THE Association of Banks in Singapore (ABS) has rolled out new guidelines to standardise the requirements and auditing processes for firms that provide services to the financial industry.
These firms, called outsourced service providers (OSPs), include vendors for printing, data centre and debt collection services.
The new guidelines will also form the basis of an annual independent audit to assess the control and governance of an OSP.
Announcing the move yesterday, ABS director Ong-Ang Ai Boon said the move will not only raise standards among OSPs, but also help these OSPs reduce compliance costs.
Without standardised guidelines, OSPs have limited clarity about industry requirements. They also have to conduct separate and irregular audits for each of their financial industry clients.
"As part of this initiative, we've also gathered for the first time the financial industry and auditing firms to agree on standardised auditing requirements and an audit report template," Mrs Ong-Ang said.
"This means an OSP will have to conduct its audit only once a year to meet the baseline controls, and all its clients can refer to that audit report."
OSPs have a year to adopt the guidelines, and the first audit under the new framework will be conducted in the second half of next year, she added.
Mr Mark Jansen, PwC's third party trust leader, agreed with Mrs Ong-Ang, saying: "The single independent audit will eliminate the need for multiple audits. This will facilitate a more efficient and transparent approach, and is mutually beneficial to both banks and OSPs in the long term."
The new guidelines comprise three broad control areas, including OSPs' organisational governance, IT infrastructure and the quality of services provided.
The guidelines' provisions are mostly non-prescriptive, outlining practices that many OSPs have already adopted. For instance, they are required not to merge information of their financial sector clients, and must keep an up-to-date inventory of software and hardware components.
These requirements apply to OSPs whose services have a material impact on their clients and those that handle customer data. OSPs' sub-contractors must also comply with the guidelines.
Some 120 OSPs were invited to attend briefings on the guidelines, and industry players have mostly embraced the change, Mrs Ong-Ang noted.
Printing company Medialink, which prints customer letters and documents for about 16 banks, welcomed the initiative.
Sales director Johnson Yau told The Straits Times: "In the past, we had to conduct separate audits for all our clients, some of them once per month. That took up a lot of our time and resources. So we are very happy to see ABS standardise the process."
The banking sector was also upbeat. OCBC operational risk management head Patrick Chew said: "(The ABS guidelines) are timely and useful for the industry, as outsourcing activities of banks have grown in volume and complexity over the years.
"Internally, we have started discussions with vendors with whom we have material outsourcing arrangements and alerted them to the requirements."
