Regulatory
CBI Outsourcing Guide - Dec 2018
The Central Bank of Ireland’s (CBI) latest discussion paper highlights a trend in regulator interest and oversight of outsourced activity by asset managers and other financial firms. The paper turns up the heat on those responsible for overseeing an increasingly complex and globally dispersed supply chain of data and operations.
FCA Operational Resilience - Dec 2019
Operational Resilience has become a key area of focus for both the PRA and FCA; it features heavily in both business plans and has been added into their respective Supervisory Frameworks earlier this year. This follows the introduction of the Chief Operations Function (i.e. SMF 24) who has a prescribed responsibility for managing and ensuring operational continuity and resilience of the internal operations, systems and technology of the firm.
New CSSF Circular 18/698 - Aug 2018
The new CSSF circular 18/698 has been expanded; it now applies to both UCITS management companies and alternative investment fund managers, as well as management companies.
The circular sets out the existing practices that were applied by the CSSF as well as some specific new requirements in relation to the governance; central administration and internal controls; the fight against money laundering and terrorist financing; key functions such as delegated activities, marketing, internal administration, and procedures; and valuation.
EBA Consultation Paper - June 2018
The European Banking Authority (EBA) launched a public consultation on its draft Guidelines on outsourcing. These Guidelines, which review the existing CEBS Guidelines on outsourcing published in 2006, aim at establishing a more harmonised framework for outsourcing arrangements of all financial institutions in the scope of the EBA's action.
The draft Guidelines provide a clear definition of outsourcing and specify the criteria to assess whether or not an outsourced activity, service, process or function (or part of it) is critical or important.
FCA Sep 2018 Update on Banks and Building Societies Outsourcing
The FCA have completed a review of retail banks’ use of outsourcing. The potential types of harm arising from outsourcing include service disruption (impacting consumers’ access to products and services) and poor customer service. They focused on firms’ approaches to outsourcing and did not test whether these are mitigating the risk of harm in practice. They listed key areas to be considered.
FCA Update July 2018 Guidance for firms outsourcing to the ‘cloud’ and other third party IT services
The FCA have updated the draft guidance in the following areas: physical access to business premises, including data centres; the scope of firms’ obligations relating to supply chain and sub-contracting arrangements; clarifying expectations around aspects of risk management, including concentration risk; points around the choice and control in relation to the jurisdictions where data is processed, stored and managed; the provisions to ensure firms have effective access to data; specific expectations around exit plans.
Outsource Working Group (OWG) Report - Dec 2013
As a direct result of increased regulatory activities such as the FSA ‘Dear CEO’ letter and the Central Bank of Ireland Thematic Review on Outsourcing, in July 2013 an industry-wide group was formed, called the Outsourcing Working Group (OWG), specifically to address the concerns and issues raised by the FCA from the perspective of both the asset management industry and the service provider community. The report contains the key findings of the OWG, highlighting a set of ‘Guiding Principles’ and ‘Considerations’ that firms should take into account depending on the nature, size and scope of their outsourced arrangements.
FCA Thematic Review on Outsourcing - Nov 2013
Following a thematic review on outsourcing, the FCA published a report of its findings and recommendations on 4 November 2013. The report focused on two key themes; ‘Resilience Risk’ – asset managers having inadequate contingency plans in place to deal with a failure of their service provider, and ‘Oversight Risk’ – asset managers applying inadequate oversight of their service provider. The report details examples of both good/poor behaviours and/or process, as well as outlining recommended next steps for asset managers.
