LogoRegulatory Alerts
2022-04-06

Code on Outsourcing of Compliance

The Financial Services Authority of Seychelles issued this binding Code to permit licensees under the Securities and Mutual Fund legislation to outsource their compliance function to qualified, locally resident service providers. Licensees must retain ultimate regulatory responsibility, execute legally binding written agreements detailing service levels and exit strategies, and implement robust data security, confidentiality, and business continuity measures. The framework mandates continuous board oversight, annual compliance monitoring reports submitted to the Authority within one month, and prompt written notification of material changes or provider transitions.

Financial Services Authority Seychelles logo

Seychelles

Financial Services Authority Seychelles

Click to view thumbnail

Code on Outsourcing of Compliance Function FINANCIAL SERVICES AUTHORITY Bois De Rose Avenue P.O. Box 991 Victoria Mahé Seychelles Tel: +248 4380800 Fax: +248 4380888 Website: www.fsaseychelles.sc Email: enquiries@fsaseychelles.sc Version: 29th March, 2022

Page 2 of 20 Table of Contents

  1. Introduction..........................................................................................................................................6 1.1 Enquiries.......................................................................................................................................6
  2. Scope.....................................................................................................................................................6
  3. Definition of Outsourcing.....................................................................................................................6
  4. Rationale for Outsourcing of the Compliance function ......................................................................7
  5. Conditions for Outsourcing..................................................................................................................7
  6. Outsourcing Principles .........................................................................................................................8 Principle 1:............................................................................................................................................8 Principle 2:............................................................................................................................................9 Principle 3:..........................................................................................................................................10 Principle 4:..........................................................................................................................................11 Principle 5:..........................................................................................................................................11 Principle 6:..........................................................................................................................................12
  7. Fit and Proper Requirements.............................................................................................................13 7.1 Reputation, character and reliability.........................................................................................13 7.2 Qualifications and Experience ...................................................................................................13 7.3 Financial Status and Financial Integrity.....................................................................................14
  8. Compliance Audit...............................................................................................................................14
  9. Application for Approval as an outsourced service provider...........................................................15
  10. Notice of intent to outsource Compliance Function by licensee......................................................15
  11. Outsourcing to multiple regulated entities.......................................................................................15
  12. Disclosures..........................................................................................................................................16 Appendix 1..........................................................................................................................................17 Appendix 2..........................................................................................................................................19

Page 3 of 20 Interpretations In this Code – “affiliated entities” means an entity that directly or indirectly controls the licensee or is directly or indirectly controlled by the licensee. This may be a parent or subsidiary company; “applicant” means an individual applying to become an outsourced service provider for entities licensed under the Securities Act, 2007 or the Mutual Fund & Hedge Fund Act, 2008; “Authority” means the Financial Services Authority; “board of directors” means the collective group of appointed directors having the power to act on behalf of the licensee; “capability” means the capacity and the ability of an individual to carry out the compliance function; “CISI” stands for Chartered Institute for Securities & Investment; “competence” means that the individual can apply the knowledge, skills, and experience required in the performance of his/her duties; “compliance function” means the independent function that identifies, assesses, monitors and reports on the licensee’s compliance risk, including the provision of compliance training to members of staff and having the responsibility of ensuring compliance by the licensee with its regulatory obligations; “compliance monitoring program” means a program designed by the licensee to monitor the compliance function being outsourced, the outcome of which is the production of a report reviewing the performance of the outsourced service provider; “core function” means a function that should a weakness in, or failure by the licensee to perform the function arise, would have a significant impact on the licensee’s ability to conduct its operations in a proper manner; “financial status” means the status that indicates whether an individual is in good financial situation or not; “honesty” means acting truthfully; “ICA” stands for International Compliance Association; “integrity” means the soundness of moral character of the individual which establishes trust and provides the basis for reliance on their judgement; “in writing” means notification through the submission of a formal letter, duly dated and signed; “licensee” means a company holding a licence under the Securities Act, 2007 or the Mutual Fund and Hedge Fund Act, 2008;

