Page 5 - Knowledge_Insights_Brochure_Matheson
P. 5

6  CONTRACTUAL PROVISIONS FOR MANAGEMENT
                           OF SUB-CONTRACTORS / CHAIN OUTSOURCING:

                           Throughout the DP, several references are made to the increased occurrence of chain
                           outsourcing or sub-contracting and how this presents greater risks to outsourcing
                           arrangements, particularly where an RF is not aware that it is happening.  Of the arrangements
                           reported to the Central Bank during the outsourcing project, the percentage of survey
                           respondents with SLAs which included a provision dealing with such a scenario was 72%,
                           on aggregate.


                             On the back of this, the Central Bank outlined that it expects RFs to
                             “give due consideration to this risk and incorporate appropriate risk management
                             controls, including contractual provisions and testing of the performance of the
                             arrangements through the chain of dependencies in order
                             to manage such risks”.


                             It also referred RFs to the recommendation included in the Committee of
                             European Banking Sponsors (“CEBS”) 2006 Guidelines on Outsourcing that
                             RFs include conditions in arrangements which “require the prior consent of the
                             outsourcing institution to the possibility and modalities of sub-outsourcing”.












                        7  BUSINESS CONTINUITY:
                           The Central Bank identifies Business Continuity Management as one of the three key
                           elements which RFs need to have regard to in the context of outsourcing.


                            In the context of SLAs, there should be appropriate clauses included which
                            outline the relevance of business continuity plans to both the OSP and the RF.

                              In the case of the OSP, there should be a requirement to “carry out testing of
                             its own business continuity plans on a regular basis” and in line with the EBA
                             Draft Outsourcing Guidelines (11(87)(c)), the RF must have “sight of reports
                             on business continuity measures and testing and be informed of any relevant
                             actions or remediations arising as a result of this testing, as appropriate”.

                              In the case of the RF, the Central Bank states that “when testing their own
                             business continuity plans, regulated firms must ensure that their OSPs are
                             included in the testing of any activities or processes that involve or rely on a
                             service provided by the OSP”.








                      www.matheson.com                     DISCUSSION PAPER 8 – OUTSOURCING FINDINGS AND ISSUES FOR DISCUSSIONS  4






                                                                                                                 26/02/2020   12:13
       DIR4551_Math_Knowledge_Insights_Brochure V9.indd   4                                                      26/02/2020   12:13
       DIR4551_Math_Knowledge_Insights_Brochure V9.indd   4
   1   2   3   4   5   6   7   8