Response to consultation on draft Guidelines on outsourcing
Go back
- We suggest to include in the definition of outsourcing, the criteria of durability and regularity.
- we also suggest to draft guidelines from Joint Committee guidelines of the European Supervisory Authorities (EBA, ESMA and EIOPA).
Framework contract;
Control process.
- For all outsourcing arrangements, it would be logical to include information detailed in the (a) of the point 47.
- Only for important and critical outsourcing functions, include part (b);
- We suggest not to include the paragraph (c) of the point 47.
Q1: Are the guidelines regarding the subject matter, scope, including the application of the guidelines to electronic money institutions and payment institutions, definitions and implementation appropriate and sufficiently clear?
- Regarding the application of the guidelines, it would be helpful for the EBA to suggest a list of functions not concerned as critical and important (even if not complete).- We suggest to include in the definition of outsourcing, the criteria of durability and regularity.
- we also suggest to draft guidelines from Joint Committee guidelines of the European Supervisory Authorities (EBA, ESMA and EIOPA).
Q2: Are the guidelines regarding Title I appropriate and sufficiently clear?
Clear for us for proportionality, with regard to intragroup application. We agree with the fact that activities outsourced in the group have to follow the same obligation as others outsourcing arrangements and adapt the process of intragroup control, taking into consideration results of control already done by the Group.Q3: Are the guidelines in Title II and, in particular, the safeguards ensuring that competent authorities are able to effectively supervise activities and services of institutions and payment institutions that require authorisation or registration (i.e. the activities listed in Annex I of Directive 2013/36/EU and the payment services listed in Annex I of Directive (EU) 2366/2015) appropriate and sufficiently clear or should additional safeguards be introduced?
We suggest that it would not be necessary to do a prior request for outsourcing with a third party, as long as the institutions establish a register and respect governance requirements, in particular: Framework contract;
Control process.
Q4: Are the guidelines in Section 4 regarding the outsourcing policy appropriate and sufficiently clear?
We have another point of view concerning the paragraph 30 {c}, page 25, concerning the establishment of an outsourcing function or the appointment of a senior staff member for outsourcing management issues. We suggest to let the institutions decide how to organize the supervision of these outsourcing functions, without a mandatory specific function.Q5: Are the guidelines in Sections 5-7 of Title III appropriate and sufficiently clear?
The point 5 on “Conflicts on Interests” needs to be clarified.Q6: Are the guidelines in Sections 8 regarding the documentation requirements appropriate and sufficiently clear?
Concerning the sections 8, we suggest the following concerning the information contained in the register:- For all outsourcing arrangements, it would be logical to include information detailed in the (a) of the point 47.
- Only for important and critical outsourcing functions, include part (b);
- We suggest not to include the paragraph (c) of the point 47.