REGULATION AND REQUIREMENTS
To what extent does national law specifically regulate outsourcing transactions?
Other than in the financial services sector, there is no specific regulation of outsourcing transactions. However, depending on the sector and services involved, parts of the outsourcing transaction may be regulated by various elements of national law, such as:
Data protection. IP rights protection. Health and safety regulations. Transfers of employees are regulated under national rules implementing Directive 2001/23/EC on safeguarding employees' rights on transfers of undertakings, businesses or parts of businesses (Transfer of Undertakings Directive).
What additional regulations may be relevant for the following types of outsourcing?
The Central Bank of Ireland (CBI) regulates the financial services sector in Ireland, and is responsible for supervisory and prudential oversight of, among other things:
Banks. Credit institutions. Payment institutions. Investment services providers. Insurers. Insurance, investment and other financial services intermediaries. Investment funds and service providers to investment funds. Other financial institutions. Outsourcing by regulated financial institutions is subject to specific rules. The primary regulatory source remains Directive 2004/39/EC on markets in financial instruments (MiFID), which was implemented into Irish law in November 2007, and which sets out specific rules relating to outsourcing in the context of investment-related financial services. The Committee of European Banking Supervisors (CEBS) Guidelines on Outsourcing (CEBS Guidelines), published in December 2006, and which were deliberately designed to be consistent with MiFID, apply to the full range of services that credit institutions provide, and not just investment-related financial services. Specific requirements relating to outsourcing by payment institutions are also included in the CBI's prudential requirements for payment institutions.
The implementation of Directive 2009/65 EC on undertakings for collective investment in transferable securities (UCITS) (UCITS IV Directive) on 1 July 2011 has resulted in the application of MiFID-like organisational and internal control requirements to UCITS management companies. It is expected to result in an increasing alignment of the contractual requirements for delegated fund services with MiFID outsourcing rules. In conjunction with the introduction of UCITS IV, the CBI has also replaced the previous "minimum activities" regime for both UCITS and non-UCITS fund administration services (which required that certain activities be conducted in Ireland). The new regime:
Closely tracks MiFID requirements. Identifies ''core administration services'' (that is, those which Irish regulated administration firms must continue to undertake in Ireland). While the CBI has not itself published general guidelines on outsourcing, it has in the past published an Assistance Paper on Outsourcing (Assistance Paper), which sets out the CBI's views on outsourcing generally in the financial services sector, effectively tracking the MiFID provisions and CEBS Guidelines relating to outsourcing. There is a separate and detailed CBI notice relating to outsourcing by fund administration services.
The CBI can also refer to sector specific guidance, including guidance published by the Joint Forum of the Basel Committee on Banking Supervision, the International Organisation of Securities Commissions and the International Association of Insurance Supervisors.
There are no regulations specific to business process outsourcing. However, additional regulation can arise in industry-specific contexts.
There are no IT regulations specific to outsourcing. However, additional regulation can arise in industry-specific contexts.
There are no telecommunications regulations specific to outsourcing. However, when structuring any outsourcing in the telecommunications sector, the parties must comply with general telecommunications regulatory requirements.
The provision of telecommunications networks and services falls under the electronic communications networks and services regulatory regime. While in general there is no requirement to obtain a licence, to provide such networks and services, the provider of the network or service must:
Notify the Commission for Communication Regulation (ComReg) before providing any networks or services. Comply with the terms of the general authorisation published by ComReg. Depending on the services being outsourced, there can be additional requirements for wireless telegraphy licences.
When a public sector body enters into outsourcing activities:
It must comply with public procurement rules (see Question 6, Public sector and utilities). Its authority to outsource the activity in question must be considered. Otherwise, there are no outsourcing regulations specific to the public sector. However, additional regulation can arise in specific contexts (such as data protection, or regulations applying to the transfer of employees).
The regulation of outsourcing transactions under Irish law depends less on the nature of the outsourced service (for example, IT or business process) than on the sector in which the outsourcing takes place (for example, financial services or the health sector). In any regulated industry or sector, the proposed outsourcing's scope and structure must be considered in the context of the relevant regulatory regime, to ensure that all licences and authorisations are obtained and other requirements are met.
What further legal or regulatory requirements (formal or informal) are there concerning outsourcing in any industry sector?
In the financial services sector, there are specific rules relating to outsourcing which must be observed.
Material outsourcings. Both MiFID and the CEBS Guidelines include specific rules, which are reflected in the Assistance Paper, relating to:
The notification of material outsourcings to the CBI. Any outsourcing of activities is considered a material outsourcing if the failure of those activities could significantly impair the institution's: ability to meet its regulatory responsibilities; financial performance; ability to remain in business; risk management. An obligation to execute a clear written outsourcing contract, which includes: a clear definition of the services to be provided and the performance standards to be achieved; provision for ongoing monitoring, assessment and auditing rights for the customer; and protection of the CBI's ability to continue to properly oversee and regulate the outsourced activity. Any outsourcing contract must not prejudice the CBI's ability to audit and access information relating to the outsourcing and the premises from which the outsourced services are provided, or require termination of the outsourcing contract where it deems necessary.
Fund administration services. The rules for outsourcing of fund administration services broadly follow the material outsourcings requirements (see above).
Minimum termination notice periods. The CBI can also impose minimum termination notice periods for certain financial services contracts (see Question 30).
What requirements (formal or informal) are there for regulatory notification or approval of outsourcing transactions in any industry sector?
Material outsourcings. Material outsourcings of financial services, including those under MiFID, must be notified to the CBI. While there are no formal rules in relation to the form or timing of the notification to the CBI, any notification should be sufficiently detailed and allow sufficient time for the CBI to consider the outsourcing in detail in advance of the outsourcing becoming effective. The required notification period will depend on:
The complexity of the outsourcing. The confidentiality and security issues that may arise. Whether the outsourcing is intra-group. Whether the outsourcing is onshore or offshore. The identity and regulatory status of the service provider. Fund administration services. For fund administration firms, all outsourcings must be notified to the CBI, which may request additional information within one month of notification. Where an outsourcing has been cleared by the CBI, but does not proceed within 12 months, the proposal must be re-submitted to the CBI.
What legal structures are commonly used in an outsourcing?
A variety of outsourcing structures are used, both in arm's-length relationships and in intra-group arrangements.
Description of structure. The most common outsourcing structure remains the bilateral contract between the customer and supplier.
Advantages and disadvantages. Apart from the complexity of the contract itself, this is in many ways the most straightforward structure to implement from a legal perspective.
However, this structure does have the perceived commercial disadvantage of not properly reflecting the "partnership" characteristics of an outsourcing relationship, which the parties to an outsourcing often emphasise. This perception of partnership is one of the most important practical issues to be addressed in terms of the governance and implementation of an outsourcing, and arises irrespective of the structure used.
Prime contractor model
Description of structure. Where the customer seeks to outsource a broadly defined service, which in reality consists of a series of interconnected functions and services, the outsourcing usually involves a need to manage a number of suppliers and services. In such cases, the customer generally requires a prime contractor model. The prime contractor takes legal responsibility for the whole outsourced function, including putting in place and managing any...