Back Custom print Link Text Only Rich Text Print

  • OM-3.4 OM-3.4 Risk Assessment

    • OM-3.4.1

      Licensees must undertake a thorough risk assessment of an outsourcing proposal, before formally notifying the CBB and committing itself to an agreement.

      Amended: January 2011
      October 07

    • OM-3.4.2

      The risk assessment must – amongst other things – include an analysis of:

      (a) The business case;
      (b) The suitability of the outsourcing provider; including but not limited to the outsourcing provider's financial soundness, its technical competence, its commitment to the arrangement, its reputation, its adherence to international standards, and the associated country risk; and
      (c) The impact of the outsourcing on the licensee's overall risk profile and its systems and controls framework.
      Amended: October 2017
      Amended: July 2011
      October 07

    • OM-3.4.3

      [This Paragraph was deleted in October 2017].

      Deleted: October 2017

    • OM-3.4.4

      Once an outsourcing agreement has been entered into, licensees must regularly review the suitability of the outsourcing provider and the on-going impact of the agreement on their risk profile and systems and controls framework. Such reviews must take place at least every year.

      Amended: July 2011
      October 07

    • OM-3.4.5

      A licensee must nominate a relevant approved person with day-to-day responsibility for handling the relationship with the outsourcing provider and ensuring that relevant risks are addressed. This person must be notified to the CBB as part of the request for prior approval notification required under Section OM-3.3 above. Any subsequent replacement of such person must also be notified to the CBB.

      Amended: October 2017
      Amended: July 2011
      Amended: January 2011
      October 07