Outsourcing agreements should establish a degree of certainty with regard to at least the following:

1. Scope of the arrangement, the services to be supplied, and the rights and responsibilities of all parties involved;
    
2. Pricing and fee structure;
    
3. Service level and performance requirements;
    
4. Governance, security, audit, reporting and monitoring procedures;
    
5. Business continuity and disaster recovery management;
    
6. Confidentiality, privacy and security of information;
    
7. Default arrangements and termination provisions, addressing also premature termination for any reason;
    
8. Liability, indemnity and insurance;
    
9. Compliance with anti-money laundering and combatting the financing of terrorism laws and regulations;
    
10. Start and end date of the agreement, and provisions for reviewing, renewing or terminating the agreement;
     
11. Dispute resolution arrangements, including designation of the legal jurisdictions that will apply;
     
12. Whether subcontracting is allowed and under which conditions;
     
13. Protection of Bank’s and its customers’ data handled as part of the agreement;
     
14. Requirements for the outsourcing service provider to notify the Bank without undue delay of any breach of the Bank’s data, in particular breaches of Confidential Data; and
     
15. Right of the Central Bank, and any agent appointed by the Central Bank, to conduct on-site visits at the outsourcing service provider and obtain any data or information from the outsourcing service provider required for supervisory purposes.