outsourcing

Subscribe to outsourcing

New resource developed following increased regulatory focus on outsourcing.

Latham & Watkins has partnered with the Association for Financial Markets in Europe (AFME) and law firms Matheson and BSP to develop: Outsourcing – Guidance on the Legal and Regulatory Framework, a pioneering resource examining the key European legislation, rules, and guidance for financial services firms to consider in relation to outsourcing.

In light of the plethora of legislative change and increasing regulatory focus on outsourcing in financial services, as well as the growing range of sources that need to be taken into account to ensure compliance in this area, the Paper is designed to provide compliance, legal, and risk teams within regulated firms with a single reference point of regulatory requirements. The resource also provides a number of practical tools to help firms effectively map out their processes and procedures for legal compliance.

Partners Nicola Higgs, Fiona Maclean, and Andrew Moyle and associates Anne Mainwaring, Jagveen Tyndall, Oscar Bjartell, Sean Wells, and Sidhartha Lal led a team of more than 25 lawyers from five Latham offices and local law firms Matheson (Ireland) and BSP (Luxembourg) to produce the Paper.

Call for input: market players need to engage with the process for the procurement of the NPA

By Stuart Davis, David Little, Christian McDermott, Brett Carr, and Nathan Wilkins

This Call for Input is part of the development of the Payment Systems Regulator’s (PSR) policy for the future regulation of the newly procured New Payments Architecture (NPA). The PSR is asking for stakeholders’ views about possible competition issues so that it can provide greater clarity about the nature of regulation that might be applied to the NPA. The deadline for input is 24 March 2020.

The NPA will be the payment industry’s new way of organising the clearing and settlement of most of the UK’s domestic interbank payments, including payments that currently use the Bacs and Faster Payments systems.

The PSR plans to set out its regulatory policy in a consultation, and then publish its final policy statement by the end of 2020 (coordinating with Pay.UK’s NPA central infrastructure services (CIS) procurement timetable).

UK Treasury Committee report warns that the current level and frequency of disruption and consumer harm is unacceptable.

By Carl Simon FernandesNicola Higgs, Fiona M. MacleanChristian F. McDermottRob Moulton, Andrew C. Moyle, Stuart Davis, and Charlotte Collins

On 28 October 2019, the Treasury Committee published a report on IT failures in the financial services sector. The report sets out the findings from the Treasury Committee’s inquiry, which was launched following a number of high-profile and significant IT incidents. (See Senior MP Calls for Regulatory Crackdown on Banks’ IT Systems: 3 Things You Can do to Prepare.) Rather than looking into specific failures, the inquiry looked more holistically at why such incidents are becoming more frequent, how firms should be guarding against and responding to these incidents, and the role of the regulators in preventing and mitigating the impact of these incidents through their rules.

The report looks at various different aspects of the issues surrounding IT failures, including the nature of IT incidents and their common causes, the role of the regulators, and emerging risks to operational resilience.

Insights from Latham’s flagship event: Managing the risk and promise of digitisation in financial services

Authors: Andrew Moyle, Nicola Higgs, Christian McDermott, and Kirsty Watkins.

The financial services industry is leading the way in outsourcing, with contract values in excess of US$10.7 billion in 2018, causing regulators to focus more than ever on the associated risks. Guidelines on outsourcing arrangements from the European Banking Authority (EBA), which came into effect on 30 September 2019, expand the requirements on institutions in this area, while both the Financial Conduct Authority (FCA) and the Prudential Regulation Authority (PRA) are also increasing their outsourcing supervision and enforcement activity.

We discussed the new requirements for financial institutions to maintain a register of outsourcing arrangements, and adhere to more stringent risk assessment and due diligence requirements at our recent event entitled Balancing the Scales: Managing the Risk and Promise of Digitisation in Financial Services.

Latest FCA and PRA fines against a retail bank show little tolerance for poor outsourcing systems and controls.

By Fiona M. Maclean, Christian F. McDermott, Laura Holden, and Charlotte Collins

On 29 May 2019, the FCA and PRA announced that they had fined an independent UK bank for failing to manage its outsourcing arrangements properly between April 2014 and December 2016. The bank received separate fines of £775,100 from the FCA and £1,112,152 from the PRA (resulting in a combined fine of £1,887,252) for breaches of the regulators’ high-level principles for authorised firms, as well as their more detailed rules on outsourcing. Each fine includes a 30% early settlement discount.

The bank was fined by both regulators as the failings resulted in breaches of both regulators’ rules, and went to both regulators’ statutory objectives (specifically, the FCA’s consumer protection objective and the PRA’s objective to promote firms’ safety and soundness). Although both regulators applied the same five-step penalty framework to calculate their penalties, the way in which they applied the framework led to different figures. In particular, because the PRA had previously fined the same bank for outsourcing failures in November 2015, the repeat failure was a significant aggravating factor that led to an uplift in the PRA’s penalty.

The guidelines create new obligations for financial, payment, and electronic money institutions that will impact cloud outsourcing and deployment of FinTech.

By Fiona M. Maclean and Laura Holden

On 25 February 2019, the European Banking Authority (EBA) published a final report on its draft guidelines on outsourcing arrangements (Guidelines). The report followed the EBA’s publication of draft guidelines in June 2018 (Draft Guidelines) and the ensuing public consultation in September 2018 (Public Consultation).

The Guidelines replace the 2006 Committee of European Banking Supervisors (CEBS) Guidelines on Outsourcing (CEBS Guidelines) and replace and incorporate the EBA’s final recommendations on outsourcing to cloud service providers (Cloud Recommendations). Financial institutions will now only need to consult one set of guidelines for cloud and non-cloud outsourcing.