The risk assessment must – amongst other things – include an analysis of:
(a) The business case;
(b) The suitability of the
outsourcing providerincluding but not limited to the outsourcing provider's financial soundness, its technical competence, its commitment to the arrangement, its reputation, its adherence to international standards, and the associated country risk; and
(c) The impact of the
outsourcing on the licensee's overall risk profile and its systems and controls framework.
Amended: October 2017