Banking Regulation and Policy Department Bangladesh Bank Head Office Dhaka

Similar documents
Outsourcing Guidelines. for Financial Institutions DRAFT (FOR CONSULTATION)

Statement of Guidance: Outsourcing Regulated Entities

ASX CLEAR OPERATING RULES Guidance Note 9

ASX CLEAR (FUTURES) OPERATING RULES Guidance Note 9

Third Party Trust Manage your outsourcing arrangements

BOM/BSD 17/May 2006 BANK OF MAURITIUS. Guidelines on Outsourcing by Financial Institutions

Framework for Risk Management in Outsourcing Arrangements by. Financial Institutions

Recommendations on outsourcing to cloud service providers (EBA/REC/2017/03)

RECOMMENDATIONS ON CLOUD OUTSOURCING EBA/REC/2017/03 28/03/2018. Recommendations. on outsourcing to cloud service providers

Business Risk Planning

Outsourcing. a practical guide on how to create successful outsourcing solutions

Grant Agreement Tool Model Contract Provisions

Outsourcing in Financial Services

practice standards CFP CERTIFIED FINANCIAL PLANNER Financial Planning Practice Standards

MAS RELEASES REVISED GUIDELINES ON OUTSOURCING RISK MANAGEMENT

Application Terms and Funding Rules

PPEA Guidelines and Supporting Documents

EXECUTIVE ORDER 12333: UNITED STATES INTELLIGENCE ACTIVITIES

Outsourcing in the Banking Sector in the Bailiwick of Guernsey. A Thematic Report issued by the Guernsey Financial Services Commission

Miami-Dade County Expressway Authority. Policy For Receipt, Solicitation And Evaluation Of Public. Private Partnership Proposals

VISITING SCIENTIST AGREEMENT. Between NORTH CAROLINA STATE UNIVERSITY. And

BOARD OF FINANCE REQUEST FOR PROPOSALS FOR PROFESSIONAL AUDITING SERVICES

Privacy Code for Consumer, Customer, Supplier and Business Partner Data

I. Preamble: II. Parties:

POLICY: Conflict of Interest

Security and Risk considerations for outsourced IT Services EA InfoSec Conference,14/08/2013, version 1.0

RESIDENT PHYSICIAN AGREEMENT THIS RESIDENT PHYSICIAN AGREEMENT (the Agreement ) is made by and between Wheaton Franciscan Inc., a Wisconsin nonprofit

25th Annual Health Sciences Tax Conference

Notice of HIPAA Privacy Practices Updates

COMIC RELIEF AWARDS THE GRANT TO YOU, SUBJECT TO YOUR COMPLYING WITH THE FOLLOWING CONDITIONS:

UNIVERSITY OF PITTSBURGH SCHOOL OF NURSING ACADEMIC POLICIES AND PROCEDURES FOR THE UNDERGRADUATE AND GRADUATE PROGRAMS

INSTITUTION OF ENGINEERS RWANDA

COMPLIANCE PLAN PRACTICE NAME

Department of Defense DIRECTIVE

WELCOME. Payment will be expected at the time of service. Please remember our 24 hour cancellation notice.

THE WHITE HOUSE. Office of the Press Secretary. For Immediate Release January 17, January 17, 2014

Educational Partnerships Policy

Regulatory Compliance. Operations and Systems Outsourcing: Compliance Considerations for Broker-Dealers.

Uniform Interstate Emergency Healthcare Services Act Drafting Committee Meeting April 28-29, 2006, Washington, D.C. Issues for Discussion

79th OREGON LEGISLATIVE ASSEMBLY Regular Session. Enrolled. Senate Bill 58

SAMPLE CARE COORDINATION AGREEMENT

STATE OF RHODE ISLAND OFFICE OF THE GENERAL TREASURER

always legally required to follow the privacy practices described in this Notice.

