Currently outsourced service providers (OSPs) are hired by individual institutions and subject to those institutions' due diligence and service control audits, the ABS said. The new rules, which also cover any sub-contractors of OSPs, cover three main areas: entity-level controls; general IT controls; and service controls.
Entity level controls cover human resource policies and practices, management philosophy and operating style, while general IT controls address any situation where information technology is outsourced. Service controls aims to make sure that OSPs meet contractual and service level agreements, the ABS said.
Ong-Ang Ai Boon, director of ABS said: "Outsourcing continues to be prevalent in the business landscape of banks. To ensure that the same level of governance, rigour and consistency apply whether the business function is performed in-house or outsourced, we came together to establish these baseline standards that will assure financial institutions – and ultimately, consumers – of the integrity and effectiveness of their OSPs’ internal controls."
The initiative aims to raise the level of compliance standards among OSPs while reducing the industry’s compliance costs, she said.
"It reduces the number of control audits the OSPs will be subjected to. At the same time this would differentiate them from the regional and global market," she said.
OSPs have a year to adopt the guidelines, and the first audit under the new framework will be conducted in the second half of next year, Ong-Ang told Asia One Business.
Each OSP will only have to conduct an audit once a year to meet the baseline controls, and clients can then refer to that audit report, she said.
The Monetary Authority of Singapore began consulting on updated outsourcing rules for the financial services industry in September 2014.
Singapore-based Bryan Tan of Pinsent Masons MPillay, the Singapore joint law venture partner of Pinsent Masons, the law firm behind Out-Law.com said he expects to see the findings of the MAS consultation soon.
"While the MAS guidelines are expected to apply to a wider class of financial institutions, historically, the MAS and ABS would consult each other closely and some level of consistency is to be expected," Tan said.