Question & AnswerQ&A (BSP CIRCULAR NO. 268)
The legal basis is Section 55.1(e) of Republic Act No. 8791, the General Banking Law of 2000, implemented through BSP Circular No. 268.
Banks must carry out outsourcing in accordance with proper standards, ensure data integrity, remain responsible for performance, comply with all relevant laws and regulations, and continuously monitor the service providers.
No, banks or their officers, employees, or agents are prohibited from outsourcing inherent banking functions which refer to supplying manpower to service deposit transactions.
No, except when authorized by the Monetary Board under justified circumstances.
Functions such as strategic planning for IT, system functionalities determination, change management, service level and contract management, and security policy and administration may not be outsourced without prior approval of the Monetary Board.
Banks must submit the proposed contract detailing services, fees, security provisions, responsibilities, confidentiality clauses, disaster recovery plans, and more; board minutes discussing the outsourcing benefits and evaluations; and the profile of the selected service provider including financial and operational information.
Service providers must have demonstrable technical and financial capability commensurate to the services to be rendered.
Within six months, banks must submit a list of existing contracts detailing services, terms, confidentiality measures, and compliance information; non-compliant contracts must be terminated, renegotiated to comply, or a compliance program submitted to BSP.
Violations are subject to Sections 34 to 37 of R.A. No. 7653, the New Central Bank Act, including potential suspension or removal of directors or officers involved.
It took effect immediately upon adoption on December 5, 2000, and superseded Section X169 of the Manual of Regulations for Banks (MORB).