Bank Systems & Technology is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Management Strategies

03:52 PM
Connect Directly

Joint Forum Issues High-Level Outsourcing Principles

Working group provides guidance to firms and regulators on how to maintain high standards of corporate governance and risk management

The Joint Forum, a working group of international bank regulators, has issued high-level principles on the topic of outsourcing in financial services. The principles are intended to guide firms and regulators to maintain high standards of corporate governance and risk management in an environment of rapid IT innovation and a high reliance on external service providers.

The Joint Forum consists of the Basel Committee on Banking Supervision, the International Organization of Securities Commissions, and the International Association of Insurance Supervisors.

In summary, regulated entities should:

- Assess whether and how activities can be appropriately outsourced, under the aegis of the board of directors. - Establish a comprehensive outsourcing risk management program. - Prevent outsourcing from impeding regulatory supervision or disrupting customer obligations. - Conduct appropriate due diligence when selecting third-party service providers. - Use written contracts to govern all material aspects of outsourcing relationships. - Establish and maintain contingency plans with service providers. - Ensure that confidential information is protected from unauthorized disclosure.

In addition, regulators are urged to: - Consider outsourcing arrangements as part of their ongoing assessments. - Consider the risks inherent in having multiple regulated entities outsourcing activities to a limited number of service providers.

On the last point, regulators have taken note of the potential vulnerability in having too many banks using too few service providers, or having several banks share a common disaster recovery site.

The report states: "When a limited number of outsourcing service providers (sometimes just one) provide outsourcing services to multiple regulated entities, operational risks are correspondingly concentrated, and may pose a systemic threat."

The Joint Forum recommends risk mitigation tools including adequate contingency planning by regulated entities, ongoing monitoring and awareness, supervisory programs and risk assessments.

The full publication is available at:

This article originally appeared in Bank Systems & Technology eNEWS, a weekly e-mail newsletter. To order a free subscription, click here

Register for Bank Systems & Technology Newsletters
Bank Systems & Technology Radio
Archived Audio Interviews
Join Bank Systems & Technology Associate Editor Bryan Yurcan, and guests Karen Massey and Jerry Silva from IDC Financial Insights, for a conversation about the firm's 11th annual FinTech rankings.