Although the regulation has been strengthened, the procedure is less cumbersome. Companies are no longer required to notify DSS before entering into essential outsourcing agreements. However, you should keep an outsourcing registry available for an annual audit or at the request of MAS. In order to strengthen MAS`s oversight of bank outsourcing contracts, MAS proposes to include in banking law the power to require banks to comply with outsourcing requirements. These include the banks` request: on 7 February 2019, the Singapore Monetary Authority (“MAS”) issued a consultation paper on outsourcing by banks and commercial banks, in which it was to obtain a levy on proposed changes to the outsourcing regime for banks and commercial banks. Proposals include amendments to the Bank Act to strengthen oversight of DSS outsourcing contracts, as well as the issuance of an outsourcing notice for banks and an outsourcing notice for commercial banks (a “whole” outsourcing communications”), which imposes identical requirements on banks and commercial banks with respect to essential outsourcing agreements (“essential outsourcing contracts”). The consultation closes on March 8, 2019. The new guidelines raise questions that you should answer when reviewing your outsourcing agreements. Who has access to these accounts when you use cloud storage solutions to archive and store customer data? Can your cloud provider identify and separate customer data using powerful physical or logical controls? If you store data in data centers abroad, are you politically endangering valuable information and what disaster recovery measures have been taken? As defined in the guidelines, an outsourcing agreement is a written agreement that defines the contractual terms governing the relationships, obligations, responsibilities, rights and expectations of the parties in an outsourcing agreement. It should at least contain provisions that aim to: (a) the scope of the outsourcing agreement; (b) standards for performance, operational status, internal control and risk management; c) confidentiality and security; (d) Business continuity management; (e) monitoring and control; (f) review and inspection; (g) communication on adverse developments; (h) dispute resolution; (i) the standard end and early release; (j) subcontracting and (k) applicable law.