English Language
Danish LanguageNorwegian language

EBA & EIOPA outsourcing - compliance software

Get help to comply with, and monitor, the outsourcing requirements of the financial sector.

Book a demo

New outsourcing requirements - Get help with monitoring

In collaboration with Plesner Advokatpartnerselskab, we have developed an outsourcing solution that structures and supports your work with outsourcing arrangements from cradle to grave, thereby ensuring you are compliant with the new outsourcing requirements.

The many requirements of the Outsourcing executive order have been translated into practical tasks and procedures in our user-friendly software solution. This will help you and your colleagues manage, document, and comply with the stricter requirements of the outsourcing area.
Book a demo

In short: Our Outsourcing Tool

In collaboration with IT and outsourcing experts from Plesner Advokatpartnerselskab, we have developed an outsourcing solution that can help your organization ensure compliance with the Outsourcing Executive Order for financial organizations such as banks, investment companies, etc.

In short, our outsourcing solution is designed to help you become compliant through guidance and a set of practical tasks. For instance, the experts from Plesner have transformed the entire executive order as questions and contributed with content to the gap analysis tool, the assessment tool, action plans, and the control catalog.

The outsourcing solution also ensures that you have a complete overview of all employees’ tasks across departments and systems.

Vores outsourcingværktøj - kort fortalt

I samarbejde med Plesner Advokatpartnerselskabs IT og outsourcingteam har vi udviklet en outsourcingløsning, som kan hjælpe din organisation med at efterleve outsourcingbekendtgørelsen for banker mv.

Kort fortalt er vores outsourcingløsning opbygget på en måde, der sikrer, at I kan efterleve bekendtgørelserne ved at guide jer til at udføre en række praktiske opgaver.
Eksempelvis har teamet i Plesner udformet hele outsourcingbekendtgørelsen som spørgsmål og leveret indhold til gap-analyseværktøjet, vurderingsværktøjer, handlingsplaner og kontrolkatalog.

Outsourcingløsningen sikrer jer desuden et fuldt overblik over alle medarbejderes håndtering af opgaver på tværs af afdelinger og systemer.
Plesner_RISMA systems_GDPR Solution

What you get with the outsourcing solution

  1. Access to assessment tools and legal help texts
  2. Help assess whether an outsourcing arrangement
    is important or critical
  3. A tool for documentation gathering and registry function
  4. Effective user management that ensures knowledge sharing throughout the organization
  5. Standard controls and a vendor management feature
  6. The ability to conduct internal audits and initiate mitigating actions
  7. A monitoring and reporting tool that ensures an overview of the outsourcing area

The Executive Order of Outsourcing

The new Executive Order on Outsourcing contains several stricter outsourcing requirements for a wide range of financial companies, including:
  1. Banks
  2. Mortgage Banks
  3. Payment institutions
  4. Investment companies
  5. Investment management companies
  6. Savings institutions
  7. Shared Data Centers
  8. Payment institutions
  9. E-banks
  10. Operators of regulated markets
Book a demo to learn how to ensure full compliance with RISMA’s outsourcing solution
Book a demo now

EIOPA - New Executive Order and solution on the way

At the beginning of 2020, the European Insurance and Occupational Pensions Authority (EIOPA) issued new cloud outsourcing guidelines. These will result in a new or revised Outsourcing Executive Order for insurance companies and pension funds.

Once the final draft of the new executive order for pension and insurance organizations has been finalized, RISMA will be ready with a solution that can help you with your compliance. This solution will also take the existing outsourcing requirements of the Solvency II Regulation into account.

The guidelines from EIOPA are very similar to the rules in the Outsourcing Executive Order for banks, etc. Therefore, the EIOPA solution will, overall, follow the same system as our EBA outsourcing solution. This means, that organizations that are subject to both ‘EBA’ and ‘EIOPA’ guidelines will be able to use the same solution to handle all the organization’s outsourcing arrangements.

In addition to that, it also means that when you book a demo of our EBA guidelines solution, you will get a really good insight into how RISMA’s solution can be used to handle your work with the Outsourcing requirements – even though you are an insurance or pension organization.

