A revised guideline regarding the outsourcing of business functions provides more clarity in terms of how foreign financial institution branches are expected to manage the risks associated with services provided by the home office or third parties, the Office of the Superintendent of Financial Institutions says.

OSFI has released for comment the new guideline, which sets out its expectations for federally regulated financial institutions that outsource.

Institutions may provide comments until Oct. 15 through their industry associations.

It says the revised guideline has been reorganized and streamlined. Also, financial institutions that obtain services from wholly owned subsidiaries or a federally regulated parent are subject to more flexible expectations.

Institutions are expected to refrain from outsourcing certain internal audit and actuarial services to the external auditor, in accordance with the recent CICA draft auditor independence standard. Institutions will be expected to apply more comprehensive criteria for determining the materiality of outsourcing arrangements and to ensure the robustness of risk management is commensurate with the materiality of the arrangements. They are expected to maintain a centralized list of material outsourcing arrangements and to generally exercise more centralized control over outsourcing. And, in the future, expectations for data processing out-of-Canada applications will be linked the outsourcing guideline.

The transition period for compliance with the revised guideline distinguishes between new and existing outsourcing arrangements. New arrangements will be expected to comply fully within six months of final posting. Existing arrangements will be expected to come into compliance with the contractual expectations of the revised guideline when the documentation relating to the arrangement is substantially amended, renewed or extended, ensuring that institutions are not required to reopen contracts with the service providers.