Page 4 of 20 “material changes” means any change in the Compliance Outsourcing arrangement that significantly affects or is reasonably likely to significantly affect the compliance function or the provision of the outsourcing function, “outsourced service provider” means an individual to which the compliance function may be outsourced”; “outsourcing agreement” means a written agreement setting out the terms and conditions governing the relationships, obligations, responsibilities, rights and expectations of the parties in an outsourcing arrangement; “outsourcing risks” means the risks associated with outsourcing the compliance function to an outsourced service provider. Outsourcing can present risks to data security, including risks to intellectual property and information on strategies and operations; “probity” means the quality of having strong moral principles; “relevant academic qualifications” includes the following and/or any other field as may be deemed relevant by the Authority: (a) Business including international business (b) Accounting (c) Finance (d) Law (e) Compliance “relevant legislations” means: (a) The Financial Services Authority Act, 2013 (b) The Securities Act, 2007 (c) The Mutual Fund and Hedge Fund Act, 2008, and (d) Any other relevant financial services legislations and regulations. “relevant professional qualifications” includes – (a) CISI diploma in Investment Compliance; (b) ICA Diploma in Risk and Compliance and/or any other professional qualifications as may be deemed relevant by the Authority; “relevant working experience” includes working experience in the following and/ or any other field as may be deemed relevant by the Authority: (a) banking (b) legal (c) capital markets (d) collective investment scheme business (e) financial services regulatory

Page 5 of 20 “resident” means an individual who may be absent from Seychelles for a period of not more than twenty-eight (28) consecutive calendar days or a total of eighty-four (84) calendar days in a consecutive twelve (12) month period; “qualified individuals” means individuals deemed to be fit and proper by the Authority to undertake the compliance function of a licensee under section 23 of the Financial Services Authority Act, 2013.

Page 6 of 20

  1. Introduction This Code has been issued under section 33 of the Financial Services Authority Act, 2013 to establish the rules and principles pertaining to outsourcing of the compliance function of a licensee under the Securities Act, 2007 and the Mutual Fund and Hedge Fund Act, 2008. Pursuant to section 23 of the Financial Services Authority Act, 2013, a licensee shall appoint an individual approved by the Authority as its compliance officer who shall oversee the compliance provision of the licensee. The Authority notes that there is a lack of qualified individuals in Seychelles to undertake the compliance function of a licensee. Taking into consideration that compliance is a core function and as an initiative to promote the growth of the Capital Markets and Collective Investment Schemes Sector, this Code, which is legally binding on the licensee, stipulates the requirements to be adhered to for the Authority to approve outsourcing of the Compliance Function. This Code shall be effective as from the 27th January, 2020. 1.1 Enquiries Enquiries on matters related to outsourcing should be forwarded to the Authority: By Post: Director of Capital Markets & Collective Investment Schemes Supervision Financial Services Authority P.O. Box 991 Bois De Rose Avenue Victoria Mahé Republic of Seychelles By e-mail: capitalmarkets.supervision@fsaseychelles.sc Tel: +248 4 380 800 Fax: +248 4 380 888
  2. Scope This document contains guiding principles for outsourcing of the compliance function and guidance notes which further clarifies the requirements of the Authority.
  3. Definition of Outsourcing Outsourcing means an arrangement of any form between a licensee and an outsourced service provider by which the outsourced service provider performs any activity that would otherwise be undertaken by the licensee.

