Page 5 - Knowledge_Insights_Brochure V9
P. 5
6 CONTRACTUAL PROVISIONS FOR MANAGEMENT
OF SUB-CONTRACTORS / CHAIN OUTSOURCING:
Throughout the DP, several references are made to the increased occurrence of chain
outsourcing or sub-contracting and how this presents greater risks to outsourcing
arrangements, particularly where an RF is not aware that it is happening. Of the arrangements
reported to the Central Bank during the outsourcing project, the percentage of survey
respondents with SLAs which included a provision dealing with such a scenario was 72%,
on aggregate.
On the back of this, the Central Bank outlined that it expects RFs to
“give due consideration to this risk and incorporate appropriate risk management
controls, including contractual provisions and testing of the performance of the
arrangements through the chain of dependencies in order
to manage such risks”.
It also referred RFs to the recommendation included in the Committee of
European Banking Sponsors (“CEBS”) 2006 Guidelines on Outsourcing that
RFs include conditions in arrangements which “require the prior consent of the
outsourcing institution to the possibility and modalities of sub-outsourcing”.
7 BUSINESS CONTINUITY:
The Central Bank identifies Business Continuity Management as one of the three key
elements which RFs need to have regard to in the context of outsourcing.
In the context of SLAs, there should be appropriate clauses included which
outline the relevance of business continuity plans to both the OSP and the RF.
In the case of the OSP, there should be a requirement to “carry out testing of
its own business continuity plans on a regular basis” and in line with the EBA
Draft Outsourcing Guidelines (11(87)(c)), the RF must have “sight of reports
on business continuity measures and testing and be informed of any relevant
actions or remediations arising as a result of this testing, as appropriate”.
In the case of the RF, the Central Bank states that “when testing their own
business continuity plans, regulated firms must ensure that their OSPs are
included in the testing of any activities or processes that involve or rely on a
service provided by the OSP”.
www.matheson.com DISCUSSION PAPER 8 – OUTSOURCING FINDINGS AND ISSUES FOR DISCUSSIONS 4
26/02/2020 12:13
DIR4551_Math_Knowledge_Insights_Brochure V9.indd 4 26/02/2020 12:13
DIR4551_Math_Knowledge_Insights_Brochure V9.indd 4