Outsourcing and Delegation – EU Commission Proposes Powers of Intervention

by Morgan Lewis

Morgan Lewis

Aware of the risks of regulatory arbitrage developing post-Brexit, a key feature of the Commission’s proposals allows ESAs to monitor the practices of EU27 regulators.

On 20 September, the European Commission (the Commission) published its proposals on strengthening the role of the European Securities and Markets Authority (ESMA) and other European Supervisory Authorities (ESAs) such as the European Banking Authority (EBA) and the European Insurance and Occupational Pensions Authority (EIOPA) in relation to integrated supervision and the furtherance of the Capital Markets Union. The Commission’s proposals take into account the decision of the United Kingdom to leave the European Union (EU). A key feature of the Commission’s proposals is that which allows the relevant ESA to monitor the practices of EU27 regulators in allowing market players such as banks, fund managers, and investment firms to delegate and outsource business functions to third countries to ensure that risks are properly managed and to prevent circumvention of the rules, and to intervene where a national EU regulator intends to carry out the registration or authorisation of a firm looking to outsource or delegate certain activities to third countries.

To UK firms planning for a worse case, “hard” Brexit scenario, whereby the UK becomes a “third country” and UK participants lose their passporting rights, this will be an unexpected development. UK financial market participants have been giving serious consideration to setting up an affiliate in one of the EU27 countries which intends to outsource or delegate its key functions back to the UK in order to retain their passporting rights post-Brexit, without relocating to one of the EU27. Accordingly, many in the UK financial sector will see this as a calculated political move by the Commission to tame the City of London’s influence and to remove from it its ‘centre-stage’ position in European Finance.

However, whilst ESMA and the other ESAs may intervene, the Commission has not gone so far as to give them a definitive veto on the decision of the national EU27 regulators. Instead, the Commission has given ESMA and the other ESAs the power to monitor and opine with the added tool of being able to issue a recommendation to a national EU27 regulator to review a decision or withdraw an authorisation. The extent to which a national EU27 regulator will or must follow an ESA’s recommendation is up to the regulator in question. However, it is clear that ESMA and the other ESAs will be able to exert significant pressure on national EU27 regulators in relation to the registration and authorisation process. The implication is that the Commission is concerned that some national EU27 regulators may be less rigorous when vetting applications by UK firms looking to establish an affiliate in the EU27 to benefit from post-Brexit passporting which intends to outsource or delegate their key functions back to the UK. In short, ESMA is concerned that Brexit may trigger a regulatory race to the bottom whereby national EU27 regulators loosen standards in order to grab some of London’s financial market share. Nevertheless, one practical consequence of these proposals will be to slow the registration and authorisation process of the national EU27 regulators, leading to delays.

Article 31(a) of the Commission’s proposals, which is ominously titled “coordination on delegation and outsourcing of activities as well as risk of transfers”, imposes a number of obligations on national EU27 regulators where they intend to allow an applicant firm to outsource or delegate into third countries:

  1. To notify the relevant ESA of its intention to carry out registrations or authorisations where the business plan of the applicant(s) entails (i) the outsourcing or delegation of a material part of its activities or any key functions, or (ii) the risk transfer of a material part of its activities into a third country, to benefit from the EU passport while essentially performing substantial activities or functions outside the EU. This notification must be sufficiently detailed to allow for a proper assessment by the authority;
  2. To wait, where the relevant ESA considers it necessary to issue an opinion as regards the noncompliance of an authorisation or registration with EU law, guidelines, recommendations, or opinions adopted by it, until it has received that opinion before granting authorisation or registration. The relevant ESA may take up to a maximum of two months to issue an opinion;
  3. To provide, within 15 working days from the date of the relevant ESA’s request, information on its decisions to authorise or register a financial market participant under its supervision with regard to its outsourcing or delegation activities;
  4. To inform the relevant ESA of the notifications it has received from financial market participants in respect of the obligations of the financial market participant set out below; and
  5. To provide within 15 working days where it does not follow the recommendations of the relevant ESA and its reasons for not following the relevant ESA’s recommendation. The relevant ESA shall then make its recommendations public together with the national EU27 regulator’s reasoning.

The Commission proposes that the relevant ESA should be empowered to monitor whether the competent authorities concerned verify that outsourcing, delegation, or risk transfer arrangements are concluded in accordance with EU law, comply with guidelines, recommendations, or opinions from the relevant ESA and do not prevent effective supervision by the competent authorities and enforcement in a third country.

Comparatively, the burden imposed on financial market participants is a light one:

  • The financial market participant must notify the national EU27 regulator of the outsourcing or delegation of a material part of its activities or any of its key functions, and the risk transfer of a material part of its activities to a third-country branch or entity.

Whilst the Commission’s proposals do not constitute a binding authoritative instrument, firms should be mindful of the tone and direction of the proposals emanating from the Commission and factor that aspect into their post-Brexit planning.

