Outsourcing Policy Update to align with new EBA and local requirements

FOCUS ON: Case studies,

SUMMARY

Avantage Reply assisted a Private Banking group in the Eurozone to review of group Outsourcing policy.

In light of changing European and national regulatory requirements that came into force in 2019, our client revised the internal processes and procedures regarding the management and oversight of both, intra-group and third-party outsourcing activities.

A key concern of the client was to define a new group policy that considers the existing organization of the bank. This included the roles and responsibilities of three lines of defense (“3 LoD”), European and local regulatory requirements.

CUSTOMERS GOALS

Our client’s main goal was to define a new group outsourcing policy that would be compliant with the minimum requirements as defined by the EBA (EBA/GL/2019/02) and reflect its internal organization for outsourcing arrangements.

THE CHALLENGE

The key challenge for the project was a changing and overlapping set of regulations. To achieve full compliance with the new regulations, our client had to consider both, EBA guidelines in force from September 2019 but not yet translated into national regulation and local requirements regarding outsourcing to cloud computing infrastructures. Additionally, being head office of the group, our client had to consider local organizational constrains in the subsidiaries and how the proportionality principle would apply.

From an operational point of view, the multitude of stakeholders and the fact that not all elements of the outsourcing oversight are specifically tailored to outsourcing contributed to the complexity of the project (e.g. outsourcing risk is also a part of the general operational risk framework of the bank).

APPROACH AND SOLUTION

Avantage Reply took a three-step approach to identify outstanding regulatory and organizational gaps and to define the group outsourcing policy:

Conduct interviews with all stakeholders (such as operational departments, risk, compliance and legal) to identify their respective roles and responsibilities within the outsourcing process,
Review all existing documentation (i.e. committee minutes, procedures, outsourcing register, roles and responsibilities),
Draft the group outsourcing policy taking into account the client’s adopted 3 LoD model, management body structure and roles and responsibilities at subsidiaries level.

The key deliverable of the project was a complete outsourcing policy, to serve as a key guideline for all outsourcing-related processes and procedures within the group. It covers the main steps of the outsourcing process with references to the respective regulatory texts and practical examples (e.g. list of functions and activities not classified as an outsourcing). It includes:

outsourcing definition, categorization and obligations vis-à-vis local regulator,
roles and responsibilities of the 3 LoD and the management body,
planning of outsourcing arrangements incl. risk assessment and due diligence process,
contractual phase,
implementation, monitoring and management of outsourcing arrangements,
outsourcing register and oversight,
business continuity plan and exit strategies,

As a result, our client implemented the newly defined policy and aligned all related procedures to fully comply with the new regulatory requirements.

RELATED CONTENTS

Case Study

IRRBB – Support the transition of the IRRBB metrics computation tool and reconciliation exercise between both outcomes regarding EVE (Economics Value of Equity) and NII (Net Interest Income).

The Client, a huge international bank, request the support of Avantage Reply to further understand and quantify the differences arising between both of their IRRBB metrics calculators. The first, is a hand-made tool provided by the headquarter and the second is a well-known risk software solution used locally. Avantage Reply helps isolating and assessing each of the differences, and in case of materiality, set processes in order to compute overlays. Avantage Reply further helps to add and validate missing products. Validations cover parametrization of the tool, alinement of IRRBB inputs (margin and reference rate) and models (non-maturing products, prepayment, caps, floors,..)

Case Study

IFRS 9 Control Framework

The customer is a retail belgian bank focusing on mortgage loans and consumer credit. Following the implementation of the IFRS 9 ECL calculator, the need arised to implement a control framework to ensure timely and quality calculation and bookings, and integration in the accounting and reporting platforms. Avantage Reply helped the client bridge the distance between different departments to identify the right responsibilities at the right moment in the process to increase its reliability.