In the realm of financial services outsourcing, 2024 heralds several intriguing developments for both service providers and outsourcers.
In the realm of financial services outsourcing, 2024 heralds several intriguing developments for both service providers and outsourcers.
On the 16th of November, following an extensive consultation process, the CBI (Central Bank of Ireland) finally unveiled near-final regulations and guidance concerning SEAR (the Senior Executive Accountability Regime) and the broader IAF (Individual Accountability Framework).
The IAF encompasses 4 pivotal components:
Why has this been introduced?
How is outsourcing primarily addressed in SEAR and the IAF?
As anticipated, the CBI regulations and guidance affirmed that SEAR necessitate a Pre-approved Control Function (PCF) role holder responsible for outsourcing arrangements within in-scope regulated financial services providers. Thus, outsourcing is addressed via a General Prescribed Responsibility (PR19 Responsibility for the financial services provider's outsourcing framework).
Furthermore, each financial services provider must distinctly delineate, within the 'Management Responsibilities Map' the individuals accountable for overseeing each outsourcing arrangement. This underscores how the activities certain individual PCFs are responsible for, such as the Head of Retail Sales or Chief Operating Officer, may be subject to outsourcing, with PCFs retaining oversight of these roles
Some considerations for PCFs responsible for overseeing outsourced activities
The commencement of a new year is an opportune moment for introspection, contemplating one's current position and future aspirations. This might encompass venturing into outsourcing for the first time, scrutinizing ongoing outsourcing agreements, or anticipating both known and unforeseen risks that might impact your business and customers.
Additionally, it is essential to consider how your business-as-usual (BAU) model can adapt to changing demands in operational activities and customer experience (CX), ensuring an agile response.
Looking ahead, as in-scope financial services providers complete the process of finalising their Management Responsibilities Maps and determining the specific inherent and prescribed responsibilities within the new Regime and Framework, executives and senior management overseeing outsourcing functions must reassess various aspects of their outsourcing arrangements in preparation for the implementation deadline of the new rules on 1 July 2024. These considerations align with the comprehensive guidelines provided by the Central Bank of Ireland (CBI) in its CBI's cross-industry guidelines on Outsourcing, issued in December 2021. It is advisable to thoroughly review and incorporate these guidelines as part of this evaluation process.
Onshore vs. Offshore Considerations:
In cases where outsourced activities occur offshore, it is worth evaluating the extent to which transferring them to an onshore Outsourced Service Provider (OSP) could mitigate personal risk exposure.
Benefits of Onshore Outsourcing:
Concentration Risk:
When a significant outsourced activity is managed by an outsourcer supporting multiple financial services providers, it may create systemic concentration risk . Regulators may advocate for diversifying the risk across a broader range of providers, potentially leading to time constraints and competition among financial services providers for alternative OSPs.
In preparation for such a development, financial services providers and those responsible for outsourcing arrangements within them should consider the potential benefit of proactively "sharing the outsourcing load" with other OSPs according to their terms and timeline, rather than reacting to regulatory pressures.
Addressing Surge or Contingency:
Regardless of whether a financial services provider currently outsources activities or not, it is prudent to continuously anticipate future demands. Having surge capacity through outsourcing readily available can enhance business performance and customer satisfaction. This proactive approach aligns with responsible PCFs' obligations.
To prepare for potential requirements in 2024, some consideration may be given to the benefits of tailored outsourcing support with respect of activities such as pre-arrears/collections, sanctions screening and remediation, driven by evolving regulations and external changes in the environment. Such changes may include:
Due Diligence and OSP Relationship Management:
Among the myriad of responsibilities related to outsourcing within financial service providers, the importance of practical and effective engagement with the OSP is paramount. Considerations include the agility of the OSP in responding to crises, their expertise in problem-solving, their reputation, the seniority of their personnel and the pricing structure's alignment with the quality and reliability of services.
EU DORA Compliance:
As technical standards for the EU Digital Operational Resilience Act (DORA) requirements take final shape at the European level, financial service providers and their outsourcing relationship managers must swiftly engage with third parties to bridge any gaps against the final requirements.
Considering the ultimate implementation date is January 2025, quite a lot of work to be completed was referenced by Gerry Cross (Director of Financial Regulation – Policy and Risk at the Central Bank) in his recent speech on implementing DORA.
As the year concludes, reflection is in order, whether contemplating initial outsourcing endeavours, scrutinizing ongoing arrangements, or anticipating risks on the horizon. At Uniquely, we offer over two decades of expertise in customer engagement. Should you wish to explore solutions or further develop your business, please do not hesitate to contact us.
This site uses cookies and other tracking technologies to assist with navigation and your ability to provide feedback, analyze your use of our products and services, assist with our promotional and marketing efforts, and provide content from third parties as described in our Privacy Policy.