| | 1. | The Board must issue a written policy regulating outsourcing. It must be updated annually. This policy shall include in particular the following: | |
| | | a. | Terms of reference and responsibilities of the Board and Senior Management; |
| | | b. | Eligibility criteria for outsourcing provider; |
| | | c. | Risk identification criteria and risk hedging measures; |
| | | d. | Rules for the continuous monitoring and controlling of outsourced operations; |
| | | e. | Criteria to identify conflicts of interest, if any, rules and procedures which ensure safeguarding the interests of the Finance Company and not putting the interest of the other party over the company's interest; and |
| | | f. | Procedures to protect information and maintain confidentiality and privacy. |
| | 2. | SAMA, the Finance Company, and the external auditor must have the authority to obtain any information or documents related to the work of the outsourcing provider or be examined in the offices of the outsource provider. | |
| | 3. | The Finance Company must verify the outsourcing provider’s compliance with the applicable laws, regulations, and instructions. The Finance Company remains responsible in case of the outsourcing provider’s non-compliance with the applicable laws, regulations and instructions in any operations and tasks that are assigned to him. | |
| | 4. | The Finance Company must obtain a non-objecting letter from SAMA prior to any outsourcing arrangement that, in case of disruption or other default, may have an impact on the Finance Company’s activities, reputation or financial situation, or if the tasks assigned included transferring, processing or saving the data and information of the Borrowers. In this case, the outsourcing provider may not subcontract these tasks to another provider. | |
