SEI’s FCA fine, which came to almost £1 million, for failings to keep client assets segregated is a stark reminder that firms are not absolved of their responsibilities by simply outsourcing to a third party.
For those that have opted to outsource custody or administration and have concerns following SEI’s fine for failing to effectively manage internal account transfers ‘on several occasions’ between 2007 and 2012, what measures can you take to make sure your outsourcing partner is fulfilling their role?
George Kirby, and Gilly Green, wealth management practice consultants at Knadel, say it is a firm’s responsibility to be on top of its third party provider’s activities.
This starts with getting contract terms right, knowing exactly what is being outsourced, and regularly reviewing the third party provider on both an operations and compliance basis, Green added.
‘In the case of SEI, I find it difficult to believe that wealth managers didn’t know issues existed over a period of five years. It was their responsibility to implement best practice service oversight and supplier management.
Mike Browning (pictured), director at Browning Treasury, agrees and says that if conducted properly, compliance reviews are more likely to identify issues with client money and safeguarding custody assets. These problems include errors with reconciliations and trust letters. In addition, he says operations teams should be aware that if the provider is not a bank with a client money exemption, commingling of assets alongside regulatory, governance and oversight issues can arise.
If reviews are carried out properly, what happens when a firm realises something does not seem correct with their outsourcing partner?
First, Kirby said the custodian or administrator has the obligation to inform the underlying firm if they uncover a problem.
Secondly, he advises wealth management firms to be aware of the breadth of their responsibilities, as they will ultimately have to give a full brief to their clients and the regulator, instead of the provider.
If an outsourcing partner is deemed to have problems by the regulator, the wealth manager will need to address the impact on their proposition and the risks for their clients, Browning said. In some cases, regulatory failures on the provider side could also put their partners’ propositions in jeopardy.
‘A firm that is not holding the clients’ money or safe custody assets, or that has ‘arranged’ the relationship between the clients and the third party provider, will need to give assurances to clients that their assets are being properly held and protected,’ Browning added.
If a firm decides to terminate a contract with a provider, Knadel’s Green points out that a contingency plan, ‘step-in rights’ and an ‘exit plan ready-defined’ are also must haves, and should be discussed and understood by both parties.
Should managers consider bringing its middle or back office back in-house if their provider fails?
This is considered the most difficult and expensive option by Browning. ‘Such a project will be much bigger in size and cost than the one to outsource in the first place, [and] will depend on the budget, resources and appetite that a firm has to do this,’ he explained.
If the wealth manager opts to continue with an outsourced solution, the firm should consider alternative providers, which Browning says is good practice anyway.
The FCA has slapped a number of banks and investment management companies with fines for client asset failings over the past year and Browning expects there will be more to come across the industry.
‘Outsourcers can expect the bar to go up even more as firms transfer the risk of client assets to them; client assets should be a key component of the outsourcer’s business model and they should be expected to get it right,’ Browning concluded.
For firms that do not outsource but are considering appointing a partner to safeguard or administer assets, Browning highlights due diligence responsibilities for wealth firms that are outlined in the FCA’s Client Assets handbook.
That said, managers should take into consideration that if the firm is only ‘introducing’ clients to a provider, there is no specific Cass rule requiring the firm to carry out any due diligence.
Browning explained that, from a regulatory perspective, this is on the basis that the provider is regulated in their own right, and will have an agreement directly with the underlying client.
‘But in reality it is not so good for the proposition being delivered to their clients if anything goes wrong with the provider,’ Browning added.
Mike Browning’s top tips to monitor your outsourcing partner
+ Review the provider’s structure that will be explicitly provided for the firm. All providers have excellent organisation charts or ‘organigrammes’, but how do they relate to the business being provided and the clients assets that are being entrusted to them?
+Request the provider’s process flow charts and a description of their systems, procedures, controls.
+Think of independent control reports, for example the ICAEW Audit and Assurance Faculty 1/06 Assurance Report (AAF 1/06) or the International Federation of Accountants (IFAC) International Standard on Assurance Engagements 3402 (ISAE 3402).
+ Check compliance monitoring results from tests carried out by the third party provider.
+ Review client asset reconciliations, governance and oversight.