Banks must have policies and procedures to ensure compliance with the applicable regulations and standards and to ensure the following has been achieved prior to outsourcing a business activity:
 

1. The Board or a committee of the Board has been adequately informed and has approved the outsourcing arrangement, as required;
    

2. An appropriate due diligence review has been undertaken of the selected outsourcing service provider addressing factors including, but not limited to:
    

   a.	Ability, including financial capacity, to meet the requirements of the arrangement and deliver the service reliably;
   b.	Experience with similar agreements and services;
   c.	Governance, internal control, internal audit, reporting and monitoring capabilities;
   d.	Security, including cyber security;
   e.	Staffing, including employee qualifications and expertise; and
   f.	Country risk factors and legal environment where applicable.

3. Procedures are implemented to monitor performance under the outsourcing agreement;
    
4. Appropriate provisions for business continuity and disaster recovery are in place, including contingency plans to bring the outsourced function back in-house should the need arise, or the identification of alternative outsourcing service providers.