GEN 3.3.31

(1) An Authorised Person which outsources any of its functions or activities directly related to Regulated Activities to service providers (including within its Group) is not relieved of its regulatory obligations and remains responsible for compliance with the Regulations and Rules.
(2) The outsourced function under this Rule shall be deemed as being carried out by the Authorised Person itself.
(3) An Authorised Person which uses such service providers must ensure that it:
(a) has undertaken due diligence in choosing suitable service providers;
(b) effectively supervises the outsourced functions or activities; and
(c) deals effectively with any act or failure to act by the service provider that leads, or might lead, to a breach of any Regulations or Rules.