ISO

FSA

Principles of Information Access and Supervision under Outsourcing Agreements

Pursuant to Articles 6a–6d and 111b of the Polish Banking Law Act of 29 August 1997 (consolidated text: Journal of Laws 2002, No. 72, item 665, as amended), BackOffice Outsourcing Sp. z o.o. undertakes, within the framework of outsourcing agreements with banks and financial institutions, to ensure full transparency and cooperation to enable effective supervision over the performance of outsourced activities.

In particular, the Company commits to the following:

 

  1. Providing Banks, Financial Institutions, Bank Auditors, and the Polish Financial Supervision Authority (KNF) with the following documents and information:
  • Updated legal and registration documents, including KRS registry extracts, licenses, permits, administrative decisions, and other documentation confirming the legal status and legitimacy of BackOffice Outsourcing’s operations, as well as compliance with the scope of the outsourced services;
  • Financial statements for the periods during which contracts are in force and for the periods immediately preceding them, including auditor reports and opinions, if applicable, and interim financial reports or quarterly management statements, if available;
  • Business Continuity Plans (BCP) and procedures that ensure uninterrupted provision of services in the event of crises or technical failures, including test results and periodic BCP review documentation;
  • Descriptions and procedures related to information security, including implemented standards in line with ISO 27001, ISO 22301, and ISO 9001, covering incident response, access control, data protection, and physical/logical security policies;
  • Results of audits – both external (e.g. conducted by certifying bodies or clients) and internal – assessing control effectiveness, compliance with regulatory requirements, and the robustness of supervisory mechanisms;
  • Operational and execution documentation relating to the performance of contractual services, including process descriptions, internal instructions, schedules, activity records, and internal procedures.

 

  1. Allowing the Bank, Financial Institutions, Bank Auditors, or KNF to perform inspections, including:
  • On-site inspections at locations where the outsourced services are performed, with access to operational areas, physical and digital documentation, hardware, and IT systems;
  • Verification of information security practices, including technical safeguards (e.g., firewalls, backup systems, access control) and organizational measures (roles, segregation of duties, compliance with security policies);
  • Staff interviews with personnel performing the outsourced services, to clarify operational procedures, incident handling, control application, and procedural compliance.

 

  1. Immediate notification to Banks, Financial Institutions, or KNF of:
  • Any circumstances or risks that may or could potentially have a material adverse effect on the execution of the contractual services, including but not limited to:
    • disruptions to IT systems or interruptions in service continuity,
    • data security incidents or personal data breaches,
    • violations of legal or internal regulatory requirements or contract terms,
    • loss of availability, integrity, or confidentiality of data,
    • insolvency, restructuring, or other critical financial events affecting service provision;
  • Actions or status changes of subcontractors or third parties that impact the delivery of services, including legal status changes, service termination, data transfers outside the EEA, or significant alterations in service delivery models.

 

  1. Additional obligations regarding supervision and transparency:
  • Designation of a dedicated point of contact within the Company (e.g., Compliance Officer, Internal Control Department, Data Protection Officer) to handle supervisory or audit-related inquiries;
  • Archiving all relevant contractual documentation for a minimum of five (5) years after contract termination and ensuring availability upon request by the supervising authority or the bank;
  • Implementation of corrective and preventive actions following supervisory recommendations, with submission of follow-up reports confirming the implementation of such measures.

 

BackOffice Outsourcing Sp. z o.o. views its information obligations and cooperation with supervisory authorities as a core foundation of trust in its relationship with the financial sector. Transparency, timeliness, and completeness of provided information are the pillars of responsible outsourcing in accordance with Polish Banking Law and the regulatory expectations of the Polish Financial Supervision Authority (KNF).

 

Cookies
Obsługujemy pliki cookies. Jeśli uważasz, że to jest ok, po prostu kliknij "Akceptuj wszystko". Możesz też wybrać, jakie chcesz ciasteczka, klikając "Ustawienia". Read our cookie policy
Settings Accept all
Cookies
This website uses cookies to ensure its correct and secure operation. These cookies, classified as essential, are necessary for the operation of the website and are therefore automatically stored in your browser. We also use third-party statistical cookies to help us anonymously analyse and understand the use of this website. These cookies will be stored in your browser if you have given us permission to do so. However, opting out of these cookies may affect your user experience. Choose which cookies you want to accept. Your choice will be kept for one year. Read our cookie policy
Save Accept all