1.   An applicant seeking authorisation to operate a CT that arranges for activities to be performed on its behalf by third-party service providers, including undertakings with which it has close links, shall include in its application for authorisation confirmation that the third-party service provider has the ability and the capacity to perform the activities reliably and professionally.

2.   The applicant shall specify which of the activities are to be outsourced, including a specification of the level of human and technical resources needed to carry out each of those activities.

3.   The applicant that outsources activities shall provide evidence that the outsourcing does not reduce its ability or power to perform senior management or management body functions.

4.   The applicant shall provide evidence that it remains responsible for any outsourced activity and shall adopt organisational measures to ensure:

(a)	that it assesses whether the third-party service provider is carrying out outsourced activities effectively and in compliance with applicable laws and regulatory requirements and adequately addresses identified failures;

(b)	the identification of the risks in relation to outsourced activities and adequate periodic monitoring;

(c)	adequate control procedures with respect to outsourced activities, including effectively supervising the activities and their risks within the CTP;

(d)	adequate business continuity of outsourced activities.

For the purposes of point (d), the applicant shall obtain information on the business continuity arrangements of the third-party service provider, assess its quality and, where needed, request improvements.

5.   Where the applicant outsources any critical or important function, it shall provide ESMA with:

(a)	the identification of the third-party service provider;

(b)	the organisational measures and policies with respect to outsourcing and the risks posed by it as specified in paragraph 4;

(c)	internal or external reports on the outsourced activities.