Outsourcing Policy


team-940612_1920Outsourcing:- The Financial Stability Board Recommend

To assist firms and regulators in considering their outsourcing activities, a set of nine principles outlining issues that should be taken into account in the process while recognising that a firm’s senior management remains responsible for activities that are outsourced:

  • A regulated entity seeking to outsource activities should have in place a comprehensive policy to guide the assessment of whether and how those activities can be appropriately outsourced. The board of directors or equivalent body retains responsibility for the outsourcing policy and related overall responsibility for activities undertaken under that policy.
  • The regulated entity should establish a comprehensive outsourcing risk management programme to address the outsourced activities and the relationship with the service provider.
  • The regulated entity should ensure that outsourcing arrangements neither diminish its ability to fulfil its obligations to customers and regulators, nor impede effective supervision by regulators.
  • The regulated entity should conduct appropriate due diligence in selecting third-party service providers.
  • Outsourcing relationships should be governed by written contracts that clearly describe all material aspects of the outsourcing arrangement, including the rights, responsibilities and expectations of all parties.
  • The regulated entity and its service providers should establish and maintain contingency plans, including a plan for disaster recovery and periodic testing of backup facilities.
  • The regulated entity should take appropriate steps to require that service providers protect confidential information of both the regulated entity and its clients from intentional or inadvertent disclosure to unauthorised persons.
  • Regulators should take into account outsourcing activities as an integral part of their ongoing assessment of the regulated entity. Regulators should assure themselves by appropriate means that any outsourcing arrangements do not hamper the ability of a regulated entity to meet its regulatory requirements.
  • Regulators should be aware of the potential risks posed where the outsourced activities of multiple regulated entities are concentrated within a limited number of service providers.
Categories: ,

Why Do We Need An Outsourcing Policy?

Regulatory Requirements

All businesses that operate within the financially regulated sector, have detailed and prescriptive rules that apply to outsourcing arrangements. These rules aim to ensure that the firm retains appropriate control and oversight of the activities it outsources, with the ultimate objective of protecting clients (and, in large institutional instances it could be a systemically important institution, contributing to the overall stability of the financial system).

Insurance and reinsurance undertakings, specifically, are required to have written policies on outsourcing where relevant under Article 49 of Solvency II and must ensure that those policies are implemented correctly and embedded. As with all policies, this and others must also be reviewed at least annually, and adapted to reflect any changes in the outsourcing arrangements/operational systems. EIOPA has issued Solvency II governance including own risks and solvency assessment guidelines, which apply from 1 January 2016 onwards.

In addition, rules requiring the firm to appropriately monitor and control additional operational risk arising from services or activities performed by third parties are set out in the FCA Senior Management, Systems and Controls Sourcebook (SYSC) Chapter 8 and, for insurers, in chapter 13.9 of SYSC. The SYSC rules about outsourcing arrangements therefore apply (in slightly different ways) to all common-platform regulated firms; for instance, to banks, fund managers, investment firms and insurance companies, as well as IFAs, and other distribution channels. Although an outsourcing policy is not specifically mentioned or definitively required in these rules, best practice dictates that firms have outsourcing policies to comply with them.

Some firms struggle with writing Outsourcing Policies and we are frequently asked to advise on this topic and have therefore created the template Outsourcing Policy, available here.

Get your Outsourcing Policy Template NOW!


There are no reviews yet.

Be the first to review “Outsourcing Policy”