KUALA LUMPUR (Dec 28): Bank Negara Malaysia (BNM) today issued a policy document on outsourcing aimed at strengthening governance and risk management standards in managing outsourcing risk.
In a statement today, BNM said the policy document is effective from Jan 1, 2019 and will be applicable to licensed banks, investment banks, Islamic banks, insurers, takaful operators and development financial institutions.
The requirements primarily cover expectations on boards and senior management in respect of the management of outsourcing risk, due diligence of service providers and service level agreements, protection of data confidentiality and business continuity planning.
“A feedback statement has been issued concurrently with the policy document to articulate the bank’s views on several areas of feedback,” it said.
Financial institutions should have strong oversight and control over outsourcing arrangements, as would have been the case if they were performed in-house, it noted.
“The board and senior management shall be accountable for ensuring effective oversight and governance of outsourcing arrangements, supported by a robust outsourcing risk management framework to manage outsourcing risks and ensure compliance with relevant laws, regulations and prudential requirements that relate to outsourced activities.
“In particular, the board and senior management must have regard to the financial institution’s ability to fulfil its obligations to customers, including the ability of customers to obtain redress, and ensure consistency with its recovery and resolution planning," it said.
The policy also states that the board must also approve an outsourcing plan, detailing the financial institution’s planned outsourcing arrangements for the following financial year, before the plan is submitted to the central bank.
“In assessing the plan, the board must have in place mechanisms to obtain assurance from senior management that the requirements set out in this policy document are duly met,” it added.