Supplementing its prior work on outsourcing, the International Organization of Securities Commissions (IOSCO) recently issued a final report (Report) that sets forth seven key principles (Principles) that regulated entities should apply when outsourcing critical tasks or functions. The Principles cover due diligence and monitoring; outsourcing contracts; information security and disaster recovery; data security; concentration risk; regulatory access to information; and termination of outsourcing arrangements. This article explores the Report and the applicability of the Principles, with input from Avi Gesser, partner at Debevoise & Plimpton; and David Slovick, partner at Barnes & Thornburg. For other recent IOSCO work, see “IOSCO Issues Final Guidance on AI and Machine Learning” (Oct. 7, 2021); and our two-part coverage of IOSCO’s environmental, social and governance consultation report: “Risk of Greenwashing and Regulatory Approaches” (Aug. 5, 2021); and “Investor Education, Impediments and Recommendations” (Aug. 19, 2021).