View Only
  • 1.  EBA Guidelines on Outsourcing (EMEA)

    This message was posted by a user wishing to remain anonymous
    Posted 02-23-2023 09:08 AM
    This message was posted by a user wishing to remain anonymous

    Hi I have quite a specific questions, to those in Financial Services. 

    Has anyone in this group assessed certain Bloomberg services as in scope of the EBA guidelines, specifically considering the Trade Order Management Systems (TOMS) and their Multi-Asset Risk System (MARS) ? 

    We would consider them within scope, but get firm pushback from BBG. 

    any Feedback welcome. 

  • 2.  RE: EBA Guidelines on Outsourcing (EMEA)

    Posted 03-06-2023 04:28 PM

    Hi there

    Due to their nature, the EBA Guidelines on outsourcing arrangements suggest that both these services would be in scope for risk identification, assessment, monitoring, management, and reporting. (See language below). While it is unclear why BBG is pushing back, it is clear that no matter what vendor claims, your organization can determine which of your third-party relationships you will include in your TPRM program and process. Still, considering that BBG has other customers in the same position as your organization, it would be interesting to know why they feel they should be out of scope for these EBA requirements.

    My advice is to have BBG state in writing what their specific objections are, and to provide their rationale, citing specific regulatory information that justifies their position. Once you have that information, I suggest you work with your internal compliance department (and legal counsel if necessary) to formalize your position on the matter. Please make sure to document everything fully, regardless of what your organization decides Regulatory examiners may ask about the considerations and decision-making undertaken by your organization before reaching a conclusion.

    Those are my thoughts, but hearing from other members on this topic would be great.

    Per the Final Report on EBA Guidelines on outsourcing arrangements (EBA/GL/2019/02 25 February 2019)

    The Delegated Regulation (EU) 2017/565 specifies, under Article 30, that 'an operational function shall be regarded as critical or important where a defect or failure in its performance would materially impair the continuing compliance of an investment firm with the conditions and obligations of its authorisation or its other obligations under Directive 2014/65/EU, or its financial performance, or the soundness or the continuity of its investment services and activities'. formal vendor risk management processes which include assessment.