FCA Sept 2018 Update on Banks and Building Societies Outsourcing

The FCA have completed a review of retail banks’ use of outsourcing. The potential types of harm arising from outsourcing include service disruption (impacting consumers’ access to products and services) and poor customer service. They focused on firms’ approaches to outsourcing and did not test whether these are mitigating the risk of harm in practice. They listed key areas to be considered.

Read More

FCA Update July 2018 Guidance for firms outsourcing to the ‘cloud’ and other third party IT services

The FCA have updated the draft guidance in the following areas: physical access to business premises, including data centres; the scope of firms’ obligations relating to supply chain and sub-contracting arrangements; clarifying expectations around aspects of risk management, including concentration risk; points around the choice and control in relation to the jurisdictions where data is processed, stored and managed; the provisions to ensure firms have effective access to data; specific expectations around exit plans.

Read More

Outsource Working Group (OWG) Report - Dec 2013

As a direct result of increased regulatory activities such as the FSA ‘Dear CEO’ letter and the Central Bank of Ireland Thematic Review on Outsourcing, in July 2013 an industry-wide group was formed, called the Outsourcing Working Group (OWG), specifically to address the concerns and issues raised by the FCA from the perspective of both the asset management industry and the service provider community. The attached report contains the key findings of the OWG, highlighting a set of ‘Guiding Principles’ and ‘Considerations’ that firms should take into account depending on the nature, size and scope of their outsourced arrangements.

Read More

FCA Thematic Review on Outsourcing - Nov 2013

Following a thematic review on outsourcing, the FCA published a report of its findings and recommendations on 4 November 2013. The report focused on two key themes; ‘Resilience Risk’ – asset managers having inadequate contingency plans in place to deal with a failure of their service provider, and ‘Oversight Risk’ – asset managers applying inadequate oversight of their service provider. The report details examples of both good/poor behaviours and/or process, as well as outlining recommended next steps for asset managers.

Read More