Emma RadmoreIn the light of the development of various European Guidelines regarding outsourcing requirements, as well as recent practical ‘failures’ such as IT systems going down, the PRA is consulting on proposals to ensure that firms are well placed for the future in terms of resilience and adoption of cloud and other new technologies.
The updated requirements and expectations are set out in a draft supervisory statement on Outsourcing and third party risk management, appended to the consultation paper. Matters detailed in the draft SS include:
- The PRA notes that firms have been taking an inconsistent approach to categorising ‘material’ outsourcing, and all too often failing to comply with their obligation to notify the regulatory of any proposed outsourcing arrangements in good time for the regulator to consider them.
- Firms will be expected to maintain their own Outsourcing Registers (in line with EBA Outsourcing Guidelines), and the PRA is considering establishing an online portal for the submission of outsourcing arrangements.
- Firms will be given a deadline to review their ‘legacy’ outsourcing arrangements for compliance with current requirements, in line with EBA Outsourcing Guidelines and expanding the scope of the EIOPA draft Cloud Guidelines.
The consultation closes on 3 April 2020, and the PRA expects to publish the final version of its proposals in the second half of 2020.
These proposals also complement the PRA’s work on Operation Resilience.