Outsourcing arrangements

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Outsourcing arrangements"

Transcription

1 Rules Ntice Guidance Nte Dealer Member Rules Please distribute internally t: Internal Audit Legal and Cmpliance Operatins Regulatry Accunting Senir Management Cntacts: Luis Piergeti Vice President, Financial and Operatins Cmpliance (416) Richard J. Crner Vice President, Member Regulatin Plicy (416) January 13, 2014 Outsurcing arrangements Guidance Nte bjectives The bjectives f this Guidance Nte are t: summarize the existing requirements and guidance relating t entering int and maintaining utsurcing arrangements, identify the Dealer Member business activities that may nt be utsurced and thse that may be utsurced, set ut IIROC s expectatins as t the apprpriate due diligence prcedures that must be undertaken by IIROC Dealer Members befre utsurcing any business activity, and set ut IIROC s plans t prpse rules relating t utsurcing. Backgrund infrmatin and cntext are als prvided n the develpment f regulatry principles gverning utsurcing arrangements by regulated entities and relevant financial sectr guidance published n this subject matter. The cncept f utsurcing is nt new in the securities industry. The IIROC Dealer Member Rules set ut the requirements fr many f the cmmn utsurcing arrangements that are entered int by Dealer Members, including: Back ffice sharing arrangements with an affiliated Canadian financial institutin,

2 Intrducing brker/carrying brker arrangements, Security custdy arrangements, and External prtfli management arrangements. Hwever, as firms face increasing cmpetitive pressures t cntain and reduce csts, there is a crrespnding trend t utsurce mre business functins, activities and prcesses t third-party service prviders thrugh arrangements that IIROC Dealer Member Rules d nt adequately address. In recent years, there has been an evlutin f utsurcing arrangements put in place between Dealer Members and regulated/unregulated entities that may r nt be affiliated, and that may be freign r dmestic. Fr example, emplyees f Canadian banks, that wn a Dealer Member, cnduct certain back-ffice peratinal functins n behalf f the Dealer Member and the parent bank charges the Dealer Member fr thse services rendered, pursuant t a service agreement. Similar arrangements exist fr US FINRA-registered parent cmpanies f Dealer Member subsidiaries. These functins include accunting and back-ffice supprt that are utside the scpe f Rule 35 Intrducing brker/carrying brker arrangements. There is a grwing interest by self-clearing Dealer Members t utsurce the daily management f bks and recrds, including the recnciliatin f bank accunt balances, psitins held in custdy, dividend/interest incme received, and stck rerganizatins, t bth dmestic and freign unregulated, third-party service prviders. Withut adequate safeguards, this industry trend may give rise t incremental investr prtectin, market reputatin, credit and systemic risks. Dealer Members are reminded f their bligatin t prvide IIROC with advance ntificatin f material changes in their business mdel, including peratins pursuant t IIROC Rules Ntice Reprting f changes t business mdels dated March The effective date f this guidance nte is April 14, What is utsurcing? The term utsurcing is nt currently defined within the IIROC rules. A reprt prepared in 2005 by the Internatinal Organizatin f Securities Cmmissins (the IOSCO Reprt ) sets ut the fllwing definitin fr utsurcing: utsurcing is defined as an event in which a regulated utsurcing firm cntracts with a service prvider fr the perfrmance f any aspect f the utsurcing firm s regulated r unregulated functins that culd therwise be undertaken by the firm itself. It is intended t include nly thse services that were r can be delivered by internal staff and management the service prvider may be a related party within a crprate grup, r an unrelated utside entity. The service prvider may itself be either regulated (whether r nt by the same regulatr with authrity ver the utsurcing firm), r may be an unregulated entity. utsurcing wuld nt cver purchasing cntracts, althugh as with utsurcing, firms shuld ensure that what they are buying is apprpriate fr the intended purpse. Purchasing is defined as the acquisitin frm a vendr f services, IIROC Ntice Rules Ntice Guidance Nte Outsurcing Arrangements 2

3 gds r facilities withut the transfer f the purchasing firm s nn-public prprietary r custmer infrmatin 1. The IOSCO Reprt makes an imprtant distinctin between cre and nn-cre functins f a firm and describes a cre functin as ne that is:...critical t the nging viability f an entity as well as meeting its regulatry bligatins t custmers. The IOSCO Reprt als sets ut guiding principles that financial intermediaries shuld fllw when planning and arranging fr the utsurcing f bth cre and nn-cre activities, functins and/r prcesses (fr simplicity referred t cllectively as activities thrughut the remainder f this guidance nte). These guiding principles are included as Appendix A. As IIROC has n current definitin fr the term utsurcing and wishes t fcus its regulatry effrts n the utsurcing f critical r cre activities, the definitins f the terms utsurcing, cre and nn-cre, where used thrughut the remainder f this ntice, are the same as the definitins cntained in the IOSCO Reprt. 2. What are the Canadian regulatry requirements relevant t utsurcing? IIROC REQUIREMENTS As previusly mentined, the IIROC Dealer Member Rules set ut the requirements fr many f the cmmn utsurcing arrangements that are entered int by Dealer Members. These arrangements are as fllws: Back ffice sharing arrangements with an affiliated Canadian financial institutin [Dealer Member Rule 35.1(d)] This rule allws an affiliated Canadian financial institutin t handle the clearance and settlement f trades, as well as the preparatin f related bks and recrds and the perfrmance f related peratinal functins, n behalf f the Dealer Member, prvided that prper segregatin f the Dealer Member and Dealer Member client accunt assets is maintained. Intrducing brker/carrying brker arrangements [Dealer Member Rules 35.1 thrugh 35.6] These rules permit a dealer, the intrducing brker, t utsurce certain back ffice functins t anther dealer, the carrying brker. The rules cntemplate fur different types f intrducing brker / carrying brker arrangements that can be entered between tw IIROC Dealer Members. 2 Fr each permitted arrangement, the rules list the varius activities that are t be carried ut by the carrying brker fr the intrducing brker as 1 2 Surce: Principles n Outsurcing f Financial Services fr Market Intermediaries, Sectin I Technical Cmmittee f the Internatinal Organizatins f Securities Cmmissin (IOSCO), February The rules als include a fifth intrducing brker / carrying brker arrangement that can be entered int between an IIROC Dealer Member and a freign affiliated dealer. This arrangement may nly be entered int if certain rule cnditins are met and apprval f the applicable District Cuncil is btained. IIROC Ntice Rules Ntice Guidance Nte Outsurcing Arrangements 3

4 well as activities that will cntinue t be carried ut by the intrducing brker. Cnsistent with ther utsurcing arrangements, the intrducing brker retains the respnsibility fr ensuring that all activities are perfrmed prperly and in cmpliance with relevant IIROC requirements, including thse activities carried ut by the carrying brker n its behalf. In additin, since the utsurce services prvider is anther IIROC Dealer Member, the carrying brker als assumes the respnsibility fr ensuring that all activities it has agreed t perfrm n behalf f the intrducing brker are perfrmed prperly and in cmpliance with relevant IIROC requirements. 3 Security custdy arrangements [Dealer Member Rules 17.3; 17.3A; 17.3B; thrugh ; Frm 1, General Ntes and Definitins, Definitin f acceptable securities lcatins ; and Frm 1, Statement, Line 20] These rules require a Dealer Member t establish, maintain and cmply with adequate plicies and prcedures fr the segregatin and safekeeping f client accunt assets. In meeting these bligatins, the requirements allw the Dealer Member t utsurce the security custdy activity t an external custdian prvided: and the external custdian is a depsitry, clearing agency, financial institutin, dealer r mutual fund that maintains its financial capital at r abve a specific level 4 ; and the written custdial agreement entered int with the external custdian prhibits the use f securities held in custdy withut Dealer Member cnsent and specifies that securities are t be delivered back t the Dealer Member prmptly n demand 4. Where a Dealer Member uses an external custdian, it retains the respnsibility fr ensuring that all custdy activities are perfrmed prperly and in cmpliance with relevant IIROC requirements. External prtfli management arrangements [Dealer Member Rule ] This rule allws a Dealer Member t utsurce its discretinary authrity with respect t sme r all f its managed accunts t an external prtfli manager, prvided: the external prtfli manager is prperly registered t prvide discretinary prtfli management services; and the external prtfli manager is subject t cnflict f interest legislatin r regulatins that are either equivalent t r mre stringent than the IIROC requirements. 3 4 Fr each f the fur types f intrducing brker / carrying brker arrangements, Dealer Member Rule 35 requires that the carrying brker treat the intrduced clients in the same manner as the carrying brker s wn clients, in rder t ensure that the carrying brker is perfrming the utsurced functins in cmpliance with all applicable IIROC rules. The financial capital requirements t be met by the custdian and the minimum required custdial agreement terms are set ut in the acceptable securities lcatin definitin set ut in the General Ntes and Definitins t IIROC Dealer Member Frm 1. IIROC Ntice Rules Ntice Guidance Nte Outsurcing Arrangements 4

