Licensees must seek the CBB's prior written approval for third party and intragroup outsourcing of functions/services containing customer information including but not limited to payment services, debt collection, card and data processing, IT function including cloud services, internal audit and electronic/internet banking services but excluding legal services. Customer information must be encrypted and the encryption keys or similar forms of authentication codes must be securely kept under the licensee's control.

Added: January 2020