On October 19, 2010, Loeb & Loeb hosted Outsourcing in Financial Services, an annual half-day program featuring the expertise of regulators, outsourcing advisory executives, leading service providers and our own attorneys. Among the topics covered were the current issues and trends financial services companies are facing as they outsource and what they can expect in the future.
Loeb partner Stephen Cohen expands on this subject below.
Panelists at Loeb's 2010 Outsourcing in Financial Services Program from L-R: Grace Vogel (FINRA), Michael Macchiaroli (U.S. Securities and Exchange Commission), Ron Mayer (The Regulatory Fundamentals Group LLC) and Stephen Cohen (Loeb & Loeb LLP).
This Alert will cover three topics from the lively discussion with our panel of financial industry regulators which we feel are most relevant to financial institutions that are actively engaged in outsourcing arrangements.
Proposed FINRA Rule on Outsourcing
Of particular interest to the audience were comments by Grace Vogel, Executive Vice President of FINRA (Financial Industry Regulatory Authority), regarding FINRA's proposed rule on outsourcing. To date, FINRA has recognized the need for flexibility in this area and has taken a principle-based approach to regulation. The key Notice to Members in this area is NTM 05-48 which makes clear that member firms who outsource covered activities should conduct a "due diligence analysis" of their third-party service providers to determine "whether they are capable of performing the outsourced activities." NTM 05-48 also makes clear that broker-dealers have a "continuing responsibility to oversee, supervise, and monitor the service provider's performance of covered activities," without prescribing precisely how the supervision should be crafted. Finally NTM 05-48 recognizes that such supervision must be "appropriately tailored to each member's business structure."
In her comments, Ms Vogel explained that in the proposed rule there would be an outright prohibition against outsourcing the following functions: (i) the movement of customer or proprietary cash or securities, (ii) the preparation of the net capital and customer protection computations, and (iii) the implementation and maintenance of compliance and risk management systems. To the extent any portion of the proposed rule goes beyond the NTM 05-48, FINRA will only apply the rule to carrying and clearing firms. The proposed rule will also most likely impose an ongoing due diligence requirement by member firms on vendors (and subcontractors) to whom they outsource, the requirement for supervision and supervisory procedures and controls of any outsourced functions; the prior notification of such arrangements to FINRA, and the need to memorialize an outsourcing arrangement in writing. It is FINRA's current plan to bring a draft of its outsourcing rule to its December board meeting and, assuming the Board approves it, FINRA will issue a Regulatory Notice in January requesting comments.
Suggested Best Practices
Ms. Vogel suggested member firms consider the following best practices:
- Consider concentration risks - what risks are created by outsourcing multiple activities to the same provider or many firms using the same provider;
- Make sure your outsourcing contract clearly defines the activities you are outsourcing and the performance levels associated with these activities;
- Ensure business continuity;
- Protect confidential information;
- Assess country risk and legal environment in country if using foreign outsourcers; and
- Establish proper infrastructure to effectively supervise.
Ron Mayer, Senior Consultant at The Regulatory Fundamentals Group LLC, added that banking regulators suggest the following best practices for banking-related outsourcing arrangements:
Management should monitor service provider performance and potential changes in institution requirements throughout the life of the contract. Monitoring should encompass:
- Key service level agreements (SLAs) and contract provisions;
- Financial condition of the service provider;
- General control environment of the service provider through the receipt and review of audit reports and other internal control reviews; and
- Potential changes due to the external environment.
To increase monitoring effectiveness, management should periodically rank service provider relationships according to risk to determine which service providers require closer monitoring. Management should base the rankings on the residual risk of the relationship after analyzing the quantity of risk relative to the controls over those risks. Relationships with higher risk ratings should receive more frequent and stringent monitoring for due diligence, performance (financial and/or operational), and independent control validation reviews.
Examination Practices by Examiners of Outsourcing Arrangements
FINRA explained a typical exam of a member firm's outsourcing arrangement would likely include the following practices by an examiner:
- Selection of an outsourcing function for review;
- Reviewing whether the member firm is in compliance with applicable rules that relate to the service being performed;
- Reviewing what due diligence is being performed by the broker-dealer to ascertain that the functions are being performed properly; and
- Accessing internal and external audit reports related to the exam.
Loeb & Loeb's seminar on Outsourcing in Financial Services provided an exclusive first look from a FINRA insider about its proposed new outsourcing rule that will apply to all broker-dealers that clear or carry funds or securities. The industry will need to stay tuned for the details when the new rule is published sometime in the first quarter of 2011 and should consider participating in the rulemaking and comment process.
To discuss these topics further or for assistance with preparing your comments to FINRA regarding the proposed rule, please contact Stephen Cohen at firstname.lastname@example.org or 212.407.4279.
This client alert is a publication of Loeb & Loeb LLP and is intended to provide information on recent legal developments. This client alert does not create or continue an attorney client relationship nor should it be construed as legal advice or an opinion on specific situations.
Circular 230 Disclosure: To ensure compliance with Treasury Department rules governing tax practice, we inform you that any advice contained herein (including any attachments) (1) was not written and is not intended to be used, and cannot be used, for the purpose of avoiding any federal tax penalty that may be imposed on the taxpayer; and (2) may not be used in connection with promoting, marketing or recommending to another person any transaction or matter addressed herein.