The risk assessment must, amongst other things, include an analysis of:

(a) The business case;
(b) The suitability of the outsourcing service provider; including but not limited to the outsourcing service provider's financial soundness, its technical competence, its commitment to the arrangement, its reputation, its adherence to international standards, and the associated country risk; and
(c) The impact of the outsourcing on the licensee's overall risk profile and its systems and controls framework.
Added: January 2020