Exposure Draft on OutsourcingRelease Date: 28 Sep 2017
Bank Negara Malaysia today issued a revised prudential framework on outsourcing arrangements for financial institutions. The framework aims to ensure that risk management practices for outsourcing arrangements remain effective moving forward amid intensification of technological advances in a more globalised and digitised environment.
Concerns over risk associated with outsourcing arrangements have increased in recent years, particularly on cyber-attacks and data security breaches. This has arisen from financial institutions becoming more dependent on technology and more interconnected with the broader and global financial system through shared services and market infrastructure. Robust risk management of outsourcing arrangements is therefore important to protect the critical role of financial institutions in supporting financial intermediation and real economic activities. Further, as the Bank moves towards implementing recovery and resolution planning for the Malaysian financial institutions, over-reliance on service providers may pose significant challenge to the ability of financial institutions to maintain operational continuity of critical functions under conditions of stress.
The proposals in the exposure draft reinforce the Bank’s expectations on broader governance and set out improved processes that must be in place to manage outsourcing arrangements. These include enhanced due diligence on service providers and stronger protection of data confidentiality. The Bank also expects financial institutions to demonstrate that controls over outsourcing risk management arrangements are operating effectively and remain commensurate with risk profiles of financial institution. The revised requirements also ensure the Bank’s continued ability to carry out effective supervisory oversight on financial institutions, including the increasingly complex outsourcing arrangements and concentration to a particular service provider.
The Bank invites written feedback on the proposed regulatory requirements. Responses must be submitted to the Bank by 27 October 2017 to email@example.com.
Further details can be found in the following documents:
© Bank Negara Malaysia, 2017. All rights reserved.