Outsourcing of Business Activities, Functions and Processes

Document Properties

  • Type of Publication: Letter
  • Date: March 11, 2009
  • Reference: Guideline for Banks / BHC / FBB / T&L / Co-op / Life / P&C / Fraternals
  • To:
    • Banks
    • Bank Holding Companies,
    • Foreign Bank Branches,
    • Federally Regulated Trust and Loan Companies,
    • Federally Regulated Cooperative Credit Associations,
    • Federally Regulated Life Insurance Companies and Fraternal Benefit Societies,
    • Federally Regulated Property and Casualty Insurance Companies,
    • Insurance Holding Companies

OSFI has released a final revised version of Guideline B-10, Outsourcing of Business Activities, Functions and Processes, which sets out OSFI’s expectations for federally regulated entities (FREs) that outsource or contemplate the outsourcing of one or more of their business activities to a service provider.

On April 20, 2007, as a result of the coming into force of Bill C-37, the need for a federally regulated entity no longer needs to obtain the approval of the Superintendent to maintain and process outside Canada information or data relating to the preparation and maintenance of certain corporate, accounting and customer records. The revisions to Guideline B-10 primarily reflect the repeal of this approval requirement, or are otherwise designed to clarify OSFI’s expectations.

The Guideline includes, among others, the following revisions from the December 2003 Guideline.

  1. The Guideline provides FREs with a transition measure to bring outsourcing arrangements that are obtained as part of an acquisition by the FRE into compliance with the Guideline.
  2. The Guideline clarifies the expectation that, as part of the FRE’s materiality test, a FRE would need to consider the potential influence on the FRE of multiple outsourcing arrangements with a single service provider.
  3. The Guideline clarifies the expectation that the FRE should ensure that the service provider regularly tests its business recovery system as it pertains to the outsourced activity, and that the FRE should ensure that a service provider addresses any material deficiencies. The Guideline further adds that a FRE may be asked by OSFI to provide a summary of the test results that pertain to the outsourced activity.
  4. The Guideline clarifies that the FRE will receive a notice from OSFI if OSFI chooses to exercise its audit rights. In addition, the Guideline sets out that OSFI would share any findings with the FRE, where appropriate.
  5. The Guideline includes a standardized template for a centralized list that FREs could use to summarize all material outsourcing arrangements.
  6. The Guideline clarifies OSFI’s expectation that the FRE’s review of the service provider’s ability to continue to deliver the service, in the manner expected, be commensurate with the level of risk involved. The Guideline further adds that, as part of this review, a FRE could include an assessment of the service provider’s circumstances, including the reliance on, and performance of, significant subcontractors.
  7. Any references to the requirement for Superintendent approval to maintain and process outside Canada information or data relating to the preparation and maintenance of certain corporate, accounting and customer records have been removed to reflect the repeal of this approval requirement.

OSFI does not expect the revised Guideline will necessitate changes to existing contracts that a FRE has in place with service providers, or substantive amendments to policies and procedures. As such, no new transition period is suggested for compliance with the revised Guideline.

Questions with respect to the Guideline should be addressed to Emiel van der Velden at (613) 998-7479 or by e-mail at emiel.vandervelden@osfi-bsif.gc.ca. This version of the Guideline supersedes the December 2003 Guideline.

  • Robert Hanna
  • Assistant Superintendent
  • Regulation Sector