Legal act: Resolution of the Board of the Bank of Lithuania On the Rules on the Delegation of Financial Functions of Financial Market Participants to Other Persons approval.
Effective date: 1 January, 2021.
Amendment:
Requirements set out in the Rules:
- financial market participants must have an outsourcing policy, approved by the supervisory board of the financial market participant or, if it is not formed, the board, which must be regularly reviewed and updated. This policy must cover all the main stages of the process of outsourcing, set out the principles, duties, responsibilities, etc. related to the outsourcing.
- financial market participants must include binding clauses in the outsourcing agreements. Financial market participants shall ensure that the outsourcing agreements concluded and in force before the entry into force of this Resolution comply with the requirements set out in the Resolution by the 1 January 2022.
- Requirements for monitoring and control of outsourcing. It is necessary to specify that financial market participants monitor the level and quality of services provided by service providers on an ongoing basis using a risk-based approach. The focus must be on ensuring the performance of important functions, the availability of services, integrity, data and information security. In the event of a material change in the nature, scale or risks of the outsourced business function, financial market participants will need to reassess the significance of that function.
- The draft Rules also establish the procedure for submitting information on the agreement on the outsourced business functions to the Bank of Lithuania and for evaluating this information. Upon the entry into force of the amendments set forth in the Resolution, a notice on the conclusion of the agreement on the outsourced business functions together with the draft agreement on the outsourced business functions will have to be submitted to the Bank of Lithuania
- Before entering into an outsourcing agreement, financial market participants must assess the potential impact of the outsourcing on the operational financial risk of the financial market participant, take into account the results of that impact assessment when deciding whether to enter into an outsourcing agreement and take the necessary steps to avoid undue additional operational risk. The risk assessment must be carried out both before the conclusion of outsourcing agreements and through the continuous monitoring of the performance of the critical functions provider – financial market participants must regularly update the risk assessment of outsourcing agreements and service providers and periodically report to the management body on the identified risks associated with the outsourcing.
The Resolution provides stricter requirements on outsourcing than those currently in force. Many of the requirements set out in European Banking Authority Guideline EBA/GL/2019/02 of 25 February 2019, on which financial market participants could rely as good practice, will become mandatory upon the entry into force of the Resolution. In this context, financial market participants are advised to have internal procedures in place to ensure compliance with the requirements set out in the Resolution
Recommendation:
- to prepare an outsourcing policy
- to review the concluded outsourcing agreements whether they meet the mandatory requirements.
- to carry out a risk assessment before concluding outsourcing agreements.
- to perform periodical risk assessment.
Prepared by associate, assistant attorney-at-law Eglė Juškaitė.