IOSCO Consults On Outsourcing

The Board of the International Organization of Securities Commissions (IOSCO) is requesting feedback on proposed updates to its principles for regulated entities that outsource tasks to service providers.

Since the publication of IOSCO´s earlier principles on outsourcing for market intermediaries and for markets, developments in markets and technology have increased regulatory attention on risks related to outsourcing and the need to ensure the operational resilience of regulated entities.

IOSCO prepared this report before the COVID-19 outbreak.  However, on 8 April 2020, the IOSCO Board agreed to delay publication of its reports to allow firms and financial institutions to redirect their resources to focus on the challenges arising from the pandemic. As the initial stages of this crisis pass, the IOSCO Board has decided to publish this report  now because the outbreak of COVID-19 has highlighted the need to ensure resilience in operational activities and to maintain business continuity  in situations where both external and often unforeseen shocks impact both firms and their service providers.

To account for the ongoing resource constraints on financial institutions, however, the consultation period will end on 1 October 2020 (well beyond IOSCO´s typical 90-day comment period).

The proposed Principles on Outsourcing are based on IOSCO´s 2005 Outsourcing Principles for Market Intermediaries and the 2009 Outsourcing Principles for Markets but their application has been expanded to include trading venues, market participants acting on a proprietary basis, credit rating agencies and financial market infrastructures.

The revised principles comprise a set of fundamental precepts and a set of seven principles. The fundamental precepts cover issues such as the definition of outsourcing, the assessment of materiality and criticality, their application to affiliates, the treatment of sub-contracting and outsourcing on a cross-border basis.

The seven principles cover the following areas:

  • Due diligence in the selection and monitoring of a service provider
  • The contract with a service provider
  • Information security, business resilience, continuity and disaster recovery
  • Confidentiality Issues
  • Concentration of outsourcing arrangements
  • Access to data, premises, personnel and associated rights of inspection
  • Termination of outsourcing arrangements

Each of these principles is supplemented with guidance for implementation. The consultation report includes a set of questions, including one of particular relevance during the current COVID-19 pandemic:

What measures for business continuity would be effective in situations where all, or a significant portion, of both the outsourcers’ and third-party providers’ work force is working remotely? In particular, what steps should be taken so Cyber Security and Operational Resilience can be ensured?”

IOSCO welcomes comments on and responses to this consultation report on or before 1 October 2020.

Source: IOSCO


Related articles

  1. European CSA Usage to Expand Ahead of MiFID II

    Third-country benchmarks that are widely used in the EU could become unavailable.

  2. Brexit Muddles Future of UK-EU Linkage

    Central Securities Depositories Regulation is due to apply in February 2021.

  3. Citigroup and Credit Suisse veteran brings deep experience in electronic trading and market structure.

  4. Securities Financing Transactions Regulation will take effect on 13 July 2020.

  5. Open access regime delayed until 4 July 2021.