The Australian Prudential Regulation Authority recently issued a draft prudential standard for Authorized Deposit-taking Institutions (ADIs), together with a draft guidance note. These measures aim to ensure that ADI outsourcing arrangements are subject to appropriate due diligence and continuous monitoring.
The proposed outsourcing standard will apply to all ADIs that consider outsourcing a material business activity. A material business activity is one which, if disrupted, has the potential to impact significantly on the ADI's business activity, reputation or profitability. Existing arrangements will only be affected once they become due for renewal.
The Authority places a high priority on extending the standard to all institutions under its supervision, in particular the superannuation and insurance sectors. This harmonization was recommended in the latest federal government issues paper on the superannuation industry.
Key features of standard
Senior management and the board of the ADI should have a formal policy covering outsourcing requirements and recognize that outsourcing does not shift accountability for the business activity to the service provider. A risk management framework should also cover topics ranging from the preparation of a business case for outsourcing to the approval process and factors to be included in the agreement.
An ADI must notify the Authority prior to entering any outsourcing arrangements and detail proposed risk mitigation strategies. This allows for verification that due diligence has been done. Proposed minimum contract requirements include contract management, performance requirements, dispute resolution mechanisms and allowing the Authority to access documentation and the service provider's site. There would be a continuing obligation to notify the Authority of any significant matters under the agreement.