The latest resilience news from around the world

IOSCO outsourcing principles updated to ensure operational resilience

The Board of the International Organization of Securities Commissions (IOSCO) has published a set of updated outsourcing principles for regulated entities that outsource tasks to service providers. IOSCO says that since the publication of IOSCO┬┤s principles on outsourcing for market intermediaries in 2005 and for markets in 2009, new developments in markets and technology have focused regulatory attention on risks related to outsourcing and the need to ensure the operational resilience of regulated entities. Moreover, the effects of the COVID-19 highlight the need to maintain business continuity in situations where external and often unforeseen shocks impact firms and their service providers.

The updated Principles on Outsourcing are based on the earlier Outsourcing Principles for Market Intermediaries and for Markets, but their application has been expanded.

The revised principles comprise a set of fundamental precepts and seven principles.

The fundamental precepts cover issues such as the definition of outsourcing, the assessment of materiality and criticality, their application to affiliates, the treatment of sub-contracting and outsourcing on a cross-border basis.

The seven principles set out expectations for regulated entities that outsource tasks and include guidance for implementation. The principles cover the following areas:

  • Due diligence in the selection and monitoring of a service provider and its performance
  • The contract with a service provider
  • Information security, business resilience, business continuity and disaster recovery
  • Confidentiality issues
  • Concentration of outsourcing arrangements
  • Access to data, premises, personnel and associated rights of inspection
  • Termination of outsourcing arrangements.

The Report also briefly addresses the impact of COVID-19 on outsourcing and operational resilience and includes an annex that describes how outsourcing integrates with cloud computing and how CRAs use and incorporate outsourcing and cloud computing in their organizational strategies and structures.

Read Principles on Outsourcing: Final Report (PDF).



Want news and features emailed to you?

Signup to our free newsletters and never miss a story.

A website you can trust

The entire Continuity Central website is scanned daily by Sucuri to ensure that no malware exists within the site. This means that you can browse with complete confidence.

Business continuity?

Business continuity can be defined as 'the processes, procedures, decisions and activities to ensure that an organization can continue to function through an operational interruption'. Read more about the basics of business continuity here.

Get the latest news and information sent to you by email

Continuity Central provides a number of free newsletters which are distributed by email. To subscribe click here.