COMMUNITY HOWARD REGIONAL HEALTH KOKOMO, INDIANA. Medical Staff Policy POLICY #4. APPOINTMENT, REAPPOINTMENT AND CREDENTIALING POLICY

Department of Defense DIRECTIVE

DOCTORS HOSPITAL, INC. Medical Staff Bylaws

Grants, Research and Sponsored Programs (GRASP) Compliance Program and Plan

Application for Funding

Work of Internal Auditors

Section VII Provider Dispute/Appeal Procedures; Member Complaints, Grievances, and Fair Hearings

AFGHANISTAN Afghanistan Reconstruction Trust Fund (Ref: TF050576)

DPAS Defense Priorities & Allocations System for the Contractor

CHAPTER 246. C.App.A:9-64 Short title. 1. This act shall be known and may be cited as the "New Jersey Domestic Security Preparedness Act.

Local Health Integration Network Authorities under the Local Health System Integration Act, 2006

Health Chapter ALABAMA STATE BOARD OF HEALTH ALABAMA DEPARTMENT OF PUBLIC HEALTH DIVISION OF DISEASE CONTROL ADMINISTRATIVE CODE

ALABAMA MEDICAID AGENCY ADMINISTRATIVE CODE CHAPTER 560-X-45 MATERNITY CARE PROGRAM TABLE OF CONTENTS

National Policy Library Document

This is a product ruling made under section 91F of the Tax Administration Act This Ruling has been applied for by Infrastructure Auckland.

REQUEST FOR QUALIFICATIONS MUNICIPAL ENGINEERING SERVICES

Global Partnership on Output-based Aid Grant Agreement

A Better You Counseling Services, LLC 1225 Johnson Ferry Road, Ste 170 Marietta GA

REQUEST FOR PROPOSAL. Virginia s Region 2000 Local Government Council Region 2000 Services Authority

Conflict of Interest with Grants Policy DRAFT

WESTINGHOUSE INNOVATION ACCELERATOR WeLink SPRINT REGULATION

COMMISSION IMPLEMENTING REGULATION (EU)

2. This SA does not apply if the entity does not have an internal audit function. (Ref: Para. A2)

EQuIPNational Survey Planning Tool NSQHSS and EQuIP Actions 4.

GDPR DATA PROCESSING ADDENDUM. (Revision March 2018)

SUSQUEHANNA AREA REGIONAL AIRPORT AUTHORITY

IMO MEASURES TO ENHANCE MARITIME SECURITY

Final Report. Recommendations on outsourcing to cloud service providers EBA/REC/2017/ December 2017

Circular 2008/7 Outsourcing. Outsourcing of business areas within the banking sector

IAF Guidance on the Application of ISO/IEC Guide 61:1996

PREVENTION OF VIOLENCE IN THE WORKPLACE

DPAS Defense Priorities & Allocations System for the Contractor

The City of Oxnard invites qualified consulting firms or individuals to submit qualifications for On-Call Permit Processing Services.

December, 2017 Request for Proposals for Airport Business and Financial Consultant At Savannah/Hilton Head International Airport

RMC CODE OF PROFESSIONAL CONDUCT

Attachment A. Procurement Contract Submission and Conflict of Interest Policy. April 23, 2018 (revised)

MINIMUM CRITERIA FOR REACH AND CLP INSPECTIONS 1

1. daa plc, whose principal address is at Old Central Terminal Building, Dublin Airport, Co Dublin (Funder)

REQUEST FOR EXPRESS OF INTEREST (REOI)

Alameda County District Attorney's Policy. for Use of Cell-Site Simulator Technology

J A N U A R Y 2,

10 Government Contracting Trends To Watch This Year

(a) Licensure. A facility must be licensed under applicable State and local law.

