|
|
The principles focus on establishing coherent policy and risk management programmes for outsourcing activities and recognising that a firm's senior management remains responsible for activities that are outsourced. Issues for consideration in drawing up contracts and contingency planning are also discussed. Finally, the report contains some broad principles to help supervisors take outsourcing into account in their regular risk reviews of firms.
Outsourcing has been identified in various industry and regulatory reports as raising issues related to risk transfer and management, frequently on a cross-border basis, and industry and regulators acknowledge that this increased reliance on the outsourcing of activities may impact on the ability of regulated entities to manage their risks and monitor their compliance with regulatory requirements.
Additionally, there is concern among regulators as to how outsourcing potentially could impede the ability of regulated entities to demonstrate to regulators that they are taking appropriate steps to manage their risks and comply with applicable regulations.
Of particular interest to regulators is the preservation at the regulated entity of strong corporate governance. In this regard outsourcing activities that may impede an outsourcing firm's management from fulfilling its regulatory responsibilities are of concern to regulators. The rapid rate of IT innovation, along with an increasing reliance on external service providers have the potential of leading to systemic problems unless appropriately constrained by a combination of market and regulatory influences.