Lost in the regulatory jungle of outsourcing?

As a result of the new outsourcing rules and guidelines for financial companies, including the Outsourcing Executive Order for credit institutions, etc., and EIOPA's guidelines for cloud outsourcing, you as a Compliance Officer may find yourself in the middle of a regulatory jungle, lacking overview.

Together with Plesner Advokatpartnerselskab's leading experts in cloud outsourcing, we have developed a strong compliance solution that gives you clarity, an overview and an action plan.

Easy overview

Define, monitor and document all your outsourcing arrangements in one place to eliminate inefficient work across excel sheets.

Blue checkmark

Create transparency across departments

Blue checkmark

Generate board reports with a click

Blue checkmark

Integrate policies, processes and exit-strategy in one place

EBA EIOPA1
EBA EIOPA2

Clear guidance to compliance

We have turned the executive order of outsourcing into a clear and structured questionnaire that reflects the requirements of the Outsourcing Executive Order.

Blue checkmark

Built-in supplier contract requirement checklist

Blue checkmark

Guided step-by-step process to get compliance

Blue checkmark

Data mapping and visual overview of all outsourcing arrangements

Compliance & Governance Integrated

Once you are compliant we’ll assets you maintain  your controls by automating them to move the manual burden from your shoulders.

Blue checkmark

Create annual wheels with automated controls

Blue checkmark

Easy documentation of important and critical arrangements

Blue checkmark

Extract the statutory register to the Danish FSA

EBA EIOPA3

Eliminate manual processes and work-arounds for greater overview and efficiency

All your needs in a seamless compliance solution

Let's talk

Key features in our outsourcing solution

ikoner-23
MAPPING
Through a complete mapping of, for example, suppliers, you get a full overview. Additionally, you get the opportunity to do a compliance check up on your outsourcing policies, exit strategies, and contingency plans.
ikoner-08
GAP ANALYSIS
You will be assisted in preparing gap analyses connected to your contracts and risk assessments. At the same time, you will be guided in your assessments of whether your outsourcing arrangements are important or critical. This ensures that you will discover any non-compliance with the requirements.
ikoner-04
RISK ASSESSMENTS
You receive help to prepare risk assessments of your outsourcing arrangements. You need to know the specific risks involved in the various events in order to be able to assess which measures you need to take, it is important to identify every risk involved in all your arrangements.
ikoner-22
CONTROLS
You can set up controls to ensure continuous compliance with the outsourcing requirements. In addition to that, your controls will play an important role in documenting how you comply with the regulation daily.
ikoner-10
DELEGATE TASKS
You can assign specific tasks to relevant employees, hereby, delegate responsibility of information gathering of outsourcing arrangements to the right people across the organization.
ikoner-14
REVIEWS OF CONTROLS
You can conduct reviews of completed controls and gain an overview of whether you are complying with the outsourcing requirements throughout the entire organization.

Systemize Your Cloud Outsourcing

In collaboration with the experts from Plesner Advokatpartnerselskab, RISMA has developed a solution to help insurance companies and pension funds put the management of cloud outsourcing into a system and thus comply with EIOPA's guidelines for cloud outsourcing.

The solution takes into account the existing requirements for outsourcing in the Solvency II Regulation. Organizations subject to both EIOPA and EBA guidelines can benefit from using the solution to handle all organizational outsourcing events.

Developed in collaboration with leading experts

In collaboration with IT and outsourcing experts from Plesner Advokatpartnerselskab, we have developed an outsourcing solution that can help your organization ensure compliance with the Outsourcing Executive Order for financial organizations such as banks, investment companies, etc.

In short, our outsourcing solution is designed to help you become compliant through guidance and a set of practical tasks. For instance, the experts from Plesner have transformed the entire executive order as questions and contributed with content to the gap analysis tool, the assessment tool, action plans, and the control catalog.

The outsourcing solution also ensures that you have a complete overview of all employees’ tasks across departments and systems.

Developed in collaboration with leading experts

Outsourcing compliance
We guide you through the process step by step

Best practice

Business overview

 Best practice2

Collection of Information

 Best practice3

Gap Analysis

 Best practice4

Mitigate Actions and Controls

 Best practice5

Documentation

BUSINESS OVERVIEW

You can map and get an overview of the scope of the organization's outsourcing work, including suppliers, systems, and policies.

COLLECTION OF INFORMATION

Through a clear and structured questionnaire that reflects the many requirements of the Outsourcing Executive Order, you and your colleagues collect relevant information about each outsourcing event.

ASSESSMENTS AND GAP ANALYSIS

The solution will support your assessments, including whether the outsourcing arrangement is important or critical. The gap analysis can show whether, for example, risk assessments performed are in accordance with the Executive Order.

