Outsourcing is widely and increasingly used across the alternative investment management industry. With clear advantages including operational efficiencies and cost-effectiveness, it is unlikely that this trend will slow or reverse in the future. Regulatory standards on outsourcing and/or third-party relationships (or their risk management) are set out in primary legislation, principles, rules or guidance issued by the relevant regulatory or supervisory authorities and/or codified supervisory practices.
In the European Union, the European Securities and Markets Authority (ESMA) has issued new guidelines on outsourcing to cloud service providers. The new ESMA guidelines, which entered into force on 31 July 2021, aim to help firms identify, address and monitor the risks arising from cloud outsourcing arrangements.
In Ireland, the Central Bank of Ireland (CBI) has published a consultation on the CBI's proposed Cross-Industry Guidance on Outsourcing. The CBI recognises the increasing reliance of many regulated firms on outsourced service providers. This includes the use of both intragroup entities and third party providers, both regulated and unregulated. The guidance is being introduced to supplement existing sectoral legislation, regulations and guidelines on outsourcing, by setting out the CBI's expectations of good practice for the effective management of outsourcing risk.
31 December 2022, ESMA guidelines apply to any cloud outsourcing arrangements entered into prior to 31 July 2021.
(Last updated: 20 September 2021)