OM-3.4.2

The risk assessment must – amongst other things – include an analysis of:

(a) The business case;
(b) The suitability of the outsourcing provider; including but not limited to the outsourcing provider's financial soundness, its technical competence, its commitment to the arrangement, its reputation, its adherence to international standards, and the associated country risk; and
(c) The impact of the outsourcing on the licensee's overall risk profile and its systems and controls framework.
Amended: October 2017
Amended: July 2011
October 07