FI and AM&IF CPD Day Asset Managers and Outsourcing key issues Tom Wheadon Lawrence Brown Nick Colston 9 October 2013 and 10 October 2013
Introduction Overall objectives: to help recognise and address the regulatory rules associated with outsourcings, by reference to the FCA s SYSC rules to draw attention to the impact of AIFMD on outsourcing to highlight the risks associated with not meeting regulatory requirements Agenda: the regulatory framework for outsourcing by asset managers SYSC outsourcing - defining our terms outsourcing and business continuity regulation SYSC 8 and SYSC 4 outsourcing types overview of key rules and legal issues delegation under AIFMD the FCA s Dear CEO letter on outsourcing update and next steps 2 /
Regulatory framework for outsourcing by asset managers Two different regulatory regimes govern outsourcing by asset managers in the UK MiFID Regime Implemented in the UK as SYSC 8.1 and SYSC 4.1 in the FCA Rules In force since November 2007 Applies to asset managers which are MiFID investment firms and to UCITS managers Rules are predominantly highlevel principles and statements of best practice We will be discussing both regimes in turn AIFMD Regime Level 1 Directive implemented in the UK in FUND 3.10 (part of the FCA Rules) Level 2 Regulation applies directly to EU AIFMs In force since 22 July 2013 but NB one year transitional regime until 21 July 2014 (or earlier date on which UK AIFM authorised under AIFMD) Applies to firms which are alternative investment fund managers (AIFM) Rules are a mixture of high-level principles and also granular prescriptive rules 3 /
SYSC 8 outsourcing - defining our terms Outsourcing within the meaning of the SYSC 8 (MiFID regime): an arrangement of any form between a firm and a service provider by which that service provider performs a process, a service or an activity which would otherwise be undertaken by the firm itself [FCA Rules - Glossary] Critical or important a function is critical or important: if a defect or failure in its performance would materially impair the continuing compliance of a common platform firm with the conditions and obligations of its authorisation or its other obligations under the regulatory system, or its financial performance, or the soundness or the continuity of its relevant services and activities [SYSC 8.1.4R] Not just classic outsourcings, with people and assets transferring to the service provider 4 /
Outsourcing types Outsourcings falling within the SYSC 8 definition of outsourcing above include the following: fund administration/accounting services agreements networks, hardware and software supply(including cloud arrangements) networks, hardware and software installation, support and management arrangements data supply agreements and other ancillary services arrangements other back and middle office/business process outsourcing arrangements Different pools of service providers providing different types of services: service specific risks to be addressed market norms apply contracts will vary 5 /
Outsourcing regulation SYSC 8 If outsourcing critical or important functions: avoid undue additional operational risk [SYSC 8.1.1R(1)] do not materially impair the quality of internal control [SYSC 8.1.1R(2)(a)] do not materially impair the ability of a Regulator to monitor the firm [SYSC 8.1.1R(2)(b)] Exercise due skill, care and diligence when entering into outsourcing [SYSC 8.1.7R] (see later) Required provisions for outsourcing agreements [SYSC 8.1.8R] 6 /
Business continuity regulation SYSC 4 Must take reasonable steps to ensure continuity and regularity in performance of activities [SYSC 4.1.6R] Must establish a business continuity plan (BCP) aimed at ensuring, in event of interruption to systems or procedures [SYSC 4.1.7R]: losses are limited essential data and functions are preserved maintenance of regulated activities Related to outsourcing requirements.even if funds reliance on third-party service providers is not technically an outsourcing by investment manager, must still meet BCP requirement 7 /
Overview of key rules and legal issues (1) 8 / Regardless of whether outsourcing relates to critical or important functions, some key legal issues to be considered as best practice (some also reflect some of the SYSC 8.1.8R rules referred to above): Service performance regimes and remedies: service levels and service credits, termination rights for persistent or severe failures (and step-in?) [SYSC 8.1.8R(2)] (requirement to ensure methods for measuring effective performance) and [SYSC 8.1.8R(4)] (requirement to take action where services not performed effectively) Audit: need to ensure that appropriate rights, aligned with SYSC 8.1.8R requirements [SYSC 8.1.8R(5] (requirement upon firm to retain expertise to supervise, and to deploy that expertise), [8.1.8R(8)] (requirement to ensure co-operation by service provider with regulators and competent authorities) and [8.1.8R(9)] (requirement to have access to data and premises of service provider) Data protection: ensure contract is watertight from perspective of data protection legislation, noting prospective change in law (EU Regulation) [SYSC 8.1.8R(10)] (requirement upon firm to ensure protection of information relating to firm and clients)
Overview of key rules and legal issues (2) Continued: IPR issues: Rights to use materials (including software and data) and ownership of IPR in customer data/developed materials. Also, protection against third party infringement claims Liability: Reflection of appropriate risk allocation for outsourced activity. Service provider starting point can be to exclude all/almost all liability (caps and exclusions) and, in back/middle office context, require shielding indemnities in relation to third party claims Business continuity: [SYSC 8.1.8R(11)] allows some discretion as to whether necessary to maintain and implement a contingency plan for disaster recovery (i.e. where that is necessary, having regard to the function, activity or service outsourced ). However, consider carefully before discounting. Focus on the provisions being robust, viable and realistic (considered further later) Termination rights and handover/exit assistance: The firm needs to be able to terminate the outsourcing without detriment to continuity and quality of services to clients [SYSC 8.1.8R(7)]. In relation to exit assistance, again focus on the provisions being robust, viable and realistic (e.g. time taken to transfer responsibility to new provider or in-house) 9 /
