Open search form Open menu
Search for a lawyer
Search
Financial Services
  • 10 Sep 2019
  • 2 min read

Outsourcing: New Obligations as of Autumn 2019

EBA guidelines on outsourcing

Financial institutions in the EU must align their outsourcings with the new obligations of the European Banking Authority (EBA) as of
30 September 2019 (EBA/GL/2019/02).

Who is affected

  • Banks
  • Financial services providers
  • Payment service providers (NEW!)
  • Electronic money institution (NEW!)
  • Outsourcing providers

Banks and financial services providers in Germany should already meet the existing requirements as defined by the Federal Financial Supervisory Authority (Bundesanstalt für Finanzdienstleistungsaufsicht, “BaFin”).

Payment service providers and electronic money institutions – and thus also their outsourcing providers – now become subject to concrete obligations  on outsourcing for the first time.

What changes

The new obligations are similar to the existing BaFin requirements for banks and financial services providers (MaRisk), but go beyond them.

Changes relate in particular to the areas of governance, risk management and contract management. This includes e.g.:

  • Newly required risk assessment for other external purchases (procurement)
  • Newly required identification and assessment of conflicts of interest
  • Increased documentation requirements
  • New consent requirement for outsourcing to third countries
  • New pre-outsourcing analysis for planned outsourcings
  • Newly required detailed due diligence regarding outsourcing providers
  • Stricter minimum requirements for outsourcing contracts
  • Stronger focus on IT security, especially for cloud services
  • Increased control obligation for internal audit

When do the changes apply

  • The new obligations apply to outsourcing contracts concluded or amended as from 30 September 2019.
  • For previously concluded contracts, the new obligations apply from 31 December 2021.

How should affected companies react

Affected companies should use a gap analysis to identify and promptly close potential gaps with regard to the new obligations.

In any case, written rules, outsourcing processes and contracts need to be adapted.

Briefing Regulatory Focus Vol. 1 (english) | Briefing Fokus Regulatorik Vol. 1 (deutsch)

Other Expert Articles and Blogs

Financial Services
Taking stock of the Single Resolution Board’s new Single Resolution Mechanism Vision 2028 Strategy
  • 12 Apr 2024
  • 13 min read
Financial Services
EIOPA sets supervisory expectations on reinsurance concluded with third-country (re)insurance undertakings
  • 09 Apr 2024
  • 10 min read
Public Business Law Data Protection and Cybersecurity IP/IT
The first UN resolution on the regulation of AI – nice to have or big move?
  • 08 Apr 2024
  • 3 min read
All Expert Articles and Blogs