SEI’s near £1 million fine for failing to keep client assets segregated is a stark reminder that companies are not absolved of their responsibilities by outsourcing to a third party.
For those that have outsourced custody or administration, and have concerns following SEI’s fine for failing to manage internal account transfers on several occasions between 2007 and 2012, what measures can they take to ensure their outsourcing partner is fulfilling their role?
George Kirby and Gilly Green, wealth management practice consultants at Knadel, say it is a firm’s responsibility to keep on top of its appointed provider’s activities.
This starts with getting contract terms right, knowing exactly what is being outsourced and regularly reviewing the third party provider on both an operations and compliance basis, Green added.
‘In the case of SEI, I find it difficult to believe wealth managers didn’t know issues existed over a period of five years. It was their responsibility to implement best practice service oversight and supplier management.’
Mike Browning, director at Browning Treasury, agrees. If conducted properly, he says compliance reviews are more likely to identify issues concerning reconciliations, regulatory, governance and oversight.
If reviews are carried out properly, what happens when a firm realises something could be wrong?
First, said Kirby, the custodian or administrator has an obligation to inform the underlying firm if they uncover a problem.
Second, firms must be aware of the breadth of their responsibilities if a problem is identified, as ultimately they are accountable to their clients and the regulator, not just the provider.
If the regulator identifies problems with an outsourcing partner, the wealth firm will need to address the impact on their services and risks for their clients, Browning added.
If a firm decides to terminate a contract with a provider, Knadel’s Green points out a contingency plan, ‘step-in rights’ and an ‘exit plan ready defined’ are important, and should be discussed and understood by both parties.
But should firms consider bringing their back office functions in-house if their provider fails?
This is considered the most difficult and expensive option, according to Browning. ‘Such a project will be much bigger in size and cost than the one to outsource in the first place, [and] will depend on the budget, resources and appetite that a firm has to do this.’
If a wealth manager opts to continue with an outsourced solution, they should consider alternative providers, which Browning says is good practice anyway.
The FCA has slapped fines for client asset failings on a number of banks and investment firms over the past year, and Browning expects more to come.
‘Outsourcers can expect the bar to go up even further as firms transfer the risk of client assets to them; client assets should be a key component of the outsourcer’s business model and they should be expected to get it right,’ Browning said.
Mike Browning’s top tips to monitor an outsourcing partner
• Review the provider’s structure that will be explicitly provided for the firm. All providers have excellent organisation charts or ‘organigrammes’, but how do they relate to the business being provided and the clients assets that are being entrusted to them?
• Request the provider’s process flow charts and a description of their systems, procedures and controls.
• Think of independent control reports, for example the ICAEW Audit and Assurance Faculty 1/06 Assurance Report (AAF 1/06) or the International Federation of Accountants (IFAC) International Standard on Assurance Engagements 3402 (ISAE 3402).
• Check compliance monitoring results from tests carried out by the third party provider.
• Review issues with the regulator that can be provided.
• Review client asset reconciliations, governance and oversight.
• Regular, good due diligence and compliance monitoring are key constituents that enable firms to check that client assets are being held and protected properly.