Introduction

The Central Bank of Ireland’s (the Central Bank’s) consultation paper (CP138) on the Cross Industry Guidance on Outsourcing (the Guidance) outlined the Central Bank’s expectations regarding the management of outsourcing risk with a view to promoting higher standards of operational resilience in regulated financial service providers.

On 17^th December 2021 the Central Bank published its feedback statement and final Guidance in relation to CP138. In total 21 responses were received.

Carne previously hosted a webinar on CP138 and the Webinar and key takeaways are available here.

A number of the main points from the Feedback Statement and its impact on the Guidance are noted below.

Proportionality

The Guidance is cross sectoral in nature. In adopting the Guidance, a regulated firm should always have regard to the nature, scale, and complexity of its business model, and the degree to which it engages in outsourcing. The Central Bank acknowledges that certain aspects of the Guidance may not be appropriate to all regulated firms.

Feedback for the Investment Funds Sector

The Central Bank provided some specific feedback for the investment funds sector, noting that the Guidance applies to ‘regulated firms’ rather than regulated products. Consequently, it should be understood that the Guidance will apply in a proportionate manner to the fund service providers associated with the operation of the fund and not to the fund itself. Nevertheless, the Central Bank noted that the board of directors of an externally managed investment company should ensure that it supports the ability of the fund management company to comply with all regulatory obligations, including this Guidance.

Delegation v Outsourcing

The Central Bank reiterated that it considered delegation and outsourcing to be one and the same. In respect of both delegation and outsourcing, all arrangements require effective due diligence, appropriate oversight arrangements and good governance to ensure that any tasks not performed by the regulated entity are carried out to a high standard with ultimate responsibility for the function being retained by the regulated entity.

Fund Depositaries and Custody/Sub-Custodian Arrangements

The Central Bank remains of the view that the provision of custodial services generally may carry the same risks as other forms of outsourcing arrangements and consequently the requirements of the Central Bank’s Guidance should apply to the management of such risks. The Central Bank also clarified that the Guidance should apply to outsourcing arrangements involving critical financial market infrastructure, including clearing and settlement services provided by Central Securities Depositories (CSDs) and Central Counterparties (CCPs), in a manner consistent with the firm’s nature, scale and complexity.

Intragroup Arrangements

The Central Bank’s position remains, that intragroup arrangements should not be treated as inherently less risky than arrangements with third parties outside a firm’s group, although certain aspects of the arrangements may be managed differently in practice. Firms should be particularly conscious of the possibility that serious conflicts of interest can arise in respect of intragroup arrangements. The possibility of such conflicts should be considered as part of the firm’s risk assessment when establishing the arrangements and mechanisms detailed for the resolution of any conflicts which do arise.

Application of Guidance to Sub-Outsourcing Arrangements

The expectations in Part B Sub-Section 5.1 of the Guidance on Sub-Outsourcing relating to the direct oversight and monitoring only apply to critical or important sub-outsourcing arrangements. Each firm’s primary responsibility is to ensure that third party service providers appropriately manage any critical or important sub-outsourcing arrangements. The Central Bank does not expect firms to directly monitor fourth parties in all circumstances. However, before entering into a critical or important outsourcing agreement, firms should consider the potential impact on service delivery of large, complex sub-outsourcing chains on their operational resilience and their capacity to monitor such arrangements and oversee such complexity.

Application of Guidance

The Guidance came into effect on 17^th December 2021.

Submission of Outsourcing Registers

With regard to the submission of Outsourcing Registers, the general content of the Registers is contained in Appendix 3 of the finalised Cross-Industry Guidance on Outsourcing. A spreadsheet template for the Outsourcing Register will be made available for all firms to download from the Central Bank website during the first quarter of 2022 as a tool for organising and storing the required data for the Register.

It is intended that all firms whose PRISM Impact Rating is Medium Low (ML) or above (or its equivalent) will submit their Outsourcing Register via a new Online Return on an annual basis. The timing of the first submission is planned for Q2 2022.

Low Impact firms may also be asked to submit their Outsourcing Register on a case-by-case basis by their Supervisor.