It would be easy to assume that, nearly three years on from the biggest financial crisis in living memory, it’s only financial institutions that have to concern themselves with changing regulation. In reality, it is not just the banks, insurers and the hedge funds that have to tackle this issue, but their partners as well.
Financial services institutions throughout the world are increasingly using third parties to carry out activities that previously, they would have undertaken themselves. This has resulted in a knock-on effect that mounts pressure on the partners of financial institutions, as they too have to comply with stricter timeframes associated with rules and regulation.
Recent industry research and surveys by financial regulators such as the FSA show that financial organisations are now outsourcing a significant proportion of their front and back office activities.
Prior to the economic downturn, activities and functions within an organisation were performed and delivered in diverse ways. A financial institution might split such functions as product manufacturing, marketing, back-office and distribution within the service.
When an organisation keeps such arrangements in-house, but operates other activities from various locations across the UK, this would not be classified as outsourcing. Therefore, the entity would be expected to provide for any risks posed by this approach in its regular risk management framework. However currently, for the service provider, outsourcing arrangements are becoming increasingly complicated to manage.
This has been compounded recently with the break up of the FSA and speculation around the need for a separate securities regulator that combines market supervision, setting listing standards and oversight of corporate reporting and governance.
Recently, we have seen arrangements developing whereby specialist service providers with expertise in financial services perform some activities, while unrelated providers perform others. In each case the service provider may or may not be a regulated entity.
Among the other specific concerns to regulators is the potential for over-reliance on specialist system integration activity that is critical to the ongoing viability of a business. For example, the migration of two IT systems in the wake of a merger or acquisition. In this scenario, both organisations may have to comply with separate rules not to mention differing obligations to customers.
The acquiring company could be based abroad, therefore under obligation to comply with a different set of regulations to the acquired company who is say based in the UK.
On the back of these concerns, outsourcing has been identified in various regulatory reports as raising issues related to risk transfer and management, frequently on a cross-border basis.
The industry has acknowledged that this increased reliance on outsourcing may impact on the ability of the outsourcing provider to manage their risks and monitor their compliance in line with regulatory requirements.