MITIGATING ACTIONS AND CONTROLS

You get an overview of which areas require mitigating actions. You can also monitor your efforts and maintain your compliance with ongoing controls of, for instance, suppliers.

Documentation

Generate relevant reports at any time to document your efforts to relevant stakeholders. For example, you can extract the statutory register of outsourcing arrangements to the Danish FSA.

Onboarding

Implementation of the outsourcing solution

Our outsourcing solution is developed with an intuitive user interface, making it is easy to work with. However, this does not preclude the need for good help to ensure optimal implementation in the organization.

To get the best possible start, our Customer Success team is ready to help your organization get started with a well-organized process. You also have the possibility of receiving ongoing support, so you get the most out of using our solution.

Explore our 5-step implementation  ➝

Learn how we can fit into your business

Book a demo to learn how your organization can ensure compliance with EBA & EIOPA outsourcing through a guided process.

Book demo
Ready to try RISMA
integrated

A GRC Platform To Bring The Organization Together

Power your organisation by connecting data, teams, action and reporting in an integrated GRC platform.

Whether you deploy one, two, or all our solutions, RISMA GRC platform provides great value by boosting collaboration, increasing visibility, and saving time for everyone involved.

Explore our GRC platform ➝
Operational Tools

INTERNAL AUDIT
STREAMLINED

Effortlessly automate, document and report all your controls - including assessment, mitigation and monitoring in one simple platform.

READ ABOUT INTERNAL CONTROLS →
Operational Tools

RISK MANAGEMENT
ORGANIZED

Define, assess, analyze and mitigate your organization’s risks and turn your insight into strategic assets.

READ ABOUT OUR RISK SOLUTION →
EU regulations-01

GDPR Compliance
Unified

Manage compliance frameworks, controls, risks, policies, and reporting in one integrated solution.

READ ABOUT OUR GDPR SOLUTION →

FAQ

Can we use RISMA's outsourcing solution to register all our outsourcing arrangements?

Arrow

Certainly, RISMA's outsourcing solution offers the necessary tools to ensure compliance with registry requirements for both standard and crucial outsourcing arrangements. Our solution allows you to submit the register in an electronically readable format to the Danish Financial Supervisory Authority, in accordance with the latest outsourcing notice.

If you want to know more about how our outsourcing solution can help your organization meet its compliance needs, please don't hesitate to reach out to us. Our team would be happy to provide more information and discuss how we can help you streamline your outsourcing processes.

How can our organization benefit from choosing to support our management of outsourcing arrangements?

Arrow

Previously, it has been customary for financial companies to handle their outsourcing arrangements in Excel and other systems. However, the new outsourcing requirements impose far more restrictions for each outsourcing arrangement – including arrangements that are defined as non-important or non-critical.  

This also includes stricter requirements for documentation of all assessments you make. In addition to this, you also need to provide information from your new register in an electronically readable format to the Danish Financial Supervisory Authority.

Read the outsourcing guidelines that reflect EBA's guidelines.

At the same time, it has become clear that you need to have more active control of your suppliers - both to comply with the outsourcing rules and GDPR.

Many users find that the ability to document, record, and monitor outsourcing arrangements becomes less complex and more accurate when they choose to get a system that supports their outsourcing management.

Additionally, you ensure that the entire organization can collaborate on the individual arrangement. For instance, it is often necessary to involve procurement, risk, IT security, law, etc. in the process and contact arrangement if changes occur in your organization.

What are the regulatory requirements for non-critical outsourcing arrangements?

Arrow

The new outsourcing rules also include requirements for outsourcing arrangements that are not important or critical.You need to:conduct a risk assessment of all outsourcing arrangementsmake sure you meet the requirements of the outsourcing contracts, including termination access in the contractregister all outsourcing arrangements in your register.

What is the impact of outsourcing requirements on my organization?

Arrow

The outsourcing requirements covers a wide range of obligations. Below are just a few of the essential aspects:

  • Your organization must prepare an outsourcing policy, exit strategies and contingency plans
  • Your organization must conduct an in-depth pre-outsourcing analysis of all outsourcing arrangements, including due diligence and conflict of interest investigation
  • Your organization must make a detailed risk assessment of all outsourcing arrangements
  • Your organization must evaluate whether an outsourcing arrangement is important or critical. Important or critical arrangements, along with the results of the pre-outsourcing analysis, must be presented and approved by the Board of Directors
  • Your organization must ensure that exit plans are prepared for all important or critical outsourcing arrangements
  • Your organization must ensure that outsourcing contracts comply with contract requirements
  • Your organization must keep a record of all outsourcing arrangements and document all assessments
  • Your organization must monitor outsourcing arrangements and outsourcing providers.