Acts Online
GT Shield

Financial Advisory and Intermediary Services Act 2002 (Act No. 37 of 2002)

Determinations

Determination of Fit and Proper Requirements for Financial Services Providers, 2017

Chapter 5 : Operational Ability

39. Outsourcing of functions to a person other than a representative of the FSP

 

(1) An FSP must exercise due skill, care and diligence when entering into (including the selection process), managing or terminating any arrangement for the outsourcing to any person other than a representative of the FSP of—
(a) a function that the Act or another law requires to be performed or requires to be performed in a particular way or by a particular person;
(b) a function that is integral to the nature of the financial services for which the FSP is authorised; or
(c) any material important operational function of the FSP.

 

(2) An FSP, where it outsources a function or activity referred to in (1), must—
(a) ensure that the person to whom the function or activity has been outsourced—
(i) has the ability, capacity, and any authorisation required by law to perform the outsourced functions, services or activities reliably and professionally;
(ii) is able to carry out the outsourced services effectively, to which end the FSP must establish methods for assessing the standard of performance of that person;
(b) have a written contract that governs the outsource arrangement and which clearly provides for all material aspects of the outsourcing arrangement, including—
(i) addressing the rights, responsibilities, and service-level requirements of all parties;
(ii) providing for access by the FSP and the Registrar to the person’s business and information in respect of the outsourced function or activity;
(iii) addressing sub-outsourcing; and
(iv) addressing confidentiality, privacy and the security of information of the FSP and clients of the FSP;
(c) properly supervise the carrying out of the outsourced functions, and adequately manage the risks associated with the outsourcing, including any risks to the FSP’s clients;
(d) take appropriate action if it appears that the person may not be carrying out the functions effectively and in compliance with applicable laws and regulatory requirements;
(e) retain the necessary expertise to supervise the outsourced functions effectively and manage the risks associated with the outsourcing;
(f) be able to terminate the arrangement for outsourcing where necessary without detriment to the continuity and quality of its provision of financial services to clients;
(g) establish, implement and maintain a contingency plan for disaster recovery and periodic testing of backup facilities;
(h) have effective access to data related to the outsourced activities, including any data relating to the FSP’s clients, as well as to the business premises of the person; and
(i) ensure that the outsourcing arrangement does not—
(i) compromise the fair treatment of or continuous and satisfactory service to the FSP’s clients; or
(ii) result in key decision making responsibilities being removed from the FSP.