The Outsourcing Policy has been reviewed in light of the publication of:

  • Central Bank’s Findings and Issues for Discussion Paper on Outsourcing (November 2018)
  • EBA revised Guidelines on Outsourcing Arrangements

The recommendation on outsourcing to cloud service providers, published in December 2017, has also been integrated into the Guidelines.

The EBA revised Guidelines are applicable to the following

  • Institutions that fall under Directive 2013/36/EU (i.e. CRD)
  • Institutions that fall under Directive 2014/65/EU (i.e. MiFiDII)
  • Institutions that fall under Directive 2015/2366/EU (i.e– PSD2) in so far as that institution is defined as a payment institution

Credit Unions are not subject to the CRD or MiFiDII Directives. Credit Unions are subject to PSD2 in their function as a payment service provider but are not payment institutions under Chapter 2 of EU (Payment Services) Regulations 2018 [SI No. 6, 2018]. Relevant learnings and best practice can be taken from the EBA Guidance document and the Central Bank Discussion Paper of November 2018. The EBA Guidance definition of what is and isn’t outsourcing is very helpful. We have adopted best practices in the Outsourcing Policy. CUDA is also mindful of the circulation from RCU re outsourcing service risks dated 8th May 2019 in light of BNPP existing the Irish market.

You will find on CUSP the following:

  • Outsourcing Policy 2019
  • Central Bank’s Findings and Issues for Discussion Paper on Outsourcing (November 2018)
  • EBA revised Guidelines on Outsourcing Arrangements

If you have any questions on any of the above please do not hesitate to contact us (elaine.larke@cuda.ie).