Regulatory News

BoE publishes policy on outsourcing and third-party risk for FMIs

The Bank of England (BoE) published a policy statement on outsourcing and third-party risk management for financial market infrastructures or FMIs, along with three supervisory statements for central counterparties or CCPs, central securities depositaries or CSDs, and recognized payment system operators (RPSOs) and specified service providers (SSPs), in addition to the Code of Practice applicable for RPSOs and SSPs.

The policy statement provides feedback to the three consultation papers covering outsourcing and third-party risk management for financial market infrastructures. As part of the consultations, BoE proposed to update its expectations and requirements on outsourcing and third-party risk management; this update is in response to the evolving business models and industry practices of financial market infrastructures that place increasing reliance on services and technologies provided by third parties. Based on the responses received, BoE highlights that the respondents were generally supportive of the proposals and welcomed the efforts to clarify regulatory expectations and requirements and bolster the operational resilience of financial market infrastructures. The vast majority of substantive feedback focused on the expectations or requirements described in the consultation papers and did not disagree with the overall direction of the policy. Thus, BoE made only minor changes to the final policy text, supervisory statements, and Code of Practice for RPSOs and SSPs, which can be summarized as follows:

  • Clarification in the final supervisory statements that third parties providing testing summaries and financial market infrastructures providing redacted or summarized policies also meet the expectations
  • Small changes to the definitions of "Outsourcing Agreement," "Third Party," and "Sub-outsourcing" across the three supervisory statements and the Code of Practice to ensure alignment across the final policy documents
  • Changes in the text of the central counterparties supervisory statement that describe the UK European Market Infrastructure Regulation, or EMIR Article 35(1) so that it refers to "major activities linked to risk management" in alignment with the UK EMIR text
  • Amended Paragraph 10.17 in the supervisory statements, so that it applies to business continuity plans as well as stressed exit plans and moved the paragraph to the introductory part of the chapter to Paragraph 10.4


BoE expects financial market infrastructures to comply with the expectations in the relevant supervisory statements and the requirements in the Code of Practice for RPSOs and SSPs, by February 09, 2024. Outsourcing arrangements entered into on or after February 08, 2023 should meet the expectations in the relevant supervisory statement and the Code of Practice by February 09, 2024. Financial market infrastructures should seek to review and update legacy outsourcing agreements entered into before February 08, 2023 at the first appropriate contractual renewal or revision point to meet the expectations in the relevant supervisory statement as soon as possible on or after February 09, 2023.

 

Related links:


LEARN MORE

Find out how we can help

Moody’s brings together data, experience, and best practice capabilities, with our specialized and agile intelligence.