- Question ID
-
2021_6191
- Legal act
- Directive 2013/36/EU (CRD)
- Topic
- Supervisory review and evaluation (SREP) and Pillar 2
- Article
-
97
- COM Delegated or Implementing Acts/RTS/ITS/GLs/Recommendations
- EBA/GL/2019/02 - Guidelines on outsourcing arrangements
- Article/Paragraph
-
12, 26, 28
- Name of institution / submitter
-
Solutium d.o.o.
- Country of incorporation / residence
-
Slovenia
- Type of submitter
-
Other
- Subject matter
-
Custom software development and support outsourcing clarification
- Question
-
Company for development and maintenance of banking software has identified the following unclarities related to the EBA Guidelines on outsourcing arrangements (EBA/GL/2019/02) that were published by European Banking Authority (EBA) and for which we ask for clarification/interpretation:
- Is custom software development, which is based on specifications and orders from a bank, and which covers thematic area or function that the bank defined as a critical function, considered as outsourcing (in terms of the referenced guidelines) when the act of development is performed on an occasional (not recurrent and not ongoing) basis?
- Is regular custom software maintenance and support of software mentioned in the previous bullet point, which covers thematic area or function that the bank defined as a critical function, considered as outsourcing (in terms of the referenced guidelines) if the company providing the software maintenance and support service doesn’t have access to bank’s production environment or data from the production environment? IT department of the bank exclusively maintains their production environment, and only the bank has access to production environment data (first level support). The company offers second level support to the IT department, which consists of consultations for resolving more demanding problems, which are simulated in the test environment (without any access to the production environment).
- In case any of the services mentioned in the previous bullet points are considered as outsourcing (in terms of the referenced guidelines), must the contract between the company and the bank implement all guidelines or only those that are relevant for the scope of cooperation between the company and the bank? Please confirm that there is no need for the contract to cover guidelines related to cloud services and outsourcing data processing services if the company does not offer cloud services nor processes any data of the bank.
- Background on the question
-
Company for development and maintenance of banking software has identified listed unclarities related to the EBA Guidelines on outsourcing arrangements (EBA/GL/2019/02) which need clearification.
- Submission date
- Rejected publishing date
-
- Rationale for rejection
-
This question has been rejected because to ensure the effectiveness of the Q&A process it focuses on answering questions that are likely to be relevant to a broad set of stakeholders – for example, a large number, broad range or wide geographical distribution – rather than questions which address circumstances which appear likely to be relevant only to the particular circumstances of certain stakeholders or transactions.
For further information on the purpose of this tool and on how to submit questions, please see “Additional background and guidance for asking questions”.
- Status
-
Rejected question