Outsourcing – Regulated Entities

The Statement of Guidance – Outsourcing Regulated Entities provides detailed guidelines for regulated entities in the Cayman Islands regarding outsourcing arrangements.
The document emphasizes the importance of proper risk management, due diligence, and transparency in outsourcing arrangements. Regulated entities are required to have a policy on outsourcing approved by their governing body and establish clear responsibility for monitoring the conduct of the service provider and outsourced material functions or activities. They must also establish feasible contingency plans in the event that the outsourcing fails and ensure that any limits regarding the level or authority that enables the approval of the outsourcing of material functions or activities are governed by appropriate policies and procedures.
The document also outlines the importance of proper due diligence in assessing service providers, including their human, financial, and technical resources, ability to safeguard confidential information, corporate governance, risk management, and reputation. Regulated entities must also ensure that service providers have proper safeguards in place for the collection, storage, and processing of customers‘ confidential information and to prevent unauthorized access, misuse, or misappropriation.
In addition, the document emphasizes the importance of transparency and communication with the Authority regarding outsourcing arrangements. Regulated entities must notify the Authority in writing of any new outsourcing agreement being signed or terminated, when a material function or activity is being outsourced, and provide pertinent details including the function or service being outsourced, the name of the service provider, the location where the outsourced activity will be carried out, the date of commencement and expiration of the outsourcing agreement, and the main reason(s) for outsourcing the specific function or activity.