top of page

Compliance & Outsourcing Advisory

Regulatory, Compliance and Governance represent a business challenge.

CSSF & CAA Regulations

As explained on the website of the "Commission de Surveillance du Secteur Financier (CSSF)", outsourcing arrangements are defined and detailed in CSSF Circular 22/806 published in April 2022. In the insurance and reinsurance sector, the "Commissariat aux Assurances (CAA)" has published two circulars: the 21/15 about Cloud Outsourcing and the 22/16 about Non-cloud Outsourcing.

The main purpose of the circular 22/806 of the CSSF is to implement the requirements of the EBA Guidelines on outsourcing arrangements (EBA/GL/2019/02). Circular CSSF 22/806 further aims at providing a transparent, homogeneous and harmonised national framework for outsourcing arrangements. It also gathers the requirements for outsourcing arrangements relating to information and communication technology (“ICT”), that were previously disseminated in individual CSSF circulars."

We propose an "Awareness session" to inform top management and all stakeholders about CSSF Circular 22/806 and CAA Circulars.

Based on our experience in Outsourcing, Thot IT analyses and evaluates the gap between your outsourcing framework (Policy, Procedure, Process, Tools and Register) and what is required by the regulator. 

It is important for a client to be able to classify the Outsourcing initiative as accurately as possible in order to take the best decisions and execute the adequate regulatory file to publish to the competent authority (CSSF, BCE, EBA, CAA).

Thanks to our in-house developed tools, we can help you answer questions about the classification of your outsourcings:

  • Is it potential regulated outsourcing or Other third-party service?​

  • Is it a Critical or Important function outsourced or not ?​

  • Which kind of Outsourcing (ITO, BPO or Cloud Computing)?

Thot IT  helps you answer these questions. Our mission is to ensure that you are compliant with the requirements of the competent authorities. We provide the outsourcing analysts who will help you respond questions raised by circulars.

Finally, we prepare the CSSF or CAA Notification File for clients related to critical or important function to be outsourced (CIF).

Take into account that non-compliance with certain laws and regulations can lead to financial penalties and harms the reputation of your company. 

bottom of page