Outsource & Third-Party Service Provider Requirements
EPSPs frequently rely on third-party providers for technology infrastructure, cloud hosting, cybersecurity tools, POS hardware, payment gateways, and customer support. Outsourcing arrangements introduce risk if not properly managed, which is why the Central Bank of Iraq requires providers to maintain control over outsourced functions and ensure supervisory access. Outsourcing risk management is a core regulatory expectation for electronic payment providers in Iraq.
Outsource Categories
- Technology infrastructure and cloud services
- Software development and maintenance
- Card processing and switching systems
- Call center and customer support functions
Operational Requirements
- Written outsourcing agreements
- Data confidentiality and privacy protections
- Termination and exit planning
- Performance and uptime SLAs
- Audit and access rights for regulators
CBI compliance
- Notify or seek approval for material outsourcing arrangements
- Ensure outsourced functions meet CBI technical standards
- Maintain accountability for compliance and risk
- Ensure no outsourcing impairs supervision or operations
How Etihad Can Assist
Etihad provides legal and regulatory advisory services to banks, financial institutions, and businesses, supporting compliance with applicable laws, regulations, and regulatory guidance issued by any competent authorities.