(a) Comprehensive policy to guide the assessment of whether and how these functions or services can be appropriately outsourced;

(b) The management shall have the responsibility for the outsourcing policy and related overall responsibility for outsourced functions or services undertaken under that policy;

(c) The member retains the ultimate res'ponsibility for the functions or services that are outsourced;

(d) The member must obtain the approval of the respective SRO and notify the CBB before committing to an outsourcing arrangement;

(e) The member must maintain and regularly review contingency plans to enable him to set-up alternative arrangements should the outsourcing provider fail;

(f) The member must nominate an officer of senior management with day-to-day responsibility for handling the relationship with the outsourcing provider and ensuring that relevant risks are addressed;

(g) All the outsourcing contract must be legally enforceable;

(h) A notice period of at least three months shall be required from the outsourcing party to terminate the contract;

(i) On termination all data pertaining to the member and its clients shall be returned by the outsource provider to the member; and

(j) For the entire duration of the outsourcing contact, this shall be subject to the confidentiality requirements in general, and information related to the clients or users in particular.