ABS draws up guidelines for third-party service providers for banks

SINGAPORE - The Association of Banks in Singapore (ABS) has released a set of industry guidelines that will outline the minimum standards and controls required of outsourced service providers (OSPs) serving the financial institutions.

The guidelines - drawn up by ABS and member banks in a process that began in April last year - will also form the basis of an annual audit that determines whether OSPs are adhering to a necessary level of control and governance.

This will provide OSPs with more clarity on compliance issues while cutting down their cost on auditing, ABS director Ong-Ang Ai Boon said when announcing the guidelines.

In the current operating environment, an OSP often has to conduct separate auditing for every financial industry client it serves. But as the new guidelines will standardise compliance and auditing requirements, an OSP can now engage just one independent auditor whose report will come in a template and referable for all financial institutions.

There are around 120 OSPs servicing the financial industry, and they are given a year to adopt the new guidelines. The first audit under the new framework will be conducted in the second half next year, and the audit will be conducted annually thereafter, Mrs Ong added.

The guidelines comprise three broad areas, including entity-level controls, general IT controls and service controls. Together they will cover the organisational structure and governance of an OSP, as well as the quality of its IT infrastructure and the quality of services provided.

An OSP can choose not to comply with the new guidelines and auditing requirements, in which case ABS member banks will not engage its services.

whwong@sph.com.sg