5 Under such arrangements, the IIROC Dealer Member retains the respnsibility fr ensuring that all managed accunt activities are perfrmed prperly and in cmpliance with relevant IIROC requirements. Other than the rules that are in place that gvern these specific arrangements, there are n ther IIROC rules that directly reference utsurcing arrangements. CSA REQUIREMENTS When Natinal Instrument was implemented in September 2009, Part 11 f its Cmpanin Plicy intrduced general principles fr the establishment and maintenance f internal cntrl systems at registrants with specific reference t the need t fllw prudent business practices and t cnduct a due diligence analysis when cnsidering whether r nt t utsurce. The guidance set ut in the Cmpanin Plicy states that registered firms are respnsible and accuntable fr all functins that they utsurce t a service prvider. Further, the functins utsurced shuld be set ut in a written, legally binding cntract between the utsurcing party and the service prvider that sets ut the expectatins f each f the parties t the utsurcing arrangement. The guidance als requires that registered firms cnduct a due diligence analysis f prspective third-party service prviders, including affiliates f the firm. This due diligence analysis shuld include an assessment f the service prvider s reputatin, financial stability, relevant internal cntrls and ability t deliver the services being utsurced. The guidance als states that a registrant firm shuld: ensure that third-party service prviders have adequate safeguards fr keeping infrmatin cnfidential and, where apprpriate, fr recvering frm a business disruptin; cnduct nging reviews f the quality f utsurced services; develp and test a business cntinuity plan t minimize disruptin t the firm s business and its clients if the third-party service prvider des nt deliver the services satisfactrily; and, cnsider ther legal requirements, such as privacy laws, that may apply when entering int utsurcing arrangements. Finally, the guidance specifies that the registrant firm and its regulatr and auditrs shuld have the same access t the wrk prduct f a third-party service prvider as they wuld if the firm itself perfrmed the activities. Firms shuld ensure this access is prvided and shuld include a prvisin requiring it in any cntract entered int with a service prvider. IIROC Ntice Rules Ntice Guidance Nte Outsurcing Arrangements 5

6 3. Wh is respnsible fr cmplying with IIROC rules and securities legislatin requirements that relate t any activities that are utsurced? A Dealer Member wh utsurces activities t an utsurce service prvider retains the respnsibility t ensure that thse activities are cnducted in accrdance with the requirements set ut in the applicable IIROC rules and securities legislatin, whether r nt the utsurce service prvider is als a Dealer Member. T carry ut this respnsibility, Dealer Members must, at a minimum, supervise the activities perfrmed n their behalf by the utsurce service prvider in manner that is similar t the type f supervisin that wuld be required if the activities were perfrmed by the Dealer Member itself. 4. Which investment dealer activities may nt be utsurced? Since the IIROC rules d nt specifically refer t utsurcing, the nly IIROC rules that effectively prhibit the utsurcing f certain activities are thse rules which require certain functins r activities t be perfrmed by specific Apprved Persns. Specifically, pursuant t Dealer Member Rule 1.1: Apprved Persn means, in respect f a Dealer Member, an individual wh is a partner, Directr, Officer, emplyee r agent f a Dealer Member wh is apprved by the Crpratin r anther Canadian Self Regulatry Organizatin t perfrm any functin required under any Rule; Given that apart frm Dealer Member partners, directrs and certain fficers an Apprved Persn f a Dealer Member must be an individual that is an emplyee r agent f a Dealer Member, all IIROC rules that require that a certain Apprved Persn perfrm a certain activity r functin are effectively prhibiting the utsurcing f that activity r functin. The result f this restrictin (i.e. wh can be an Apprved Persn) is that the IIROC rules effectively prhibit the utsurcing f mst client-facing activities f the Dealer Member (all f which wuld be cnsidered t be cre activities) including: a Registered Representative s assessment f the infrmatin cllected frm the client t ensure that the infrmatin is current, cmplete and accurate and that they cmply with their knw yur client bligatin [Dealer Member Rules 39.3; (a); 2500, Intrductin; 2500, Part II and 2700, Part II]; a Registered Representative s perfrmance f suitability assessments [Dealer Member Rules 39.3; (p) thrugh (s) and 2500, Intrductin]; a Designated cmplaints fficer s versight f the handling f client cmplaints [Dealer Member Rule 2500B, Sectin 3]; and Varius cmpliance and supervisin requirements, relating t client facing activities, that must be perfrmed by Apprved Persns f the Dealer Member [including Dealer Member Rules 29.7, 30.3, 30.5, 38, 39.4, , , , , , 2600, 3400 and ]. An exceptin t the general prhibitin against the utsurcing f client-facing activities is the utsurcing f the perfrmance f investment decisin making in managed accunts. As previusly IIROC Ntice Rules Ntice Guidance Nte Outsurcing Arrangements 6

7 mentined, IIROC Dealer Member Rule specifically allws fr the utsurcing f managed accunt investment decisin making t an external prtfli manager hired by the Dealer Member. 5. Fr thse investment dealer activities that may be utsurced, which activities are mst imprtant t IIROC? Nt all investment dealer activities that are eligible t be utsurced under IIROC rules are f equal imprtance and impact. Sme activities are immaterial t the verall peratins f the dealer and/r are mre rutine/administrative in nature than thers. These activities therefre pse less risk t the Dealer Member and/r its clients. In additin t fcusing n material utsurcing arrangements, IIROC supprts the apprach taken in the IOSCO Reprt (i.e. distinguishing between the utsurcing f cre and nn-cre activities) and intends t fcus its regulatry resurces n the review f material utsurcing arrangements invlving cre activities. T facilitate this regulatry fcus, IIROC has perfrmed a high-level analysis f Dealer Member activities and categrized these activities as either: cre activities; r nn-cre activities. Cre activities Cre activities f a Dealer Member that are eligible t be utsurced include the fllwing: the perfrmance f certain activities that are nt required in the IIROC rules t be perfrmed by an emplyee r agent f a Dealer Member relating t the firm s: accunt pening prcess suitability assessment prcess client cmplaint handling prcess the perfrmance f investment decisins in managed accunts (as previusly mentined in sectin 2 abve); the perfrmance f certain client accunt-related peratins activities, such as the clearing and settlement f client trades the administratin f margin lans and ther client accunt lans the preparatin f client accunt statements the preparatin f regulatry financial reprts the preparatin f nn-financial regulatry reprts the perfrmance f registratin-related filing and database maintenance activities the perfrmance f treasury activities the perfrmance f crprate finance activities the preparatin f research reprts and marketing newsletters the perfrmance f marketing activities IIROC Ntice Rules Ntice Guidance Nte Outsurcing Arrangements 7

8 the use f utside prfessinal services relating t the business activities f the Dealer Member, such as accunting and internal audit services the management and maintenance f Dealer Member infrmatin systems Where any f these activities are t be utsurced, including where activities are utsurced t anther Dealer Member, cnsistent with the guidance set ut in the Cmpanin Plicy t Natinal Instrument : IIROC expects the Dealer Member t frmally assess the initial and nging apprpriateness f the utsurce service prvider (see sectin 6 f this ntice fr further details); and the Dealer Member that has utsurced specific activities retains respnsibility fr ensuring that the activities are perfrmed prperly and in cmpliance with relevant IIROC requirements. Nn-cre activities Nn-cre activities f the Dealer Member that are eligible t be utsurced under the applicable IIROC Dealer Member Rules, and that wuld nt give rise t regulatry cncern if they were utsurced, include the fllwing: ffice service management activities; the prcurement f external cnsultant services; and human resurces management activities. Similar t the utsurcing f cre activities, where any f these activities are t be utsurced IIROC expects the Dealer Member t frmally assess the initial and nging apprpriateness f the utsurce service prvider (see sectin 6 f this ntice fr further details). 6. What shuld be assessed when determining whether r nt t utsurce a particular activity? As discussed in sectin 2 abve, certain IIROC Dealer Member Rules set ut detailed requirements fr specific utsurcing arrangements but d nt set ut general requirements t be met when cnsidering whether r nt t enter int an utsurcing arrangement. On the ther hand, the CSA expectatins in Part 11 f the Cmpanin Plicy t Natinal Instrument , set ut general principles fr the establishment and maintenance f internal cntrl systems at registrants with specific reference t the need t fllw prudent business practices and t cnduct a due diligence analysis when cnsidering whether r nt t utsurce. In rder t address these CSA expectatins, we recmmend that Dealer Members adpt frmal due diligence plicies and prcedures relating t utsurcing arrangements. T facilitate Dealer Members efficient assessment f individual prpsed utsurcing arrangements, it wuld be acceptable fr Dealer Members t adpt plicies and prcedures that acknwledge that the extent f due diligence wrk perfrmed may be prprtinate t the materiality and risk f the functins/activities that are prpsed t be utsurced. Dealer IIROC Ntice Rules Ntice Guidance Nte Outsurcing Arrangements 8

