Answering the FCA's Dear CEO Letter on Outsourcing
Last week, the Eze Castle Integration London team along with industry experts from the Financial Conduct Authority (FCA), Investment Management Association (IMA), HSBC, and Simmons & Simmons got together to address the FCA’s “Dear CEO” letter on outsourcing, which was issued to CEO’s of asset management firms back in December 2012.
In the “Dear CEO” letter, the FCA identified that the asset management industry outsources a number of activities to service providers and the FCA’s major concern was if a service provider was to face financial distress or serve operational disruption, the UK asset managers would not be able to perform regulated activities.
Our panel of experts gathered together to discuss the letter in more detail and what practical steps asset managers should adopt, including reviewing contingency plans to ensure managers are minimising risk and have a continuity strategy in place. Let’s take a closer look at what was discussed.
Contigency Plans Giving the FCA Concern
In the‘Dear CEO’ letter the FCA outlines four contingency plans which "give rise to concern." At a high level, they are:
Some firms appear to rely on the fact that the outsource service provider is a large financial institution which regulators might look to rescue using public funds. The FCA is concerned that this approach lacks prudence and is inconsistent with the FSA’s policy of allowing such organisations to fail
Some firms rely on taking activities back in house. The concern here is that any transfer would take many months and the FCA does not believe firms would immediately have the capacity and abilities required.
Some firms rely on being able to transfer outsourced activities to another provider. There are concerns about the considerable operational challenges inherent in a transfer.
Some firms place reliance on being able to exercise "step in" rights but the FCA is concerned that in a stressed scenario such rights might prove difficult to enforce and that there could be undue delay and/or operational risks arising which would be to the detrent of the service provided to customers.
Know Your Outsourcing and Oversight Considerations
There are many key drivers for managers to outsource, including scalability, simplifying operations and mitigating key person risk; however, there are also some challenges. Below are some essential factors to consider when outsourcing:
- Talk to Your Peers: It is imperative to get some background information and feedback from industry professionals. Firms should talk to peer-hedge funds, technology consultants, prime brokers, and consultants about a service provider’s reputation and history before selecting the provider.
- Look for Hidden Risks: Understand degrees of separation to identify hidden risk. Identify who your service providers rely on to deliver their services - for example, be sure to ask an IT cloud service providerwhat data center providers they use to deliver services – are their potential risks there?
- Conduct Extensive Due Diligence: Also, managers should complete a due diligence questionnaire (DDQ) which can be share with potential investors giving them transparency. A detailed DDQ will cover an array of topics ranging from assets under management to audited financial statements and investment strategies. It should also focus on the firms IT, security, and procedures. To view the most commonly asked questions, click here.
Most importantly don’t forget to review a service provider’s internal disaster recovery and business continuity plans.
What Are Practice Steps In Response to CEO Letter?
The FCA Thematic Review report recommends asset managers should review their outsourcing agreements and where appropriate enhance their contingency plans for the failure of a service provider critical activities and asses the effectiveness of their oversight arrangements. Following are some additional practicies to consider:
Have a detailed understanding of the operational exposure to service provider
Identify which outsourced activities are essential to ensure basic level of service to end customers
Understand how, when and how regularly essential activities are expected to happen
Retain sufficient expertise to oversee the service provider
Understand what operational risks they are exposed to
Use internal controls effectively
Firms should already have begun to address these risks
Firms should expect to be asked about their plans
And If You Need An Exit Strategy...
The Outsourcing Working Group, a group established earlier this year representing asset managers and key providers, provides the following suggestions for developing an exit plan:
- Applicability: When the exit plan applies
- Review, Testing, Update & Finalisation: How the exit plan is reviewed, tested and updated on an ongoing basis
- Information & Training: Provision of information and training relating to the services by outgoing service providers
- Prioritisation: Which activities to prioritise in different exit plans
Establishing Business Continuity and Disaster Recovery Plans: A Hedge Fund Manager’s Guide