The World Federation of Exchanges Welcomes International Guidance to Align Management of Outsourcing Risk

 London, 2 October 2020 – The World Federation of Exchanges (WFE), the global industry group for exchanges and CCPs has responded to IOSCO’s Principles on Outsourcing.

The World Federation of Exchanges welcomes the general direction of the proposals and recognises the importance of increasing the focus on the resilience of financial services and their third-party service providers, especially in light of the pandemic and the way it has tested the whole ecosystem. The use of principles and a materiality-based approach is particularly important and welcome in providing a guide for the approach of national regulators.

It is important that in terms of operational resilience there is continuity derived from these Principles so that there are not multiple, nor conflicting, disparate sets of jurisdictional requirements that could give rise to a confused and fragmented regulatory environment, especially for those regulated entities operating across borders. Without alignment on the part of national regulators with the fundamental Principles set out by IOSCO, there is a danger that unnecessary administrative burdens will be created, along with additional compliance costs and artificial barriers to trade.

The WFE recommended:

  • The value of ensuring that as an international standard-setter, IOSCO applies the Principles across the whole financial services ecosystem. ‘Levelling-up’ the financial ecosystem has clear benefits in terms of reducing the risk of there being a weak link in the chain from end-investor to central market infrastructure.
  • Ensuring that the definition of “outsourcing” properly captures the challenges and changes arising in the field of outsourcing.
  • Avoiding unduly burdensome application by a regulated entity of the Principles on another regulated entity unless better safeguarding is derived from that application.
  • The benefits of intra-group outsourcings and their control frameworks in oversight of service providers and recognising those benefits in the application of the Principles.
  • Ensuring that the application of the Principles does not unnecessarily inhibit the benefits of outsourcing, such as the enhancements from dedicated vendor expertise or additional information security resulting from specialist service providers.
  • The national supervisors, working to guidelines set by international standard-setters, should play a more material role in seeking to address concentration risk, rather than regulated entities.
  • Recognition of the existing approaches and measures implemented by market infrastructure in embedding operational resilience practices, notably in the mass remote working situation created by the pandemic.
  • That common terminology is employed by individual jurisdictions which is consistent with that used by IOSCO and the other international standard-setters. Conflicting language can create confusion and risk, as multiple interpretations arise from different regulated entities seeking to comply with different jurisdiction-specific requirements and terminology.
  • The potential benefits from greater mapping or indexing of the Principles in accordance with internationally recognised standards frameworks, such as ISO, to further a common understanding and implementation of the Principles.