Bayarcash

Outsourcing & Service Provider Agreement

Version 1.0
Effective Date [Insert Date]
Approved By Compliance & Risk Committee
Next Review Date [Insert Date]

This Outsourcing & Service Provider Agreement (“Agreement”) is entered into on [Date], by and between:

Bayarcash Sdn. Bhd.
(Company No: [●])
a company incorporated under the laws of Malaysia, having its registered office at [●]
(hereinafter referred to as “Bayarcash” or the “Company”)

AND

[Service Provider Name]
(Company No: [●])
a company incorporated under the laws of [●], having its registered office at [●]
(hereinafter referred to as the “Service Provider”)

Bayarcash and the Service Provider are collectively referred to as the “Parties” and individually as a “Party”.

1. Purpose & Scope

This Agreement sets out the terms and conditions under which Bayarcash engages the Service Provider to perform [describe services, e.g., IT infrastructure hosting, call center support, data processing, compliance-related services] in compliance with:

  • Bank Negara Malaysia (BNM) Outsourcing Guidelines;
  • Personal Data Protection Act 2010 (PDPA);
  • Anti-Money Laundering, Anti-Terrorism Financing and Proceeds of Unlawful Activities Act 2001 (AMLA); and
  • Applicable industry standards including PCI DSS.

2. Roles & Responsibilities

2.1 Service Provider Obligations

The Service Provider shall:

  • Perform the services with due care, skill, and diligence in accordance with industry best practices.
  • Comply with all applicable laws, regulations, and BNM requirements.
  • Ensure adequate resources, qualified personnel, and security controls are in place.
  • Maintain confidentiality of Bayarcash’s data, including customer information.
  • Provide timely reports and updates as required by Bayarcash.

2.2 Bayarcash Obligations

Bayarcash shall:

  • Provide the Service Provider with necessary information and access to perform the services.
  • Monitor and review the Service Provider’s performance.
  • Ensure proper governance and oversight of the outsourced activity.

3. Confidentiality & Data Protection

  • The Service Provider shall treat all data, records, customer information, and proprietary materials of Bayarcash as strictly confidential.
  • No disclosure shall be made to third parties without prior written consent from Bayarcash.
  • The Service Provider shall comply with PDPA, AMLA, and ensure data security aligned with PCI DSS standards.

4. Security & Compliance

  • The Service Provider must implement robust information security measures (including encryption, firewalls, and access controls).
  • The Service Provider shall notify Bayarcash immediately of any security breach, data loss, or unauthorized access.
  • The Service Provider shall submit to audits, inspections, and compliance reviews conducted by Bayarcash, BNM, or independent auditors.

5. Term & Termination

  • This Agreement shall commence on [Start Date] and remain in force for [●] years unless terminated earlier.
  • Either Party may terminate with [90] days’ written notice.
  • Bayarcash may terminate immediately if:
    • The Service Provider breaches material obligations;
    • There is regulatory non-compliance;
    • Insolvency or bankruptcy of the Service Provider occurs.

6. Service Levels & Performance Monitoring

  • The Service Provider shall meet the agreed Service Level Agreements (SLAs) as set out in Schedule A.
  • Performance will be reviewed periodically by Bayarcash.
  • Penalties may apply for non-performance or failure to meet SLAs.

7. Audit & Regulatory Access

  • Bayarcash, its auditors, and regulators (including BNM) shall have full access to the Service Provider’s premises, systems, personnel, and records relevant to the outsourced services.
  • The Service Provider shall cooperate fully with such audits or inspections.

8. Business Continuity & Disaster Recovery

  • The Service Provider shall maintain an adequate Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP) to minimize disruption of services.
  • Copies of BCP/DRP must be provided to Bayarcash and tested at least annually.

9. Liability & Indemnity

  • The Service Provider shall be liable for all losses arising from negligence, willful misconduct, or breach of obligations under this Agreement.
  • The Service Provider shall indemnify and hold Bayarcash harmless against claims, damages, fines, or penalties arising from its performance or non-compliance.

10. Governing Law & Jurisdiction

This Agreement shall be governed by and construed in accordance with the laws of Malaysia. Any disputes shall be subject to the exclusive jurisdiction of the courts of Malaysia.

11. Entire Agreement

This Agreement constitutes the entire understanding between the Parties and supersedes all prior agreements, negotiations, or discussions.

For Bayarcash Sdn. Bhd.

Name : ________

Designation : ________

Date : _________

For [Service Provider Name]

Name : ________

Designation : ________

Date : _________

Attachments:

  • Schedule A: Service Level Agreements (SLAs)
  • Schedule B: Scope of Services
  • Schedule C: Compliance & Security Standards