The risk assessment should — amongst other things — include an analysis of (i) the business case; (ii) the suitability of the outsourcing provider including but not limited to the outsourcing provider's financial soundness, its technical competence, its commitment to the arrangement, its reputation, its adherence to international standards, and the associated country risk; and (iii) the impact of the outsourcing on the licensee's overall risk profile and its systems and controls framework.