Office of the Superintendent of Financial Institutions
In March 2009, the Office of the Superintendent of Financial Institutions (OSFI) issued its revised Guideline B-10 "Outsourcing of Business Activities, Functions and Processes". This Guideline sets out OSFI’s expectations for federally regulated financial institutions (FRFIs) that outsource, or contemplate outsourcing, thereby assisting FRFIs with the design of an appropriate outsourcing risk management program.
Information technology plays a very important role in the financial services business and OSFI recognizes the opportunities and benefits that new technology-based services such as Cloud Computing can bring; however, FRFIs should also recognize the unique features of such services and duly consider the associated risks.
As such, and in light of the proliferation of new technology-based outsourcing services, OSFI is reminding all FRFIs that the expectations contained in Guideline B-10 remain current and continue to apply in respect of such services. In particular, FRFIs should consider their ability to meet the expectations contained in Guideline B-10 in respect of a material arrangement, with an emphasis on i) confidentiality, security and separation of property, ii) contingency planning, iii) location of records, iv) access and audit rights, v) subcontracting, and vi) monitoring the material outsourcing arrangements.
OSFI considers the management of outsourcing risks important to ensuring that FRFIs continue to be managed prudently and OSFI will be monitoring this issue as part of its ongoing supervisory work.
Further questions can be directed to Emiel van der Velden (Regulation Sector) at Emiel.firstname.lastname@example.org or Brian Kogan (Supervision Sector) at Brian.Kogan@osfi-bsif.gc.ca.