In instances where operational functions of a credit rating agency are outsourced the credit rating agency remains liable and must ensure that—
(a) | none of the outsourced functions impair the quality of the credit rating agency's internal controls; |
(b) | the outsourcing does not impair the ability of the registrar to supervise the credit rating agency's compliance with its obligations under the Act and these Rules; and |
(c) | the persons undertaking the outsourced functions of the credit rating agency— |
(i) | take all reasonable measures to protect property and records in possession of the credit rating agency from fraud, theft or misuse taking into account the nature, scale and complexity of their business and the nature and range of their credit rating activities; |
(ii) | do not disclose any information about credit ratings or possible future credit ratings of the credit rating agency, except to the rated entity or its related third party; |
(iii) | do not share confidential information entrusted to the credit rating agency with analysts and employees of any person directly or indirectly linked to the credit rating agency by control as well as with any other natural persons whose services are placed at the disposal or under the control of any person directly or indirectly linked to the credit rating agency by control and who is not directly involved in the credit rating activities; and |
(iv) | do not use or share confidential information for the purpose of trading securities or financial instruments, or for any other purpose except the conduct of the credit rating activities. |