OUTSOURCING REQUIREMENTS PRUDENTIAL GUIDELINE NO.11

Prudential Guideline No. 11

Applicability

1. The Prudential Guideline is applicable to financial institutions licensed or deemed licensed by the Central Bank of Solomon Islands (CBSI).

Purpose of Prudential Guideline

2. The Prudential Guideline aims to provide Financial Institutions (FIs) with minimum framework for managing Outsourcing arrangements. The guideline requires that all Outsourcing arrangements involving Material Business Activities entered into by FIs must be subject to appropriate pre-contractual arms-length due diligence assessments, Board or Proxy Board approval, and regular monitoring and services delivery quality and satisfaction review during the contractual period.

3. It is the responsibility of the Board or Proxy Board of FI to ensure that the FI has adequate Outsourcing policies and procedures to mitigate all inherent risks relating to all Outsourcing arrangements.

4. The key requirements of this Prudential Guideline are that a financial institution (FI) must:

a.  have adequate Outsourcing policies and procedures in place prior to outsourcing its Material Business Activities. Such policies and procedures must, in the case of a locally incorporated financial institution or a subsidiary of a foreign incorporated financial institution, be approved by its Board of Directors and, in the case of a branch of a foreign incorporated financial institution, by its Proxy Board of Directors, relating to outsourcing of material business activities;

b.  have sufficient monitoring processes in place to manage the Outsourcing of Material Business Activities;

c.  have a legally binding agreement in place for all outsourcing of Material Business Activities;

d. consult with and obtain a no objection from CBSI prior to entering into agreements to Outsource Material Business Activities to all external service providers; and,

e. notify CBSI after entering into agreements to outsource Material Business Activities.

Definitions

5. As used in this Prudential Guideline the following terms, unless otherwise clearly indicated by the context, have the meanings specified below.

A Material Business Activity”- means an activity that, if disrupted, has the potential, to significantly impact the operation, reputation, and or the profitability of the FI.

“Business Continuity Plan”- means a financial institution’s risk management strategy for threats that may terminate or significantly disrupt core business activities. It involves mitigating activities and contingency planning for response and recovery actions.

Country Head”- means a Chief Executive Officer, a Country Manager, a General Manager, or any similar designation accorded to an officer who heads the branch of a foreign financial institution in Solomon Islands.

“Offshoring”– means the outsourcing by an FI of a Material Business Activity to a service provider where the outsourced activity is to be conducted outside Solomon Islands. Offshoring includes arrangements where the service provider is incorporated in Solomon Islands, but the physical location of the outsourced activity is outside Solomon Islands.

“Outsourcing”– means the involvement of an FI entering into an arms-length arrangement with a service provider, either onshore or offshore to perform, on a continuing basis, a business activity that currently is, or could be, undertaken by the FI itself.

“Proxy Board”– means the Country Head of a branch of a foreign incorporated financial institution.

“Senior Management”– means the Country Head and senior departmental managers of the FI.

“Service Provider”– means a third party or an entity that is undertaking the outsourced activities on behalf of the FI.

The role of Board and Proxy Board of Directors

6. It is the responsibility of the Board of Directors, the Proxy Board of Directors, and the Senior Management of FIs to ensure that adequate risk mitigation practices are in place for the effective oversight and management of outsourcing arrangements.

7. The Board and Proxy Board of Directors of FIs must appoint a Committee to :

a. review risk management practices and policies for outsourcing;

b. regularly review quality of outsourcing services received and compliance with the outsourcing policy;

c. regularly review reports on outsourcing arrangements;

d. ensure that audit function covers any outsourcing arrangements and that auditors report on compliance with the outsourcing policy.

e. ensure that the Board or Proxy Board approved policy on Outsourcing is being followed at all times. This includes the tender and due diligence processes, evaluating the Outsourcing options and making recommendation to Senior Management and the Board or Proxy Board; and

f.  make recommendations endorsing or refusing the outsourcing of Material Business Activities based on a detailed Business Case outlining the potential costs, benefits and risks associated with Outsourcing arrangement that they receive.