9 Members are encuraged t cnsider and include, where apprpriate, the fllwing as part f their due diligence plicies and prcedures: A Dealer Member shuld have a cmprehensive utsurcing plicy that guides the perfrmance f due diligence assessment(s) that will underlie decisins regarding whether, and hw, certain activities can be apprpriately utsurced As part f the cmprehensive utsurcing plicy, an initial assessment shuld be made as t whether the Dealer Member has the internal expertise that is necessary t perfrm the due diligence assessment(s) and, if nt, the Dealer Member shuld identify and btain third party expertise t perfrm r assist in the perfrmance f the due diligence assessment(s) A Dealer Member shuld never enter int an utsurcing arrangement that: diminishes its ability t fulfill its bligatins t clients and regulatrs, impedes effective supervisin by regulatrs, r unduly r inapprpriately cncentrates its utsurced activities in ne r a few utsurce service prviders, r allws the utsurce services prvider t, in turn, utsurce sme r all f the utsurced activities t a third party withut the Dealer Member s knwledge and/r withut retaining the respnsibility fr the perfrmance f the utsurced activities A Dealer Member shuld infrm IIROC f any new utsurcing arrangements invlving cre Dealer Member activities that are being entered int by a Dealer Member, in accrdance with IIROC Rules Ntice , Reprting f Changes t Business Mdels. A Dealer Member that has utsurced ne r mre activities shuld: enter int written utsurcing cntracts that clearly describe all material aspects f the utsurcing arrangements, including the rights, respnsibilities and expectatins f all parties maintain a centralized list, alng with cpies f related agreements, f the utsurce service prviders t which cre Dealer Member activities have been utsurced establish and carry-ut a cmprehensive utsurcing risk management prgram that mnitrs the risks assciated with: the utsurced activities; and the utsurcing relatinship entered int with the service prvider. The risks assciated with the utsurcing relatinship that need t be managed by the Dealer Member include: client harm risk, the risk the utsurce service prvider will fail t prvide adequate prtectin and timely access t client accunt assets and related accunt recrds; reputatin risk, the risk that pr service by the utsurce prvider will affect the reputatin f the Dealer Member; cmpliance risk, the risk that the utsurce prvider will nt cmply with regulatry r ther requirements that apply t the Dealer Member; exit strategy risk, the risk that due t ver-reliance n the utsurce prvider and a lack f relevant skills within the Dealer Member, the Dealer Member wn t be able t re- IIROC Ntice Rules Ntice Guidance Nte Outsurcing Arrangements 9

10 assume perfrmance f the utsurced activities r cntract with anther utsurce prvider n a timely basis; access risk, the risk that the Dealer Member wn t have timely access t data, recrds r assets; and individual firm cncentratin risk, the risk that the Dealer Member, has a significant expsure t the utsurce prvider, because f the number and/r the materiality f the activities that have been utsurced t that prvider See Appendix B fr a mre cmplete list f the key risks assciated with utsurcing and the majr cncerns assciated with these risks. perfrm utsurcing agreement reviews t ensure that the utsurced activities cvered by each utsurcing agreement are being perfrmed in accrdance with the agreement service level requirements withut expsing the Dealer Member t undue risk determine the timing and frequency f the utsurcing agreement reviews by establishing and maintaining a risk-based utsurcing agreement review schedule where practical and/r available (such as special purpse reprts regularly prepared by external auditrs fr utsurce service prviders 5 ), btain and prvide t IIROC a reprt n the adequacy f internal cntrls fr each utsurce arrangement relating t a cre Dealer Member activity; and include as part f its business cntinuity planning, plans that address the scenari where ne r mre majr utsurce service prviders underg a business disruptin. 7. Are utsurcing arrangements invlving affiliates subject t this guidance? The guidance set ut in this ntice cvers bth arm s length and nn-arm s length utsurcing arrangements. In additin, in the case f nn-arm s length utsurcing arrangements, such as arrangements invlving affiliates, Dealer members shuld be mindful f the access risk that flws frm the affiliated nature f the parties. Specifically, Dealer Members shuld cnsider ensuring that the utsurcing arrangement with an affiliate includes prcedures designed t limit the access and cntrl that affiliate emplyees, as well as Dealer Member emplyees wh are dually emplyed by the affiliate, may have ver Dealer Member and Dealer Member client accunt data, recrds and assets. Withut such prcedures in place, emplyees acting in the best interests f their affiliate emplyer may be able t make material changes t Dealer Member data and recrds r mve Dealer Member and/r Dealer Member client accunt assets withut cnsidering r acting in the best interests f the Dealer Member and its clients. 5 Reprts such as the CICA 5970 (nw changed t CSAE 3416) reprt r the SAS 70 (nw changed t SSAE 16) reprt prvide assurance that the service prvider s system f internal cntrls is adequate and may reduce r eliminate the need fr the Dealer Member t d its wn assessment f the service prvider s system f internal cntrls during its due diligence analysis f a prpsed utsurcing arrangement. IIROC Ntice Rules Ntice Guidance Nte Outsurcing Arrangements 10

11 Appendix A Excerpts frm reprt entitled Principles n Outsurcing f Financial Services fr Market Intermediaries issued by the IOSCO Technical Cmmittee Standing Cmmittee n the Regulatin f Market Intermediaries (SC3) in February III. Outsurcing Principles Tpic 1: Due diligence in selectin and mnitring f service prvider and service prvider's perfrmance Principle: An utsurcing firm shuld cnduct suitable due diligence prcesses in selecting an apprpriate third party service prvider and in mnitring its nging perfrmance.... Means fr Implementatin It is expected that utsurcing firms will implement apprpriate means, such as the fllwing, fr ensuring that they select suitable service prviders and that service prviders are apprpriately mnitred, having regard t the services they prvide: Dcumenting prcesses and prcedures that enable the utsurcing firm t assess, prir t selectin, the third party service prvider s ability and capacity t perfrm the utsurced activities effectively, reliably, and t a high standard, including the service prvider s technical, financial and human resurces capacity, tgether with any ptential risk factrs assciated with using a particular service prvider. Dcumenting prcesses and prcedures that enable the utsurcing firm t mnitr the third party service prvider's perfrmance and cmpliance with its cntractual bligatins, including prcesses and prcedures that: Clearly define metrics that will measure the service level, and specify what service levels are required; and Establish measures t identify and reprt instances f nn-cmpliance r unsatisfactry perfrmance t the utsurcing firm as well as the ability t assess the quality f services perfrmed by the service prvider n a regular basis (see als tpic 2). Implementing prcesses and prcedures designed t help ensure that the service prvider is in cmpliance with applicable laws and regulatry requirements in its jurisdictin, and that where there is a failure t perfrm duties required by statute r regulatins, the utsurcing firm, t the extent required by law r regulatin, reprts the failure t its regulatr and/r self-regulatry rganizatin and takes crrective actins. 6 Fr example, prcedures may include: 6 Such a requirement is cnsistent with regulatins in many IOSCO jurisdictins requiring that a firm ntify its regulatr with respect t any breaches f law that may have ccur. IIROC Ntice Rules Ntice Guidance Nte Outsurcing Arrangements 11

12 Appendix A The use f service delivery reprts and the use f internal and external auditrs t mnitr, assess, and reprt t the utsurcing firm n perfrmance; The use f written service level agreements r the inclusin f specific service level prvisins in cntracts fr service t achieve clarity f perfrmance targets and measurements fr third party service prviders. With respect t utsurcing n a crss-brder basis, in determining whether the use f a freign service prvider is apprpriate, the utsurcing firm may, with respect t a functin that is material t the firm, need t cnduct enhanced due diligence that fcuses n special cmpliance risks, including the ability t effectively mnitr the freign service prvider, the ability t maintain the cnfidentiality f firm and custmer infrmatin; and the ability t execute cntingency plans and exit strategies where the service is being perfrmed n a crss-brder basis. Tpic 2: The cntract with a service prvider Principle: There shuld be a legally binding written cntract between the utsurcing firm and each third party service prvider, the nature and detail f which shuld be apprpriate t the materiality f the utsurced activity t the nging business f the utsurcing firm.... Means fr Implementatin An utsurcing firm is expected t have a written, legally binding cntract between itself and the third party service prvider, apprpriate t the materiality f the utsurced activity t the nging business f the firm. The cntract may include, as applicable, prvisins dealing with: Limitatins r cnditins, if any, n the service prvider's ability t subcntract, and, t the extent subcntracting is permitted, bligatins, if any, in cnnectin therewith; Firm and client cnfidentiality (see als tpic 4); Defining the respnsibilities f the utsurcing firm and the respnsibilities f the service prvider and subcntractrs, if any, and hw such respnsibilities will be mnitred; Respnsibilities relating t IT security (see als tpic 3); Payment arrangements; Liability f the service prvider t the utsurcing firm fr unsatisfactry perfrmance r ther breach f the agreement; Guarantees and indemnities; Obligatin f the service prvider t prvide, upn request, recrds, infrmatin and/r assistance cncerning utsurced activities t the utsurcing firm, its auditrs and/r its regulatrs (see tpic 7); IIROC Ntice Rules Ntice Guidance Nte Outsurcing Arrangements 12

13 Appendix A Mechanisms t reslve disputes that might arise under the utsurcing arrangement; Business cntinuity prvisins (see tpic 3); With respect t utsurcing n a crss-brder basis, chice f law prvisins; Terminatin f the cntract, transfer f infrmatin and exit strategies (see als tpic 6). Tpic 3: Infrmatin Technlgy Security and Business Cntinuity at the Outsurcing Firm Principle: The utsurcing firm shuld take apprpriate measures t determine that: (a) Prcedures are in place t prtect the utsurcing firm s prprietary and custmer-related infrmatin and sftware; and (b) Its service prviders establish and maintain emergency prcedures and a plan fr disaster recvery, with peridic testing f backup facilities.... Means fr Implementatin Outsurcing firms are expected t take apprpriate steps t require, in apprpriate cases based n the materiality f the functin that is being utsurced, that service prviders have in place a cmprehensive IT security prgram. These steps may include: Specificatin f the security requirements f autmated systems t be used by the service prvider, including the technical and rganizatinal measures that will be taken t prtect firm and custmer-related data. Apprpriate care shuld be exercised t ensure that IT security prtects the privacy f the utsurcing firm s custmers as mandated by law: Requirements that the service prvider maintain apprpriate measures t ensure security f bth the utsurcing firm s sftware as well as any sftware develped by the service prvider fr the use f the utsurcing firm; Specificatin f the rights f each party t change r require changes t security prcedures and requirements and f the circumstances under which such changes might ccur; Prvisins that address the service prvider s emergency prcedures and disaster recvery and cntingency plans as well as any particular issues that may need t be addressed where the utsurcing firm is utilizing a freign service prvider. Where relevant, this may include the service prvider s respnsibility fr backing up and therwise prtecting prgram and data files, as well as regulatry reprting; Where apprpriate, terms and cnditins relevant t the use f subcntractrs with respect t IT security, and apprpriate steps t minimize the risks arising ut f such subcntracting; IIROC Ntice Rules Ntice Guidance Nte Outsurcing Arrangements 13