The features of the outsourcing tool

Here is an overview of the many features of our outsourcing tool that can help and guide you to comply with the outsourcing executive order for the financial sector.

Get an overview


Through a complete mapping of, for example, suppliers, you get a full overview. Additionally, you get the opportunity to do a compliance check up on your outsourcing policies, exit strategies, and contingency plans.

GAP analysis

You will be assisted in preparing gap analyses connected to your contracts and risk assessments. At the same time, you will be guided in your assessments of whether your outsourcing arrangements are important or critical. This ensures that you will discover any non-compliance with the requirements.

Risk Assessments

You receive help to prepare risk assessments of your outsourcing arrangements. You need to know the specific risks involved in the various arrangements in order to be able to assess which measures you need to take, it is important to identify every risk involved in all your arrangements.

Monitoring and control


You can set up controls to ensure continuous compliance with the outsourcing requirements. In addition to that, your controls will play an important role in documenting how you comply with the regulation daily.

Annual wheel with controls

You can plan controls in an annual wheel for you to continuously ensure compliance with the Outsourcing Executive Order.

REVIEWS of controls

You can conduct reviews of completed controls and gain an overview of whether you are complying with the outsourcing requirements throughout the entire organization.

Supervision and documentation

Mitigating actions

Assess how to best handle individual arrangement and initiate specific actions and action plans to ensure closure of identified gaps. You can also follow the progress of ongoing actions.

Supervision of suppliers

Audit your suppliers to gain insight into whether they are able to support your compliance with the outsourcing requirements.

Report and document

Keep records of your outsourcing arrangements, compliance appendices to your contracts, and much more. Use the reports as documentation of your compliance to your owners, the board of directors, the executive board, and relevant authorities.


Delegate tasks

You can assign specific tasks to relevant employees, hereby, delegate responsibility of information gathering of outsourcing arrangements to the right people across the organization.


You can automate processes, making it easy for your organization to ensure that delegated tasks are followed up by the individual employees.

Create awareness

You can communicate directly with colleagues when, for example, they need to confirm that they have read and understood new updates or tasks.
Book a demo

Outsourcing compliance step by step

Business Overview - You can map and get an overview of the scope of the organization's outsourcing work, including suppliers, systems, and policies.
Collection of Information - Through a clear and structured questionnaire that reflects the many requirements of the Outsourcing Executive Order, you and your colleagues collect relevant information about each outsourcing arrangements.
Assessments and gap analysis - The solution will support your assessments, including whether the outsourcing arrangement is important or critical. The gap analysis can show whether, for example, risk assessments performed are in accordance with the Executive Order.
Mitigating actions and controls - You get an overview of which areas require mitigating actions. You can also monitor your efforts and maintain your compliance with ongoing controls of, for instance, suppliers.
Documentation - Generate relevant reports at any time to document your efforts to relevant stakeholders. For example, you can extract the statutory register of outsourcing arrangements to the Danish FSA.
Outsourcing-compliancesoftware_Forretningsoverblik_RISMA Systems
Step 1: Business Overview
Outsourcing-compliancesoftware_informationsindsamling_RISMA Systems
Step 2: Collection of Information
Outsourcing-compliancesoftware_gap-analyse_RISMA Systems
Step 3: Assessments and gap analysis
Oursourcing-compliancesoftware_mitigerende handlinger og kontroller_RISMA Systems
Step 4: Mitigating Actions and Controls
Outsourcing-compliancesoftware_dokumention_RISMA Systems
Step 5: Documentation

Implementation of our compliance solution

Our outsourcing solution is developed with an intuitive user interface, making it is easy to work with. However, this does not preclude the need for good help to ensure optimal implementation in the organization.

To get the best possible start, our Customer Success team is ready to help your organization get started with a well-organized process. You also have the possibility of receiving ongoing support, so you get the most out of using our solution.
Outsourcing compliance software_Implementation_RISMA Systems

Any questions?

It is no easy task to figure out which software to choose from so you can handle your outsourcing governance and compliance.

