On March 14, 2025, the IIF submitted its response to the Bermuda Monetary Authority's (BMA) Consultation Paper on the Operational Resilience and Outsourcing Code. In its response, the IIF emphasized that global financial institutions already operate under stringent operational resilience frameworks in their home jurisdictions that are comparable to the proposed Code, and proposed a number of recommendations that would help ensure effective operational resilience while avoiding unnecessary operational complications. 

Most prominently, the IIF opposed the BMA's proposed requirement for a 30-day 'no objection' period before implementing outsourcing arrangements, and instead recommended adopting a post-hoc supervisory review approach (as used in the UK and Singapore), where entities notify the BMA after entering into outsourcing arrangements and undergo review through normal supervisory processes, with additional notification only required for material changes to the outsourcing arrangement. 

The IIF provided a number of other recommendations to the BMA, including:

• Alignment of definitions with Financial Stability Board standards to reduce regulatory fragmentation
• Recognition that independent external audit reports as sufficient for supervisory reviews in multi-tenant cloud environments
• Clarification around expectations for concentration risk management
• Recognition of the shared responsibility model between entities and service providers
• Adjustment of board governance requirements to reflect reasonable expectations of technical proficiency
• Implementation a substituted compliance approach for entities headquartered outside Bermuda

The IIF encourages the BMA to reflect these changes, which would help address implementation challenges and improve alignment with other jurisdictional approaches.