The proposals cover a number of areas ranging from governance and registration to the approach to auditing and outsourcing, all of which should affect the contractual requirements that clients require of their outsourced service providers. The DSS specifies that all outsourcing agreements should be established in a written agreement. It is important to propose a number of minimum requirements for materials outsourcing contracts. Im folgenden werden einige besonders reporting Entwicklungen eszziert: Die Bundesanstalt fer Finanzdienstleistungsaufsicht BaFin verfolgt bei der Sub-Outsourcing einen strikten Ansatz. The contract or outsourcing agreement must indicate what constitutes a failure, identify corrective measures and allow for the healing of failures or the terminate of the contract. The ERF should be able to continue to process and maintain operations in the event of termination of the outsourcing or service delivery agreement. Appropriate notification should be required to terminate the service and ERF assets should be returned in a timely manner. In particular, data and records relating to data processing outsourcing contracts should be returned to the ERF in a format that would allow FRE to maintain its activities at no prohibitive costs. The CBI has made it clear that it expects that outsourcing agreements and associated risks will be adequately monitored and raised. With regard to specific sub-outsourcing, some of the concerns identified in the 2018 document: Identification and ownership of all assets (mentally and physically) related to the outsourcing agreement must be clearly defined, including assets generated or acquired under the outsourcing agreement. The contract or outsourcing agreement should indicate whether and how the service provider is entitled.
B to use ERF assets (data, hardware and software, system documentation or intellectual property) and the ERF`s right of access to these assets. As noted in Section 4, OSFI recognizes that outsourcing agreements concluded by an ERF have different degrees of importance and cannot be considered essential or negligible. In general, OSFI expects that an ERF will develop a risk management program applicable to all of its outsourcing agreements, with the exception of those that are clearly negligible, and that the risk agents used in this program will be tailored to the outsourcing agreement in question. As a result, the risk management program could be modulated to apply different requirements depending on the type of outsourcing agreement. These agreements, considered essential, should be fully subject to the expectations set out in Section 7, unless it is reasonable to conclude that some expectation is not appropriate for the outsourcing agreement concerned. OSFI can check on a case-by-case basis the appropriateness of an ERF as part of the prudential control process. The outsourcing agreement should include provisions requiring specific authorisation or conditions regarding when subcontracting is permitted. The company should be informed in advance of the subcontracting.
In the case of a new subcontracting, the risk analysis should at least be reviewed or reassessed. 3) An outsourcing risk management program that contains at least the expectations set out in Section 7 and is applied consistently throughout the ERF, including operations in foreign jurisdictions.