Statement of Understanding

Memorandum of Understanding. between. The American National Red Cross. and. National Council on Independent Living

Charter of the Credit and Risk Committee Danske Bank A/S CVR no

Orthopedic Specialty Clinic, Ltd. Updated 05/2014

NOTICE OF PRIVACY PRACTICES

73/168/109 Draft Ordinance

Intellectual Property Policy: Purpose. Applicability. Definitions

Funded in part through a grant award with the U.S. Small Business Administration

COUNTY OF SAN BERNARDINO Office of the District Attorney

New Jersey Administrative Code _Title 10. Human Services _Chapter 126. Manual of Requirements for Family Child Care Registration

Practice Review Guide

( ) Page: 1/8. Committee on Subsidies and Countervailing Measures SUBSIDIES

WATERFRONT COMMISSION OF NEW YORK HARBOR

State Universities Retirement System

Transcription:

Banking Regulation and Policy Department Bangladesh Bank Head Office Dhaka BRPD Circular No- Date:---------- Managing Director/Chief Executive All bank-companies operating in Bangladesh Dear Sir, Guidelines on Outsourcing Arrangements Banking institutions throughout the world are increasingly using third parties (outsourcing) as a means of both reducing costs and achieving strategic aims. When these third-party service providers conduct significant parts of the bank s regulated and unregulated activities, it may impact on the ability of banks to manage their risks and monitor their compliance with regulatory requirements. Banks can mitigate these risks by taking steps to: draw up comprehensive and clear outsourcing policies, analyze the financial and infrastructure resources of the service provider, negotiate appropriate outsourcing contracts, require contingency planning by the outsourcing firm, and establish effective risk management programs. These guidelines spell out in detail a set of principles, to be followed by banks in Bangladesh when using outsourcing at home or abroad, that would help banks better mitigate the concerns. 1. Outsourcing Policy. (a) A bank seeking to outsource activities shall develop a comprehensive policy duly approved by its Board of Directors. The policy should include, interalia, identification of and the extent to which the relevant activities are appropriate for outsourcing, criteria for selecting suitable service providers, delegation of approval authorities for outsourcing depending on risks and materiality, risk mitigation measures and governance structure clearly defining roles and responsibilities of Board of Directors and management to monitor and review the operations. (b) The Board has overall responsibility for ensuring that all ongoing outsourcing decisions taken by the bank, and activities undertaken by the third parties, are in keeping with its outsourcing policy. - 1 -

2. Restricted Activities. (a) Generally, banks should only outsource the activities which can be effectively supervised by them and compliance with applicable legal and regulatory requirements can be ensured. (b) Banks shall not however outsource core management functions that require effective involvement of Board and senior management, including Internal Audit and Control functions, Compliance functions, Treasury functions, Know Your Customer exercise for deposit accounts, Credit evaluation and sanctioning. (c) Sub-contracting by the third-party service provider of material outsourcing arrangements both in case of local and abroad is not allowed. Material outsourcing arrangements are those, which if disrupted, have the potential to significantly impact the business operations, reputation or profitability. (d) Moreover, an activity should not be outsourced if it would impair Bangladesh Bank s right to assess, or its ability to supervise, the business of the bank. (e) With regard to outsourcing services related to Doorstep Banking, SME Service Centers, Mobile Banking, Agent Banking, or any other special activity endorsed and guided by specific circulars issued by Bangladesh Bank, the instructions contained in this circular would be applicable to the extent possible. 3. Selecting Service Providers. (a) Banks must develop criteria that enable them to assess, prior to selection, the third-party service provider s capacity and ability to perform the outsourced activities effectively, reliably and to a high standard, together with any potential risk factors associated with using a particular service provider. (b) Appropriate due diligence should include at a minimum: (i) experience and competence of service providers to perform outsourced work; (ii) service provider s financial soundness to fulfill its obligations; (iii) performance standards, reputation, compliance culture, outstanding or potential litigation; (iv) security and internal control; (v) audit coverage, reporting & monitoring environment, business continuity planning; and (vi) capability to meet special needs, such as servicing geographically dispersed activities. (c) In addition, when outsourcing abroad, banks need to assess the economic, legal and political conditions that might adversely impact the service provider s ability to perform effectively. - 2 -

