5. These guidelines specify the internal governance arrangements, including sound risk management, that institutions, payment institutions and electronic money institutions should implement when they outsource functions, in particular with regard to the outsourcing of critical or important functions.
6. The guidelines specify how the arrangements referred to in the previous paragraph should be reviewed and monitored by competent authorities, in the context of Article 97 of Directive 2013/36/EU [Directive 2013/36/EU of the European Parliament and of the Council of 26 June 2013 on access to the activity of credit institutions and the prudential supervision of credit institutions and investment firms, amending Directive 2002/87/EC and repealing Directives 2006/48/EC and 2006/49/EC.], supervisory review and evaluation process (SREP), Article 9(3) of Directive (EU) 2015/2366 [Directive 2015/2366/EU of the European Parliament and of the Council of 25 November 2015 on payment services in the
…