The Board of the International Organization of Securities Commissions (IOSCO) today published a set of updated outsourcing principles for regulated entities that outsource tasks to service providers.
Since the publication of IOSCO´s principles on outsourcing for market intermediaries in 2005 and for markets in 2009, new developments in markets and technology have focused regulatory attention on risks related to outsourcing and the need to ensure the operational resilience of regulated entities.
Moreover, the effects of the COVID-19 highlight the need to maintain business continuity in situations where external and often unforeseen shocks impact firms and their service providers.
The updated Principles on Outsourcing are based on the earlier Outsourcing Principles for Market Intermediaries and for Markets, but their application has been expanded and now includes trading venues, intermediaries market participants acting on a proprietary basis and credit rating agencies.[1] While financial market infrastructures (FMIs) are outside the scope of the Principles, FMIs may consider applying the Principles. IOSCO will be engaging with the CPMI on these outsourcing issues as part of the future joint CPMI-IOSCO work programme.
The revised principles comprise a set of fundamental precepts and seven principles.
The fundamental precepts cover issues such as the definition of outsourcing, the assessment of materiality and criticality, their application to affiliates, the treatment of sub-contracting and outsourcing on a cross-border basis.
The seven principles set out expectations for regulated entities that outsource tasks and include guidance for implementation. The principles cover the following areas:
• Due diligence in the selection and monitoring of a service provider and its performance
• The contract with a service provider
• Information security, business resilience, continuity and disaster recovery
• Confidentiality Issues
• Concentration of outsourcing arrangements
• Access to data, premises, personnel and associated rights of inspection
• Termination of outsourcing arrangements
The Report also briefly addresses the impact of COVID-19 on outsourcing and operational resilience and includes an annex that describes how outsourcing integrates with cloud computing and how CRAs use and incorporate outsourcing and cloud computing in their organizational strategies and structures.
- IOSCO Committee C5 is keeping a watching brief on the application of outsourcing principles to asset management.
About IOSCO
IOSCO is the leading international policy forum for securities regulators and is recognized as the global standard setter for securities regulation. The organization’s membership regulates more than 95% of the world’s securities markets in some 130 jurisdictions, and it continues to expand.
The IOSCO Board is the governing and standard-setting body of IOSCO and is made up of 34 securities regulators. Mr. Ashley Alder, the Chief Executive Officer of the Securities and Futures Commission of Hong Kong, is the Chair of the IOSCO Board. The members of the IOSCO Board are the securities regulatory authorities of Argentina, Australia, Bahamas, Belgium, Brazil, China, Egypt, France, Germany, Hong Kong, India, Ireland, Italy, Japan, Kenya, Korea, Malaysia, Mexico, Morocco, Nigeria, Ontario, Pakistan, Portugal, Quebec, Russia, Saudi Arabia, Singapore, Spain, Sweden, Switzerland, Turkey, the United Kingdom and the United States of America (both the U.S. Commodity Futures Trading Commission and U.S. Securities and Exchange Commission). The Chair of the European Securities and Markets Authority and the Chair of IOSCO´s Affiliate Members Consultative Committee are also observers.
The Growth and Emerging Markets (GEM) Committee is the largest committee within IOSCO, representing more than 75% per cent of the IOSCO membership, including 10 of the G20 members. Dr. Mohammed Omran, Executive Chairman of the Financial Regulatory Authority, Egypt is Chair of the GEM Committee. The committee brings members from growth and emerging markets together and communicates members’ views and facilitates their contribution across IOSCO and at other global regulatory discussions. The GEM Committee’s strategic priorities are focused, amongst others, on risks and vulnerabilities assessments, policy and development work affecting emerging markets, and regulatory capacity building.
IOSCO aims through its permanent structures:
to cooperate in developing, implementing and promoting internationally recognized and consistent standards of regulation, oversight and enforcement to protect investors, maintain fair, efficient and transparent markets, and seek to address systemic risks;
to enhance investor protection and promote investor confidence in the integrity of securities markets, through strengthened information exchange and cooperation in enforcement against misconduct and in supervision of markets and market intermediaries; and
to exchange information at both global and regional levels on their respective experiences to assist the development of markets, strengthen market infrastructure and implement appropriate regulation.