Global menu

Our global pages


Outsourcing in the asset management industry: FCA publishes the findings from its review

    • Financial services - Briefings and articles


    The FCA has published its findings into its review as to whether asset managers are effectively managing the risks relating to outsourcing. 

    The review was stimulated by the growing number of critical activities that the asset management industry outsources to a small number of service providers.  The FCA carried out its review as it is “uncertain whether asset managers generally were effectively managing the risks associated with outsourcing to ensure that customers are not adversely affected”.  SYSC 8.1.7R requires that firms should be exercising “due skill and care and diligence” when entering into, managing or terminating any outsource arrangement.  The FCA’s view is that this includes having adequate contingency plans in place to deal with either an unexpected termination of an outsourcing contract or a service interruption affecting a service provider.

    The “Dear CEO” Letter from December 2012

    On the basis of its initial findings, the FCA wrote an open letter to the CEOs of asset managers last year, which set out its concern that “if an outsource provider were to face financial distress or severe operational disruption, UK asset managers would not be able to perform critical and important regulated activities, thereby causing detriment to customers”.  

    The FCA set out a number of specific concerns with the current approach that asset managers take to continuity planning. These include relying on the service provider being “too big to fail” or relying on the ability to transfer to another service provider, which could be unrealistic due to concentration risk in supply of certain activities. Further, the approach of asset managers to take the services back in house, or exercise step-in rights, could take a considerable amount of time causing detriment to customers. 

    The FCA asked asset managers to review their contingency plans in order to ensure compliance with their obligations under SYSC 8.

    Published Findings

    The FCA’s report focuses on two risks where outsourcing could have an adverse effect on customers:

    • Resilience Risk

    As per the Dear CEO Letter, the FCA is concerned that asset managers are not adequately prepared for the failure of a service provider.  The FCA in particular has flagged that asset managers should consider how contingency plans would work under stressed market conditions. Since that letter, the FCA has been working with asset managers to explore the options available to them.  The FCA acknowledges that there is no one size fits all solution that will completely mitigate the resilience risk, but sets out a number of mitigating measures that an asset manager could take which will improve the position and help to ensure compliance with SYSC 8.  These include:

    • considering how they could continue to service customers during a transfer period to a new provider;
    • forming a relationship with a “stand-by” provider that service provision could be moved to in the event of a failure of the primary provider;
    • maintaining a detailed understanding of the asset manager’s operational exposure to the service provider;
    • identifying the outsourced activities that are essential to ensure a basic level of service to customers;
    • improving surveillance of a service provider’s financial position to anticipate any potential failure; and
    • knowledge of how, where and how often essential activities are performed.

    If asset managers were to adopt the above measures, portability could be improved, as outsourcing contracts would become less ‘sticky’. This could enhance competition within the service provider marketplace which in turn could drive up standards.

    •  Oversight Risk

    The FCA identified a risk that asset managers are not maintaining adequate in-house expertise to supervise the outsourced activities effectively, either through a shortage of staff overseeing the service provider, or as a result of the staff not having the relevant and necessary depth of expertise.  This results in the asset manager placing undue reliance on the service provider’s own expertise and controls.  For example, the FCA identified a number of asset managers who accepted management information provided by the service provider without any independent verification. 

    The FCA’s concern is that, although most of the asset managers that were reviewed had assessed the operational risks of outsourcing, they had done so with “varying degrees of rigour”. For example, whilst one asset manager carried out extensive on-site visits at the service provider and produced six monthly reports, another merely checked that control processes were being followed without any verification of accuracy.  A particular concern was in respect of the reduced level of oversight where a service provider had offshored a service – in this situation, the asset manager’s compliance responsibility remains the same, but its ability to oversee is seen as diluted.

    Next Steps for Asset Managers

    The FCA has recommended that asset managers who outsource regulated activities and/or activities that are “critical or important” in the support of regulated activities should review their own outsourcing arrangements, and, if necessary:

    • enhance their contingency plans for the failure of a service provider; and
    • assess the effectiveness of their oversight arrangements, particularly in respect of making sure that they continue to have the necessary internal expertise to be able to effectively manage their service provider.

    It is worth noting that although a well-prepared contingency plan for the failure of a service provider is important, as the FCA notes, business failure is a comparatively rare situation.  In addition, major disaster incidents can affect any business, and there are some situations in which even a best-practice and comprehensive contingency plan will not prevent the resultant interruption.  This is the case whether or not the services are provided by an external provider.  The FCA’s recommendation regarding the effectiveness of oversight is arguably the more important of the two next steps, as there is a high risk of losing any internal expertise once a service is outsourced, and it is clear that this can lead to a disconnect with the service provider which could impact on the provision of the services. 

    The FCA has indicated that it may conduct follow-up work on the issues raised in this report in order to see if asset managers have started to implement its recommendations.  If the FCA considers that progress has not been sufficient then it will consider further policy action.