| BPRD
Circular No. 06 of 2019 |
December
17, 2019 |
The Presidents/Chief Executives,
All Banks/DFIs/Microfinance Banks
Dear Sir/Madam,
Framework for Risk Management in Outsourcing Arrangements by Financial Institutions
Please refer to BPRD Circular No. 06 dated June 20, 2017 on ‘Framework for Risk Management in Outsourcing Arrangements by Financial Institutions’.
2. Since the issuance of above framework, FIs are increasingly using third party service providers including group companies to carry out various activities, functions and processes under the ambit of this framework. Consequently, it has increased risk profile of FIs due to their dependence on third parties and group companies.
3. State Bank of Pakistan, with the objective to further facilitate the FIs for outsourcing with third parties including group companies and effectively manage the risks arising out of these arrangements, has revised following sections of the "Framework for Risk Management in Outsourcing Arrangements by Financial Institutions":
|
Sr# |
Subject |
Section Reference |
i. |
| |
Definition of Personally Identifiable Information (PII) |
|
Definitions |
ii. |
| |
Disclosure of Customers’ Information |
|
VII (d) |
iii. |
| |
Outsourcing Outside Pakistan |
|
IX (a) |
iv. |
|
X (a) and X (b) |
| v. |
| |
Information Technology Outsourcing |
|
XIV (d) |
| vi. |
| |
Insourcing of Card production Activity |
|
4 (a) of Annexure-A |
| vii. |
| |
Insourcing of Data Centre and DR site |
|
7 (d) of Annexure-A |
viii. |
| |
Insourcing of Information Technology & Systems Audit |
|
10 (d) of Annexure-A
|
|
4. Henceforth, all new outsourcing arrangements by FIs shall be governed under the above amended provisions of framework with immediate effect.
5. All other instructions of the subject framework shall remain the same.
6. Please acknowledge receipt.
|
Encls: Annexure “I” Revised Instructions-I
Annexure “II” Updated Framework for Risk Management in Outsourcing Arrangement by FIs
|
Yours truly,
sd/-
(Muhammad Akhtar Javed)
Director
|
|
|
|