Page 7 of 20 The compliance function is vital to ensure adequate systems and controls for ensuring the licensees compliance with the requirements and obligations of the relevant legislations, codes and guidelines issued by the Authority. 4. Rationale for Outsourcing of the Compliance function The reasons as to why a licensee may wish to outsource its compliance function ranges from reduced cost to the provision of better quality services to clients. In order to achieve these objectives, the licensee may require support in areas where there are deficiencies. This may mean the outsourcing of functions where there is a lack of resources and capability or to allow the licensee to focus on their core business activities. Outsourcing has its benefits associated with it, which may include: • the licensee acquiring specialist skills and knowledge which is lacking in-house; • improved services to clients; • economies of scale; • access to intellectual property such as propriety software; • management has more time to allocate to other core business areas. However, outsourcing may yield a number of risks such as: • loss of in-house capability due to reliance on outsourced service providers; • loss of control of data; • risks to data security; • potential difficulties in monitoring and intervening in standards of service. Despite the inherent risks associated with outsourcing, the Authority acknowledges that there is a lack of suitably qualified individuals within the jurisdiction to undertake this function. In consideration of this deficiency, the Authority will allow for outsourcing of the compliance function to an outsourced service provider. 5. Conditions for Outsourcing Where a licensee opts to outsource its compliance function, the ultimate responsibility and accountability towards regulatory authorities and clients for outsourcing shall remain with the licensee’s board of directors. As such, the licensee should ensure that the outsourced service provider is effectively conducting the Compliance function and the board of directors should continuously monitor the performance of the outsourced service provider in carrying out this fundamental function. The licensee should develop appropriate procedures and policies to ensure compliance with these principles. These procedures and policies should also undergo periodic review by the licensee to ensure its effectiveness and manage any outsourcing risk which may be identified.

Page 8 of 20 The licensee must retain the ability to oversee the outsourced function and ensure the outsourced service providers’ compliance with the relevant regulatory requirements under the legislations, codes and guidelines which may be issued by the Authority. The licensee must ensure that the outsourced service provider to which the compliance function is being outsourced has the expertise and capability to undertake this function effectively. The outsourcing of the compliance function should not, in any way, impair the Authority’s ability to monitor, supervise or regulate the licensee. The outsourcing function shall only be conducted by an outsourced service provider who shall at all times be resident in Seychelles. A licensee cannot outsource this function to an outsourced service provider outside of the jurisdiction. The licensee should inform the Authority of any changes which may occur pertaining to the outsourced function. The licensee will have a period of 7 days after any change to formally notify the Authority in writing. However, in the event of any material changes, the licensee should notify the Authority within 24 hours. If the licensee wishes to change outsourced service providers, prior approval should be sought from the Authority. Lastly, the Authority would like to bring to the attention of its licensees that all costs which may arise with regards to the outsourced function are to be borne solely by the licensee. 6. Outsourcing Principles These principles have been adopted from the Final Report on the Principles on Outsourcing by Markets published by IOSCO in July 2009. It aims to assist the licensee in understanding the appropriate procedures to be undertaken when outsourcing the respective function. Principle 1: The licensee should undertake suitable due diligence in selecting the outsourced service provider to ensure that the outsourced service provider is qualified to undertake the compliance function and conduct ongoing monitoring of its performance. Guidance: The licensee should identify the outsourced service provider proposed to take on the compliance function and conduct the necessary due diligence. The due diligence conducted on the outsourced service provider should:

Page 9 of 20 (a) identify any conflicts of interest which may arise between the licensee and the outsourced service provider by the use of affiliated entities and implement appropriate procedures and policies to manage and mitigate these conflicts. Such policies may include a conflict of interest manual which details the possible conflicts of interest which may arise and the procedures to manage such risks. (b) satisfy the licensee and the Authority that the outsourced service provider has the ability and capability to undertake the outsourcing function effectively. The establishment of proper procedures and processes to monitor the performance of the compliance function by the outsourced service provider is essential. This may include the documentation of the procedures used to assess the outsourced service provider before selection. Given that the compliance function is regarded as being a core function of entities under the purview of the Authority, monitoring of the outsourced service provider by the licensee should be done on a yearly basis. The use of a Compliance Monitoring Program will allow the licensee to conduct internal auditing of the outsourced function and should be developed by the outsourced service provider and approved by the licensee’s board of directors. This program will review the activities conducted by the outsourced service providerto ensure compliance with the relevant legislations and regulations, and will allow for proper monitoring of the outsourced function. A report of the compliance monitoring program must be prepared by the licensee and should be presented to the licensees’ board of director’s annually and submitted to the Authority within 1 month upon completion of the audit exercise In addition, the use of written service level agreements or specific provisions for service level within the outsourcing agreement will provide clarity as to the expected performance of the outsourced service provider and will facilitate ongoing monitoring of the outsourced service provider. Principle 2: There should be a legally binding written contract between the licensee and the outsourced service provider known as the outsourcing agreement. Guidance The outsourcing agreement should include, at a minimum: (a) The responsibilities of the licensee and responsibilities of the outsourced service provider (b) How the responsibilities will be monitored (c) Service standard levels and the process for monitoring performance against the established levels and related penalties (d) Confidentiality of Information (e) Appointment of the outsourced service provider as custodian (if applicable) (f) Responsibilities relating to IT security (g) Fees and Payment arrangements

Page 10 of 20 (h) Liability of the outsourced service provider to the licensee for unsatisfactory performance or other breaches of the agreement (i) Guarantees and indemnities (j) Obligations of the outsourced service provider to provide, upon request, records, information and/or assistance concerning the outsourced compliance function, its auditors and/or relevant authorities (k) Mechanisms to resolve disputes that might arise under the outsourcing arrangement (l) Business continuity provisions (m) Termination of the contract, transfer of information and exit strategies (n) Conflict of interest mechanisms This agreement should stipulate the risk associated with the outsourcing agreements and the appropriate measures available to the licensee to intervene in the performance of the compliance function. In the event of unsatisfactory performance or non-compliance of the outsourced service provider, the licensee should implement appropriate measures to rectify such issues. Principle 3: Appropriate measures should be taken by the licensee to establish and maintain emergency procedures and plans for disaster recovery, with periodic backup facilities. Guidance Risks are inherent to any market operation and appropriate measures and procedures should be put in place in the eventuality of any unforeseen circumstances. The procedure may be outlined in a comprehensive business continuity plan. This document should include: (a) the inherent risks associated with the compliance function (b) measures to mitigate these risks (c) data protection measures to be taken, and (d) procedures to be put in place for cybersecurity In addition to the above, the appropriate steps expected to be implemented include: (i) applying measures to safeguard the security of the licensee and the outsourced service provider’s software being used. (ii) detailing emergency procedures, disaster recovery and contingency plans. This should include the licensee’s responsibility for backing up and protecting data files and regulatory reporting. (iii) the information systems to be used should detail the security requirements to be used including the technical and organizational measure to be taken to protect the licensee and client-related information. The system should properly ensure the privacy of the licensee’s clients. (iv) both the licensee and outsourced service provider should have the right to change or require changes to security procedures and requirements and the circumstances under which such changes might occur.

Page 11 of 20 (v) the licensee should test the critical systems and back up facilities on a periodic basis to ensure the adequate performance of these systems. (vi) the outsourced service provider should report to the licensee’s board of directors any breaches in security that may affect the licensee and its clients within 24 hours and a report of corrective action to be taken should be produced. Principle 4: The necessary procedures should be taken to ensure that information regarding the licensee is kept confidential and secure. Guidance The outsourced service provider in carrying out its compliance function will be exposed to confidential information regarding the licensee. Appropriate measures should be taken to outline the procedures to be taken to protect the licensee’s sensitive information and software. The following steps should be implemented: (a) IT security must protect the privacy of the outsourced service provider’s information as well as for the licensee. (b) The production of a report of corrective action taken in the event of deliberate or accidental disclosures of sensitive information. The disclosure of confidential information may have various negative consequences. The licensee should be mindful of the consequences of such disclosures. Sensitive information should not be disclosed or made public. The licensee should include provisions within the outsourcing agreement made between the two parties with regards to the confidentiality and security of information. The licensee should ensure that appropriate procedures are followed for the disclosure of the outsourced service provider’s information or that of the licensee’s clients as established under the outsourcing agreement. The applicable terms and conditions for disclosure should be also be outlined. Principle 5: Provisions have to be made for the termination of the outsourcing agreement and appropriate exit strategies. Guidance The licensee has the right to exit the outsourcing agreement made with the outsourced service provider. The following conditions have to be outlined with regards to the termination of the agreement.