The Commission also makes proposals on third country equivalence, the technique whereby the EU can allow market participants based in regulated third countries to do business in the EU on a passported basis. The proposed amendments to Article 33 of the ESA regulations confirm that the ESAs shall assist the Commission in preparing equivalence decisions. In addition, the proposals confirm that the ESAs shall, on an ongoing basis, monitor the regulatory and supervisory developments and enforcement practices in third countries on which the Commission has taken an equivalence decision.

In the wake of the result of the UK referendum on EU membership we have been advising clients on Brexit restructuring issues. We will keep you updated with any further developments.



DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Morgan Lewis | Attorney Advertising

Written by:

Morgan Lewis

Morgan Lewis on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up using*

Already signed up? Log in here

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
Privacy Policy (Updated: October 8, 2015):

JD Supra provides users with access to its legal industry publishing services (the "Service") through its website (the "Website") as well as through other sources. Our policies with regard to data collection and use of personal information of users of the Service, regardless of the manner in which users access the Service, and visitors to the Website are set forth in this statement ("Policy"). By using the Service, you signify your acceptance of this Policy.

Information Collection and Use by JD Supra

JD Supra collects users' names, companies, titles, e-mail address and industry. JD Supra also tracks the pages that users visit, logs IP addresses and aggregates non-personally identifiable user data and browser type. This data is gathered using cookies and other technologies.

The information and data collected is used to authenticate users and to send notifications relating to the Service, including email alerts to which users have subscribed; to manage the Service and Website, to improve the Service and to customize the user's experience. This information is also provided to the authors of the content to give them insight into their readership and help them to improve their content, so that it is most useful for our users.

JD Supra does not sell, rent or otherwise provide your details to third parties, other than to the authors of the content on JD Supra.

If you prefer not to enable cookies, you may change your browser settings to disable cookies; however, please note that rejecting cookies while visiting the Website may result in certain parts of the Website not operating correctly or as efficiently as if cookies were allowed.

Email Choice/Opt-out

Users who opt in to receive emails may choose to no longer receive e-mail updates and newsletters by selecting the "opt-out of future email" option in the email they receive from JD Supra or in their JD Supra account management screen.


JD Supra takes reasonable precautions to insure that user information is kept private. We restrict access to user information to those individuals who reasonably need access to perform their job functions, such as our third party email service, customer service personnel and technical staff. However, please note that no method of transmitting or storing data is completely secure and we cannot guarantee the security of user information. Unauthorized entry or use, hardware or software failure, and other factors may compromise the security of user information at any time.

If you have reason to believe that your interaction with us is no longer secure, you must immediately notify us of the problem by contacting us at info@jdsupra.com. In the unlikely event that we believe that the security of your user information in our possession or control may have been compromised, we may seek to notify you of that development and, if so, will endeavor to do so as promptly as practicable under the circumstances.

Sharing and Disclosure of Information JD Supra Collects

Except as otherwise described in this privacy statement, JD Supra will not disclose personal information to any third party unless we believe that disclosure is necessary to: (1) comply with applicable laws; (2) respond to governmental inquiries or requests; (3) comply with valid legal process; (4) protect the rights, privacy, safety or property of JD Supra, users of the Service, Website visitors or the public; (5) permit us to pursue available remedies or limit the damages that we may sustain; and (6) enforce our Terms & Conditions of Use.

In the event there is a change in the corporate structure of JD Supra such as, but not limited to, merger, consolidation, sale, liquidation or transfer of substantial assets, JD Supra may, in its sole discretion, transfer, sell or assign information collected on and through the Service to one or more affiliated or unaffiliated third parties.

Links to Other Websites

This Website and the Service may contain links to other websites. The operator of such other websites may collect information about you, including through cookies or other technologies. If you are using the Service through the Website and link to another site, you will leave the Website and this Policy will not apply to your use of and activity on those other sites. We encourage you to read the legal notices posted on those sites, including their privacy policies. We shall have no responsibility or liability for your visitation to, and the data collection and use practices of, such other sites. This Policy applies solely to the information collected in connection with your use of this Website and does not apply to any practices conducted offline or in connection with any other websites.

Changes in Our Privacy Policy

We reserve the right to change this Policy at any time. Please refer to the date at the top of this page to determine when this Policy was last revised. Any changes to our privacy policy will become effective upon posting of the revised policy on the Website. By continuing to use the Service or Website following such changes, you will be deemed to have agreed to such changes. If you do not agree with the terms of this Policy, as it may be amended from time to time, in whole or part, please do not continue using the Service or the Website.

Contacting JD Supra

If you have any questions about this privacy statement, the practices of this site, your dealings with this Web site, or if you would like to change any of the information you have provided to us, please contact us at: info@jdsupra.com.

- hide
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.