4. Outsourcing Agreement. (a) Outsourcing relationships should be governed by legally enforceable written contracts that clearly describe all material aspects of the outsourcing arrangement, including the rights, responsibilities and expectations of all parties. (b) At a minimum, the outsourcing agreement should address the following issues: (i) Description of activities to be outsourced, including appropriate service and performance levels; (ii) Bank s ability to access all books, records and information relevant to the outsourced activity in the service provider, and conduct audits thereof; (iii) Provision for continuous monitoring and assessment by the bank of the service provider so that any necessary corrective measures can be taken immediately; (iv) Termination clause and minimum periods to execute a termination provision, if deemed necessary; (v) Provisions relating to insolvency or other material changes in the corporate form, and clear delineation of ownership of intellectual property following termination; (vi) Provisions for confidentiality of customer s information, and transfers of information back to the bank and other duties that continue to have an effect after the termination of the contract; (vii) Where appropriate, conditions of subcontracting by the third-party service provider for all or part of an outsourced activity; (viii) Establish and maintain contingency plans, including a plan for disaster recovery and periodic testing of backup facilities. (c) The contract should neither prevent nor impede the bank from meeting its respective regulatory obligations. It should also include clauses to allow Bangladesh Bank to exercise its regulatory powers, including access to documents stored or processed by service provider and cause an inspection to be made. 5. Customer Interest Protection. (a) Banks should take appropriate steps to require that service providers protect confidential information of both the bank and its clients from intentional or inadvertent disclosure to unauthorized persons. - 3 -

(b) A bank should also consider whether it is appropriate to notify customers that customer data may be transmitted to a service provider, taking into account any statutory provisions that may be applicable. (c) Outsourcing arrangements should not affect the rights of a customer against the bank, including the ability of the customer to obtain redress as applicable under relevant laws. (d) Banks should establish a well defined mechanism for redressal of complaints of their customers regarding outsourced services and ensure that genuine grievances are addressed promptly. 6. Monitoring and Control. (a) Banks should establish a comprehensive outsourcing risk management program for an ongoing monitoring and controlling of all relevant aspects of outsourcing arrangements and procedures guiding corrective actions to be taken when certain events occur. (b) Robust information technology security is a necessity. Banks should seek to ensure that service providers maintain appropriate IT security. (c) Regular audits should be conducted to assess the adequacy of outsourcing risk management practices of both the bank and its service providers. (d) Banks and each of their service providers should establish and maintain contingency plans, including a plan for disaster recovery and periodic testing of backup facilities. (e) Banks should ensure that outsourcing activity does not violate antimoney laundering regimes of Bangladesh as well as foreign jurisdictions. (f) Banks should also review the financial and technical capabilities of a service provider on regular intervals to assess its ability to continue to meet its outsourcing obligation. 7. Outsourcing Abroad. (a) When engaging service providers in a foreign country, banks should take into account and closely monitor government policies and political, social, economic and legal conditions in those countries, during the due diligence process and on a continuous basis after employing the service provider. (b) Any outsourcing outside Bangladesh will require prior approval of Bangladesh Bank under Section 12 of the Bank Company Ain, 1991. All such request to Bangladesh Bank should include details of the functions to be outsourced, rationale for the outsourcing, due diligence report of the proposed - 4 -

service provider, data to be transferred, legal opinion regarding confidentiality of data, and description of the monitoring and control measures to be undertaken by the bank. No approval will be granted where the arrangement involves disclosure or transfer of confidential customer information. (c) When engaging service providers in a foreign country, banks should ensure that necessary information is also available domestically for continuing operation in case of a communication disruption and for inspection by Bangladesh Bank as and when needed. (d) Outsourcing arrangements abroad should include provisions to allow Bangladesh Bank or persons authorized by it, if required, to access and inspect the documents, records and other information stored or processed by the service provider. (e) Requirements enumerated in clause (a) to (d) above are applicable for all outsourcing arrangements abroad regardless of the fact that the specified functions or data is provided to an unrelated third party or any office of the banking company, its holding or subsidiary company or any of its affiliates. This circular is issued with the authority vested under section 12 and section 45 of the Bank Company Ain, 1991, which shall take effect immediately. However, the provision of this circular will not create any obstacle to complete the existing term of the third party service providers contracted earlier. Yours faithfully, (Saiful Islam) Deputy General Manager Phone: 9530155-5 -

2024 © careersdocbox.com Privacy Policy | Terms of Service | Feedback