The International Organization of Securities Commissions (IOSCO), the policy forum for securities regulators, has published a set of updated outsourcing principles for regulated entities that outsource tasks to service providers.
Based on the earlier Outsourcing Principles for Market Intermediaries and for Markets, the updated principles now include trading venues, intermediaries market participants acting on a proprietary basis and credit rating agencies. Financial market infrastructures (FMIs) are outside the scope of the Principles, though IOSCO suggests that FMIs may consider applying them.
The revised principles comprise a set of fundamental precepts and seven principles. The former cover issues such as the definition of outsourcing, the assessment of materiality and criticality, their application to affiliates, the treatment of sub-contracting and outsourcing on a cross-border basis.
The seven principles cover: due diligence in the selection and monitoring of a service provider and its performance; the contract with a service provider; information security, business resilience, continuity and disaster recovery; confidentiality issues; concentration of outsourcing arrangements; access to data, premises, personnel and associated rights of inspection; and termination of outsourcing arrangements.
A full report on the principles is available from the IOSCO website.