top of page

Compliance & Outsourcing Advisory

Regulatory, Compliance and Governance Represent a Business Challenge

CSSF & CAA Regulations

As explained on the website of the "Commission de Surveillance du Secteur Financier (CSSF)", outsourcing arrangements are defined and detailed in CSSF Circulars 25/882 and 25/883. In the insurance and reinsurance sector, the "Commissariat aux Assurances (CAA)" has published two circulars: the 21/15 about Cloud Outsourcing and the 22/16 about Non-cloud Outsourcing.

The main purpose of the CSSF Circulars 25/882 and 25/883 is to implement and consolidate the requirements of the EBA Guidelines on outsourcing arrangements (EBA/GL/2019/02). These circulars aim to provide a transparent, homogeneous, and harmonised national framework for outsourcing arrangements. They also consolidate requirements relating to information and communication technology (“ICT”) outsourcing, previously addressed in older circulars.

We propose an "Awareness Session" to inform top management and all stakeholders about CSSF Circulars 25/882 and 25/883 as well as CAA Circulars.

Based on our experience in Outsourcing, Thot IT analyses and evaluates the gap between your outsourcing framework (Policy, Procedure, Process, Tools and Register) and what is required by the regulator.

It is important for a client to be able to classify the outsourcing initiative as accurately as possible in order to make the best decisions and execute the appropriate regulatory file to submit to the competent authority (CSSF, BCE, EBA, CAA).

Thanks to our in-house developed tools, we can help you answer questions about the classification of your outsourcings:

  • Is it potential regulated outsourcing or another third-party service?

  • Is it a Critical or Important function outsourced or not?

  • What kind of outsourcing is it (ITO, BPO, or Cloud Computing)?

 

Thot IT helps you answer these questions. Our mission is to ensure that you are compliant with the requirements of the competent authorities. We provide the outsourcing analysts who will help you respond to questions raised by these circulars.

Finally, we prepare the CSSF or CAA Notification File for clients related to critical or important functions to be outsourced (CIF).

Take into account that non-compliance with certain laws and regulations can lead to financial penalties and harm the reputation of your company.

bottom of page