Page 12 of 20 (a) Termination rights have to be outlined stipulating the different circumstances whether the parties involved may wish to terminate the agreement. This may include cases of insolvency, liquidation, change in ownership or poor performance etc. (b) The minimum period required for the notification of termination to be given to allow for the transition of the licensee’s compliance function to another outsourced service provider or back to the licensee. (c) There should a clear distinction between the ownership of intellectual property consequent to the termination of the outsourcing agreement and the necessary actions to be taken to ensure the transfer of information to the respective party. Appropriate strategies should be devised for managing the transfer of the compliance function back to the licensee or to another outsourced service provider in the case of termination. Principle 6: The licensee should ensure the access of books and records regarding the outsourced function to the Authority, and approved Auditors. The information should be readily available in a prompt manner and kept up to date at all times. Guidance The licensee should ensure all books and records pertaining to the outsourced compliance function are maintained in the jurisdiction. The originals must be kept by the licensee and the obligation is on the licensee to maintain such records. The outsourced service provider may maintain copies of such records. These records must be readily accessible to the relevant Authorities and must be produced upon request. The outsourced service provider must also cooperate with the Authority and any other relevant authorities in connection with the outsourced compliance function and should ensure the provision of any additional information that may be requested. The Authority may conduct inspections as deemed necessary to ensure such records are being maintained by the licensee. The inspections will be in the form of onsite visits to the premises of the licensee. The records maintained should include all information relating to the outsourced compliance function and in addition to the maintenance of physical files, the licensee should also maintain soft copies of these files. In the event of the licensee’s board of directors appointing the outsourced service provider as the custodian of such books and records, the Authority will conduct onsite visits to the premises of the outsourced service provider to ensure these records are maintained properly. The ultimate responsibility lies with the licensee to ensure such records are being properly maintained. During an onsite inspection, either to the licensee’s premise or the premise of the outsourced service provider (in the case of a custodian), the officer, employee and/or board member responsible for overseeing the outsourced compliance function should be present.

Page 13 of 20 7. Fit and Proper Requirements For an applicant to be considered for outsourcing, the Authority must be satisfied that the applicant meets the fit and proper requirements. The Authority exercises judgement and discretion in determining whether applicants are fit and proper, and shall give regards to: (a) reputation, character and reliability; (b) educational or other qualifications or experience having regard to the nature of his application; (c) ability to perform his proposed function competently, honestly and fairly; (d) financial status and financial integrity; 7.1 Reputation, character and reliability The Authority will consider among other things, whether the applicant: (a) has been dismissed or asked to resign from employment; (b) is the subject of any proceeding of a disciplinary or criminal nature, or has been notified of any potential proceedings or investigations which might lead to such proceedings; (c) has been convicted of an offence in Seychelles or elsewhere or is being subject to any pending proceedings which may lead to such a conviction, under any law in any jurisdiction; (d) has been the subject of any complaint made reasonably and in good faith, relating to activities that are regulated by the Authority or under any law in any jurisdiction; (e) has been the subject of an investigation conducted by a regulatory or criminal investigative body; (f) has been untruthful or provided false or misleading information to the Authority or been uncooperative in any dealings with the Authority or any other regulatory authority in any jurisdiction; (g) has been refused any kind of authorisation to carry out a trade, business or profession or has had such an authorisation revoked, withdrawn or terminated, or has been expelled by a regulatory or government body; 7.2 Qualifications and Experience The Authority will consider among other things, whether the applicant: (a) has relevant academic and/or relevant professional qualification; (b) has adequate skills and work experience in compliance or any related field; (c) would have sufficient time and commitment to undertake the proposed duties diligently; (d) has satisfactory past performance or expertise, having regard to the nature of the individual’s previous roles and responsibilities, whether in Seychelles or elsewhere; and (e) whether the individual will be assuming responsibilities that would give rise to a conflict of interest, whether actual or apparent, or otherwise impair the individual’s ability to discharge the proposed duties in relation to any activity regulated by the Authority under the relevant legislation. The Authority may consider applicants that have the following combination of qualifications and experience:

