Assessment and Remediation of Outsourcing Arrangements
15 Sep 2016
The Guidance applies to entities regulated by CIMA (with the exception of regulated mutual funds, Excluded Persons under the Securities Investment Business Law and private trust companies) ("Regulated Entities").
One of the key requirements under the Guidance is that CIMA expects Regulated Entities to have assessed their outsourcing risk management and to have addressed any deficiencies in outsourcing policies and arrangements by September 2016.
Regulated Entities are also expected to carry out risk assessments and reviews of their outsourcing arrangements at least annually, and more frequently, subject to the level of risk or materiality of the relevant outsourced functions.
We therefore expect an analysis of compliance with the Guidance to be a focal point of CIMA inspections of Regulated Entities and for CIMA to require remediation in cases of non-compliance.
Although stated as not being exhaustive or prescriptive, the Guidance nevertheless prescribes minimum requirements both as regards a Regulated Entity's governance and the contents of its outsourcing agreements (whether or not they are with related parties) and includes requirements which may not necessarily be common in the course of outsourcing negotiations. For instance, Regulated Entities are expected to ensure that their delegate service providers maintain adequate insurance cover.
Maples and Calder's Regulatory & Financial Services team is able to assist both with a review of a Regulated Entity's outsourcing framework, policies and procedures and to update or draft outsourcing agreements for the purpose of compliance with the Guidance.
For further information, please liaise with your usual Maples and Calder contact or any of the above contacts.
Consultant Cayman Islands
T: +1 345 814 5471
Partner Cayman Islands
T: +1 345 814 5525
Associate Cayman Islands
T: +1 345 814 5318