Article 7
Criteria for assessing the ability and capacity of third-party service providers to perform assessment activities
1. When assessing whether third-party service providers are able and have the capacity to perform assessment activities reliably and professionally, external reviewers shall ensure that the following criteria are fulfilled:
|
(a) |
the third-party service provider has expertise in the subject matters of the outsourced activities; |
|
(b) |
the third-party service provider is available to provide the outsourced activities for the duration of the planned outsourcing; |
|
(c) |
the third-party service provider has in place an internal control framework to ensure the adequate performance of the outsourced activities. |
2. The assessment referred to in paragraph 1 shall take into account the following information in relation to the third-party service provider:
|
(a) |
the business model, services offered, ownership, group structure and status as a regulated or supervised entity; |
|
(b) |
the qualifications of the staff involved in the outsourced assessment activities; |
|
(c) |
the policies and procedures in place for the performance of the outsourced activities, including the use of accurate and reliable information and data; |
|
(d) |
the controls and monitoring activities in place to ensure the effective application of the policies and procedures for the performance of the outsourced activities; |
|
(e) |
where applicable, the use of automation technology in the assessment activities; |
|
(f) |
legal and regulatory requirements applicable to the activities of the third-party service provider. |