Skip to main content
Back Custom print Text Only Rich Text Print

  • 5 Outsourcing Agreements

    • 5.1 Required Minimum Content

      Outsourcing agreements should establish a degree of certainty with regard to at least the following:

      1. 1.Scope of the arrangement, the services to be supplied, and the rights and responsibilities of all parties involved;
      2. 2.Pricing and fee structure;
      3. 3.Service level and performance requirements;
      4. 4.Governance, security, audit, reporting and monitoring procedures;
      5. 5.Business continuity and disaster recovery management;
      6. 6.Confidentiality, privacy and security of information;
      7. 7.Default arrangements and termination provisions, addressing also premature termination for any reason;
      8. 8.Liability, indemnity and insurance;
      9. 9.Compliance with anti-money laundering and combatting the financing of terrorism laws and regulations;
      10. 10.Start and end date of the agreement, and provisions for reviewing, renewing or terminating the agreement;
      11. 11.Dispute resolution arrangements, including designation of the legal jurisdictions that will apply;
      12. 12.Whether subcontracting is allowed and under which conditions;
      13. 13.Protection of Bank’s and its customers’ data handled as part of the agreement;
      14. 14.Requirements for the outsourcing service provider to notify the Bank without undue delay of any breach of the Bank’s data, in particular breaches of Confidential Data; and
      15. 15.Right of the Central Bank, and any agent appointed by the Central Bank, to conduct on-site visits at the outsourcing service provider and obtain any data or information from the outsourcing service provider required for supervisory purposes.

    • 5.2 Access to the Outsourcing Service Provider by the Central Bank

      The Central Bank requires the same access for supervisory purposes to business activities that have been outsourced as it would have if the business activity were undertaken by the Bank itself.

      Normally, the Central Bank will obtain any information it requires from the Bank. However, each outsourcing agreement must include explicit provisions requiring the outsourcing service provider to provide directly to the Central Bank, upon request, any data or information the Central Bank deems necessary for supervisory purposes.

      In addition, outsourcing agreements must provide that the Central Bank and any agent appointed by the Central Bank, may, if deemed necessary, conduct on-site visits at the outsourcing service provider with right of access to data and staff as if the activity were undertaken by the Bank.