14 Appendix A Where apprpriate, requirement f testing by the service prvider f critical systems and back-up facilities n a peridic basis in rder t review the ability f the service prviders t perfrm adequately even under unusual physical and/r market cnditins at the utsurcing firm, the service prvider, r bth, and t determine whether sufficient capacity exists under all relevant cnditins; Requirement f disclsure by the service prvider f breaches in security resulting in unauthrized intrusins (whether deliberate r accidental, and whether cnfirmed r nt) that may affect the utsurcing firm r its custmers, including a reprt f crrective actin taken; and Prvisins in the utsurcing firm s wn cntingency plans that address circumstances in which ne r mre f its service prviders fail t adequately perfrm their cntractual bligatins. Where relevant, this may include reprting by the utsurcing firm t its regulatr. The utsurcing firm may need t require cntractually infrmatin frm the service prvider t fulfill this bligatin. Tpic 4: Client Cnfidentiality Issues Principle: The utsurcing firm shuld take apprpriate steps t require that service prviders prtect cnfidential infrmatin regarding the utsurcing firm s prprietary and ther infrmatin, as well as the utsurcing firm s clients frm intentinal r inadvertent disclsure t unauthrized individuals.... Means fr Implementatin Regulated firms that engage in utsurcing are expected t take apprpriate steps t cnfirm that cnfidential firm and custmer infrmatin is nt misused r misapprpriated. Such steps may include insertin f prvisins in the cntract with the service prvider that: Prhibit the service prvider and its agents frm using r disclsing the utsurcing firm s prprietary infrmatin r that f the firm s custmers, except as necessary t prvide the cntracted services; and Where apprpriate, including terms and cnditins relevant t gvern the use f subcntractrs with respect t firm and client cnfidentiality. Outsurcing firms shuld als cnsider whether it is apprpriate t ntify custmers that custmer data may be transmitted t a service prvider, taking int accunt any regulatry r statutry prvisins that may be applicable. Regulatrs shuld seek t becme aware f whether utsurcing firms within their jurisdictin are taking apprpriate steps t mnitr their relatinships with service prviders with respect t the prtectin f cnfidential firm and custmer infrmatin. IIROC Ntice Rules Ntice Guidance Nte Outsurcing Arrangements 14

15 Appendix A Tpic 5: Cncentratin f Outsurcing Functins Principle: Regulatrs shuld be cgnizant f the risks psed where ne service prvider prvides utsurcing services t multiple regulated entities.... Means fr Implementatin Regulatrs shuld cnsider the fllwing means fr addressing cncentratin risk: Taking steps t becme aware f cases where a significant prprtin f their regulated entities rely upn a single service prvider t prvide critical functins. This culd include, where apprpriate, a mnitring prgram and/r a risk assessment methdlgy, and the cllectin f rutine infrmatin n utsurcing arrangements frm utsurcing firms and/r service prviders. In this regard, regulatrs shuld be cgnizant f the ptential that subcntracting by service prviders f a particular functin may itself result in cncentratin risk; Tailring their examinatin prgrams r related activities in light f cncentratins f utsurcing activity. Where a regulatr has identified a pssible cncentratin risk issue, utsurcing firms shuld cnsider taking steps t ensure, t the degree practicable, that the service prvider has adequate capacity t meet the needs f all utsurcing firms, bth during nrmal peratins as well as unusual circumstances (e.g., unusual market activity, physical disaster). Tpic 6: Terminatin Prcedures Principle: Outsurcing with third party service prviders shuld include cntractual prvisins relating t terminatin f the cntract and apprpriate exit strategies.... Means fr Implementatin: Outsurcing firms are expected t take apprpriate steps t manage terminatin f utsurcing arrangements. These steps may include prvisins in cntracts with service prviders such as the fllwing: Terminatin rights, e.g., in case f inslvency, liquidatin r receivership, change in wnership, failure t cmply with regulatry requirements, r pr perfrmance; Minimum perids befre an annunced terminatin can take effect t allw an rderly transitin t anther prvider r t the firm itself, and t prvide fr the return f custmerrelated data, and any ther resurces; The clear delineatin f wnership f intellectual prperty fllwing the cntract s terminatin, and specificatins relating t the transfer f infrmatin back t the utsurcing firm. IIROC Ntice Rules Ntice Guidance Nte Outsurcing Arrangements 15

16 Appendix A Tpic 7. Regulatr's and Intermediary s Access t Bks and Recrds, Including Rights f Inspectin. Principle: The regulatr, the utsurcing firm, and its auditrs shuld have access t the bks and recrds f service prviders relating t the utsurced activities and the regulatr shuld be able t btain prmptly, upn request, infrmatin cncerning activities that are relevant t regulatry versight.... Means fr Implementatin: Outsurcing firms are expected t take steps t ensure that they and their regulatrs have access t bks and recrds f service prviders cncerning utsurced activities, and that their regulatrs have the right t btain, upn request, infrmatin cncerning the utsurced activities. These steps may include the fllwing: Cntractual prvisins by which the utsurcing firm (including its auditr) has access t, and a right f inspectin f, the service prvider's bks and recrds dealing with utsurced activities, and similar access t the bks and recrds f any subcntractr. Where apprpriate, these may include physical inspectins at the premises f the service prvider, delivery f bks and recrds r cpies f bks and recrds t the utsurcing firm r its auditr, r inspectins that utilize electrnic technlgy (i.e., virtual inspectins ); Cntractual prvisins by which the service prvider is required t make bks, recrds, and ther infrmatin abut regulated activities by the service prvider available t the regulatr upn request and, in additin, t cmply with any requirements in the utsurcing firm s jurisdictin t prvide peridic reprts t the regulatr. Regulatrs shuld cnsider implementatin f apprpriate measures designed t supprt access t bks, recrds and infrmatin f the service prvider abut the perfrmance f regulated activities. These measures may include: Where apprpriate, taking actin against utsurcing firms fr the failure t prvide bks and recrds required in that jurisdictin, withut regard t whether the regulated entity has transferred pssessin f required bks and recrds t ne r mre f its service prviders; Impsing specific requirements cncerning access t bks and recrds that are held by a service prvider and which are necessary fr the authrity t perfrm its versight and supervisry functins with respect t regulated entities in its jurisdictin. These may pssibly include requiring that recrds be maintained in the regulatr s jurisdictin, allwing fr a right f inspectin, r requiring that the service prvider agree t send riginals r cpies f the bks and recrds t the regulatr s jurisdictin upn request IIROC Ntice Rules Ntice Guidance Nte Outsurcing Arrangements 16

17 Key Risks f Outsurcing Appendix B While the utsurcing f certain activities can be beneficial t a financial services rganizatin, utsurcing can give rise t risks which need t be managed effectively. Risk Majr Cncerns Client harm risk Inadequate third-party utsurce service prvider cntrls t ensure adequate prtectin and timely client access t their accunt assets and related accunt recrds Strategic risk The third-party utsurce service prvider may cnduct activities n its wn behalf which are incnsistent with the verall strategic gals f the regulated entity. Failure t implement apprpriate versight f the utsurce service prvider. Failure t maintain adequate in-huse expertise t versee the utsurce service prvider. Reputatin risk Pr service frm third-party utsurce service prvider. Custmer interactin is nt cnsistent with verall standards f the regulated entity. Third-party utsurce service prvider practices are nt in line with stated practices (ethical r therwise) f regulated entity. Cmpliance risk Privacy laws are nt cmplied with. Cnsumer and prudential laws nt adequately cmplied with. Outsurce service prvider has inadequate cmpliance systems and cntrls. Operatinal risk Technlgy failure. Inadequate financial capacity t fulfill bligatins and/r prvide remedies. Inadequate internal cntrls leading t undetected errrs r fraud. Difficult/cstly fr firm t undertake inspectins f the utsurce service prvider s peratins. Exit strategy risk The risk that apprpriate exit strategies are nt in place. This culd arise frm verreliance n ne firm, the lss f relevant skills in the institutin itself preventing it frm bringing the activity back in-huse, and cntracts which make a timely exit prhibitively expensive. Limited ability t return services t firm due t lack f staff r lss f institutinal knwledge. Cunterparty risk Inapprpriate underwriting r credit assessments. Quality f receivables may diminish. Cuntry risk Plitical, scial and legal climate may create added risk. Business cntinuity planning is mre cmplex. Cntractual risk Ability t enfrce cntract. Fr ff shre utsurcing arrangements, chice f law is imprtant. Access risk Outsurcing arrangement hinders ability f regulated entity t prvide timely data and ther infrmatin t regulatrs. Additinal layer f difficulty in regulatr understanding activities f the utsurce prvider. Individual firm cncentratin risk Industry cncentratin and systemic risk The firm has significant expsure t the third-party utsurce service prvider, because f the number and/r the materiality f the activities that have been utsurced t that prvider The industry, as a whle, has significant expsure t the utsurce prvider. This cncentratin risk has a number f facets, including: Lack f cntrl, by individual firms, ver prvider; and Systemic risk t industry as a whle. IIROC Ntice Rules Ntice Guidance Nte Outsurcing Arrangements 17

