EBA Guidelines on Outsourcing Arrangements - Cledara
文章推薦指數: 80 %
EBA Guidelines on Outsourcing Arrangements: Everything You Need to Know. Learn how to easily navigate around the latest compliance requirements ... CledaraWhy CledaraByStageStartupsGetprocessesrightfromthegetgoScaleupsScalewithbuiltinprocessesByFunctionFinanceAutomateyourbusyworkFoundersSeeeverythinginoneplaceITGetvisibility&controlofyourSaaSEveryoneGetapplicationsfasterandsaferSolutionsWhatisSaaSManagement?AnintroductiontotheSaaSmanagementjourneyPurchasingLinkSaaSpurchasingandapprovalsManagementGetvisibility&controlofyourSaaSAutomationMaketimeforthethingsthatmatterComplianceBuilt-incomplianceIntegrationsStreamlineaccounting&invoicingRewardsEarncashbackonyoursoftwarespendBlogPricingCompanyCareersWe'rehiring!CheckoutouropenrolesAboutCledaraCustomersMarketplaceFAQsBookademoLoginGetCledaraSignupStartupComplianceJanuary13,2022EBAGuidelinesonOutsourcingArrangements:EverythingYouNeedtoKnowLearnhowtoeasilynavigatearoundthelatestcompliancerequirementsbytheEBAforoutsourcingarrangements.TheEBAguidelinesonoutsourcingarrangementscameintoeffecton31stDecember2021.Theguidelinesaremadetoregulatethewaybusinessespurchaseandhandleoutsourcedsoftware(i.eSalesforceortheCRMyouuse).Theseguidelinesmeanthatcompanieslikeyoursneedtomakesureoutsourcingarrangementsareproperlymanagedandimplementriskmanagementandcomplianceprocessestohandlethecloudsoftwareyouuse,aswellasavarietyofotheroutsourcedservices.Althoughalloutsourcedsoftwarerequirecompliancechecks,therearecertaintypesofsoftwarethatwillrequiredeeperdiligence,specificallytheonesthatmeetthedefinitionof“criticalorimportant”underMiFIDII.Let’shavealookandbesuretocheckoutoureBookonthetopicforadeeperdive!WhenWastheEuropeanBankingAuthority(EBA)Deadline?TheEBAdeadlinewasissuedinFebruary2019andenteredintoforceinSeptember2019.Theharddeadlineforcomplianceoccurredon31December2021.Anycontractswithcloudsoftwareprovidersthatentered,reviewed,orwereamendedafter30September2019mustcomplywiththeguidelines,andallexistingcloudsoftwarevendorsneededtobereviewedby31December2021.WhoNeedstoComply?Ifyou’rereadingthis,it’sprobablybecausecomplianceisonyourmind.Ifnot,weadmireyourpassionforcompliance!Eitherway,here’sarundownofallfinancialinstitutionsthatmustfullycomplywiththenewregulation:BanksPaymentinstitutions,includingAuthorisedPaymentInstitutions(API)andPaymentInitiationServiceProviders(PISP)ElectronicmoneyinstitutionsInvestmentfirms,subjecttoDirective(EU)2013/36IV(CapitalRequirementsDirective) Themostcommonlicensesusedbyfintechstartupsaree-moneyLicenses,PISPsorAPIs,eitherdirectlythroughlicensestheyhold,orindirectlythroughAgentrelationshipswithdirectlylicensedpartnersandthereforefallwithinthescopeoftheregulatoryguidelines.EBAGuidelinesforUK-BasedCompaniesEventhougheveryregulatedentityintheUKwillneedtocomplywiththeseguidelines,werecommendcheckingwithyourlocalregulator.HerearetheregulationsaccordingtoFCAandPRA:ForthoseregulatedbytheFinancialConductAuthority(FCA).TheFCApubliclyre-affirmedthatregulatedentitiesintheUKmustmeettheEBA’sharddeadlineattheendof2021,despiteBrexitandthepandemic. Asalawfirmcoveringthematternoted,theFCAconfirmedthattheyhad“notifiedtheEBAthatwewillcomplywiththeguidelines”,including“thereviewofexisting‘criticalorimportant’outsourcingarrangementsenteredintobefore30September2019.”ForthoseregulatedbythePrudentialRegulationAuthority(PRA).ThePRApubliclypushedthedeadlinetocomplywiththeGuidelinesfromDecember2021toMarch2022stating“thedisruptionandreprioritizationcausedbytheCOVID-19pandemicandchangestotheUK,EU,andglobalregulatorylandscapeinthisarea.”HowtoClassifyYourExistingSoftwareStack