A financial information service provider shall comply with the following organisational requirements:
(a) it shall establish policies and procedures sufficient to ensure its compliance, including its managers and employees with its obligations under this Regulation;
(b) it shall take reasonable steps to ensure continuity and regularity in the performance of its activities. To that end the financial information service provider shall employ appropriate and proportionate systems, resources and procedures to ensure the continuity of its critical operations, have in place contingency plans and a procedure to test and review regularly the adequacy and efficiency of such plans;
(c) when relying on a third party for the performance of functions which are critical for the provision of continuous and satisfactory service to customers and the performance of activities on a continuous and satisfactory basis, that it takes reasonable steps to avoid undue additional operational risk. Outsourcing of
…