Financial Advisory and Intermediary Services Act 2002 (Act No. 37 of 2002)DeterminationsAmendment of the Determination of Fit and Proper Requirements, 2020Chapter 5 : Operational Ability39. Outsourcing of functions to a person other than a representative of the FSP |
(1) | An FSP must exercise due skill, care and diligence when entering into (including the selection process), managing or terminating any arrangement for the outsourcing to any person other than a representative of the FSP of— |
(a) | a function that the Act or another law requires to be performed or requires to be performed in a particular way or by a particular person; |
(b) | a function that is integral to the nature of the financial services for which the FSP is authorised; or |
(c) | any material important operational function of the FSP. |
(2) | An FSP, where it outsources a function or activity referred to in (1), must— |
(a) | ensure that the person to whom the function or activity has been outsourced— |
(i) | has the ability, capacity, and any authorisation required by law to perform the outsourced functions, services or activities reliably and professionally; |
(ii) | is able to carry out the outsourced services effectively, to which end the FSP must establish methods for assessing the standard of performance of that person; |
(b) | have a written contract that governs the outsource arrangement and which clearly provides for all material aspects of the outsourcing arrangement, including— |
(i) | addressing the rights, responsibilities, and service-level requirements of all parties; |
(ii) | providing for access by the FSP and the Registrar to the person’s business and information in respect of the outsourced function or activity; |
(iii) | addressing sub-outsourcing; and |
(iv) | addressing confidentiality, privacy and the security of information of the FSP and clients of the FSP; |
(c) | properly supervise the carrying out of the outsourced functions, and adequately manage the risks associated with the outsourcing, including any risks to the FSP’s clients; |
(d) | take appropriate action if it appears that the person may not be carrying out the functions effectively and in compliance with applicable laws and regulatory requirements; |
(e) | retain the necessary expertise to supervise the outsourced functions effectively and manage the risks associated with the outsourcing; |
(f) | be able to terminate the arrangement for outsourcing where necessary without detriment to the continuity and quality of its provision of financial services to clients; |
(g) | establish, implement and maintain a contingency plan for disaster recovery and periodic testing of backup facilities; |
(h) | have effective access to data related to the outsourced activities, including any data relating to the FSP’s clients, as well as to the business premises of the person; and |
(i) | ensure that the outsourcing arrangement does not— |
(i) | compromise the fair treatment of or continuous and satisfactory service to the FSP’s clients; or |
(ii) | result in key decision making responsibilities being removed from the FSP. |