Regulatory Alerts2026-03-25 | Banking Act Direction No. 01 of 2026Outsourcing of Business Operations of Licensed Banks
The Central Bank of Sri Lanka (CBSL) mandates licensed banks to establish a comprehensive governance and risk management framework for outsourcing business operations. The directive requires boards and senior management to approve detailed outsourcing policies, conduct rigorous due diligence on service providers, and maintain dedicated monitoring units that ensure data security, regulatory compliance, and uninterrupted customer services. It further delineates core functions that cannot be outsourced while permitting internal audit and IT operations under strict conditions, including cloud computing standards and subcontractor risk mitigation.
Share