Description
Introduction
In 2022, the Commission de Surveillance du Secteur Financier (CSSF) published its Circular 22/806 (“The Circular”) on outsourcing arrangements. The Circular implements the requirements of the European Banking Authority (EBA) on outsourcing arrangements (EBA/GL/2019/02) and consolidates multiple circulars by providing clarity on many concepts applicable to outsourcing arrangements.
What does the new outsourcing framework mean for your firm? What steps should you take to make sure your firm is or remains compliant with Circular 22/806. This training aims at providing participants with an operational understanding of the EBA and CSSF outsourcing requirements.
Prerequisites
No prerequisite is required
Objectives
By the end of the training, participants should understand:
What constitutes an outsourcing arrangement?
Entities impacted by these new regulations
Expected governance of outsourcing arrangements
The notification process to CSSF in case of critical or important outsourcing activities
The cloud computing outsourcing framework and how to manage it appropriately
The criteria for assessing material changes
Differences between EBA and CSSF regulations concerning outsourcing activities.
The responsibilities and roles of the outsourcing officer
Programme
1. Definitions of key outsourcing arrangement concepts
Critical or Important outsourcing activities according to EBA and CSSF
Vendor arrangements vs outsourcing
2. Criticality or important outsourcing assessment
Criticality assessment methodology
Pre-analysis assessment approach
Risk Assessment methodology
3. Notification process to CSSF
Requirements for outsourcing notifications
Timeframe for notifying
Material changes or Serious event requiring notification
Material changes in the context of article 18-20 Circular 22/806
Material changes to new outsourcing arrangements
Material changes to existing outsourcing arrangements
4. Cloud computing outsourcing
Criteria for determining a cloud computing outsourcing
5. Sub-outsourcing arrangements
Cascade chain notion
Oversight obligations
6. Outsourcing oversight framework
Methodology for developing an outsourcing oversight framework
Pre-analysis assessment methodology
Risk Assessment framework – review/challenge/approve
The roles and responsibilities of various individuals in the framework
Intra-Group relationships management
Inherent risk, Residual or Target residual risks
Importance of conducting regular assessments to evaluate the framework's effectiveness.
Responsibilities of the outsourcing officer
Target audience
The course is mainly for control Newly appointed Oversight Officer, Internal control functions, Head of Operations and Senior management responsible for outsourcing activities.
Conditions
Course Material
The training material will be handed out at the beginning of the course.