Guidance on Managing Outsourcing Risk

Guidance on Managing Outsourcing Risk Guidance n Managing Outsurcing Risk Divisin f Banking Supervisin and Regulatin Divisin f Cnsumer and Cmmunity Affairs Bard f Gvernrs f the Federal Reserve System December 5, 2013 Table f Cntents I. Purpse

More information

Key Steps for Organizations in Responding to Privacy Breaches

Key Steps for Organizations in Responding to Privacy Breaches Key Steps fr Organizatins in Respnding t Privacy Breaches Purpse The purpse f this dcument is t prvide guidance t private sectr rganizatins, bth small and large, when a privacy breach ccurs. Organizatins

More information

FINANCIAL SERVICES FLASH REPORT

FINANCIAL SERVICES FLASH REPORT FINANCIAL SERVICES FLASH REPORT Draft Regulatry Cmpliance Management Guideline Released by the Office f the Superintendent f Financial Institutins May 5, 2014 On April 30, 2014, the Office f the Superintendent

More information

MSB FINANCIAL CORP. MILLINGTON BANK AUDIT COMMITTEE CHARTER

MSB FINANCIAL CORP. MILLINGTON BANK AUDIT COMMITTEE CHARTER MSB FINANCIAL CORP. MILLINGTON BANK AUDIT COMMITTEE CHARTER This Audit Cmmittee Charter has been amended as f July 17, 2015. The Audit Cmmittee shall review and reassess this Charter annually and recmmend

More information

Audit Committee Charter

Audit Committee Charter Audit Cmmittee Charter Membership The Audit Cmmittee (the "Cmmittee") f the Bard f Directrs (the "Bard") f Philip Mrris Internatinal Inc. (the "Cmpany") shall cnsist f at least three directrs all f whm

More information

INTERNATIONAL STANDARD ON AUDITING 265 COMMUNICATING DEFICIENCIES IN INTERNAL CONTROL TO THOSE CHARGED WITH GOVERNANCE AND MANAGEMENT CONTENTS

INTERNATIONAL STANDARD ON AUDITING 265 COMMUNICATING DEFICIENCIES IN INTERNAL CONTROL TO THOSE CHARGED WITH GOVERNANCE AND MANAGEMENT CONTENTS INTERNATIONAL STANDARD ON AUDITING 265 COMMUNICATING DEFICIENCIES IN INTERNAL CONTROL TO THOSE CHARGED WITH GOVERNANCE AND MANAGEMENT (Effective fr audits f financial statements fr perids beginning n r

More information

WHAT YOU NEED TO KNOW ABOUT. Protecting your Privacy

WHAT YOU NEED TO KNOW ABOUT. Protecting your Privacy WHAT YOU NEED TO KNOW ABOUT Prtecting yur Privacy YOUR PRIVACY IS OUR PRIORITY Credit unins have a histry f respecting the privacy f ur members and custmers. Yur Bard f Directrs has adpted the Credit Unin

More information

CASSOWARY COAST REGIONAL COUNCIL POLICY ENTERPRISE RISK MANAGEMENT

CASSOWARY COAST REGIONAL COUNCIL POLICY ENTERPRISE RISK MANAGEMENT CASSOWARY COAST REGIONAL COUNCIL POLICY ENTERPRISE RISK MANAGEMENT Plicy Number: 2.20 1. Authrity Lcal Gvernment Act 2009 Lcal Gvernment Regulatin 2012 AS/NZS ISO 31000-2009 Risk Management Principles

More information

Internal Audit Charter and operating standards

Internal Audit Charter and operating standards Internal Audit Charter and perating standards 2 1 verview This dcument sets ut the basis fr internal audit: (i) the Internal Audit charter, which establishes the framewrk fr Internal Audit; and (ii) hw

More information

THE CITY UNIVERSITY OF NEW YORK IDENTITY THEFT PREVENTION PROGRAM

THE CITY UNIVERSITY OF NEW YORK IDENTITY THEFT PREVENTION PROGRAM THE CITY UNIVERSITY OF NEW YORK IDENTITY THEFT PREVENTION PROGRAM 1. Prgram Adptin The City University f New Yrk (the "University") develped this Identity Theft Preventin Prgram (the "Prgram") pursuant

More information

Vendor Management. Federal Deposit Insurance Corporation Division of Risk Management Supervision Atlanta Regional Office.

Vendor Management. Federal Deposit Insurance Corporation Division of Risk Management Supervision Atlanta Regional Office. Vendr Management Federal Depsit Insurance Crpratin Divisin f Risk Management Supervisin Atlanta Reginal Office June 18, 2014 1 Agenda Intrductin Vendr Management Overview Regulatry Expectatins Bard and

More information

THIRD PARTY PROCUREMENT PROCEDURES

THIRD PARTY PROCUREMENT PROCEDURES ADDENDUM #1 THIRD PARTY PROCUREMENT PROCEDURES NORTH CENTRAL TEXAS COUNCIL OF GOVERNMENTS TRANSPORTATION DEPARTMENT JUNE 2011 OVERVIEW These prcedures establish standards and guidelines fr the Nrth Central

More information

Request for Resume (RFR) CATS II Master Contract. All Master Contract Provisions Apply

Request for Resume (RFR) CATS II Master Contract. All Master Contract Provisions Apply Sectin 1 General Infrmatin RFR Number: (Reference BPO Number) Functinal Area (Enter One Only) F50B3400026 7 Infrmatin System Security Labr Categry A single supprt resurce may be engaged fr a perid nt t

More information

Privacy and Security Training Policy (PS.Pol.051)

Privacy and Security Training Policy (PS.Pol.051) Privacy and Security Training Plicy (PS.Pl.051) Purpse T define the plicies and prcedures fr prviding privacy and security training in respect f the CnnectingGTA Slutin. Definitins Electrnic Service Prvider

More information

POLICY 1390 Information Technology Continuity of Business Planning Issued: June 4, 2009 Revised: June 12, 2014

POLICY 1390 Information Technology Continuity of Business Planning Issued: June 4, 2009 Revised: June 12, 2014 State f Michigan POLICY 1390 Infrmatin Technlgy Cntinuity f Business Planning Issued: June 4, 2009 Revised: June 12, 2014 SUBJECT: APPLICATION: PURPOSE: CONTACT AGENCY: Plicy fr Infrmatin Technlgy (IT)

More information

CHARTER OF THE COMPENSATION COMMITTEE OF THE BOARD OF DIRECTORS OF UPLAND SOFTWARE, INC.

CHARTER OF THE COMPENSATION COMMITTEE OF THE BOARD OF DIRECTORS OF UPLAND SOFTWARE, INC. CHARTER OF THE COMPENSATION COMMITTEE OF THE BOARD OF DIRECTORS OF UPLAND SOFTWARE, INC. PURPOSE The purpse f the Cmpensatin Cmmittee f the Bard f Directrs (the Bard ) f Upland Sftware, Inc. (the Cmpany

More information

Personal Data Security Breach Management Policy

Personal Data Security Breach Management Policy Persnal Data Security Breach Management Plicy 1.0 Purpse The Data Prtectin Acts 1988 and 2003 impse bligatins n data cntrllers in Western Care Assciatin t prcess persnal data entrusted t them in a manner

More information

GUIDANCE FOR BUSINESS ASSOCIATES

GUIDANCE FOR BUSINESS ASSOCIATES GUIDANCE FOR BUSINESS ASSOCIATES This Guidance fr Business Assciates dcument is intended t verview UPMCs expectatins, as well as t prvide additinal resurces and infrmatin, t UPMC s HIPAA business assciates.

More information

HIPAA Notice of Privacy Practices. Central Ohio Surgical Associates, Inc.

HIPAA Notice of Privacy Practices. Central Ohio Surgical Associates, Inc. HIPAA Ntice f Privacy Practices Central Ohi Surgical Assciates, Inc. THIS NOTICE OF PRIVACY PRACTICES (THE NOTICE ) DESCRIBES HOW HEALTH INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN

More information

SecurityNational Mortgage Company Vendor Management Program

SecurityNational Mortgage Company Vendor Management Program SecurityNatinal Mrtgage Cmpany Vendr Management Prgram CONTENTS OVERVIEW... 1 VENDOR RISKS... 3 Strategic Risk... 3 Reputatin Risk... 3 Operatinal Risk... 3 Transactin Risk... 4 Credit Risk... 4 Cmpliance

More information

SEC FLASH REPORT. June 28, 2011

SEC FLASH REPORT. June 28, 2011 SEC FLASH REPORT The Securities and Exchange Cmmissin Issues Prpsal t Strengthen Audits and Reprting f Brker-Dealers t Prtect Custmer Assets and Requests Cmments June 28, 2011 On June 15, 2011, the U.S.

