1) A financial entity shall decide whether an ICT service supporting critical or important functions may be subcontracted by an ICT third-party service provider only after having assessed at least:
a) that the due diligence processes implemented by the ICT third-party service provider ensure that it is able to select and assess the abilities, both operational and financial, of prospective ICT subcontractors to provide the ICT services supporting critical or important functions, including by participating in operational reporting and operational testing as required by the financial entity;
b) that the ICT third-party service provider will be able to inform and involve the financial entity in the decision-making related to subcontracting when relevant and appropriate;
c) that the relevant clauses of the contractual arrangements between the financial entity and the ICT third-party service provider are replicated as appropriate in the subcontracting arrangements between the ICT third-party
…