Supervisor of Banks Dr. Hedva Ber said, “The Directive that we are issuing on outsourcing constitutes another step implemented by the Banking Supervision Department in order to support improved efficiency of the banking system and enhanced competition. The directive allows the banks and credit card companies to increase their use of outsourcing and to strengthen cooperation with various parties in a variety of areas, thereby improving operational efficiency and flexibility. It is expected to also help the small banks, the credit card companies, and a new digital bank that may be established, which will be able to compensate for the ‘disadvantages of small size’ through outsourcing.”
In recent years, there have been significant changes in the operating environment of the banking corporations in Israel and around the world. These are a result of, among other things, the adoption of competition enhancement policies in the banking system and the payments system, accelerated technological developments, and the entry of new players offering credit products and payment services. These changes make it necessary for the banks to re-examine their business model, alongside accelerated streamlining processes. In parallel, the Banking Supervision Department would like to enable new places, or small existing players, that do not have branch infrastructure or operational infrastructure to compete in financial areas without the need to make significant initial investments that constitute a critical entry barrier to the banking system.
Outsourcing relates to both operational services sent to an outside source, such as a customer call center or some of its activities, and business services or business cooperation between the banking corporation and an outside source, which enables greater accessibility for customers and a wider variety of services to customers, inter alia in view of the reduction in the number of branches, which is expected to continue in the coming years. At the same time, the directive prohibits the outsourcing of certain operations, including credit underwriting, that constitute the core operations of the banks, and requires them to be extra cautious toward customers.
The principles in the directive encompass the internationally accepted standards for outsourcing, and are based on international directives that have been implemented for a number of years in many countries. The main principle in the directive is that the transfer of activity to outsourcing does not detract from the bank’s responsibilities to manage the risks in the activity that it outsources, to fulfill the relevant laws and directives, including consumer protection directives, and to make sure that fairness and transparency toward the customers are maintained by the outsourcing service provider as well.
The main principles in the directive include:
· Setting an outsourcing policy that includes the types and volume of activity that can be outsourced, and that outlines how to manage the risks resulting from outsourcing activity to a third party, taking note of the essentialness of the activity and the risks derived from it.
· The obligation to carry out due diligence of a material service provider prior to signing a contract. In the case of outsourcing to abroad, an in-depth examination of the legal and regulatory environment is required in order to ascertain the ability to carry out effective controls of the quality of the service.
· Main issues that must be included in the agreement between the bank and the service provider, including maintaining principles of information security, protecting the privacy of customer information, and the obligation of reporting to the bank regarding significant changes in the ability to provide the service.
· Take action to protect fairness, proper disclosure and transparency toward the customers, and particularly regarding the terms of the product or service, insofar as these are provided to the customer by the service provider.
· Managing outsourcing risks, including risk assessment, formulation of a comprehensive plan to manage them, and on-going monitoring.
· A business continuity plan in the case of a failure on the part of the service provider.
· Reporting obligations to the Supervisor of Banks regarding the outsourcing of activity, and obtaining approvals when the activity is essential.