Outsourcing regulation in the financial services industry (as per the CSSF circular 22/806)

Formation inter-entreprise

À qui s'adresse la formation?

  • Chief Risk Officer and (operational) risk managers
  • Regulatory responsible and compliance officers
  • Internal auditors
  • Head of IT, information security officers and information technology officers
  • IT services providers serving entities under the supervision of the CSSF

Niveau atteint



3,00 heure(s)

Langues(s) de prestation


Prochaine session


Organisations of the financial services industry rely significantly on service providers as part of their operating model. This training intends to provide the participants with an in-depth overview of the main regulatory requirements for outsourcing arrangements as defined by the circular CSSF 22/806.

By the end of this training, the participants will be able to:

  • understand the main provisions of CSSF circular 22/806;
  • identify the key changes introduced by the new circular compared to the existing regulatory framework;
  • distinguish between outsourcing arrangements and third party services;
  • assess the criticality of outsourcing arrangements;
  • understand the regulatory and practical implications of preparing CSSF notifications related to future outsourcing projects


Introduction to outsourcing regulation:

  • Evolution of regulatory landscape
  • Outsourcing drivers and benefits
  • Types of outsourcing arrangements
  • Identifying outsourcing arrangements
  • Assessing the criticality

Outsourcing governance:

  • Roles and responsibilities
  • The outsourcing policy
  • The outsourcing register
  • Contractual arrangements
  • Interacting with the regulator
  • Stages of the outsourcing lifecycle

ICT outsourcing and cloud computing:

  • Definitions, roles and responsibilities
  • Cloud specific risks and limitations

Informations supplémentaires

This course is coordinated by Cecile Liegeois, Parner at PwC Luxembourg.

Cécile has 22 years of professional experience in Luxembourg and developed deep knowledge of Luxembourg banking and investment firms regulations, amongst other topics, internal governance, outsourcing arrangements (BPO/ICT/Cloud) and operational/ICT risk management. She is leading projects of new regulations implementation focusing on business, regulatory and operational impacts. Cécile has experience in the external audit (financial and regulatory audit) of entities of the financial sector, mainly in the banking industry, other professionals of the financial sector (investment firms, support and specialised PFS), management companies and investment funds.

Ces formations pourraient vous intéresser