More information

SECTION J QUALITY ASSURANCE AND IMPROVEMENT PROGRAM

SECTION J QUALITY ASSURANCE AND IMPROVEMENT PROGRAM Audit Manual Sectin J SECTION J QUALITY ASSURANCE AND IMPROVEMENT PROGRAM Ref. Plicy and Practice Requirements IIA Standards and Other references J 1 Plicy: The Head f Internal Audit shall develp and maintain

More information

In-House Counsel Day Priorities for 2012. Cloud Computing the benefits, potential risks and security for the future

In-House Counsel Day Priorities for 2012. Cloud Computing the benefits, potential risks and security for the future In-Huse Cunsel Day Pririties fr 2012 Clud Cmputing the benefits, ptential risks and security fr the future Presented by David Richardsn Thursday 1 March 2012 WIN: What in-huse lawyers need Knwledge, supprt

More information

Data Protection Act Data security breach management

Data Protection Act Data security breach management Data Prtectin Act Data security breach management The seventh data prtectin principle requires that rganisatins prcessing persnal data take apprpriate measures against unauthrised r unlawful prcessing

More information

FAFSA / DREAM ACT COMPLETION PROGRAM AGREEMENT

FAFSA / DREAM ACT COMPLETION PROGRAM AGREEMENT FAFSA / DREAM ACT COMPLETION PROGRAM AGREEMENT If using US Pstal Service, please return t: Califrnia Student Aid Cmmissin Prgram Administratin & Services Divisin ATTN: Institutinal Supprt P.O. Bx 419028

More information

Corporate Standards for data quality and the collation of data for external presentation

Corporate Standards for data quality and the collation of data for external presentation The University f Kent Crprate Standards fr data quality and the cllatin f data fr external presentatin This paper intrduces a set f standards with the aim f safeguarding the University s psitin in published

More information

VCU Payment Card Policy

VCU Payment Card Policy VCU Payment Card Plicy Plicy Type: Administrative Respnsible Office: Treasury Services Initial Plicy Apprved: 12/05/2013 Current Revisin Apprved: 12/05/2013 Plicy Statement and Purpse The purpse f this

More information

Chapter 7 Business Continuity and Risk Management

Chapter 7 Business Continuity and Risk Management Chapter 7 Business Cntinuity and Risk Management Sectin 01 Business Cntinuity Management 070101 Initiating the Business Cntinuity Plan (BCP) Purpse: T establish the apprpriate level f business cntinuity

More information

ERISA Compliance FAQs: Fiduciary Responsibilities

ERISA Compliance FAQs: Fiduciary Responsibilities Brught t yu by Mrris & Reynlds Insurance ERISA Cmpliance FAQs: Fiduciary Respnsibilities The Emplyee Retirement Incme Security Act f 1974 (ERISA) is a federal law that sets minimum standards fr emplyee

More information

Creating an Ethical Culture and Protecting Your Bottom Line:

Creating an Ethical Culture and Protecting Your Bottom Line: Creating an Ethical Culture and Prtecting Yur Bttm Line: Best Practices fr Crprate Cdes f Cnduct Nte: The infrmatin belw and all infrmatin n this website is nt meant t be taken as legal advice. Please

More information

National Australia Bank Limited Group Disclosure & External Communications Policy

National Australia Bank Limited Group Disclosure & External Communications Policy Natinal Australia Bank Limited Grup Disclsure & External Cmmunicatins Plicy Grup Disclsure & External Cmmunicatins Plicy Page 2 f 7 Grup Disclsure & External Cmmunicatins Plicy ( the Plicy ) 1. Overview

More information

COPIES-F.Y.I., INC. Policies and Procedures Data Security Policy

COPIES-F.Y.I., INC. Policies and Procedures Data Security Policy COPIES-F.Y.I., INC. Plicies and Prcedures Data Security Plicy Page 2 f 7 Preamble Mst f Cpies FYI, Incrprated financial, administrative, research, and clinical systems are accessible thrugh the campus

More information

NAIC Replacement Requirements For Certain Life Insurance Policies And Annuity Contracts

NAIC Replacement Requirements For Certain Life Insurance Policies And Annuity Contracts NAIC Replacement Requirements Fr Certain Life Insurance Plicies And Annuity Cntracts Duties f Prducers If a transactin invlves a replacement, the prducer must leave with the applicant, at the time an applicatin

More information

10 th May 2010. Dear Peter, Re: Audit Quality in Australia: A Strategic Review

10 th May 2010. Dear Peter, Re: Audit Quality in Australia: A Strategic Review 10 th May 2010 Mr. Peter Levy Audit Quality Strategic Review Crpratins and Financial Services Divisin The Treasury Langtn Crescent PARKES ACT 2600 Dear Peter, Re: Audit Quality in Australia: A Strategic

More information

TO: Chief Executive Officers of all National Banks, Department and Division Heads, and all Examining Personnel

TO: Chief Executive Officers of all National Banks, Department and Division Heads, and all Examining Personnel AL 96-7 Subject: Credit Card Preapprved Slicitatins TO: Chief Executive Officers f all Natinal Banks, Department and Divisin Heads, and all Examining Persnnel PURPOSE The purpse f this advisry letter is

More information

Municipal Advisor Registration

Municipal Advisor Registration FACT SHEET Municipal Advisr Registratin SEC Open Meeting Sept. 18, 2013 The Securities and Exchange Cmmissin tday will cnsider whether t adpt a rule that wuld establish a permanent registratin regime fr

More information

GENERAL MOTORS COMPANY AUDIT COMMITTEE CHARTER. Most Recently Amended: December 8, 2015

GENERAL MOTORS COMPANY AUDIT COMMITTEE CHARTER. Most Recently Amended: December 8, 2015 GENERAL MOTORS COMPANY AUDIT COMMITTEE CHARTER Mst Recently Amended: December 8, 2015 Purpse The purpse f the Audit Cmmittee is t assist the Bard f Directrs f General Mtrs Cmpany in its versight f the

More information

Audit Committee Charter. St Andrew s Insurance (Australia) Pty Ltd St Andrew s Life Insurance Pty Ltd St Andrew s Australia Services Pty Ltd

Audit Committee Charter. St Andrew s Insurance (Australia) Pty Ltd St Andrew s Life Insurance Pty Ltd St Andrew s Australia Services Pty Ltd Audit Cmmittee Charter St Andrew s Insurance (Australia) Pty Ltd St Andrew s Life Insurance Pty Ltd St Andrew s Australia Services Pty Ltd Versin 2.0, 22 February 2016 Apprver Bard f Directrs St Andrew

More information

First Global Data Corp.

First Global Data Corp. First Glbal Data Crp. Privacy Plicy As f February 23, 2015 Ding business with First Glbal Data Crp. ("First Glbal", First Glbal Mney, "we" r "us", which includes First Glbal Data Crp. s subsidiary, First

More information

Purpose Statement. Objectives

Purpose Statement. Objectives Apprved by Academic Affairs Cuncil, June 24, 2014 Faculty Handbk Part VI: Other Plicies and Prcedures Sectin R. Intellectual Prperty Classified Emplyee Handbk Part VI: Other Plicies and Prcedures Sectin

More information

The chief executive officer and the chief finance officer are ex-officio members of the board.

The chief executive officer and the chief finance officer are ex-officio members of the board. DATATEC LIMITED BOARD CHARTER / TERMS OF REFERENCE 1. CONSTITUTION The primary bjective f the Cmpany s Bard Charter is t set ut the rle and respnsibilities f the Bard f Directrs ( the Bard ) as well as

More information

Texas Woman's University University Policy Manual

Texas Woman's University University Policy Manual Texas Wman's University University Plicy Manual Plicy Name: Plicy Number: 6.06 Date Passed: July 2004 Health Insurance Prtability& Accuntability Act (HIPAA) Date Reviewed: September 2008 Next Review: September

More information

Presentation: The Demise of SAS 70 - What s Next?

Presentation: The Demise of SAS 70 - What s Next? Presentatin: The Demise f SAS 70 - What s Next? September 15, 2011 1 Presenters: Jeffrey Ziplw - Partner BlumShapir Jennifer Gerasimv Senir Manager Delitte. SAS 70 Backgrund and Overview Purpse f a SAS

More information

TITLE: Supplier Contracting Guidelines Process: FIN_PS_PSG_050 Replaces: Manual Sections 6.4, 7.1, 7.5, 7.6, 7.11 Effective Date: 10/1/2014 Contents

TITLE: Supplier Contracting Guidelines Process: FIN_PS_PSG_050 Replaces: Manual Sections 6.4, 7.1, 7.5, 7.6, 7.11 Effective Date: 10/1/2014 Contents TITLE: Supplier Cntracting Guidelines Prcess: FIN_PS_PSG_050 Replaces: Manual Sectins 6.4, 7.1, 7.5, 7.6, 7.11 Cntents 1 Abut university supplier cntracting... 2 2 When is a cntract required?... 2 3 Wh

More information

CMS Eligibility Requirements Checklist for MSSP ACO Participation

CMS Eligibility Requirements Checklist for MSSP ACO Participation ATTACHMENT 1 CMS Eligibility Requirements Checklist fr MSSP ACO Participatin 1. General Eligibility Requirements ACO participants wrk tgether t manage and crdinate care fr Medicare fee-fr-service beneficiaries.

