21.—(1) An authorised payment institution must notify the Authority of its intention to enter into a contract with another person under which that other person will carry out any operational function relating to its provision of payment services (“outsourcing”).
(2) Where an authorised payment institution intends to outsource any important operational function, all of the following conditions must be met—
(a)the outsourcing is not undertaken in such a way as to impair—
(i)the quality of the authorised payment institution’s internal control; or
(ii)the ability of the Authority to monitor the authorised payment institution’s compliance with these Regulations;
(b)the outsourcing does not result in any delegation by the senior management of the authorised payment institution of responsibility for complying with the requirements imposed by or under these Regulations;
(c)the relationship and obligations of the authorised payment institution towards its payment service users under these Regulations is not substantially altered;
(d)compliance with the conditions which the authorised payment institution must observe in order to be authorised and remain so is not adversely affected; and
(e)none of the conditions of the payment institution’s authorisation requires removal or variation.
(3) For the purposes of paragraph (2), an operational function is important if a defect or failure in its performance would materially impair—
(a)compliance by the authorised payment institution with these Regulations and any requirements of its authorisation;
(b)the financial performance of the authorised payment institution; or
(c)the soundness or continuity of the authorised payment institution’s payment services.