Main
>
Legal Framework
>
7.3. Outsourcing risk - Policies
FINANCIAL SERVICES LEGISLATION
RULES
BANKING BUSINESS PRUDENTIAL RULES
Initial and ongoing capital requirements
Entire Act

7.3. Outsourcing risk - Policies

(1) A Bank must establish appropriate policies to assess, manage and monitor the operational risk associated with its outsourced activities. The management of those risks must include the following elements:

  • (a) carrying out due diligence for selecting service providers
  • (b) structuring outsourcing arrangements
  • (c) managing and reporting the risks associated with an outsourcing
  • (d) ensuring effective control over an outsourcing; and
  • (e) contingency planning

(2) The outsourcing policies must require a Bank to have comprehensive contracts and service level agreements. The contracts and agreements must clearly state the allocation of responsibilities between service providers and the Bank.