No. Amundi does not agree with the scope as intended by EBA and the presentation of the subject matter. We object to the capacity of EBA to issue uniform guidelines for the application of requirements expressed in different texts that apply to different types of entities. We support the consistency in the approach and interpretation of comparable regimes that suppress the unnecessary operational difficulties in the end. However, we have often reaffirmed our view that a “one size fits all” approach is rarely commendable.
If Amundi thinks that securities market and asset management matters should remain under the authority of ESMA it is essentially due to the fact that ESMA has a better knowledge of these activities and the risk involved for their participants, be they investment firms or asset managers without this status. It guarantees a more proportionate consideration of the risks, not only based on the size of the entities but also on their business model, that results in a better adjusted regulation and a more operational approach in guidelines and Q and As. We do not object to the expertise of EBA on the matter under review, but firmly think that banks and asset managers are totally different animals and that different authorities have been created to take stock of this reality. Even if most of the guidelines that we expect ESMA to produce on outsourcing arrangements would be comparable to the draft document of EBA, we still consider that it would be better adapted and would create less risk of misinterpretation due to the better knowledge of the organization and functioning of securities markets and asset management.
Another concern is that EBA overlooks the principle that sectorial regulation when it exists has preeminence on a more general regulation. We read in the current CRD (and in particular article 109§2) that subsidiaries of a credit institution or a bank should apply the banking regulation on a consolidated basis and make sure that the sectorial regime that applies to them at solo level does not contradict the banking regime and enables their group to be compliant on a consolidated or sub consolidated level.
Lastly and, concerning the date of application of the guidelines, the difference between banks or credit institutions who are required to adapt and payment or electronic money institutions which have to introduce new procedures should also apply to the extension of the EBA cloud service providers recommendations to other firms than the banks and credit institutions initially concerned. Asset managers should be granted the transition period till end of 2020 to implement these new recommendations on cloud services.
We consider proportionality as a serious matter and present suggestions in our answer to question 13 for a more proportionate approach.
The distinction in §23 between acquisition of services and outsourcing is very important. So is the definition of outsourcing of important or critical functions. We believe that the present guidelines are a good opportunity to come back to this definition, with a more granular view based on the business model and the functional organization of market participants than the reference to MIFID.
If the outsourcing of critical or important function deserves a specific monitoring, it is not justified in our opinion to include other non-important outsourcing into the same outsourcing policy. Letter box entities do outsource their critical and important functions and it is enough to identify them.
Considering the balance between the operational and purely administrative burden that the maintenance of a register of all outsourcing arrangements and the benefits of the listing of all unimportant peripheral and substitutable services that are considered as outsourcing, Amundi recommends to limit the register to outsourcing of critical and/or important functions.
We note a reference to critical functions as designed by Directive 2014/59/EU and delegated regulation (EU) 2016/778 which concern the resolution of credit institutions. We see it as an illustration of the preference for EBA to use references and examples in the context of credit institutions that it perfectly masters. We would like to have ESMA directly involved in the preparation and adjustment of the guidelines to include references to the sectorial regulations of securities market and asset management.
We agree with the list of items that are of importance in the assessment of outsourcing arrangements. Though, we do not think that the scenario analysis that is mentioned in §58 to determine whether outsourcing increases or decreases operational risk is an appropriate recommendation and doubt that it introduce proportionality.
We would like to point what could look as an inconsistency in section 10.1. Under §65 g an institution should have the right to object or require to give an explicit approval on a proposed sub-outsourcing (or terminate the outsourcing agreement under §65 h). Even if §67 does not explicitly refer to sub-outsourcing of critical or important functions as specified in article 65, it belongs to a section dedicated to sub-outsourcing of such critical or important functions. Therefore, we read as preposterous the precision in the end of §67 “if such a right was agreed” when it is part of the guidelines to obtain such a right.
We also do not consider as appropriate the requirement in §75 e to “have the contractual right to request the expansion of the scope of the certifications”. It is typically a clause that exceeds the scope of the contract and that we will not be able to obtain in most instances if the legal counsel of the co-contractor is attentive.
More generally, we read these guidelines as a check list that should not prevent flexibility in the direct negotiation of outsourcing arrangements between parties.
We understand that there will be room for the contractors to appreciate what are “unacceptable service levels” that can trigger the exit. We feel that it is an assessment that cannot be determined ex ante in a contract. The guidelines suggest to determine levels that would trigger an exit procedure. There is a danger that such a contractual level may be used to oppose the exit just because it has not been breached and, nevertheless, the level of service can globally be so poor that exiting is the best solution (despite the absence of breach of the trigger level of any of the indicators).
We think of three ways to introduce proportionality:
- To require that only outsourcing of critical and important functions be reported in the register;
- To consider that the register is not an audit report but should be used as a reference tool to have at hand relevant information of a contractual nature that is useful for an easy monitoring of the contracts; the register should be built as a data base and not as a place to store reports and assessments;
- To communicate the register to the supervisory authority on its demand, either in the framework of a regular review of activities (SREP) or punctually at any time. The minimum 3 year frequency that is mentioned does not add much in the process, since there is a requirement to inform authorities in case of material changes.
EBA’s feeling, apparent in question 13, that the proposed items are too numerous and burdensome opens the way for suggestions. First, we approve the exercise to prepare an operational file to help stakeholders to understand the impact of the register. Second, when going through the file, we can only wish that proportionality is introduced. We think of three ways to introduce proportionality:
- Require that only outsourcing of critical and important functions be reported in the register;
- Consider that the register is not an audit report but should be used as a reference tool to have at hand relevant information of a contractual nature that is useful for an easy monitoring of the contracts; the register should be built as a data base and not as a place to store reports and assessments;
- To communicate the register to the supervisory authority on its demand either in the framework of a regular review of activities (SREP) or punctually at any time. The minimum 3 year frequency that is mentioned does not add much in the process since there is a requirement to inform authorities in case of material changes.