Friday, August 17

shining a light on a little known corner of the regulatory world where it intersects with outsourcing

MiFID will most probably impact these following activities (as noted by Clifford Chance)

(a) Provision of regular or constant compliance, internal audit, accounting or risk management
support;
(b) Provision of credit risk control and credit risk analysis;
(c) Portfolio administration or portfolio management by a third party;
(d) Provision of data storage (physical and electronic);
(e) Provision of ongoing, day-to-day systems maintenance/support; and
(f) Provision of ongoing, day-to-day software/systems management (e.g. where third party
carries out day-to-day functionality and/or runs software or processes on its own systems).

ChaseCooper further reports that:

  • 40% do not have an up-to-date exit management plan in place with their service provider
  • 36% do not have their regulatory team review its contracts
  • A third do not have a service level agreement in place with every service provider
  • 32% do not regularly test service provider’s disaster recovery
  • Where a service provider fails to meet regulatory standards, 31% do not have step-in rights or the right to terminate their agreement
  • More than 30% of agreements do not require the service provider to regularly test back up facilities.

  • Now this is serious stuff, this level of management negligence is definitely worrisome and while the FSA might be going for principles based regulation, until and unless it actually turfs out people and firms from the financial services market for mismanagement and not just mis-selling/fraud, we will keep on seeing this form of mismanagement. So you might well ask, why am I going all anal about an SLA? It is because of the "broken window syndrome".

    The what? Well, the idea of the broken window syndrome was adopted by the NY Police and they clamped down on minor crimes such as broken windows, squeege merchants and petty crime. The idea being that if you make sure that minor crimes are avoided, then major crimes are reduced, as it happened in NY. While that is being hotly debated in the USA, it does make sense. When you are faced with basic mismanagement of this nature, such as not looking after outsourcing contracts, it will not hurt immediately, but in case of crashes or market turns, this suddenly becomes a pain. And the tragedy is that the people who get hurt are the people least able to handle that hurt, such as pensioners.

    Furthermore, management of outsourcing contracts is a painful task, specially when management think of it as "manage my mess for less" also means "out of sight out of mind". It does not, even if you have outsourced your business processes or technology, you still need to make sure that they are doing what they are supposed to. Till now, there was no regulatory downside, only business downside. But with MiFID, it has now come under the ambit of the regulators. I wonder how many vendor management departments have been involved in the MiFID process? Based upon my limited knowledge, I would say that 2 out of 3 vendor management departments have not been fully involved (ask around your outsourced vendor partner relationship manager about MiFID and the impact, see them gibber and worry!) and if they are worried, you should be too!!!, November 1, 2007, the go live date is not that far away!


    All this to be taken with a grain of piquant salt!!!

    No comments: