SIO-5.10.8

Entire section

Custom print

Link

Text Only

Rich Text

Print

Location:

For the purpose of Subparagraph SIO-5.10.7(iv), stablecoin issuers as part of their assessments may use the following:

(a) Independent third-party certifications on the outsourcing service provider’s security and other controls;

(b) Third-party or internal audit reports of the outsourcing service provider; and

(c) Pooled audits organized by the outsourcing service provider, jointly with its other clients.

When conducting on-site examinations, licensees should ensure that the data of the outsourcing service provider’s other clients is not negatively impacted, including impact on service levels, availability of data and confidentiality.

Added: July 2025