TheEuropeanBankingAuthority's(EBA)outsourcingrequirementshavesignificantlyenhancedthird-partycontrolregardingcloudproviders.Anoutsourcedserviceisconsideredcriticalorimportantwhenthefailureofthetechnologyinquestionresultsinadisruptiontoyourbusiness,afailuretoprovideyourservicesortheinabilitytosupportyourcustomers.Yourfirsttaskshouldbetoclassifyallyourcloudsoftwarestackintotwogroups:1)Criticalorimportant2)Non-criticalorimportantThiswilltellyouwhichsoftwarerequiresgreaterdiligencechecks.Buthowdoyoufindoutwhatsoftwareis“criticalorimportant”tomybusiness?Firstofall,toclassifyallyourcloudsoftwarestack,youneed100%visibilityoverwhatsoftwareyouhave,soimportanttoolsarenotexcludedfromyourclassificationInotherwords,ifthefailureofthetechnologyinquestionresultsinadisruptiontoyourbusiness,andinafailuretoprovideyourservicesortheinabilitytosupportyourcustomers,itmaybeconsideredas“criticalorimportant”.Let’slookatanexample.Ifyouareaneobank,thesearesomeofthetoolsthatyoumightwanttoconsideras“criticalorimportant”suchas:YourCRM(i.e.Salesforce,Pipedrive)Yourcustomersupportsoftware(i.e.Zendesk)YoursinglesessionanduserauthenticationserviceorSSO(i.e.Okta) YourPEPsandsanctionsscreeningtool(i.e.ComplyAdvantage)Ontheotherhand,it’slikelythatyouranalytics(i.e.GoogleAnalytics)oryourinternalcommunications(Slack)softwarewouldnotberegardedascriticalorimportant.Softwareapplicationconsidered“criticalorimportant”variesonyourbusiness.TheEBAguidelinesapplytoallofyourcloudsoftwareandyouwillneedtorunacomplianceprocessforallofyourSaaS,andrememberthatcertaintypesofSaaSwillrequiredeeperdiligence. EBAGuidelinesforOutsourceArrangementseBookDownloadoureBooktofindoutmoreaboutEBAguidelinesforoutsourcingarrangementsandlearnhowtoorganicallyembedcomplianceinyourcompany’sprocesses.SubscribeformoreSaaSInsightsJoinournewslettertostayaheadofthecurveinallthingsSaaS. RelatedpostsWhySaaSManagementWillHelpYouAchievetheISO27001CertificationUKCompaniestoComplywithEBAGuidelinesforOutsourcingArrangementsamidBrexitandCOVIDpandemic2020GDPRFinesontheRiseNewEBAOutsourcingGuidelines:WhatSaaSisConsideredCriticalorImportant?TryCledaratodayJoinour600+customerstomanageallyourSaaSinoneplacewithCledara.JennyLiuHeadofFinance@Marshmallow Signup
延伸文章資訊
- 1EBA guidelines on outsourcing arrangements: 7 key aspects
The Guidelines aim at establishing a more harmonised framework for the outsourcing arrangements o...
- 2Guidelines on outsourcing arrangements
- 3EBA Outsourcing Guidelines – delivering a successful remediation ...
- 4EBA outsourcing guidelines and location – what you need to ...
The EBA's guidelines on outsourcing have applied to all new outsourcing from 30 September 2019. F...
- 5EBA Outsourcing Guidelines – delivering a successful ...
The EBA Guidelines apply to any "Outsourcing" arrangements, defined as: "an arrangement of any fo...