Page 14 of 20 • Relevant academic qualification + 2 years relevant working experience within 4 years immediately prior to application. OR • Relevant professional qualification + 3 years relevant working experience within 5 years immediately prior to application. Applicants that do not have the relevant working experience will not be approved as an outsourced service provider. 7.3 Financial Status and Financial Integrity The Authority will consider among other things, whether the individual: (a) is or has been unable to fulfil any financial obligations, whether in Seychelles or elsewhere; (b) is or has been the subject of a bankruptcy petition, whether in Seychelles or elsewhere; (c) has been adjudicated a bankrupt and the bankruptcy is undischarged, whether in Seychelles or elsewhere; or (d) is or has been subject to any other process outside of Seychelles that is similar to those referred above. 8. Compliance Audit A compliance audit is defined as a comprehensive review of a licensee’s adherence to regulatory guidelines so as to provide an independent opinion or assurance on the degree of compliance. Audit reports evaluate the strength and thoroughness of compliance preparations, security policies, user access controls and risk management procedures over the specified period of a compliance audit. Given that the compliance function is core to the functioning of the licensee, the compliance audit is essential to ensure that the outsourced service provider is performing this function effectively. In addition, Compliance Audit is essential to ensure that although the compliance function is being outsourced to an outsourced service provider, the licensee still retains control over this function. Third party audit of the Compliance Function may be conducted on an ad hoc basis as per the Authority’s request. Such an audit may be requested if there are any potential issues with the outsourcing function or to ensure that the outsourced service provider is conducting this function effectively. The compliance auditor that the licensee wishes to on board must be approved by the Authority. The original audit report must be maintained by the licensee, in accordance with the requirement outlined under Principle 6 and certified true copies should be submitted to the Authority within 3 months from the date the audit report is produced.

Page 15 of 20 9. Application for Approval as an outsourced service provider An outsourced service provider must obtain the Authority’s approval before it can be considered as the compliance officer of a licensee. An individual interested to be an outsourced service provider will have to submit the following documents to the Authority to be vetted against the established minimum requirements. (a) Cover letter1 (b) Personal Questionnaire Form (c) Copy of Gainful Occupation Permit (if applicable) (d) Consent Form for Application to become an approved outsourced service provider (Appendix 1) Upon receipt of a complete application, the Authority will determine whether the applicant can be approved as the outsourced service provider within 3 working days. The Authority will consider each applicant on a case-by-case basis. 10. Notice of intent to outsource Compliance Function by licensee A licensee must notify the Authority of its intent to outsource its compliance function through the submission of a Notice of Outsourcing of Compliance Function (Appendix 2) and propose a person who has been approved by the Authority. Upon receipt of the Notice, the Authority will assess the outsourced service provider’s academic and professional qualifications as well as experience against the nature, size and complexity of the business of the licensee to determine whether the proposed outsourced service provider will be able to conduct the licensee’s compliance function. If the Authority is agreeable with the outsourced service provider proposed by the licensee to conduct its compliance function, the licensee will have to submit the following documents to the Authority: (a) Extract of Resolution of Board of Directors approving the Outsourcing of compliance and the appointment of the outsourced service provider. (b) Certified true copy of the signed Outsourcing Agreement. 11. Outsourcing to multiple regulated entities There is no limit on the number of companies an outsourced service provider can be outsourced to as compliance officer, however, the outsourced service provider must be able to prove to the Authority that it can undertake this function effectively for multiple companies. 1 The cover letter must give a brief description of the applicant and state the specific sector to which the applicant wishes to provide its outsourcing services.