8. Senior Management of the FI must:

develop a risk management framework for outsourcing arrangements that reflects the Board and Proxy Board of Directors approved policy;

establish and implement an oversight process that ensures that outsourcing arrangements, and outsourcing of Material Business Activities in particular are reported to the Board or Proxy Board of Directors prior to implementation;

ensure that, for each outsourcing arrangement, there is a formal evaluation service provider, that a contract with appropriate service level agreements (SLAs) is in place, and that confidentiality provisions and security needs are adequately addressed;

ensure that appropriate reporting channels and regimes are in place, including to the Board and Proxy Board of Directors and the CBSI, to enable effective management and control of outsourcing arrangements and to identify potential problems at an early stage;

ensure that the audit function regularly reviews performance under the outsourcing arrangements; and

ensure that the FI and the Service Provider comply with the applicable taxation laws of Solomon Islands, particularly withholding tax requirements.

9. For branch offices operating in Solomon Islands, responsibility for Outsourcing Material Business Activity lies with the Proxy Board or Country Head and appropriate delegated Committee for Outsourcing activities.

Outsourcing Policy

10. The Board or Proxy Board of Directors approved outsourcing policy must address all risks associated with outsourcing, including managing and monitoring the outsourcing arrangement, selecting a qualified Service Provider, structuring the outsourcing agreement (including contracts and service level agreements (SLAs), and establishing appropriate Business Continuity Plans, including exit strategies.

Due Diligence

11. The due diligence process must be undertaken prior to any final decision being made as to whether to outsource a Material Business Activity. This should address all material factors that would impact on the potential Service Provider’s ability to perform the business activity. The due diligence process should, as a minimum, assess the financial ability, technical ability and capacity of the Service Provider to deliver the required services. The evaluation process would include an assessment of the Service Provider’s control framework, covering performance standards, policies, procedures, compliance, reporting and monitoring processes.

12. The due diligence assessment should, at the minimum, consider the following:

a. Reputation of Service Provider;

b. An assessment on the ability and reliability of the Service Provider in providing the outsourced activity;

c. Track record of Service Provider;

d. An assessment of whether the Service Provider is directly or indirectly related to the FI;

e. An assessment on whether the Service Provider has arrangements with competitors;

f. An assessment on perceived or potential conflict of interest between the Service Provider, Board of Directors, Proxy Board of Directors, and Senior Management of FIs; and

g. Any other issues deemed appropriate.

Business Continuity Planning

13. Where a Material Business Activity is outsourced, the FI must ensure that its Business Continuity Plan outlines the procedures to be followed in the event that the Service Provider is unable to fulfil its obligations under the outsourcing agreement.

Outsourcing to External Service Providers

14 Where a Material Business Activity is outsourced to external service providers, the FI must;

  1. ensure that the selected third party service provider is sufficiently skilled and equipped to undertake the functions outsourced to them;
  2. ensure that offshoring arrangements are documented in a legally binding agreement;
  3. ensure that the offshored arrangements are appropriately monitored and the FIs business continuity plan addresses any loss incurred by that arrangement;
  4. notify CBSI that a Material Business Arrangement has been offshored;
  5. provide an annual report of all arrangements offshored in the last financial year; and
  6. consult and obtain a no objection from CBSI within 30 calendar days prior to outsourcing a Material Business Activity to all external service providers and ensure applications for non-objection are managed within arm’s length.

The Outsourcing Agreement

15. Each Outsourcing arrangement must be contained in a documented legally binding agreement. The agreement must be signed by all parties to it before the Outsourcing arrangement commences.

