Under SYSC 3.2.3 G and SYSC 3.2.4 G, a firm should carry out appropriate due diligence on any person to whom it outsources any function or task and keep the suitability of that person for that task or function under review. A firm should monitor the performance by that person of the outsourced tasks and functions.
use transaction authentication methods that ensure that transactions in e-money to which it is a party do not have to be unwound or reversed;
ensure that proper authorisation controls and access privileges are in place for all its systems, databases and applications;
ensure that measures are in place to protect the data integrity of transactions in e-money to which it is a party and records and information about such transactions;
ensure that measures are in place to prevent fraud;
establish clear audit trails for all transactions in e-money to which it is a party; and
ensure the confidentiality of customer and transaction information, having regard to the sensitivity of the information and any other relevant factor.
unauthorised creation, transfer or redemption of e-money;
loss of e-money within the system referred to in (2) and loss of function of any part of that system; and