Page 16 of 20 To make this determination, the licensee will have to submit the Notice of Outsourcing of Compliance proposing the approved outsourced service provider. The Authority shall use the documents present in its records and submitted for approval and may additionally request information from the outsourced service provider that will give an overview of the nature, size and complexity of the business, the roles to be undertaken and any other relevant factors. These factors will be assessed against the fitness and propriety of the approved person to distinguish whether he/she will be able to undertake the compliance function of the licensee effectively. The onus is on the licensee to ensure the appropriate due diligence is conducted and the approved outsourced service provider has the relevant experience and qualifications to take on the role of compliance for the specific company as per section 23(3) of the Financial Services Authority Act, 2013. 12. Disclosures The outsourced service provider must disclose to licensees the list of any other licensees to which it is providing compliance services to as an outsourced activity. The outsourced service provider must also disclose any conflicts of interest that may or has risen in the provision of compliance services. The outsourced service provider should ensure that proper procedures are put in place to deal with such conflicts of interest.

Page 17 of 20 Appendix 1 CONSENT FORM FOR APPLICATION TO BECOME AN APPROVED OUTSOURCED SERVICE PROVIDER By signing and submitting the Consent Form, you hereby understand and consent that in the event that approval is granted to your application, the Financial Services Authority may publish on its website or other publications, the name of the approved person. DECLARATION I, (insert name of applicant) holding Passport No: (insert Passport number), do hereby solemnly and sincerely declare that: (a) I have read and understood Section 23 of the Financial Services Act, 2013 pertaining to the compliance function of a licensee and the Code on Outsourcing of Compliance Function, (b) to the best of my knowledge and belief in making this declaration, that I am a fit and proper person and have adequate qualifications and working experience to undertake the compliance function, and, (c) I understand that, if it is found that I have made a false declaration, I may be disqualified from acting as an outsourced service provider. Applicant’s Signature: Name: Witness’ Signature: Name: Address: Occupation:

Page 18 of 20 Checklist Below is a checklist which has been designed to assist applicants to ensure that all the information required by the Financial Services Authority is submitted when applying to become an approved outsourced service provider. This checklist is to serve as a guide. The Authority may contact the applicant should it require further information.

  1. Cover letter
  2. Personal Questionnaire Form
  3. Copy of Gainful Occupation Permit (if applicable)

Page 19 of 20 Appendix 2 NOTICE OF OUTSOURCING OF COMPLIANCE FUNCTION This Notice should be completed by a licensee or licence applicant which intends to outsource its compliance function.

  1. Details of Licensee Name: Licence type: Licence Number: Registered Address:
  2. Reasons for Outsourcing of Compliance Function
  3. Details of proposed outsourced service provider Name: Residential Address: Business Address:

Page 20 of 20 DECLARATION2 I, the Directors of (insert name of licensee), do hereby solemnly and sincerely declare that: (a) I have read and understood Section 23 of the Financial Services Authority Act, 2013 pertaining to the compliance function of a licensee and Code on Outsourcing of Compliance Function; (b) to the best of our knowledge and belief in making this declaration, that the proposed outsourced service provider is a fit and proper person and has adequate qualifications and relevant working experience to undertake the company’s compliance function as per the requirements of the Financial Services Authority Act, 2013 and Code on Outsourcing of Compliance Function; (c) the information given in this declaration is true and correct; and (d) I understand that, if it is found that I have made a false declaration, the Financial Services Authority (FSA) may take enforcement action under section 27(1)(a)(x) of the Financial Services Authority Act, 2013. Director’s Signature: Name of Director: Outsourced Service Providers’ Signature: Name: Date: 2 This declaration should be signed by one of the directors of the company.

Share