16. At a minimum, the agreement must address the following matters:

  1. the scope of the arrangement and services to be supplied;
  2. commencement and end dates;
  3. review provisions;
  4. pricing and fee structure;
  5. service levels and performance requirements;
  6. the form in which the data is to be kept and clear provisions identifying ownership and control of the data;
  7. reporting requirements, including content and frequency of reporting;
  8. audit and monitoring procedures;
  9. business continuity management;
  10. confidentiality, privacy, and security of information;
  11. default arrangements and termination provisions;
  12. dispute resolution arrangements;
  13. liability and indemnity;
  14. sub-contracting;
  15. insurance; and
  16. to the extent applicable, Offshoring arrangements (including through subcontracting)

17. An FI that outsources a Material Business Activity must ensure that its Outsourcing agreement includes an indemnity to the effect that any subcontracting by a Service Provider of the outsourced function will be the responsibility of the Service Provider, including liability for any failure on the part of the sub-contractor.

18. Where:

  1. An FI invokes its Business Continuity Plan as the result of an unexpected event; or
  2. there is a sudden financial or operational failure of an existing service provider, and, as a result, enters into a new outsourcing agreement, the FI must notify the Central Bank of Solomon Islands (CBSI) as soon as practicable of any such outsourcing arrangement.

Management and Control of the Outsourcing Relationship

19. Any FI that undertakes a material outsourcing arrangement must put in place procedures to monitor and control outsourcing risk in accordance with the Board and Proxy Board approved policy. The actual reporting framework, to both the Board, Proxy Board, and senior management, should reflect the size and nature of the arrangements. Importantly, accountability for managing the outsourcing arrangement should be specifically assigned to an individual or team/committee. This ensures that there is likely to be continued focus on the outsourcing arrangement.

  1. An FI invokes its Business Continuity Plan as the result of an unexpected event; or
  2. there is a sudden financial or operational failure of an existing service provider, and, as a result, enters into a new outsourcing agreement, the FI must notify the Central Bank of Solomon Islands (CBSI) as soon as practicable of any such outsourcing arrangement.

20. The Board, Proxy Board, responsible Committee, and Senior Management must receive regular reports on outsourcing activities. Any material problems with Outsourcing should be brought to the attention of these parties.

21  This monitoring process could involve the use of internal (or, where considered relevant, external) audit to ensure compliance with outsourcing policies and procedures. The audit function can be used to:

  1. ensure compliance with risk management policies and procedures;
  2. ensure appropriate internal controls are in place; and
  3. ensure that reporting is adequate, accurate and timely.

22. The FI should ensure that records held by the Service Provider are adequate for audit trail purposes and that those records held by the Service Provider are readily available at all times to the FI and, where necessary to the CBSI.

External Audit

23. Where considered appropriate, the CBSI may, after consultation with the FI, request a FI’s external auditor or other suitable external experts to provide an assessment of the risk management processes in place with respect to the outsourcing arrangement. This could cover areas such as IT systems, data security, internal control frameworks and business continuity plans, among others. Such reports will be paid for by the FI and would be made available to the CBSI.

Reporting

24. The Board, Proxy Board, responsible Committee or Senior Management should report to the CBSI any material problems with outsourcing arrangement including requirements of paragraph 18.

Enforcement and Corrective Measures

25. A financial institution, which fails to comply with the requirements contained in this Prudential Guideline or to submit certain reports to the CBSI, which are materially inaccurate, will be considered in breach of this guideline and therefore, may be subject to a monetary penalty.

26. The CBSI may pursue any or all corrective measures as provided in section 16 of the Financial Institutions Act 1998 (as amended) to enforce the provisions of this Prudential Guideline including:

  1. Issuance of an order to cease and desist from the unsound and unsafe practices and
  2. Action to replace or strengthen the management of the financial institution.

