100. Institutions and payment institutions should monitor, on an ongoing basis, the performance of the service providers with regard to all outsourcing arrangements on a risk-based approach and with the main focus being on the outsourcing of critical or important functions, including that the availability, integrity and security of data and information is ensured. Where the risk, nature or scale of an outsourced function has materially changed, institutions and payment institutions should reassess the criticality or importance of that function in line with Section 4.
101. Institutions and payment institutions should apply due skill, care and diligence when monitoring and managing outsourcing arrangements.
102. Institutions should regularly update their risk assessment in accordance with Section 12.2 and should periodically report to the management body on the risks identified in respect of the outsourcing of critical or important functions.
103. Institutions and payment institutions sh
…