(1) An application for registration as a securitisation repository shall demonstrate that, where an applicant arranges for activities to be performed on its behalf by third parties, including by undertakings with which it has close links, shall ensure that the third party has the ability and the capacity to perform those activities reliably and professionally.

(2) The application for registration as a securitisation repository shall specify or contain all of the following:

(a) a description of the scope of the activities to be outsourced as well as the detail and extent to which those activities are outsourced;

(b) a copy of the relevant service level agreements with clear roles and responsibilities, metrics and targets for every key requirement of the applicant that is outsourced, the methods employed to monitor the service level of the outsourced functions and the measures or actions to be taken in the event of not meeting service level targets;

(c) a copy of the contracts governing those service level agreements, including the identification of the third party service provider;

(d) a copy of any external reports on the outsourced activities, where available;

(e) details of the organisational measures and policies with respect to outsourcing and the risks posed by it as specified in paragraph 4.