|
Article 47
|
(Management of operation outsourcing)
- When contracting a third-party provider to introduce AI systems, an organization is advised to assess the third-party provider to make sure it has relevant knowledge, expertise and experience.
- An organization shall include the terms on information security, data protection, subcontracting, scope of responsibility and penalty in the contract by considering outsourced services and its scope and establish an appropriate data or system migration mechanism in case of termination of contract.
- When using the AI system developed or operated by a third-party provider to provide financial services, an organization shall perform supervision operation and ensure the third-party provider to keep written or digital operation records of performance of contracted services to facilitate subsequent follow-up, verification and management.
- For outsourcing of AI operation involving the business activities stated in the business license or client information, the Directions for Operations Outsourcing by Securities Firms, the Directions for Operations Outsourcing by Futures Commission Merchants, and the Directions for Operations Outsourcing by Securities Investment Trust Enterprises and Securities Investment Consulting Enterprises shall be complied with.
|