Main
>
Legal Framework
>
7.3. Outsourcing risk - Policies
FINANCIAL SERVICES LEGISLATION
RULES
BANKING BUSINESS PRUDENTIAL RULES
Initial and ongoing capital requirements
Entire Act

7.3. Outsourcing risk - Policies

(1)        A Bank must establish appropriate policies to assess, manage and monitor the operational risk associated with its outsourced activities. The management of those risks must include the following elements:

(a)         carrying out due diligence for selecting service providers

(b)        structuring outsourcing arrangements

(c)         managing and reporting the risks associated with an outsourcing

(d)        ensuring effective control over an outsourcing; and

(e)         contingency planning

(2)        The outsourcing policies must require a Bank to have comprehensive contracts and service level agreements. The contracts and agreements must clearly state the allocation of responsibilities between service providers and the Bank.