Following the launch of a consultation on three separate Supervisory Statements and changes to an existing „Code of Practice“ as regards outsourcing and third party risk management of central counterparties (CCPs), central securities depositories (CSDs), and recognized payment system operators (PSOs) and specified service providers (SSPs) – together financial market infrastructures (FMIs) – in April 2022, the Bank of England (BoE) has now published a corresponding Policy Statement. Therein, the Bank outlines the feedback it has received to the different aspects of the proposals including, among others, feedback on corresponding
– governance and recordkeeping requirements;
– obligations pertaining to pre-outsourcing activities such as the identification of the criticality of a service and the setup of adequate policies and procedures to ensure an adequate level of oversight;
– key contractual terms that shall be included particularly on arrangements that cover critical business functions;
– business continuity planning requirements and obligations to develop adequate business exit strategies; or
– audit requirements with respect to existing business arrangements.
The feedback also covers other aspects of the proposals such as data security requirements, data access requirements, or obligations relating to sub-outsourcing arrangements.
The Policy Statement also appends the following finalized version of the documents which we have reported on separately:
– Outsourcing and third party risk management Supervisory Statement: central securities depositories – EventID 19508
– Outsourcing and third party risk management Supervisory Statement: central counterparties – EventID 19647
– Outsourcing and third party risk management Supervisory Statement: recognised payment system operators and specified service providers – EventID 19648
– Outsourcing and third party risk management part of the Code of Practice – EventID 19646.
Other than that the Policy Statement does not contain any additional content.
FMI outsourcing and third party risk management Policy Statement
ID
21774
Other Features
assessment
auditing
banks
CCPs
compliance
CSD
cyber security
data protection
due diligence
outsourcing
payment services
re-outsourcing
reporting
Date Published: 2023-02-08
Date Taking Effect: 2024-02-09
Regulatory Framework: Banking Act 2009, Retained European Market Infrastructure Regulation (UK EMIR), Retained Central Securities Depositories Regulation (UK CSDR)
Regulatory Type: procedure
ID 26454
The Bank of England has launched a consultation on a proposed new statement of policy outl ...
ID 26408
The Prudential Regulation Authority (PRA) has published a press statement declaring the in ...
ID 26397
The Prudential Regulation Authority (PRA) has launched a new consultation (CP28/23) on the ...
ID 26373
The Prudential Regulation Authority (PRA) has issued a Policy Statement which responds to ...
You are on the training version of RISP core with limited functions and data.
Please subscribe to RISP core for professional or academic use. We supply free real time datasets for approved academic research; professional subscriptions start at 950€ plus VAT per annum.