Effective Date

27. The effective date of this Prudential Guideline is December 1. 2017. Issued this 31st day of October 2017

 

 

 

Schedule I

Risk WeightOn-Balance Sheet Asset Category
0%(a) Notes and coin (including foreign cash);
(b) Gold bullion held in the financial institution’s own vaults or on an allocated basis to the extent backed by gold bullion liabilities;
(c) All claims on the central Government of the Solomon Islands other than Restructured Bonds;
(d) Balances with and claims on the Central Bank of Solomon Islands;
(e) All claims on central Governments and central banks of other countries, which are denominated in the national currency and funded in that currency;
(f) Loans and other claims, or portions thereof, secured by cash on deposit with the lending bank or guarantees [guarantee agreements must be in writing and provide for the direct, explicit, irrevocable and unequivocal repayment of all principal and interest.] or securities issued by central banks and governments as above.
20%
(a) Claims on depository institutions [depository institutions means those financial institutions licensed, among other things, to accept deposits of money withdrawable or payable upon demand. Depository institutions specifically exclude credit corporations] (including cash items in the process of collection) in the Solomon Islands;
(b) Claim on Provincial Governments;
(c) Claims on Central Government of Solomon Islands on Re-structured Bonds;
(d) Claims on international banking agencies and regional development banks;
(e) Claims on depository institutions incorporated in other countries with a residual maturity of less than one year.
50%
(a) Loans to individuals fully secured by a properly registered mortgage on residential property that is occupied by the borrower, or that is rented for residential purposes but excluding any such loans where the loan proceeds have been used by the individual to finance business, investment or other interests/activities.
100%(a) Premises, sites equipment and other fixed assets;
(b) Operating leases covering plant and equipment, etc.;
(c) Equity investments and capital instruments issued by entities other than license financial institutions;
(d) Loans to individuals and corporations (but excluding qualifying residential mortgage loans as above) unless such loans are past due 90 days or more for the payment of principal or interest and are not otherwise fully secured by cash on deposit with the lending bank or guarantees or securities issued by a central bank or government as above shall be risk-weighted as follows:
i. 150% risk-weight when specific provisions against such loans are less than 20% of the outstanding principal balance of the loans;
ii. 100% risk-weight when specific provisions against such loans are more than 20% of the outstanding principal balance of the loans;
(e) All other assets and claims not included elsewhere.

Note

Claims secured or collateralized by National Provident Fund benefits, insurance contracts, put options, forward sales contracts, bank paper, securities issued by the private sector are not considered to be covered by eligible collateral or guarantees and should be risk weighted according to the weight applicable to the original counter-party.

Schedule II

Credit
Conversion
Factor		Off-Balance Sheet Items
100%Direct Credit Substitutes:
(a) Guarantees of indebtedness where the financial institution undertakes to meet financial obligations of a counter-party which fails to do so.
(b) Standby letters of credit serving as a financial guarantee.
(c) Bills endorsed and rediscounted (including Bankers’ Acceptances)
20%Trade and Performance Related Contingent Items:
(a) Documentary letters of credit secured against underlying shipment of goods.
(b) Warranties, bid bonds, indemnities, performance bonds related to particular non-monetary obligations.
100% (a)

0% (b i)

20% (b ii)

50% (b iii)		Commitments:
(a) Commitments with certain drawn down.
(b) Other commitments:
i. which can be unconditionally cancelled at any time without notice [in determining whether a commitment can be unconditionally cancelled at ay time without notice “material adverse change” clauses or any other similar provisions which are intended to relieve a financial institution of its obligations under certain conditions should be disregarded] (e.g. unadvised, non-confirmed overdrafts, credit card facilities) and where the facility provides for review at least annually;
ii. with a residual maturity of one year or less which are not unconditionally cancelable at any time without notice;
iii. with a residual maturity of more than one year which are not unconditionally cancelable at any time without notice
2%
5%
3%		Foreign Exchange Contracts [gross contracts outstanding for the purchase and sale of foreign exchange]:
(a) Original maturity of one year or less;
(b) Original maturity of more than one year but less than 2 years:
(c) For each additional year or portion thereof.