12 September, 2014
Legal News & Analysis – Asia Pacific – Singapore – Regulatory & Compliance
On 5 September 2014, the Monetary Authority of Singapore (MAS) released two consultation papers containing a proposed updated set of Guidelines on Outsourcing, and a new Notice on Outsourcing that will define a set of minimum standards for managing outsourcing (the “proposed Guidelines and Notice“). The proposed Guidelines and Notice are intended to raise the standards of financial institutions’ risk management practices in view of evolving business and technological trends in the past decade.
Key Changes Under The Proposed Guidelines And Notice
A detailed analysis and commentary on the key changes under the proposed Guidelines and Notice will be released at a later date. For now, below are some preliminary observations on areas where substantial changes have been proposed:
Obligations Will Be Contained In A ‘Notice’ Which Is Legally Binding
Broader Definition Of ‘Material Outsourcing Arrangement’ Means That Financial Institutions Will Have To Revise Their Methods Of Assessing Outsourcing Arrangements
Further, financial institutions must ensure that they consider whether their outsourcing arrangements could adversely affect the financial institution’s ability to manage risk and comply with applicable laws and regulations.
Notification Requirements Have Been Expanded To Include Adverse Developments Relating To The Financial Institution Itself, The Financial Institution’s Group, The Service Provider, And The Service Provider’s Sub-Contractors.
This requirement to notify MAS also applies to any event that could potentially lead to prolonged service failure or disruption in or the termination and early exit of, the outsourcing arrangement, and any significant unauthorised access or breach of security and confidentiality that affect the financial institution or its customers.
Further, financial institutions will also be required to notify MAS of such adverse development or breach of legal and prudential requirements encountered within the financial institution’s group.
Financial institutions would have to ensure that these notification requirements are met and that the outsourcing agreement contains provisions in place requiring the service provider to notify the financial institution, in view of the financial institution’s obligations to notify MAS.
Financial Institutions Would Be Expected To Assess The Service Provider’s Employees And Sub-Contractors
(b) whether they have been convicted of any offence (in particular, that associated with a finding of fraud, misrepresentation or dishonesty);
(c) whether they have accepted civil liability for fraud or misrepresentation; and
(d) whether they are financially sound.
The above is a new requirement that is not found in the existing 2004 Guidelines.
MAS Would Require An Indemnity Where It Exercises Audit And Inspection Rights Under The Outsourcing Agreement
Financial Institutions Would Have To Maintain An Updated Register Of Outsourcing Arrangements
This register must be furnished to MAS upon request. Information maintained in the register should include the name and location(s) of the service provider, the value and expiry or renewal dates of the contract, and reviews on the performance, operational, internal control and risk management standards of the outsourcing arrangement. Financial institutions would therefore have to conduct due diligence on their outsourcing arrangements to ensure that this register is up to date.
Conclusion
The above are a non-exhaustive list of the key proposed changes from the existing 2004 Guidelines. Our detailed analysis and commentary on the proposed Guidelines and Notice will be released in due course.
MAS has welcomed comments and feedback on its consultation papers on the proposed Guidelines and Notice. The deadline for submission of responses is 7 October 2014.
For further information, please contact:
Chia Ling Koh, Partner, ATMD Bird & Bird
Marcus Chow, Partner, ATMD Bird & Bird