Outsourcing Policy & Procedures An Overview for Staff Prepared by MSM Compliance Services Pty Ltd

Who Are MSM Compliance? MSM is a national professional services business focused on the general insurance industry. Your company has engaged MSM to assist in the management of its obligations as a holder of an Australian Financial Services Licence. MSM helps to ensure that you and your company comply with your AFS Licence obligations with the least disruption to your core business.

Why Are You Reading This? To provide you with an introduction to our Outsourcing Policy and Procedures. It will present you with a synopsis, but not the detail. You should still take the time to read the full Outsourcing Policy & Procedures.

What Is Outsourcing? Outsourcing is where we give a task to someone that is outside or external to our business. Just because we have outsourced a task, it does not mean that we are not responsible for that task. Our Outsourcing Policy only applies to the outsourcing of important and material tasks such as Personnel, Premises, Entire accounting / bookkeeping function etc. Our Outsourcing Policy does not apply to external commercially provided software = e.g. Microsoft / EBIX etc.

Why Do We Have Outsourcing Policy & Procedures? Outsourced Services are subject to the same management disciplines & regulatory controls that would apply if the service was not outsourced. We must remain in charge of our business, in control of our business risks and meet our regulatory responsibilities. Outsourcing has the potential to transfer risk management and compliance to Third Parties who are not regulated. Outsourcing an activity does not transfer many of the risks associated with that activity.

Outsourcing Principles Policy Clear concise guidelines – the intention of this procedure Risk Management Include any risks in our Risk Management program Regulatory Impact Assessment Outsourcing must not compromise our Compliance program Due Diligence Robust selection & review criteria Written Contacts Detailing rights, responsibilities and expectations of all parties Contingency Plans Source alternatives – part of Disaster Recovery & Risk Management plans Confidentiality Essential to protect information, both ours and clients - Privacy

Outsourcing & Conflict of Interest There maybe circumstances where some or all of the supplier’s interests are inconsistent with or divergent from our interests. Key processes to manage conflict are: Identification Assessment Response – Control, Disclose or Avoid Ensure our services are not compromised

Who Is Responsible For Outsourcing? Our Responsible Manager(s) are the only staff authorised to make decisions on the selection of providers for outsourcing of a Material Business Activity.

Review & Updates Our Outsourcing Policy & Procedures will be reviewed on an annual basis as part of our the Business Planning process. Any changes will be advised to you either via or at our regular Staff meetings.

In Summary You should read the full Policy & Procedures. be aware of what activities we outsource. advise the Compliance Officer if you become aware of a conflict of interest.

Where To From Here? Please take the time to read our full Outsourcing Policy and Procedures and if you require further clarification discuss with your manager/supervisor.