Avtaler med tjenesteleverandører

Norges Bank Investment Management kjøper en rekke tjenester fra eksterne leverandører som et alternativ til å opprettholde intern ekspertise og kapasitet for slike tjenester. Kost-nytte analyser og en grundig gjennomgang av selskapet både i innledende fase og fortløpende må ligge til grunn for valg av leverandørstrategi.

Utstedt 7. desember 2010
Sist oppdatert 15. desember 2017

Retningslinjen er kun tilgjengelig på engelsk.

Purpose

The purpose of this policy is to outline the principles for management of third party entities delivering services (“Service Providers”) to Norges Bank Investment Management (NBIM). The objective is to ensure high quality service deliveries and reduce overall risk related to Service Providers through onboarding and continuous monitoring.

This policy covers all providers with the exception of External Fund Managers which are regulated in a separate policy.

Policy

The level of Service Provider Management shall be based on the providers criticality and risk level. NBIM strategy shall guide when to outsource, in-source, and when to procure systems or services. Service Provider management activities shall be further detailed in internal guidelines, and adhered to by all employees.

Classifications

  • All Service Providers shall be rated based on criticality and risk.
  • Criticality rating shall take into account the strategic importance of the delivery.
  • Risk rating shall reflect compliance and regulatory risk, and include an assessment of the country risk where the delivery originates.

Onboarding

NBIM shall communicate and inform Service Providers of the Conduct of Business Code for Providers of Goods and Services.

Outsourcing

NBIM shall throughout the duration of an outsourcing agreement, retain sufficient competence and capacity in-house to be able to effectively monitor and control the external service.

Monitoring

  • NBIM shall maintain an overview of all selected Service Providers.
  • All Service Providers shall be assigned a relationship owner. The relationship owner shall retain responsibility for risks and controls related to the service delivery, and manage the risk according to Operational Risk Management Policy.
  • Operational review, due diligence and security reviews shall be conducted during onboarding and otherwise in accordance with the risk and criticality classification.

Last ned retningslinjen (PDF - kun tilgjengelig på engelsk)