More information

FORM ADV (Paper Version) UNIFORM APPLICATION FOR INVESTMENT ADVISER REGISTRATION AND REPORT FORM BY EXEMPT REPORTING ADVISERS

FORM ADV (Paper Version) UNIFORM APPLICATION FOR INVESTMENT ADVISER REGISTRATION AND REPORT FORM BY EXEMPT REPORTING ADVISERS APPENDIX A FORM ADV (Paper Versin) UNIFORM APPLICATION FOR INVESTMENT ADVISER REGISTRATION AND REPORT FORM BY EXEMPT REPORTING ADVISERS Frm ADV: General Instructins Read these instructins carefully befre

More information

Change Management Process

Change Management Process Change Management Prcess B1.10 Change Management Prcess 1. Intrductin This plicy utlines [Yur Cmpany] s apprach t managing change within the rganisatin. All changes in strategy, activities and prcesses

More information

Hampton Roads Orthopaedics & Sports Medicine. Notice of Privacy Practices

Hampton Roads Orthopaedics & Sports Medicine. Notice of Privacy Practices This is being prvided t yu as a requirement f the privacy regulatins issued under the Health Insurance Prtability and Accuntability Act f 1996 (HIPAA). This ntice describes hw HROSM may use and disclse

More information

BLUE RIDGE COMMUNITY AND TECHNICAL COLLEGE BOARD OF GOVERNORS

BLUE RIDGE COMMUNITY AND TECHNICAL COLLEGE BOARD OF GOVERNORS BLUE RIDGE COMMUNITY AND TECHNICAL COLLEGE BOARD OF GOVERNORS SERIES: 1 General Rules RULE: 17.1 Recrd Retentin Scpe: The purpse f this rule is t establish the systematic review, retentin and destructin

More information

MANITOBA SECURITIES COMMISSION STRATEGIC PLAN 2013-2016

MANITOBA SECURITIES COMMISSION STRATEGIC PLAN 2013-2016 MANITOBA SECURITIES COMMISSION STRATEGIC PLAN 2013-2016 The Manitba Securities Cmmissin (the Cmmissin) is a divisin f the Manitba Financial Services Agency (MFSA). The ther divisin is the Financial Institutins

More information

DALBAR Due Diligence: Trust, but Verify

DALBAR Due Diligence: Trust, but Verify BEST INTEREST INVESTMENT RECOMMENDATIONS Advisr Rle under Best Interest Regulatins January 27, 2016 In the era when the cntractual bligatin is t act in the client s best interest, investment decisins can

More information

IFRS Discussion Group

IFRS Discussion Group IFRS Discussin Grup Reprt n the Public Meeting February 26, 2014 The IFRS Discussin Grup is a discussin frum nly. The Grup s purpse is t assist the Accunting Standards Bard (AcSB) regarding issues arising

More information

Public consultation paper

Public consultation paper Public cnsultatin paper Nvember 2012 Public cnsultatin n guidelines fr prfessinal indemnity insurance arrangements fr nurses and nurse practitiners. Please prvide feedback by email t: nmbafeedback@ahpra.gv.au

More information

Professional indemnity insurance arrangements for enrolled nurses, registered nurses and nurse practitioners

Professional indemnity insurance arrangements for enrolled nurses, registered nurses and nurse practitioners Guideline August 2013 Prfessinal indemnity insurance arrangements fr enrlled nurses, registered nurses and nurse practitiners Intrductin This guideline has been develped by the Nursing and Midwifery Bard

More information

Heythrop College Disciplinary Procedure for Support Staff

Heythrop College Disciplinary Procedure for Support Staff Heythrp Cllege Disciplinary Prcedure fr Supprt Staff Intrductin 1. This prcedural dcument des nt apply t thse academic-related staff wh are mentined in the Cllege s Ordinance, namely the Librarian and

More information

E-ALERT Financial Institutions

E-ALERT Financial Institutions E-ALERT Financial Institutins BEIJING BRUSSELS LONDON NEW YORK SAN DIEGO SAN FRANCISCO SILICON VALLEY WASHINGTON www.cv.cm March 19, 2010 SENATE FINANCIAL REFORM LEGISLATION ADDRESSES PROPRIETARY TRADING

More information

Project Open Hand Atlanta. Health Insurance Portability and Accountability Act (HIPAA) NOTICE OF PRIVACY PRACTICES

Project Open Hand Atlanta. Health Insurance Portability and Accountability Act (HIPAA) NOTICE OF PRIVACY PRACTICES Prject Open Hand Atlanta Effective Date: April 14, 2003 Health Insurance Prtability and Accuntability Act (HIPAA) The Health Insurance Prtability and Accuntability Act f 1996 (HIPAA) directs health care

More information

University of Texas at Dallas Policy for Accepting Credit Card and Electronic Payments

University of Texas at Dallas Policy for Accepting Credit Card and Electronic Payments University f Texas at Dallas Plicy fr Accepting Credit Card and Electrnic Payments Cntents: Purpse Applicability Plicy Statement Respnsibilities f a Merchant Department Prcess t Becme a Merchant Department

More information

Sources of Federal Government and Employee Information

Sources of Federal Government and Employee Information Inf Surce Surces f Federal Gvernment and Emplyee Infrmatin Ridley Terminals Inc. TABLE OF CONTENTS General Infrmatin Intrductin t Inf Surce Backgrund Respnsibilities Institutinal Functins, Prgram and Activities

More information

Communicating Deficiencies in Internal Control to Those Charged with Governance and Management

Communicating Deficiencies in Internal Control to Those Charged with Governance and Management Internatinal Auditing and Assurance Standards Bard ISA 265 April 2009 Internatinal Standard n Auditing Cmmunicating Deficiencies in Internal Cntrl t Thse Charged with Gvernance and Management Internatinal

More information

Process for Responding to Privacy Breaches

Process for Responding to Privacy Breaches Prcess fr Respnding t Privacy Breaches 1. Purpse 1.1 This dcument sets ut the steps that ministries must fllw when respnding t a privacy breach. It must be read in cnjunctin with the Infrmatin Incident

More information

The Importance Advanced Data Collection System Maintenance. Berry Drijsen Global Service Business Manager. knowledge to shape your future

The Importance Advanced Data Collection System Maintenance. Berry Drijsen Global Service Business Manager. knowledge to shape your future The Imprtance Advanced Data Cllectin System Maintenance Berry Drijsen Glbal Service Business Manager WHITE PAPER knwledge t shape yur future The Imprtance Advanced Data Cllectin System Maintenance Cntents

More information

A Comparison of UK and Chinese Broking Regulation

A Comparison of UK and Chinese Broking Regulation A Cmparisn f UK and Chinese Brking Regulatin David Cupe Partner +44 (0)203 553 4884 david.cupe@ec3legal.cm The fllwing tables are a cmparisn f UK and Chinese brking regulatins including the Llyd s regulatins.

More information

NYU Langone Medical Center NYU Hospitals Center NYU School of Medicine

NYU Langone Medical Center NYU Hospitals Center NYU School of Medicine Title: Identity Theft Prgram Effective Date: July 2009 NYU Langne Medical Center NYU Hspitals Center NYU Schl f Medicine POLICY It is the plicy f the NYU Langne Medical Center t educate and train staff

More information

IN-HOUSE OR OUTSOURCED BILLING

IN-HOUSE OR OUTSOURCED BILLING IN-HOUSE OR OUTSOURCED BILLING Medical billing is ne f the mst cmplicated aspects f running a medical practice. With thusands f pssible cdes fr diagnses and prcedures, and multiple payers, the ability

More information

Better Practice Guide Financial Considerations for Government use of Cloud Computing

Better Practice Guide Financial Considerations for Government use of Cloud Computing Better Practice Guide Financial Cnsideratins fr Gvernment use f Clud Cmputing Nvember 2011 Intrductin Many Australian Gvernment agencies are in the prcess f cnsidering the adptin f clud-based slutins.

More information

DisplayNote Technologies Limited Data Protection Policy July 2014

DisplayNote Technologies Limited Data Protection Policy July 2014 DisplayNte Technlgies Limited Data Prtectin Plicy July 2014 1. Intrductin This dcument sets ut the bligatins f DisplayNte Technlgies Limited ( the Cmpany ) with regard t data prtectin and the rights f

More information

HIPAA HITECH ACT Compliance, Review and Training Services

HIPAA HITECH ACT Compliance, Review and Training Services Cmpliance, Review and Training Services Risk Assessment and Risk Mitigatin: The first and mst imprtant step is t undertake a hlistic risk assessment that examines the risks and cntrls related t fur critical

More information

Investment Adviser Switch Workshop

Investment Adviser Switch Workshop Investment Adviser Switch Wrkshp Investment Adviser Registratin, Renewal, Amendment And Pst-Registratin Requirements Presented by Office f the Attrney General Maryland Divisin f Securities 1 Registratin

More information

Multi-Year Accessibility Policy and Plan for NSF Canada and NSF International Strategic Registrations Canada Company, 2014-2021

Multi-Year Accessibility Policy and Plan for NSF Canada and NSF International Strategic Registrations Canada Company, 2014-2021 Multi-Year Accessibility Plicy and Plan fr NSF Canada and NSF Internatinal Strategic Registratins Canada Cmpany, 2014-2021 This 2014-21 accessibility plan utlines the plicies and actins that NSF Canada

More information

HIPAA Compliance 101. Important Terms. Pittsburgh Computer Solutions 724-942-1337

HIPAA Compliance 101. Important Terms. Pittsburgh Computer Solutions 724-942-1337 HIPAA Cmpliance 101 Imprtant Terms Cvered Entities (CAs) The HIPAA Privacy Rule refers t three specific grups as cvered entities, including health plans, healthcare clearinghuses, and health care prviders

More information

Risk Management Policy AGL Energy Limited

Risk Management Policy AGL Energy Limited Risk Management Plicy AGL Energy Limited AUGUST 2014 Table f Cntents 1. Abut this Dcument... 2 2. Plicy Statement... 2 3. Purpse... 2 4. AGL Risk Cntext... 3 5. Scpe... 3 6. Objectives... 3 7. Accuntabilities...

