It would be easy to assume that, nearly three years on from the biggest financial crisis in living memory, it’s only financial institutions that have to concern themselves with changing regulation. In reality, it is not just the banks, insurers and the hedge funds that have to tackle this issue, but their partners as well.
Financial services institutions throughout the world are increasingly using third parties to carry out activities that previously, they would have undertaken themselves. This has resulted in a knock-on effect that mounts pressure on the partners of financial institutions, as they too have to comply with stricter timeframes associated with rules and regulation.
Recent industry research and surveys by financial regulators such as the FSA show that financial organisations are now outsourcing a significant proportion of their front and back office activities.
Prior to the economic downturn, activities and functions within an organisation were performed and delivered in diverse ways. A financial institution might split such functions as product manufacturing, marketing, back-office and distribution within the service.
When an organisation keeps such arrangements in-house, but operates other activities from various locations across the UK, this would not be classified as outsourcing. Therefore, the entity would be expected to provide for any risks posed by this approach in its regular risk management framework. However currently, for the service provider, outsourcing arrangements are becoming increasingly complicated to manage.
This has been compounded recently with the break up of the FSA and speculation around the need for a separate securities regulator that combines market supervision, setting listing standards and oversight of corporate reporting and governance.
Recently, we have seen arrangements developing whereby specialist service providers with expertise in financial services perform some activities, while unrelated providers perform others. In each case the service provider may or may not be a regulated entity.
Among the other specific concerns to regulators is the potential for over-reliance on specialist system integration activity that is critical to the ongoing viability of a business. For example, the migration of two IT systems in the wake of a merger or acquisition. In this scenario, both organisations may have to comply with separate rules not to mention differing obligations to customers.
The acquiring company could be based abroad, therefore under obligation to comply with a different set of regulations to the acquired company who is say based in the UK.
On the back of these concerns, outsourcing has been identified in various regulatory reports as raising issues related to risk transfer and management, frequently on a cross-border basis.
The industry has acknowledged that this increased reliance on outsourcing may impact on the ability of the outsourcing provider to manage their risks and monitor their compliance in line with regulatory requirements.
Furthermore, the rapid rate of IT innovation, along with an increasing reliance on external service providers has the potential to lead to systemic problems unless appropriately constrained by a combination of market control and regulatory influences.
All this is leading to serious concern among regulators as to how outsourcing organisations can take the appropriate and necessary steps to manage their own and client related risks and comply with regulations.
Despite these concerns, there are now more service providers waking up to the importance of their business being fully compliant with FSA regulation, in order to deliver a service to customers that meet these needs. Many providers are taking steps to mitigate these risks by drawing up comprehensive and clear outsourcing policies in order to establish an effective risk management programme.
In addition, they are also implementing stronger contingency plans, negotiating appropriate outsourcing contracts, and analysing their financial and infrastructure resources before rushing into any agreement. Furthermore, by partnering with a provider that itself is compliant with these regulations, financial organisations can rest assured that these concerns are understood and addressed.
In summary, it is critical that outsourcing providers work hand in hand with their clients in order to maintain strength in compliance. This stems across various regulations and ensures they successfully manage their legal and compliance portfolio. To help with this process, outsourcing service provider in technology and operations must address enterprise compliance that aligns with information security controls embedded in applications, policies and businesses processes.
Thus a compliance management technology framework is required to automate assessments, analysis, management and reporting tasks which helps customers to reduce the risk of compliance and security breaches, failed audits and even litigation. This also helps organisations to keep track of possible risk factors, which may affect their business processes and compliance requirements.
Lastly, in this fast changing world, outsourcers need to demonstrate flexibility so that they are not on their customer’s critical path of compliance
By Stuart Drew, HCL Technologies Executive VP of Financial Services