a) Risks associated with outsourcing IT services and operations, and measures to minimize:

Risks:

1. Vendor Dependency and Loss of Control: Over-reliance on outsiders can lead to service disruptions, as in Ghanaian banks outsourcing payment systems under Act 987.
2. Data Security and Privacy Breaches: Third parties may expose sensitive data, violating BoG’s Cyber Security Directive 2020, amplified post-DDEP with increased digital reliance.
3. Compliance and Regulatory Risks: Vendors not aligning with BoG directives (e.g., Act 930), leading to fines, as seen in 2017-2019 cleanup.
4. Quality and Performance Issues: Substandard service affecting operations, impacting customer trust.
5. Cost Overruns and Hidden Fees: Contracts escalating beyond budgets, contrary to cost-benefit analysis.

Measures:

1. Robust Vendor Selection and Contracts: Conduct due diligence with SLAs, as per BoG guidelines, including exit clauses, like Ecobank Ghana’s practices.
2. Implement Strong Oversight and Audits: Regular monitoring and joint security protocols to mitigate breaches.
3. Ensure Compliance Clauses: Mandate adherence to BoG standards in contracts, with penalties.
4. Diversify Vendors: Avoid single-point failures by multi-sourcing, aligned with Basel III risks.
5. Insurance and Contingency Planning: Cover losses via cyber insurance and backups, minimizing consequences.

b) Five key categories of customer data for building profiles, with two examples each:

1. Demographic Data: Age, Gender.
2. Financial Data: Income level, Transaction history.
3. Behavioral Data: Spending patterns, Product usage frequency.
4. Contact Data: Email address, Phone number.
5. Preference Data: Service channel preferences, Risk tolerance.