top of page

What is proportionality and why what does it mean in the context of the European Banking Authority (EBA) guidelines on outsourcing?

The European Banking Authority (<a href="/glossarycollection/european-banking-authority" style="color:#48277C;" target="_blank" title="European Banking Authority"><u>EBA</u></a>) guidelines refer to another document: 'Guidelines on internal governance under Directive 2013/36/EU' for an explanation of proportionately.<br/><br/>

Essentially, 'Payment Institutions (<a href="/glossarycollection/payment-institution" style="color:#48277C;" target="_blank" title="Payment Institution"><u>PI</u></a>) should take into account their size and internal organisation, and the nature, scale and complexity of their activities, when developing and implementing internal governance arrangements. Significant PIs should have more sophisticated governance arrangements, while small and less complex PIs may implement simpler governance arrangements.'<br/><br/>

Unfortunately there is no definition of 'simpler governance arrangements'.<br/><br/>

The following criteria should be taken into account by PIs and competent authorities:<br/><br/>

- the size in terms of the balance-sheet total of the PI and its subsidiaries within the scope of prudential consolidation;<br/><br/>

- the geographical presence of the PI and the size of its operations in each jurisdiction;<br/><br/>

- the legal form of the PI, including whether the PI is part of a group and, if so, the proportionality assessment for the group;<br/><br/>

- whether the PI is listed or not;<br/><br/>

- whether thePI is authorised to use internal models for the measurement of capital requirements (e.g. the Internal Ratings Based Approach);<br/><br/>

- the type of authorised activities and services performed by the PI (e.g. see also Annex 1 to Directive 2013/36/EU and Annex 1 to Directive 2014/65/EU);<br/><br/>

- the underlying business model and strategy; the nature and complexity of the business activities, and the PI’s organisational structure;<br/><br/>

- the risk strategy, risk appetite and actual risk profile of the PI, taking into account also the result of the SREP capital and SREP liquidity assessments;<br/><br/>

- the ownership and funding structure of the PI;<br/><br/>

- the type of clients (e.g. retail, corporate, institutional, small businesses, public entities) and the complexity of the products or contracts;<br/><br/>

- the outsourced activities and distribution channels;<br/><br/>


- the existing information technology (IT) systems, including continuity systems and outsourcing activities in this area.<br/><br/>

For the benefit of the doubt, it is probably safest to implement all of the controls and processes mentioned in the EBA guidelines on outsourcing.

bottom of page