More information

Data Protection Policy & Procedure

Data Protection Policy & Procedure Data Prtectin Plicy & Prcedure Page 1 Prcnnect Marketing Data Prtectin Plicy V1.2 Data prtectin plicy Cntext and verview Key details Plicy prepared by: Adam Haycck Apprved by bard / management n: 01/01/2015

More information

UNIVERSITY OF CALIFORNIA MERCED PERFORMANCE MANAGEMENT GUIDELINES

UNIVERSITY OF CALIFORNIA MERCED PERFORMANCE MANAGEMENT GUIDELINES UNIVERSITY OF CALIFORNIA MERCED PERFORMANCE MANAGEMENT GUIDELINES REFERENCES AND RELATED POLICIES A. UC PPSM 2 -Definitin f Terms B. UC PPSM 12 -Nndiscriminatin in Emplyment C. UC PPSM 14 -Affirmative

More information

Wire Transfer Request

Wire Transfer Request Wire Transfer Request Requirements and Instructins OFFICE OF DISBURSEMENTS Categry: Dcument Name: Payment Prcessing Wire Transfer Request - Requirements and Instructins Respnsible Department: Office f

More information

Supersedes: DPS Policy 10.09 - Internet and Use Of The DPSnet, July 14, 2000 Effective: February 15, 2005 Pages: 1 of 5

Supersedes: DPS Policy 10.09 - Internet and Use Of The DPSnet, July 14, 2000 Effective: February 15, 2005 Pages: 1 of 5 Plicy: 13.01 SUBJECT: INTERNET USAGE Supersedes: DPS Plicy 10.09 - Internet and Use Of The DPSnet, July 14, 2000 Effective: February 15, 2005 Pages: 1 f 5 1.0 POLICY PURPOSE Detrit Public Schls (DPS) Internet

More information

FINANCIAL OPTIONS. 2. For non-insured patients, payment is due on the day of service.

FINANCIAL OPTIONS. 2. For non-insured patients, payment is due on the day of service. FINANCIAL OPTIONS 1. Fr thse patients wh carry dental insurance, all c-payments are due n date f service. We will file yur claim as a service t yu, and will d ur very best t maximize yur benefits. We accept

More information

Template on written coordination and cooperation arrangements of the supervisory college established for the <XY> Group/<A> Institution

Template on written coordination and cooperation arrangements of the supervisory college established for the <XY> Group/<A> Institution COORDINATION AND COOPERATION ARRANGEMENTS EBA/RTS/2014/16 EBA/ITS/2014/07 Annex II Template n written crdinatin and cperatin arrangements f the supervisry cllege established fr the Grup/ Institutin

More information

Plus500CY Ltd. Statement on Privacy and Cookie Policy

Plus500CY Ltd. Statement on Privacy and Cookie Policy Plus500CY Ltd. Statement n Privacy and Ckie Plicy Statement n Privacy and Ckie Plicy This website is perated by Plus500CY Ltd. ("we, us r ur"). It is ur plicy t respect the cnfidentiality f infrmatin and

More information

Guidelines for Custodians

Guidelines for Custodians Guidelines fr Custdians t assess cmpliance with the Persnal Health Infrmatin Privacy and Access Act (PHIPAA) This dcument is designed t help custdians evaluate readiness fr cmpliance with PHIPAA and t

More information

- Upfront fee of $ + GST - Ongoing fee commencing immediately after plan implementation of $20.00 + GST per fortnight.

- Upfront fee of $ + GST - Ongoing fee commencing immediately after plan implementation of $20.00 + GST per fortnight. Cntract f engagement This cntract f engagement is between FSB 4 Financial Limited (the adviser) and (the client). Purpse This cntract establishes the relatinship between the adviser and the client relating

More information

Systems Support - Extended

Systems Support - Extended 1 General Overview This is a Service Level Agreement ( SLA ) between and the Enterprise Windws Services t dcument: The technlgy services the Enterprise Windws Services prvides t the custmer. The targets

More information

PENETRATION TEST OF THE INDIAN HEALTH SERVICE S COMPUTER NETWORK

PENETRATION TEST OF THE INDIAN HEALTH SERVICE S COMPUTER NETWORK Department f Health and Human Services OFFICE OF INSPECTOR GENERAL PENETRATION TEST OF THE INDIAN HEALTH SERVICE S COMPUTER NETWORK Inquiries abut this reprt may be addressed t the Office f Public Affairs

More information

BIBH Duty Statements and Governance chart reviewed and approved April 2014. BIBH Executive Governance & Management Arrangements

BIBH Duty Statements and Governance chart reviewed and approved April 2014. BIBH Executive Governance & Management Arrangements BIBH Duty Statements and Gvernance chart reviewed and apprved April 2014 BIBH Executive Gvernance & Management Arrangements BIBH COMMITTEE CEO - Paul O Cnnell Executive Secretary - Brian Firth Executive

More information

Executive Summary. ERISA allows for the Delegation of Fiduciary Responsibility to independent investment professionals. www.theadvisorlab.com.

Executive Summary. ERISA allows for the Delegation of Fiduciary Responsibility to independent investment professionals. www.theadvisorlab.com. Page 2 ERISA allws fr the Delegatin f Fiduciary Respnsibility t independent investment prfessinals. Executive Summary Many wners/executives f businesses that spnsr 401(k) plans dn t have the faintest idea

More information

MAYFAIR INSURANCE & MORTGAGE CONSULTANTS LTD 11 Lurke Street, Bedford MK40 3HZ Telephone: 01234 242900

MAYFAIR INSURANCE & MORTGAGE CONSULTANTS LTD 11 Lurke Street, Bedford MK40 3HZ Telephone: 01234 242900 MAYFAIR INSURANCE & MORTGAGE CONSULTANTS LTD 11 Lurke Street, Bedfrd MK40 3HZ Telephne: 01234 242900 Please read this dcument carefully as it sets ut the terms n which we agree t act fr ur clients and

More information

UNITED STATES OF AMERICA FEDERAL ENERGY REGULATORY COMMISSION. Statement of Thomas F. O Brien. Vice President & Chief Information Officer

UNITED STATES OF AMERICA FEDERAL ENERGY REGULATORY COMMISSION. Statement of Thomas F. O Brien. Vice President & Chief Information Officer UNITED STATES OF AMERICA FEDERAL ENERGY REGULATORY COMMISSION Revised Critical Infrastructure Prtectin Reliability Standards Dcket N. RM15-14-000 Statement f Thmas F. O Brien Vice President & Chief Infrmatin

More information

Third Party Originator Application

Third Party Originator Application Third Party Originatr Applicatin Applicant Infrmatin Third Party Name: Primary Address: City: State: Zip Cde: Primary Cntact: Telephne Number: Email Address: Fax Number: Website Address: Branch Lcatins

More information

Directors' And Officers' Liability

Directors' And Officers' Liability Directrs' And Officers' Liability (Last Revised January, 2005) The fllwing is intended fr general infrmatin nly, regarding sme f the issues relating t purchasing a business in Saskatchewan. We advise yu

More information

Version Date Comments / Changes 1.0 January 2015 Initial Policy Released

Version Date Comments / Changes 1.0 January 2015 Initial Policy Released Page 1 f 6 Vice President, Infrmatics and Transfrmatin Supprt APPROVED (S) REVISED / REVIEWED SUMMARY Versin Date Cmments / Changes 1.0 Initial Plicy Released INTENT / PURPOSE The Infrmatin and Data Gvernance

More information

Draft for consultation

Draft for consultation Draft fr cnsultatin Draft Cde f Practice n discipline and grievance May 2008 Further infrmatin is available frm www.acas.rg.uk CONSULTATION ON REVISED ACAS CODE OF PRACTICE ON DISCIPLINE AND GRIEVANCE

More information

Information Security Policy

Information Security Policy Purpse The risk t Charlestn Suthern University, its emplyees and students frm data lss and identity theft is f significant cncern t the University and can be reduced nly thrugh the cmbined effrts f every

More information

Consumer Complaint Roadmap

Consumer Complaint Roadmap Cnsumer Cmplaint Radmap Step 1. What yu shuld knw befre yu begin. Refund and Exchange Plicies The nly case where a cnsumer has the abslute right t a return is when there is a defect in the prduct. Mst

More information

australian nursing federation

australian nursing federation australian nursing federatin Submissin t the public cnsultatin n the Nursing and Midwifery Bard f Australia draft Guidelines fr prfessinal indemnity insurance arrangements fr nurses and nurse practitiners

More information

Appendix H. Annual Risk Assessment and Audit Plan 2013/14

Appendix H. Annual Risk Assessment and Audit Plan 2013/14 Annual Risk Assessment and Audit Plan 2013/14 Internal Audit Department September 25, 2013 Table f Cntents Intrductin.. 3 Risk Assessment Prcess... 4 Page 2 Intrductin Each year, the Internal Audit Department

More information

ISO Management Systems. Guidance on understanding the benefits of an ISO Management System

ISO Management Systems. Guidance on understanding the benefits of an ISO Management System ISO Management Systems Guidance n understanding the benefits f an ISO Management System Welcme & Intrductins 4031 University Drive, 206, Fairfax, VA 22030 3 Grant Square, 243, Hinsdale, IL 60521 www.radiancmpliance.cm

More information

Town of Wayland, Massachusetts Investment Policy Statement General Fund & Trust Funds

Town of Wayland, Massachusetts Investment Policy Statement General Fund & Trust Funds Twn f Wayland, Massachusetts Investment Plicy Statement General Fund & Trust Funds I. The Investment f General Funds, Special Revenue Funds, Enterprise Funds, and Capital Prjects Funds A. Scpe This sectin

More information

Privacy Breach and Complaint Protocol

Privacy Breach and Complaint Protocol Privacy Breach and Cmplaint Prtcl Effective: December 31, 2012 Apprved by: Le McKenna, CFO 1.0 General Privacy breaches and privacy cmplaints will be handled in accrdance with this prtcl. This prtcl is

More information