Regulatory
FCA Sept 2018 Update on Banks and Building Societies Outsourcing
The FCA have completed a review of retail banks’ use of outsourcing. The potential types of harm arising from outsourcing include
-
service disruption (impacting consumers’ access to products and services) and
-
poor customer service.
They focused on firms’ approaches to outsourcing and did not test whether these are mitigating the risk of harm in practice. They did not identify significant concerns, however they listed some areas for firms to consider:
-
In November 2017 the Prudential Regulatory Authority introduced a prescribed responsibility for outsourcing.
-
Firms should be clear that those assigned this prescribed responsibility have overall accountability for outsourcing. This includes where the responsibility for managing third parties is delegated.
-
Firms must continue to have robust governance arrangements for outsourcing, including effective processes to identify, manage, monitor and report the risks it is (or might be) exposed to, as appropriate. These arrangements should help firms identify and reduce the potential harm to consumers if things were to go wrong.
-
Consumers can be exposed to potential harm when a firm’s third party relationship ends, particularly if it ends unexpectedly. Robust oversight arrangements, that include sufficiently tested exit plans for different scenarios, will help reduce the potential harm by ensuring business continuity.
-
Firms appear to be increasingly considering outsourcing to the cloud. The FCA explained their expectations in this area in July’s Regulation Round-up.
-
The EBA is currently consulting on draft Guidelines on outsourcing arrangements.
The FCA have a continued focus on outsourcing and stated they may undertake further work in this area.