The acquisition of software or access to commercial databases to support or facilitate the performance of AML/CFT obligations, without the data or information provided by the person concerned and processed to third parties not being considered outsourcing. Yes – the person concerned must ensure that in the event of a sudden termination of the outsourcing agreement, he or she has an emergency plan in order to be able to resume the implementation of the outsourced activities immediately. NBB notes, however, that outsourcing within a group, through a subsidiary at its head or to another subsidiary of the group to which it belongs (intragroup outsourcing), is subject to the same requirements as outsourcing to an external service provider. Financial institutions that use intragroup outsourcing should, among other things, take the necessary steps to identify and manage conflicts of interest that may result from such an outsourcing agreement. As a reminder, a financial institution assigns (or subcontracted) a function when it enters into an agreement in one way or another with a service provider on the basis of which the provider performs a process or task that would otherwise be performed by the financial institution itself. Outsourcing differs from the board in that an advisor only notices his or her client financial institution, without performing the process or task himself. These principles also apply to the outsourcing of due diligence obligations. For compliance with vigilance obligations, please read the „Diligence by Third parties“ section below. The use of outsourcing by a financial institution to meet its legal and regulatory obligations under the AML/CFTP should in no way reduce the responsibility of the institution concerned for the proper and effective organisation and performance of its legal and regulatory obligations in this area, nor should it confer this responsibility on the service provider. The NBB also stresses that the use of outsourcing should not be large enough to lead to the creation of „empty shells“ compared to AML/CFTP. Therefore, any financial institution relocated by AMLCO should ensure that it obtains in-house, in addition to decision-making power (see above), the effective power to manage outsourced tasks. This means that the outsourced financial institution should itself take appropriate measures to control outsourced tasks and address the deficiencies and inadequacies identified. To this end, each outsourced financial institution should be able to demonstrate that it has sufficient internal resources to effectively exercise its decision-making power, control of outsourced tasks and, if necessary, its duty of redress.
In addition to cases where financial institutions relocate tasks from the AMLCO function (see section on outsourcing the AMLCO function), they can also rely on third parties to fulfill their legal and regulatory due diligence obligations with respect to the AML/CFTP. Companies that „relocate“ their transaction control and transaction control functions to group entities in other countries would be well advised to check the ACF outsourcing manual. With regard to payment institutions and electronic money establishments operating in Belgium through agents or distributors established in that country, all the principles and recommendations set out in this chapter apply mutatis mutandis to the outsourcing of the tasks of the „central point of contact“ (see page „Belgian Contact Points of European Payment Institutions and Electronic Currency Institutions“). Yes, yes. FiAU or any other supervisory body may require that the original or a copy of this agreement be made available to the person concerned.