number of outsourcing arrangements in place, the number of outsourcing of critical or important functions in place, whether the RFSP has an outsourcing risk management framework and/or an outsourcing policy and whether SLAs are in place to support outsourcing agreements.
  7.  Fund Umbrella Structure – in respect of funds only, there is a requirement to record umbrella and sub-fund identification details and details of any outsourcing of final net asset value (NAV) release.

Appendix 1: Guidance on Criteria for Determining Criticality and Importance of Outsourcing Arrangements outlines the Central Bank's expectation that RFSPs should take a risk-based approach in their assessment of criticality and importance of outsourced functions, bearing in mind the principle of proportionality. 

Appendix 2: Guidance on Categorisation of Outsourced Functions / Services incudes a list of function/service categories which may be used as a guide for mapping outsourcing arrangements and notes that certain arrangements (i.e. provision of professional services) should be excluded from the register.

How we can help

William Fry continues to advise many regulated firms on the compliance of their outsourcing arrangements with regulatory requirements including:

  • undertaking a gap analysis of compliance with the EBA Guidelines, the CBI Guidance and relevant sectoral rules; 
  • reviewing and updating outsourcing agreements, policies and procedures to ensure compliance with the EBA Guidelines, the CBI Guidance and relevant sectoral rules;
  • providing training and advice on the management and mitigation of outsourcing risk, including the Central Bank’s expectations of boards and senior management; 
  • advising on regulatory inspections and enforcement in relation to outsourcing; and 
  • review of outsourcing registers against relevant Central Bank register template.

If you require assistance with any regulatory requirements relating to outsourcing, please contact any member of our Financial Regulation team or your usual William Fry contact.

Contributed by Jane Balfe & Orla Nic Dhonnchadha