Don't Forget to Share this Post

Answering the FCA's Dear CEO Letter on Outsourcing

By Kulvinder Gill | Tuesday, December 3rd, 2013

Last week, the Eze Castle Integration London team along with industry experts from the Financial Conduct Authority (FCA), Investment Management Association (IMA), HSBC, and Simmons & Simmons got together to address the FCA’s “Dear CEO” letter on outsourcing, which was issued to CEO’s of asset management firms back in December 2012.

In the “Dear CEO” letter, the FCA identified that the asset management industry outsources a number of activities to service providers and the FCA’s major concern was if a service provider was to face financial distress or serve operational disruption, the UK asset managers would not be able to perform regulated activities.  

Our panel of experts gathered together to discuss the letter in more detail and what practical steps asset managers should adopt, including reviewing contingency plans to ensure managers are minimising risk and have a continuity strategy in place.  Let’s take a closer look at what was discussed.     

Contigency Plans Giving the FCA Concern                   

In the‘Dear CEO’ letter the FCA outlines four contingency plans which "give rise to concern."  At a high level, they are: 

  • Some firms appear to rely on the fact that the outsource service provider is a large financial institution which regulators might look to rescue using public funds. The FCA is concerned that this approach lacks prudence and is inconsistent with the FSA’s policy of allowing such organisations to fail

  • Some firms rely on taking activities back in house. The concern here is that any transfer would take many months and the FCA does not believe firms would immediately have the capacity and abilities required.

  • Some firms rely on being able to transfer outsourced activities to another provider. There are concerns about the considerable operational challenges inherent in a transfer.

  • Some firms place reliance on being able to exercise "step in" rights but the FCA is concerned that in a stressed scenario such rights might prove difficult to enforce and that there could be undue delay and/or operational risks arising which would be to the detrent of the service provided to customers.

Know Your Outsourcing and Oversight Considerations

There are many key drivers for managers to outsource, including scalability, simplifying operations and mitigating key person risk; however, there are also some challenges. Below are some essential factors to consider when outsourcing:

  • Talk to Your Peers: It is imperative to get some background information and feedback from industry professionals.  Firms should talk to peer-hedge funds, technology consultants, prime brokers, and consultants about a service provider’s reputation and history before selecting the provider.  
  • Look for Hidden Risks: Understand degrees of separation to identify hidden risk. Identify who your service providers rely on to deliver their services - for example, be sure to ask an IT cloud service providerwhat data center providers they use to deliver services – are their potential risks there?
  • Conduct Extensive Due Diligence: Also, managers should complete a due diligence questionnaire (DDQ) which can be share with potential investors giving them transparency. A detailed DDQ will cover an array of topics ranging from assets under management to audited financial statements and investment strategies. It should also focus on the firms IT, security, and procedures. To view the most commonly asked questions, click here.

Most importantly don’t forget to review a service provider’s internal disaster recovery and business continuity plans.   

What Are Practice Steps In Response to CEO Letter?

The FCA Thematic Review report recommends asset managers should review their outsourcing agreements and where appropriate enhance their contingency plans for the failure of a service provider critical activities and asses the effectiveness of their oversight arrangements.  Following are some additional practicies to consider:

  • Have a detailed understanding of the operational exposure to service provider

  • Identify which outsourced activities are essential to ensure basic level of service to end customers

  • Understand how, when and how regularly essential activities are expected to happen

  • Retain sufficient expertise to oversee the service provider

  • Understand what operational risks they are exposed to

  • Use internal controls effectively

  • Firms should already have begun to address these risks

  • Firms should expect to be asked about their plans

And If You Need An Exit Strategy...

The Outsourcing Working Group, a group established earlier this year representing asset managers and key providers, provides the following suggestions for developing an exit plan:

  • Applicability: When the exit plan applies
  • Review, Testing, Update & Finalisation: How the exit plan is reviewed, tested and updated on an ongoing basis
  • Information & Training: Provision of information and training relating to the services by outgoing service providers
  • Prioritisation: Which activities to prioritise in different exit plans

 Additional resources:

 

 Contact Eze Castle Integration UK

 

Don't Forget to Share this Post

Related Posts

Panel Discussion Replay: Managing Change in a Volatile Market for Emerging Managers
Webinar Replay: Rush to the Edge: Addressing Risk in a Remote Work Environment
Announcement! Eze and Apex Virtual Innovation Summit is October 13-14, 2020
12 Steps to Prepare for an Upcoming Tech & Cyber Audit
9 Steps to Create Information Security Plan
Outsourcing Tech in the Face of COVID-19: Navigating Cyber, Legal and Operational Risk

How Can Eze Castle Integration help you?Contact us today!

Contact Us