On 25 February 2019, the European Banking Authority (the "EBA") published its Final Report on EBA Guidelines on outsourcing arrangements (the "Guidelines"). This follows the November 2018 publication by the Central Bank of Ireland (the "Central Bank") of its Outsourcing – Findings and Issues for Discussion paper (addressed in our briefing) and further illustrates regulatory authorities' increasing focus on the outsourcing of services by financial institutions.
What entities are in scope?
The Guidelines apply to institutions within the EBA's regulatory scope, including credit institutions, investment firms subject to CRD IV, payment institutions and e-money institutions ("In-Scope Entities").
The Guidelines replace the 2006 Guidelines on Outsourcing issued by the Committee of European Banking Supervisors and subsume the EBA's Recommendations on outsourcing to cloud service providers (the "EBA Cloud Guidance"); and so In-Scope Entities will now only need to consult one set of European guidelines for both non-cloud and cloud outsourcings.
The Guidelines apply from 30 September 2019 and all new outsourcing arrangements or arrangements renewed after that date must be compliant. All current outsourcing arrangements must be compliant by 31 December. Obligations arising from the EBA Cloud Guidance which are currently applicable are not affected and remain in force.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.