Explanation Is our understanding correct, that the financial entity shall be obliged “to provide details on the scope, procedures to be followed and frequency of such inspections and audits” – or shall the ICT-third-party-provider be obliged? What is the rationale of this requirement? A specification would be helpful.

This question has been rejected because it is a  hypothetical question, which do not identify an issue of practical implementation.