MAS issues revised Guidelines on Outsourcing

Morgan Lewis
Contact
LinkedIn
Facebook
X
Send
Embed

Morgan Lewis

Institutions will need to meet deadlines to conduct a self-assessment of existing outsourcing arrangements, rectify identified deficiencies, and put in place measures to mitigate interim risks where a deficiency is significant.

On 27 July 2016, the Monetary Authority of Singapore (MAS) issued revised Guidelines on Outsourcing (Guidelines) after considering the feedback received in connection with its September 2014 public consultation paper (MAS Consultation Paper) that proposed to raise the standards of institutions’ outsourcing risk management practices.

The Guidelines are not legally binding, but MAS will consider an institution’s implementation of the Guidelines in determining the supervisory conduct of the institution’s board and senior management in the areas of governance, internal controls, and risk management.

Key aspects of the Guidelines include the following:

  • The Guidelines apply to outsourcing arrangements with both third-party service providers as well as related group companies.
  • Institutions incorporated in Singapore will need to consider the impact of outsourcing by its branches and any corporation under its control—including those located outside Singapore—regardless of whether they are financial or non-financial related companies.
  • Institutions subject to the Guidelines now include entities that are otherwise exempted from being licensed, approved, registered, or regulated by MAS.
  • Certain additional obligations are imposed only in respect of “material outsourcing arrangements”, such as the need to perform periodic reviews at least annually and to ensure that outsourcing agreements incorporate clauses granting MAS audit and information access.
  • The class of “material outsourcing arrangement” has been expanded to include arrangements involving customer information of which unauthorised access or disclosure, loss, or theft may have a material impact on an institution’s customers.
  • A new section on cloud computing has been added in recognition of the attendant risks of cloud computing similar to other forms of outsourcing arrangements.

Deadlines for Implementation

In implementing the Guidelines, institutions will need to conduct a self-assessment of all existing outsourcing arrangements by 26 October 2016, rectify deficiencies identified in the self-assessments by 26 July 2017, and put in place measures to mitigate interim risks where a deficiency is significant.

A MAS Notice on Outsourcing, which will define a set of minimum standards for outsourcing management, will be issued at a later date.

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Morgan Lewis | Attorney Advertising

Written by:

Morgan Lewis
Morgan Lewis
Contact
more
less

PUBLISH YOUR CONTENT ON JD SUPRA NOW

  • Increased visibility
  • Actionable analytics
  • Ongoing guidance

Morgan Lewis on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide