The only thing I can add to that is the fact that you have a specific guideline, the OSFI guideline, that deals with outsourcing on the part of the banks, and it provides another controlling mechanism regarding the extent to which information can be outsourced.
On January 30th, 2007. See this statement in context.