The scope of the guidelines is clear. However, we understand that certain entities within the scope can include central counterparties (CCPs) holding a banking licence and multilateral trading facilities (MTFs) operated by investment firms. We believe that this should be clarified and as explained in our general remarks, due consideration should be given should be given as to whether they should be in the scope of these guidelines.
In addition, while some of the comments in our response are of general application, others are entity specific. We also highlight certain instances where the guidelines may pose special issues for entities which are CCPs and/or MTFs operated by investment firms.

LSEG supports EBA’s approach to provide detailed guidelines which should be applied considering the institution’s size, internal organisation and the nature, scope and complexity of their activities, by considering the criteria specified under EBA Guidelines on internal governance.

We note that EBA Guidelines will apply to investment firms subject to Directive 2013/36/EU. As such, there will be MTFs operated by MiFID investment firms which will be subject to the EBA Guidelines contrary to MTFs operated by market operators. Furthermore, EBA Guidelines introduce a significant set of granular provisions in terms of internal procedures, policies and resources.

While we acknowledge that the proportionality principle will allow smaller investment firms to make appropriate adjustments in the development and implementation of internal procedures and processes under EBA Guidelines, such flexibility may not be sufficient for those investment firms that are authorised only to operate an MTF, are mono-product and not significant.

Article 95(1) of Regulation (EU) No 575/2013 (“CRR”) expressly recognises as a separate category those investment firms that are not authorised to provide investment services and activities other than the operation of an MTF. This category has a limited authorisation and a limited risk exposure, so ad hoc prudential and organisational requirements are justified.

EBA should clarify the scope of these guidelines when it comes to MTF according to CRR approach. This could entail not applying some of the requirements to these to MTFs or exempting them from these.

LSEG confirms that the guidelines in Title II are clear and we do not consider that additional safeguards are necessary.

LSEG confirms that the guidelines are clear. It should be noted that ESMA has issued strict guidelines on CCP conflict of interest management in February 2018. These guidelines include provisions on conflicts of interest in outsourcing arrangements where CCPs belong to a wider group. Given that the ESMA guidelines for CCPs are more specific than the EBA draft guidelines there appear to be no conflicting elements between the two. However, in finalising the guidelines we remind the EBA that CCPs with a banking licence would need to comply with strict EMIR requirements for outsourcing for CCPs and that broader alignment between the EBA guidelines should be the primary objective. In cases where CCPs are subject to both requirements, the EMIR requirements for CCPs should take precedence, and due consideration should be given on the need to include CCPs with a banking licence in the scope.

LSEG would welcome a more consistent approach with respect to the identification of the criteria regarding the assessment of criticality or importance of the outsourced functions.

The EBA Guidelines state that the criteria for assessing “critical or important functions” are based on the provisions specified under Directive 2014/65/EU (MiFID II) and the Commission Delegated Regulation (EU) 2017/565 supplementing MiFID II.

We note, however, that in Section 9.1, paragraph 49 of the proposed EBA Guidelines seems to extend their scope by also including other elements to be considered in the assessment of the criticality or importance of the outsourced function. For example, paragraph 49, (b) includes as a further element to consider the case when operational tasks of internal control functions are outsourced, which is not consistent with the criteria specified under A30 Delegated Regulation (EU) 2017/565.

We therefore kindly request EBA to align the criteria regarding the assessment of criticality or importance of the outsourced functions with Directive 2014/65/EU (MiFID II) and the Commission Delegated Regulation (EU) 2017/565 supplementing MiFID II.

Section 9.3 requires institutions to assess the impact of outsourcing agreements on operational risks based on the development of scenarios of risk events and requiring them to document the result of such analysis.
While we believe that such requirement may be reasonable with reference to banks, also as part of their recovery planning, we believe that the Guidelines should have a more risk-based approach conferring flexibility to institutions to develop their own risk assessment framework.

LSEG would welcome EBA’s clarity on how the guidelines suggest exit plans to be “tested”. We acknowledge that banks should have developed “exit” plans to satisfy their regulatory requirements and that they should develop dispositions to roll out those plans when needed. We do however need to highlight that such plans are maintained at a conceptual stage and reviewed at a regular basis. However, if the tests are meant to be active investigation of implementing exit strategies with alternative providers it would require a very significant level of resources and cost. Additionally, if it requires engaging with alternative suppliers, it raises concerns about intellectual property and confidentiality. LSEG believes that testing with alternative providers should only be performed when serious concerns are raised with the main provider in order to successfully maintain integrity of internal systems and contractual obligations put in place between the investment firms/CCP and the existing supplier.

LSEG broadly agrees with the guidelines in Section 13 and the importance of communicating any outsourcing arrangement to competent authorities with the help of an online register. We do believe however that, such register should be populated with the most relevant information such as, start & end date of the contract, the name of provider, a short description of service, whether the service is critical or not etc. If additional information is required, this should be determined by competent authorities and on a case by case basis, after determining whether an outsourcing arrangement is deemed critical or not.

LSEG confirms that the guidelines in Title V are appropriate and sufficiently clear. We agree that competent authorities should take a risk-based approach to monitoring outsourcing arrangements.

LSEG confirms that the template is clear. However, with regards to “last audit” dates, we would like to highlight that the date of the last on-site audit will generally not cover complete scope of outsourcing service at a group level merely due to the size and technicality required.

LSEG would like to reiterate at this stage that although we acknowledge that banks should have developed “exit” plans to satisfy their regulatory requirements and that they should develop dispositions to roll out those plans when needed. As per our response to question 12, if the tests are meant to be active investigation of implementing exit strategies with alternative providers they would require a very significant level of resources and costs (both one-off and ongoing costs).

LSEG believes that testing with alternative providers should only be performed when serious concerns are raised with the main provider to successfully maintain integrity of internal systems and contractual obligations put in place between the investment firm/CCP and the existing supplier.

We hope that you will find LSEG’s input provided in this consultation paper useful and we remain at your disposal for any additional clarifications.