Featured Images

Everything fund managers need to know about MAS guidelines on outsourcing

Everything fund managers need to know about MAS guidelines on outsourcing

24 November 2016
 
Category: News, Asia, Global, Singapore, United Kingdom
 
By David Bailey*




0 Recommend











Outsourcing has been high on the agenda in Singapore since The Monetary Authority of Singapore’s (MAS) Guidelines on Outsourcing were published on July 27, 2016. Financial services firms now have until the end of July 2017 to ensure they have implemented the new rules. So, with only eight months to comply, what does this mean for fund managers? What needs to be done and where does the responsibility lie?

MAS has no intention to limit outsourcing. The initiative has primarily been driven by a concern with risk management. Although MAS recognises the value of outsourcing (“bringing cost and other benefits”), it argues that a number of potential risks are generated. The aim is to ensure that managers carry it out in a structured and disciplined manner, that the risks are identified and that any risk is mitigated as much as possible.

Importantly, the definition of outsourced services is broad and aside from the obvious elements, managers should be aware that it also covers audit and cloud computing.

The key to meeting MAS’ regulatory requirements is organisation and discipline in outsourced relationships. In order to comply, the board and senior management of a fund will need to identify all existing and prospective outsourcing arrangements and policies in place. Then it will need to define and set the desired risk appetite the fund is willing and able to assume from its outsourcing arrangements. The fund will need to set out a process for the approval of outsourcing arrangements consistent with its established strategy and risk appetite. Above all this, it will need to ensure that the business puts in place governance and reviews to ensure any outsourcing is in line with the risk appetite. For example, a management body that reviews controls for consistency and alignment with the business’s level of risk, which will also need to ensure regular and detailed reviews of any outsourcing arrangements.

And it’s one thing talking about these procedures – but to meet the regulatory requirements everything needs to be properly documented. In the instance where the regulator knocks on the front door, managers must be able to properly evidence that they have successfully met the regulations.

Once the board has set the guidelines, the next steps fall to the senior management team. They will need to evaluate the risk of all current outsourcing arrangements in line with the risk appetite set by the board. As mentioned already, they must also develop and document outsourcing procedures. They must ensure they are followed at all times – and ensure the policies are implemented effectively, “fit for purpose”, and are reviewed and updated before they ever became outdated. On an ongoing basis they will need to monitor and maintain all outsourcing arrangements – along with any risks involved. It’s also important to ensure that contingency plans are in place and are tested to ensure that they do actually work in real-life scenarios. Lastly, the senior team must take responsibility for making sure that the outsourcing policies and procedures are independently reviewed and audited and any remedial actions are carried out – with any risks arising from outsourcing arrangements communicated to the board in a timely manner.

Over and above these recommendations, MAS has also provided guidelines on what should be looked for when selecting a service provider. These include:

  • Experience and capability to implement and support the outsourcing arrangement
  • Financial strength and resources
  • Corporate governance, business reputation and culture
  • Information on any pending or potential litigation
  • Security and internal controls, audit coverage, reporting and monitoring environment
  • Risk management framework and capabilities
  • Technology risk management and business continuity management
  • Disaster recovery arrangements and track record
  • Reliance on and success in dealing with sub-contractors
  • Insurance coverage
  • Ability to comply with applicable laws and regulation
  • The environment in which the service provider operates (political, legal, social etc.)

So what does this all really mean?

With only eight months to comply, fund managers need to define and develop proper strategies in respect of outsourcing – and write them down. They must be fully aware of what they outsource, to whom, and understand the risks in outsourcing work, whether it be the accounting for the fund or data held in a cloud environment.

Having achieved that, managers then need to consider the processes that they go through in determining outsourced solutions. Again, the process and the decisions need to be properly documented. Gone are the days of informal processes. When regulators come calling they won’t want a casual chat about any issues they identify. They will need to see good quality documentation supporting the decisions that have been made – and evidence that the service standards promised at the outset are being delivered on an ongoing basis. They need evidence that the outsourcing decision was the right one and that the fund and its investors have benefitted as a result. With all this work done, a significant step should have been taken in reducing the risks associated with an informal approach to outsourcing.

*David Bailey is head of marketing and communications at independent private equity and real estate administrator Augentius

Article source: http://www.asiaasset.com/news/MASaugentius_db_dm2311.aspx

Leave a Reply

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>