In this month’s legal update, we provide an overview of the new Bank of Tanzania Outsourcing Guidelines for Banks and Financial Institutions, 2021 (the Guidelines) which were published on 17 June 2021. The Guidelines apply to all outsourcing arrangements entered into by banks or financial institutions and disapply the Outsourcing Guidelines of 2008.
In summary the Guidelines introduce additional technical monitoring and control of outsourced activities and set out the powers that the Bank of Tanzania (the Bank) has in terms of enforcing the Guidelines.
Key definitions under the Guidelines:
- Outsourcing means an arrangement whereby a bank or financial institution receives goods or services from another entity that form part of the business processes and which are necessary to support the provision of banking or related financial services.
- Service provider means the supplier of goods or services who may be a related entity or independent third party.
There are 9 Parts to the Guidelines, each of which relate to a separate topic on outsourcing.
Part I of the Guidelines provides an introduction as to what activities can be outsourced. Particularly, Guideline 6 provides the classification of strategic activities and non-strategic but material activities. Strategic activities are activities compatible with the managers’ obligation to run the institution under their own responsibility and include strategic oversight, risk management and strategic control, while non-strategic but material activities mean activities of such importance that any weakness or failure in the provision of those activities can have a significant effect on the bank’s or financial institution’s ability to meet its regulatory responsibilities or to carry on its business.
Guideline 7 sets out a requirement to obtain prior written approval from the Bank before planning material outsourcing and also sets out the Bank’s criteria on evaluating these outsourcing requests. It is important to note that Guideline 8 defines material outsourcing arrangements as those, which if disrupted, have the potential to significantly impact the business operations, reputation or profitability of a bank or financial institution. The Bank will consider a number of factors when determining whether the outsourcing arrangement will be material. These include, but are not limited to:
- the level of importance to the bank or financial institution of the activity being outsourced;
- the likely impact on the bank’s or financial institution’s reputation and brand value, and ability - to achieve its business objectives, strategy and plans, should the service provider fail to deliver the service; and
- the cost of the outsourcing arrangement as a proportion of total operating costs of a bank or financial institution.
Part II of the Guidelines sets out the assessment of outsourcing arrangements, specifically the factors to be considered when making the assessment, the strategic activities that are not to be outsourced, and the activities that must not be considered as outsourcing. Notably, Guideline 10 provides more clarity on the activities that should not be outsourced. These are:
- core management functions such as corporate planning, organisation, management and control and decision-making functions;
- determining compliance with Anti-Money Laundering and Combating of Financing of Terrorism and Know Your Customer (KYC) norms for opening accounts;
- decisions on whether to grant credit;
treasury functions;
- risk management and compliance functions;
- activities considered illegal under any Tanzanian law; and
- having primary data centres outside Tanzania.
Part III of the Guidelines sets out the requirements for outsourcing policies and contracts, which are needed to set up outsourcing arrangements. Pursuant to Guidelines 14 and 15, these must be approved by the Bank before their implementation. The minimum policy requirements under Guideline 13 are consistent with the Outsourcing Guidelines of 2008. However, there are more outsourcing contract requirements under Guideline 17, the effect of which increases the Bank’s role in the monitoring of all outsourcing arrangements.
Part IV of the Guidelines discusses the duties and responsibilities of banks or financial institutions. This includes the duties of the Board of Directors and the management of a bank or financial institution in relation to outsourcing arrangements to ensure that the risks associated with the same are being adequately managed.
The remaining Parts of the Guidelines are new and were not included in the Outsourcing Guidelines of 2008. The first of these is Part V of the Guidelines which discusses the much-needed evaluation of service providers and sets out their required conduct, which is to be ensured by the bank or financial institution.
In addition, Part VI of the Guidelines requires that a bank or financial institution must ensure that its service providers have created and regularly test a Business Continuity Management framework and a Disaster Recovery Plan. This is necessary to mitigate any risks associated with outsourcing to service providers, including the safeguarding of confidential information, documents, records, and other assets, as well as the appropriate contingency actions which may need to be taken if there is an emergency.
Part VII of the Guidelines provides for the bank or financial institution’s monitoring and control of its outsourcing activities. Guideline 34 requires that there be a central record of all outsourcing for review by the bank or financial institution’s senior management. The bank or financial institution must also assess, review and audit their risk management practices and their compliance with the requirements of the Guidelines.
Part VIII of the Guidelines sets out the transfer pricing methodologies that a bank or financial institution may use. Transfer pricing refers to the price for which goods or services are exchanged between divisions of the same company. As per Guideline 38, the transfer price should not differ from the prevailing market price. If a bank or financial institution would like to engage in intra-group outsourcing, the Guidelines require that it adopts a reasonable transfer pricing framework that is consistent with the Transfer Pricing Regulations issued by the Tanzania Revenue Authority. Furthermore, Guideline 40 provides that the bank or financial institution should clearly state and evidence its transfer pricing framework to the Bank when seeking approval for outsourcing. According to Guideline 41, if the transfer pricing methodologies of a bank or financial institution do not reflect the market prices, the Bank has the right to intervene.
Lastly, Part IX of the Guidelines discusses the penalties and sanctions that may be imposed by the Bank should any of the provisions of the Guidelines be contravened. These include:
- civil money penalty on the banking institution or directors, officers or employees responsible for non-compliance in such amounts as may be determined by the Bank;
- prohibition from engaging in outsourcing arrangements;
- suspension of access to the credit facilities of the Bank;
- suspension of lending and investment operations;
- suspension of capital expenditure;
- suspension of the privilege to accept new deposits;
- suspension from office of the defaulting director, officer or employee;
- disqualification from holding any position or office in any banking institution in Tanzania; and
- revocation of banking licence.
We hope this information has been useful. Should you require further information, please do not hesitate to contact us.
Clyde & Co LLP accepts no responsibility for loss occasioned to any person acting or refraining from acting as a result of material contained in this summary. Further advice should be taken before relying on the contents of this summary.
--
Read the original publication at Clyde & Co.