Outsourcing in financial institutions, including cloud outsourcing

Outsourcing is a topical issue irrespective of specific industries. This trend is driven by multiple factors, predominantly potential financial savings, development of technological solutions and the digitalisation trend. Outsourcing to the cloud environment may provide unique opportunities and create space for further innovation across industries.

Outsourcing in regulated entities

For financial institutions, namely banks and insurance companies that are subject to rather strict public regulation in terms of their required financial and operational stability, outsourcing may have significant regulatory consequences and can even be banned in some situations.

If a bank or an insurer concludes any contract with a third party to perform activities that the bank or insurer could perform itself (regardless of whether it is a “core” or a “back office” activity), compliance with outsourcing regulations should be verified.

Practical examples

In our practice, we have already analysed whether the use of a transport company for closed cash deposits, the use of external filing services or storing internal data in a cloud are subject to the definition of outsourcing and what requirements must be met to implement the plans.

The above examples clearly show that outsourcing regulation applies to situations where we might not expect it.

Impacts of outsourcing regulation

With respect to the prudent management of banks and insurance companies, outsourcing entails a number of obligations that the relevant institution must implement internally. For example, it is required to:

  • Comply with outsourcing policy rules;
  • Assess risks to eliminate situations in which the related potential risks make the planned outsourcing unlawful;
  • Meet the rules for business continuity and exit strategies when outsourcing is terminated; and
  • Comply with regulations of personal data protection, etc.

Obligations are stipulated by not only local regulations but also EU law and binding guidelines of the EU regulatory bodies (EBA, EIOPA).

In some cases, the regulator must be notified of an outsourcing plan.

In addition, statutory obligations and binding instructions applicable to outsourcing must be reflected in the contractual documentation with a third party that is intended to perform activities for the relevant bank or insurer externally. The generally used Business Cooperation Agreement is usually entirely insufficient for these purposes.

The Czech National Bank has already published its official guidance for outsourcing to cloud service providers. By issuing the guidance, the CNB has made it clear that it has been aware of the innovative solutions, has understood them and has been ready to intervene should any regulatory obligations be violated.

How can we help you?

As part of our approach to the implementation of outsourcing solutions, we are able to combine legal and regulatory perspectives with our experience in IT, operations architecture, risk assessment, cybersecurity and project management.

Our multidisciplinary approach helps manage risks effectively and ensure compliance as well as an efficient and safe implementation of outsourcing.

Technology dReport newsletter

Private financial institutions are the new supervisors of environmental regulation. The courts’ approach is also changing

Regulations in the area of environmental law are constantly increasing, which means that sustainability is an increasingly important topic that directly affects individuals, companies and states. However, oversight of compliance with the new rules is no longer exercised only by environmental inspection authorities, but also by private financial institutions. The courts whose decisions directly affect the corporate and state responsibility for climate change have also adopted a new approach to this issue. Read about the most important events in environmental law in Q2 of 2021 and get acquainted with regulatory news that will affect the future of sustainable business throughout the European Union. 

28. 7. 2021

The EU wants to achieve climate neutrality by 2050, then it will aim for negative emissions

The existential threat resulting from climate change demands that the EU as well as its member states heighten their ambitions and intensify their measures. This is reflected not only in the EU’s approach to the European Climate Law and in the constant collection and analysis of data (referring to carbon rates, for example), but also in a change of the judicial ruling practice. In a recent ground-breaking verdict, a Dutch court ordered a private company to adjust its activities with regard to the need for tackling climate change. 

28. 7. 2021

Biodiversity has a key impact on the economy of individual states, more than half of the global GDP depends on it

Environmental protection has been an increasingly important society-wide topic, and the European Union therefore continues to prepare new plans and strategies. One of the news is for example a new action plan for zero pollution for water, air and soil aiming to protect the health of Europeans. In addition, the EU prepared a strategy in biological diversity which responds to insufficient protection of biotopes and species – not only ecosystems but also economies of states depend on biodiversity. Other news include the ruling of the Court of Justice of the European Union on a temporary cessation of operations of a coal mine and a report of the INCA project on the integration of ecosystem accounts. 

28. 7. 2021