Entire section Custom print Link Text Only Rich Text Print
  Versions

 

OM-3.2.6

The board and senior management are responsible for understanding the operational risks associated with outsourcing arrangements and ensuring that effective risk management policies and practices are in place to manage the risk in outsourcing activities. Outsourcing policies and risk management activities should encompass:

(a) Procedures for determining whether and how activities can be outsourced;
(b) Processes for conducting due diligence in the selection of potential service providers;
(c) Sound structuring of the outsourcing arrangement, including ownership and confidentiality of data, as well as termination rights;
(d) Programmes for managing and monitoring the risks associated with the outsourcing arrangement, including the financial condition of the service provider;
(e) Establishment of an effective control environment at the bank and the service provider;
(f) Development of viable contingency plans; and
(g) Execution of comprehensive contracts and/or service level agreements with a clear allocation of responsibilities between the outsourcing provider and the bank.
Added: October 2012