Outsourcing Policy
The following definitions and policies are relevant:
Definitions
Outsourcing means the arrangement of any form between Aquilla Nummus Ltd (“the Company”) and a service provider (the provider) by which that provider performs a service or an activity which would otherwise be undertaken by the Company itself. This includes:
(a) Outsourcing of all or part of its regulated activities and services. (So long as the Company does not offer the service of Execution of Orders, the simple receipt & transmission of orders for execution to a third party will not constitute outsourcing)
(b) Provision of regular or constant compliance, internal audit, accounting or risk management support
(c) Provision of credit risk and credit risk analysis
(d) Portfolio administration or portfolio management by a third party
(e) Provision of physical and electronic data storage
(f) Provision of ongoing, day-to-day systems maintenance support
(g) Provision of ongoing day-to-day software/systems management
Critical and important functions: An operational function is regarded as critical or important if a defect or failure in its performance would materially impair the continuing compliance of the Company with the conditions and obligations of its authorisation. Without prejudice to this, the following functions will NOT be considered critical or important:
(a) The provision to the firm of advisory services and other services which do not form part of the Company’s authorised services & activities, including the provision of legal advice to The Company and the training of personnel of the Company
(b) The purchase of standardised services including market information services and the provision of price feeds
Authorised Services & Activities: Services & Activities for which the Company has been granted a license by CySEC.
Scope of Policy: This policy is limited to “critical or important” functions, investment services and activities.
Policies
The following shall be policies adopted by the Company:
1. When relying upon a provider for the performance of operational functions which are critical for the performance of regulated services & activities on a continuous and satisfactory basis, the Company will ensure that it takes reasonable steps to avoid undue additional operational risk
2. The provider will co-operate with the competent authorities of the Company in connection with the outsourced activities
3. The Company, its auditors and the relevant competent authorities must have effective access to data related to the outsourced activity as well as reasonable access to the business premises of the provider.
4. The Company will not undertake the outsourcing of important operational functions in such a way as to impair materially the quality of its internal controls.
5. The Company and the provider will establish, implement and maintain a contingency plan for disaster recovery and periodic testing of back-up facilities, where relevant to the outsourced activity.
6. The Company will remain fully responsible for discharging all of its obligations under its license, in particular:
a) The outsourcing must not result in the delegation by senior personnel of their responsibilities
b) The Company will retain the necessary expertise to supervise the outsourced functions effectively and manage the associated risks
c) The Company will supervise the outsourced functions and manage the associated risks
d) The relationship and obligations of the Company towards its clients under the terms of its license must not be altered
e) The Company’s license authorisation conditions must not be undermined, removed or modified
7. The Company must exercise due skill and care and diligence when entering into, managing or terminating any arrangement for outsourcing and will enter into written agreements with all outsourced service providers.
8. The Company must take the necessary steps to ensure that the following conditions are satisfied:
a) The service provider must have the ability, capacity, and any authorisation required by law to perform the outsourced functions, services or activities reliably and professionally
b) The service provider must carry out the outsourced services effectively and, to this end, the Company must establish methods for assessing the standard of performance of the service.
c) The service provider must properly supervise the carrying out of the outsourced functions and adequately manage the risks associated with the outsourcing
d) Appropriate action must be taken if it appears that the service provider may not be carrying out the functions effectively and in compliance with applicable laws and regulatory requirements.
e) The service provider must disclose to the Company any development that may have a material impact on its ability to carry out the outsourced functions effectively and in compliance with applicable laws and regulatory requirements.
f) The Company must be able to terminate the arrangement for the outsourcing where necessary without detriment to the continuity and quality of its provision of services to its clients.
g) The service provider must protect any confidential information relating to the Company and its clients.
Definitions
Outsourcing means the arrangement of any form between Aquilla Nummus Ltd (“the Company”) and a service provider (the provider) by which that provider performs a service or an activity which would otherwise be undertaken by the Company itself. This includes:
(a) Outsourcing of all or part of its regulated activities and services. (So long as the Company does not offer the service of Execution of Orders, the simple receipt & transmission of orders for execution to a third party will not constitute outsourcing)
(b) Provision of regular or constant compliance, internal audit, accounting or risk management support
(c) Provision of credit risk and credit risk analysis
(d) Portfolio administration or portfolio management by a third party
(e) Provision of physical and electronic data storage
(f) Provision of ongoing, day-to-day systems maintenance support
(g) Provision of ongoing day-to-day software/systems management
Critical and important functions: An operational function is regarded as critical or important if a defect or failure in its performance would materially impair the continuing compliance of the Company with the conditions and obligations of its authorisation. Without prejudice to this, the following functions will NOT be considered critical or important:
(a) The provision to the firm of advisory services and other services which do not form part of the Company’s authorised services & activities, including the provision of legal advice to The Company and the training of personnel of the Company
(b) The purchase of standardised services including market information services and the provision of price feeds
Authorised Services & Activities: Services & Activities for which the Company has been granted a license by CySEC.
Scope of Policy: This policy is limited to “critical or important” functions, investment services and activities.
Policies
The following shall be policies adopted by the Company:
1. When relying upon a provider for the performance of operational functions which are critical for the performance of regulated services & activities on a continuous and satisfactory basis, the Company will ensure that it takes reasonable steps to avoid undue additional operational risk
2. The provider will co-operate with the competent authorities of the Company in connection with the outsourced activities
3. The Company, its auditors and the relevant competent authorities must have effective access to data related to the outsourced activity as well as reasonable access to the business premises of the provider.
4. The Company will not undertake the outsourcing of important operational functions in such a way as to impair materially the quality of its internal controls.
5. The Company and the provider will establish, implement and maintain a contingency plan for disaster recovery and periodic testing of back-up facilities, where relevant to the outsourced activity.
6. The Company will remain fully responsible for discharging all of its obligations under its license, in particular:
a) The outsourcing must not result in the delegation by senior personnel of their responsibilities
b) The Company will retain the necessary expertise to supervise the outsourced functions effectively and manage the associated risks
c) The Company will supervise the outsourced functions and manage the associated risks
d) The relationship and obligations of the Company towards its clients under the terms of its license must not be altered
e) The Company’s license authorisation conditions must not be undermined, removed or modified
7. The Company must exercise due skill and care and diligence when entering into, managing or terminating any arrangement for outsourcing and will enter into written agreements with all outsourced service providers.
8. The Company must take the necessary steps to ensure that the following conditions are satisfied:
a) The service provider must have the ability, capacity, and any authorisation required by law to perform the outsourced functions, services or activities reliably and professionally
b) The service provider must carry out the outsourced services effectively and, to this end, the Company must establish methods for assessing the standard of performance of the service.
c) The service provider must properly supervise the carrying out of the outsourced functions and adequately manage the risks associated with the outsourcing
d) Appropriate action must be taken if it appears that the service provider may not be carrying out the functions effectively and in compliance with applicable laws and regulatory requirements.
e) The service provider must disclose to the Company any development that may have a material impact on its ability to carry out the outsourced functions effectively and in compliance with applicable laws and regulatory requirements.
f) The Company must be able to terminate the arrangement for the outsourcing where necessary without detriment to the continuity and quality of its provision of services to its clients.
g) The service provider must protect any confidential information relating to the Company and its clients.