Delegation under AIFMD pre-conditions Limits on delegation by authorised EU AIFM [Article 20(1)] justify delegation based on objective reasons delegate meets certain conditions re resources, experience, qualification must not prevent effective supervision of AIFM by Regulator AIFM can monitor delegation, give instructions, and withdraw immediately Additional conditions if delegating portfolio management / risk management [Article 20(1)] delegate must be authorised as an asset manager if delegate not authorised, delegation requires prior consent of Regulator If delegate is non-eu, must be co-operation agreement between Regulators Limits on sub-delegation by the delegate [Article 20(4), (5)] requires consent of AIFM must meet all of the conditions specified in above bullet points 10 /
Delegation under AIFMD restrictions on delegating AIFM cannot delegate investment management functions to depositary (or delegate of depositary) [Article 20(2)(a)] AIFM cannot delegate to a firm with conflicting interests unless that firm [Article 20(2)(b)]: 11 / functionally and hierarchically separates tasks manages potential conflicts AIFM cannot delegate to the extent it becomes a letter-box entity [Article 20(3)] detailed guidance in article 82 of Level 2 Regulation does AIFM retain expertise / resources to supervise delegated tasks? does AIFM have power to perform senior management functions? does AIFM have contractual rights to inspect / give instructions? does AIFM delegate to an extent that exceeds, by a substantial margin, functions it performs? (NB both a quantitative and qualitative test)
Delegation under AIFMD UK implementation Article 20 of Level 1 Directive implemented in FUND 3.10 in the FCA Rules SYSC 8 does not apply to UK authorised AIFM in relation to managing AIFs Instead, look to detailed guidance in Level 2 Regulation Articles 75 to 82 Comparison with existing SYSC 8 regime: AIFMD regime is overall more onerous e.g. objective reasons, limits on delegates, letter box entity test existing delegation by AIFM will need to be reviewed and amended to comply with AIFMD FCA s Variation of Permission form (VOP) gives details on delegation NB investment managers which are not AIFMs remain subject to SYSC 8 12 /
The FCA s Dear CEO Letter on outsourcing update Inadequate Recovery and Resolution or BCP plans identified during FCA Resilience Review of 17 firms which started in April 2012 The CEO s of 125 UK authorised asset managers receive letter dated 11 December 2012 Outsourcing agreements that are in-scope : regulated activities or critical or important thereto Service providers forming part of financial institutions not too big to fail and concentration risk Issues with step-in/handover provisions that look good on paper but are not viable, robust or realistic Since then: FCA engagement with asset managers April to June 2013 industry working it out (IMA and others see next two slides) many still searching for solutions further communication from FCA expected at end of October unlikely to be a how to guide FCA thematic reviews anticipated to start in early 2014 FCA next steps and enforcement action (see three slides later) 13 /
The FCA s Dear CEO Letter on outsourcing next steps (1) Substantial market response: Outsourcing agreements review and amendment: review and amend to cover above and other SYSC 8.1.8R points. Some room for a risk-based assessment on detail of agreement terms, but a rigorous approach is needed Oversight: know your outsourcing, maintain skilled retained function and ensure governance (including monitoring/audit on a routine basis) (note IMA Working Group) Standardisation: to facilitate ease of handover (e.g. in relation to data formats) (note IMA Working Group) (BUT: people/capacity issues and non-standard services are a bar to this being a panacea) Exit planning best practice development: to ensure viable, robust and realistic and ensure regular reviews, testing and updates; and cover various exit scenarios (BAU and crisis) (note IMA Working Group) Ring fencing : of service divisions from remainder of financial institution activity (where applicable) 14 /
The FCA s Dear CEO Letter on outsourcing next steps (2) Substantial market response continued: Data hubbing : recent Barclays, Credit Suisse, JP Morgan Chase, Goldman Sachs MOU with DTCC in relation to a shared repository for client reference data CityIQ proposition: automatic transfer of service provider business (including people, data and systems) to a Phoenix entity, owned by defaulting service provider but management control shared between clients on an as yet undetermined basis Dual running: of two service providers (with one as a fallback option) Beyond outsourcing alone: develop an understanding of other services in supply chain consider impact of supply chain failures would have on the firm s investor customers put in place and implement the firm s own BCP (incorporating BCP from its outsourcing agreements) regularly review, test and update BCP to ensure it is robust, viable and realistic 15 /
Impact of non-compliance The FCA s investor protection objective Thematic review Raise issues with authorised persons Limited window to convince/impress the FCA in relation to issues raised Skilled persons reports under s166 FSMA, where FCA unconvinced FCA directed remediation programme and/or fine 16 /
Conclusion Asset managers need to assess which of SYSC or AIFMD rules apply All outsourcing which is subject to SYSC or AIFMD rules will require careful (urgent?) attention FCA seeking to ensure BCPs (in relation to outsourcing and the asset manager itself) exist and are viable, robust and realistic An increasing source of regulatory focus: important to get house in order expect FCA thematic reviews from early 2014 Q&A 17 /
Contact details and more information For more information, please: 18 / Contact us see opposite View our AIFMD Toolkit at http://www.elexica.com/en/resources /Microsite/AIFMD-toolkit View the following (and other) Dear CEO letter materials on Elexica: Podcast: http://www.elexica.com/en/reso urces/podcast/episode-0318- fsa-dear-ceo-outsourcing-letter Training conference call: http://www.elexica.com/en/reso urces/traininglanding/20130514-review-ofoutsourcing-arrangements-inthe-asset-management-sector Tom Wheadon T: +44 20 7825 3603 E: tom.wheadon@simmonssimmons.com Lawrence Brown T: +44 20 7825 3053 E: lawrence.brown@simmonssimmons.com Nick Colston T: +44 20 7825 4147 E: nicholas.colston@simmonssimmons.com
19 /
simmons-simmons.com elexica.com 20 /