Framework for Risk Management in Outsourcing Arrangements by Financial Institutions
December 17, 2019
5934
The Presidents/Chief Executives,
All Banks/DFIs/Microfinance Banks
Dear Sir/Madam,
Framework for Risk Management in Outsourcing Arrangements by Financial Institutions
Please refer to BPRD Circular No. 06 dated June 20, 2017 on ‘Framework for Risk Management in Outsourcing Arrangements by Financial Institutions’.
Since the issuance of above framework, FIs are increasingly using third party service providers including group companies to carry out various activities, functions and processes under the ambit of this framework. Consequently, it has increased risk profile of FIs due to their dependence on third parties and group companies.
State Bank of Pakistan, with the objective to further facilitate the FIs for outsourcing with third parties including group companies and effectively manage the risks arising out of these arrangements, has revised following sections of the "Framework for Risk Management in Outsourcing Arrangements by Financial Institutions":
Sr#
Subject
Section Reference
i.
Definition of Personally Identifiable Information (PII)
Definitions
ii.
Disclosure of Customers’ Information
VII (d)
iii.
Outsourcing Outside Pakistan
IX (a)
iv.
Group Outsourcing
X (a) and X (b)
v.
Information Technology Outsourcing
XIV (d)
vi.
Insourcing of Card production Activity
4 (a) of Annexure-A
vii.
Insourcing of Data Centre and DR site
7 (d) of Annexure-A
viii.
Insourcing of Information Technology & Systems Audit
10 (d) of Annexure-A
Henceforth, all new outsourcing arrangements by FIs shall be governed under the above amended provisions of framework with immediate effect.
All other instructions of the subject framework shall remain the same.