Outsourcing regulation in the financial services industry (as per the CSSF circular 22/806)

Organisations in the financial services industry significantly rely on service providers as part of their operating model. This training intends to provide the participants with an overview of the main regulatory requirements for outsourcing arrangements as defined by the CSSF circular 22/806.

19 November 2024 (EN) - 2pm-5pm - On site

13 May 2025 (EN) - 2pm-5pm - On site

Price: 615.00€

Duration: 3h

Language: Available in English and French. The supporting material is only available in English.

Number of participants: up to 20

You are interested in participating in this course but no sessions are currently scheduled? Please contact us and you will be added to our Show Interest list.




By the end of this training, the participants will be able to:

  • understand the main provisions of the CSSF circular 22/806;
  • identify the key changes introduced by the new circular compared to the existing regulatory framework;
  • distinguish between outsourcing arrangements and third party services;
  • assess the criticality of outsourcing arrangements;
  • understand the regulatory and practical implications of preparing CSSF notifications related to future outsourcing projects.


  • Introduction to outsourcing regulation
    • Evolution of regulatory landscape
    • Outsourcing drivers and benefits
    • Types of outsourcing arrangements
    • Identifying outsourcing arrangements
    • Assessing criticality
  • Outsourcing governance
    • Roles and responsibilities
    • The outsourcing policy
    • The outsourcing register
    • Contractual arrangements
    • Interacting with the regulator
    • Stages of the outsourcing lifecycle
  • ICT outsourcing and cloud computing
    • Definitions, roles and responsibilities
    • Cloud specific risks and limitations

Target audience

  • Chief risk officers and (operational) risk managers
  • Regulatory responsible and compliance officers
  • Internal auditors
  • Head of IT, information security officers and information technology officers
  • IT services providers serving entities under the supervision of the CSSF
Our lead experts

Our lead experts

This course is coordinated by Cécile Liégeois, Partner, and presented by Xiaoyi Fang, Senior Manager and Vojtech Volf, Manager at PwC Luxembourg.

With 23 years of professional experience in Luxembourg, Cécile has developed a deep understanding of the regulations governing banking and investment firms, internal governance, outsourcing arrangements (BPO/ICT/Cloud), and operational/ICT risk management. She leads projects for the implementation of new regulations, focusing on their business, regulatory, and operational impacts.

Cécile also possesses experience in external audits (financial and regulatory) of entities within the financial sector, particularly in the banking industry. Her expertise extends to other professionals in the financial sector, such as investment firms, support and specialised Professional of the Financial Sector (PFS) entities, management companies, and investment funds..

Xiaoyi Fang, is a senior manager with in-depth experience in implementing European regulatory requirements, in reviewing the compliance framework for financial institutions and familiar with EU regulatory process in financial services.

She has driven and contributed to a number of projects in complex structure and dynamic environments.

Vojtech is a manager in our PwC regulatory and compliance department specialised in ICT compliance.

He has been working on IT compliance related topics for over 6 years and for PwC since 2018.

Vojtech works on various IT subjects related to IT compliance, PSD2, outsourcing (BPO/Cloud/IT), IT and security risks, privacy as well as payment related aspects. He also assists in various licence application processes, be it for e-money or payment institutions, IFMs where he focuses on IT aspects, data privacy as well as operational aspects for payments (payment flows, safeguarding, segregation…).

Contact us

Contact details

PwC's Academy, Crystal Park Building, PwC Luxembourg

Tel: +352 49 48 48 4040

Follow us