Outsourcing agreements should establish a degree of certainty with regard to at least the following:

1. 1.Scope of the arrangement, the services to be supplied, and the rights and responsibilities of all parties involved;
2. 2.Pricing and fee structure;
3. 3.Service level and performance requirements;
4. 4.Governance, security, audit, reporting and monitoring procedures;
5. 5.Business continuity and disaster recovery management;
6. 6.Confidentiality, privacy and security of information;
7. 7.Default arrangements and termination provisions, addressing also premature termination for any reason;
8. 8.Liability, indemnity and insurance;
9. 9.Compliance with anti-money laundering and combatting the financing of terrorism laws and regulations;
10. 10.Start and end date of the agreement, and provisions for reviewing, renewing or terminating the agreement;
11. 11.Dispute resolution arrangements, including designation of the legal jurisdictions that will apply;
12. 12.Whether subcontracting is allowed and under which conditions;
13. 13.Protection of Bank’s and its customers’ data handled as part of the agreement;
14. 14.Requirements for the outsourcing service provider to notify the Bank without undue delay of any breach of the Bank’s data, in particular breaches of Confidential Data; and
15. 15.Right of the Central Bank, and any agent appointed by the Central Bank, to conduct on-site visits at the outsourcing service provider and obtain any data or information from the outsourcing service provider required for supervisory purposes.