Lost in the regulatory jungle of outsourcing?
As a result of the new outsourcing rules and guidelines for financial companies, including the Outsourcing Executive Order for credit institutions, etc., and EIOPA's guidelines for cloud outsourcing, you as a Compliance Officer may find yourself in the middle of a regulatory jungle, lacking overview.
Together with Plesner Advokatpartnerselskab's leading experts in cloud outsourcing, we have developed a strong compliance solution that gives you clarity, an overview and an action plan.
Define, monitor and document all your outsourcing arrangements in one place to eliminate inefficient work across excel sheets.
Create transparency across departments
Generate board reports with a click
Integrate policies, processes and exit-strategy in one place
Clear guidance to compliance
We have turned the executive order of outsourcing into a clear and structured questionnaire that reflects the requirements of the Outsourcing Executive Order.
Built-in supplier contract requirement checklist
Guided step-by-step process to get compliance
Data mapping and visual overview of all outsourcing arrangements
Compliance & Governance Integrated
Once you are compliant we’ll assets you maintain your controls by automating them to move the manual burden from your shoulders.
Create annual wheels with automated controls
Easy documentation of important and critical arrangements
Extract the statutory register to the Danish FSA
GRC Intelligence Center
Adopt a proactive approach. Stay on top of your governance, risk, and compliance, and get a complete status and performance overview across your organization.
Build confidence with board and regulators, as well as with partners and customers by establishing a strong data governance and status framework
Actively measures custom-defined KPIs across solutions, individuals, teams, and related companies
Measure GRC efforts over time by gathering historical data that indicates your compliance score and performance.
Key features in our outsourcing solution
Systemize Your Cloud Outsourcing
In collaboration with the experts from Plesner Advokatpartnerselskab, RISMA has developed a solution to help insurance companies and pension funds put the management of cloud outsourcing into a system and thus comply with EIOPA's guidelines for cloud outsourcing.
The solution takes into account the existing requirements for outsourcing in the Solvency II Regulation. Organizations subject to both EIOPA and EBA guidelines can benefit from using the solution to handle all organizational outsourcing events.
Developed in collaboration with leading experts
In collaboration with IT and outsourcing experts from Plesner Advokatpartnerselskab, we have developed an outsourcing solution that can help your organization ensure compliance with the Outsourcing Executive Order for financial organizations such as banks, investment companies, etc.
In short, our outsourcing solution is designed to help you become compliant through guidance and a set of practical tasks. For instance, the experts from Plesner have transformed the entire executive order as questions and contributed with content to the gap analysis tool, the assessment tool, action plans, and the control catalog.
The outsourcing solution also ensures that you have a complete overview of all employees’ tasks across departments and systems.
We guide you through the process step by step
You can map and get an overview of the scope of the organization's outsourcing work, including suppliers, systems, and policies.
COLLECTION OF INFORMATION
Through a clear and structured questionnaire that reflects the many requirements of the Outsourcing Executive Order, you and your colleagues collect relevant information about each outsourcing event.
ASSESSMENTS AND GAP ANALYSIS
The solution will support your assessments, including whether the outsourcing arrangement is important or critical. The gap analysis can show whether, for example, risk assessments performed are in accordance with the Executive Order.
MITIGATING ACTIONS AND CONTROLS
You get an overview of which areas require mitigating actions. You can also monitor your efforts and maintain your compliance with ongoing controls of, for instance, suppliers.
Generate relevant reports at any time to document your efforts to relevant stakeholders. For example, you can extract the statutory register of outsourcing arrangements to the Danish FSA.
Implementation of the outsourcing solution
Our outsourcing solution is developed with an intuitive user interface, making it is easy to work with. However, this does not preclude the need for good help to ensure optimal implementation in the organization.
To get the best possible start, our Customer Success team is ready to help your organization get started with a well-organized process. You also have the possibility of receiving ongoing support, so you get the most out of using our solution.
A GRC Platform To Bring The Organization Together
Power your organisation by connecting data, teams, action and reporting in an integrated GRC platform.
Whether you deploy one, two, or all our solutions, RISMA GRC platform provides great value by boosting collaboration, increasing visibility, and saving time for everyone involved.
Can we use RISMA's outsourcing solution to register all our outsourcing arrangements?
Certainly, RISMA's outsourcing solution offers the necessary tools to ensure compliance with registry requirements for both standard and crucial outsourcing arrangements. Our solution allows you to submit the register in an electronically readable format to the Danish Financial Supervisory Authority, in accordance with the latest outsourcing notice.
If you want to know more about how our outsourcing solution can help your organization meet its compliance needs, please don't hesitate to reach out to us. Our team would be happy to provide more information and discuss how we can help you streamline your outsourcing processes.
How can our organization benefit from choosing to support our management of outsourcing arrangements?
Previously, it has been customary for financial companies to handle their outsourcing arrangements in Excel and other systems. However, the new outsourcing requirements impose far more restrictions for each outsourcing arrangement – including arrangements that are defined as non-important or non-critical.
This also includes stricter requirements for documentation of all assessments you make. In addition to this, you also need to provide information from your new register in an electronically readable format to the Danish Financial Supervisory Authority.
Read the outsourcing guidelines that reflect EBA's guidelines.
At the same time, it has become clear that you need to have more active control of your suppliers - both to comply with the outsourcing rules and GDPR.
Many users find that the ability to document, record, and monitor outsourcing arrangements becomes less complex and more accurate when they choose to get a system that supports their outsourcing management.
Additionally, you ensure that the entire organization can collaborate on the individual arrangement. For instance, it is often necessary to involve procurement, risk, IT security, law, etc. in the process and contact arrangement if changes occur in your organization.
What are the regulatory requirements for non-critical outsourcing arrangements?
The new outsourcing rules also include requirements for outsourcing arrangements that are not important or critical.You need to:conduct a risk assessment of all outsourcing arrangementsmake sure you meet the requirements of the outsourcing contracts, including termination access in the contractregister all outsourcing arrangements in your register.
What is the impact of outsourcing requirements on my organization?
The outsourcing requirements covers a wide range of obligations. Below are just a few of the essential aspects:
- Your organization must prepare an outsourcing policy, exit strategies and contingency plans
- Your organization must conduct an in-depth pre-outsourcing analysis of all outsourcing arrangements, including due diligence and conflict of interest investigation
- Your organization must make a detailed risk assessment of all outsourcing arrangements
- Your organization must evaluate whether an outsourcing arrangement is important or critical. Important or critical arrangements, along with the results of the pre-outsourcing analysis, must be presented and approved by the Board of Directors
- Your organization must ensure that exit plans are prepared for all important or critical outsourcing arrangements
- Your organization must ensure that outsourcing contracts comply with contract requirements
- Your organization must keep a record of all outsourcing arrangements and document all assessments
- Your organization must monitor outsourcing arrangements and outsourcing providers.