Here, you can see the answers to some of the questions that we and Plesner Advokatselskab are often asked. However, if you cannot find the answers to your questions here, we are always happy to help.
Contact us

How does the outsourcing requirements affect my organization?

The outsourcing requirements covers a wide range of obligations. Below are just a few of the essential aspects:
  • Your organization must prepare an outsourcing policy, exit strategies and contingency plans
  • Your organization must conduct an in-depth pre-outsourcing analysis of all outsourcing arrangements, including due diligence and conflict of interest investigation
  • Your organization must make a detailed risk assessment of all outsourcing arrangements
  • Your organization must evaluate whether an outsourcing arrangement is important or critical. Important or critical arrangements, along with the results of the pre-outsourcing analysis, must be presented and approved by the Board of Directors
  • Your organization must ensure that exit plans are prepared for all important or critical outsourcing arrangements
  • Your organization must ensure that outsourcing contracts comply with contract requirements
  • Your organization must keep a record of all outsourcing arrangements and document all assessments
  • Your organization must monitor outsourcing arrangements and outsourcing providers

Is there an advantage in choosing to support our management of outsourcing arrangements?

Previously, it has been customary for financial companies to handle their outsourcing arrangements in Excel and other systems. However, the new outsourcing requirements impose far more restrictions for each outsourcing arrangement – including arrangements that are defined as non-important or non-critical.  

This also includes stricter requirements for documentation of all assessments you make. In addition to this, you also need to provide information from your new register in an electronically readable format to the Danish Financial Supervisory Authority.

Read the outsourcing guidelines that reflect EBA's guidelines..

At the same time, it has become clear that you need to have more active control of your suppliers - both to comply with the outsourcing rules and GDPR.

Many users find that the ability to document, record, and monitor outsourcing arrangements becomes less complex and more accurate when they choose to get a system that supports their outsourcing management.

Additionally, you ensure that the entire organization can collaborate on the individual arrangement. For instance, it is often necessary to involve procurement, risk, IT security, law, etc. in the process and contact arrangement if changes occur in your organization.

Are there any requirements for outsourcing arrangements that are not important or critical?

The new outsourcing rules also include requirements for outsourcing arrangements that are not important or critical.

You need to:
  • conduct a risk assessment of all outsourcing arrangements
  • make sure you meet the requirements of the outsourcing contracts, including termination access in the contract
  • register all outsourcing arrangements in your register.

Does RISMA's outsourcing solution include a registry feature where we can register all our outsourcing arrangements?

Yes, RISMA's outsourcing solution allows you to meet the registry requirements for both regular outsourcing and important or critical outsourcing arrangements.

The solution allows you to hand over the register in an electronically readable form to the Danish Financial Supervisory Authority, which is a requirement according to the new outsourcing notice.

Kom hele vejen rundt om EBA's retningslinjer

De seneste par år har finansielle institutioner i stigende grad været interesseret i at outsource forretningsaktiviteter for at sikre større fleksibilitet og reducere omkostninger.  Tillid til den finansielle sektor er dog essentiel for økonomien, som helhed. European Banking Authority (EBA) har derfor opsat særligt strenge retningslinjer, når det kommer til finansielle institutioners outsourcingarrangementer og de tilhørende tilsynsforventninger og -processer.

Sammen med juridiske eksperter har vi udarbejdet en løsning, som kan hjælpe finansielle organisationer med at vurdere deres outsourcingarrangementer. Vores løsning guider dig gennem de nødvendige skridt og hjælper jer med at vurdere og dokumentere et vellykket outsourcingforhold ved at overvåge, evaluere og håndtere risici forbundet med de services og systemer, der er involveret.
Læs mere
Checkmark - compliance solutionCheckmark - compliance solutionCheckmark - compliance solution
Vurder risikoniveau af jeres outsourcing
Dokumentér og få en dybdegående analyse af jeres outsourcingarrangementer
Checkmark - compliance solution
Guider finansielle organisationer til compliance
Strukturér jeres arbejde med outsourcingreglerne
Book en demo


Stay up to date with knowledge and best practices on compliance, risk management, and governance. Receive guides, articles, case stories, invitations to events, offers, and much more.