4.1 Banks must ensure compliance with all the applicable UAE legislation and regulations in managing and processing data, when Outsourcing.
4.2 Banks must ensure that they retain ownership of all data provided to an Outsourcing service provider, and that their customers retain ownership of their data, including but not limited to Confidential Data, and can effectively exercise their rights and duties in this regard.
4.3 Where the Outsourcing service provider subcontracts elements of the service which involve Confidential Data, Banks must ensure that the subcontractor fully complies with the applicable requirements as established by law and under this regulation.
4.4 Banks must ensure their data is secured from unauthorized access, including unauthorized access by the Outsourcing service provider or its staff.