We can all get lost in a sea of complex regulation and guidance. It's good at times to remember the basic objectives. Join our panel of outsourcing experts on Thursday 21 January 2020 - 12.00 - 1.00 who will be exploring their top tips for managing EBA remediation projects for outsourcing contracts in the financial services sector.
Firms need adequate systems and controls, and risk management processes, to identify, understand, manage and mitigate the challenges that engagement with third parties brings. Firms also must retain adequate control over how the services will be provided, to ensure compliance and effective delivery of services.
2. Good governance
"Good" means having: clear strategies around outsourcing that fit with the firm's business model, objectives and risk appetite; a flexible and adaptable policy and process; effective management systems embedded in the firm's culture; engaged senior management and the necessary expertise to understand and manage the outsourced functions. Remember, you can delegate functions but you can't abdicate responsibility for the outsourced service.
A primary regulatory objective is to mitigate the risk that the failure of a service provider or its supply chain will prevent the firm from being able to deliver important business services within its impact tolerances – from continuing to provide services to its customers. Firms should develop a continuity plan before committing to an outsourcing, should be comfortable with the service provider's arrangements and should regularly test and challenge those arrangements. And don't forget the supply chain impact.
4. Information and action
The new requirements mean that firms need to actively manage their outsourced functions. What MI do you need to do this? Do you have people in the firm who can understand and interrogate the information? What will you do if there is cause for concern? What would be appropriate steps to manage performance or resilience issues? It is important to engage proactively so that you understand the services provided and can convey this understanding to the Regulator, (almost) as if it were an in-house function.
Be it a happy natural end or messy divorce, firms must understand how they will disengage from service providers at the end of the relationship (which could mean the insolvency of either party). How can the function otherwise be fulfilled? What support will the firm need? How long will it take? What information and access rights will the firm need? Plans should be fully thought through and documented before engagement.