(1) Where an authorised payment institution, a small payment institution or a registered account information service provider relies on a third party for the performance of operational functions it must take all reasonable steps to ensure that these Regulations are complied with.
(2) Without prejudice to paragraph (1), an authorised payment institution, a small payment institution or a registered account information service provider is responsible, to the same extent as if it had expressly permitted it, for anything done or omitted by any of its employees, any agent or branch providing payment services on its behalf, or any entity to which activities are outsourced.