EBA

Subscribe to EBA

Insights from Latham’s flagship event: Managing the risk and promise of digitisation in financial services

Authors: Andrew Moyle, Nicola Higgs, Christian McDermott, and Kirsty Watkins.

The financial services industry is leading the way in outsourcing, with contract values in excess of US$10.7 billion in 2018, causing regulators to focus more than ever on the associated risks. Guidelines on outsourcing arrangements from the European Banking Authority (EBA), which came into effect on 30 September 2019, expand the requirements on institutions in this area, while both the Financial Conduct Authority (FCA) and the Prudential Regulation Authority (PRA) are also increasing their outsourcing supervision and enforcement activity.

We discussed the new requirements for financial institutions to maintain a register of outsourcing arrangements, and adhere to more stringent risk assessment and due diligence requirements at our recent event entitled Balancing the Scales: Managing the Risk and Promise of Digitisation in Financial Services.

The guidelines create new obligations for financial, payment, and electronic money institutions that will impact cloud outsourcing and deployment of FinTech.

By Fiona M. Maclean and Laura Holden

On 25 February 2019, the European Banking Authority (EBA) published a final report on its draft guidelines on outsourcing arrangements (Guidelines). The report followed the EBA’s publication of draft guidelines in June 2018 (Draft Guidelines) and the ensuing public consultation in September 2018 (Public Consultation).

The Guidelines replace the 2006 Committee of European Banking Supervisors (CEBS) Guidelines on Outsourcing (CEBS Guidelines) and replace and incorporate the EBA’s final recommendations on outsourcing to cloud service providers (Cloud Recommendations). Financial institutions will now only need to consult one set of guidelines for cloud and non-cloud outsourcing.

The FCA has outlined its approach to implementing key standards under the revised Payment Services Directive.

By Christian McDermott, Stuart Davis, Brett Carr, and Charlotte Collins

The FCA has published a statement on its website relating to the European Banking Authority’s (EBA’s) Opinion and draft Guidelines of 13 June 2018 on the Regulatory Technical Standards on Strong Customer Authentication and Common and Secure Communication under PSD2 (the RTS).

Background

The drafting of the RTS, which will apply from 14 September 2019, proved to be one of the most controversial aspects of the revised Payment Services Directive (PSD2) (for background on the RTS, please see Latham’s related Client Alert).