Home   Browse contents   View updates   Search  
     Quick search
Go
   

Dubai Financial Services Authority (DFSA): Contents

Dubai Financial Services Authority (DFSA)
Laws
Rulebook Modules
Prudential — Investment, Insurance Intermediation and Banking Module (PIB) [VER33/02-19]
Sourcebook Modules
Consultation Papers
Policy Statements
DFSA Codes of Practice
Amendments to Legislation
Media Releases
Notices
Financial Markets Tribunal
Archive

BackText onlyPrint

You need the Flash plugin.

Download Macromedia Flash Player



  • PIB 6.8.1

    An Authorised FirmG must establish and maintain appropriate systems and controls to manage its outsourcing risk.

    Derived from RM111/2012 (Made 15th October 2012). [VER20/12-12]

    • PIB 6.8.1 Guidance

      1. GENG RulesG GEN 5.3.21 and GEN 5.3.22 set out the DFSAG requirements on outsourcing by Authorised FirmsG . This section complements the requirements in the GENG module and contains guidance on managing the Operational RiskG associated with outsourcing arrangements.
      2. The assessment of outsourcing risk at an Authorised FirmG may depend on several factors, including the scope and materiality of the outsourced activity, how well the Authorised FirmG manages, monitors and controls outsourcing risk (including its general management of Operational RiskG ), and how well the service provider manages and controls the potential risks of the operation.
      3. Factors that an Authorised FirmG should consider in establishing outsourcing arrangements include the following:
      a. the financial, reputational and operational impact on the Authorised FirmG of the failure of a service provider to perform adequately the activity;
      b. potential losses to an Authorised Firm'sG customers and counterparts in the event of a service provider failure;
      c. the consequences of outsourcing the activity on the ability and capacity of the Authorised FirmG to conform with regulatory requirements and changes in such requirements;
      d. the interrelationship of the outsourced activity with other activities within the Authorised FirmG ;
      e. the cost associated with the outsourcing;
      f. any affiliation or other relationship between the Authorised FirmG and the service provider;
      g. the regulatory status of the service provider;
      h. the degree of difficulty and time required to select an alternative service provider or to bring the business activity in-house, if necessary;
      i. the complexity of the outsourcing arrangement. For example, the ability to control the risks where more than one service provider collaborates to deliver an end-to-end outsourcing solution; and
      j. any data protection, security and other risks which may be adversely affected by the geographical location of an outsourcing service provider. To this end, Specific RiskG management expertise in assessing country risk related, for example, to political or legal conditions, could be required when entering into and managing outsourcing arrangements that are taken outside of the home country.
      Derived from RM111/2012 (Made 15th October 2012). [VER20/12-12]