On 30 November 2020, the Dutch Central Bank (De Nederlandsche Bank, DNB) issued a press release in which the regulator indicates that outsourcing contracts between supervised institutions and a large IT supplier structurally fails to comply with applicable laws and regulations.
DNB notes that the outsourcing contract did, for example, not include a right to audit or a right to examine for the regulator (rights that are required to be included in outsourcing contracts since 2006). After discussions with the relevant supplier, the contracts are now being amended. DNB requests supervised institutions to check to what extent existing outsourcing contracts comply with the requirements set out in the EBA Guidelines on outsourcing arrangements and the Decree on Prudential Rules for Financial Undertakings (Besluit prudentiële regels Wft). In case of discrepancies, DNB expects supervised institutions to amend the contracts and refine relevant outsourcing processes.