Embed Size (px)
Citation preview
Outsourcing Panel: Fund Board Oversight
Information Classification: Limited Access
To help the asset management
community understand recent
regulatory developments in
outsourcing governance and share
best practices in fund board oversight,
risk management and resiliency,
we convened a panel of industry
experts on investment outsourcing
operations. The panel consisted of:
• Akbar Sheriff, Regional Head of Product Management & Innovation and Chair of Irish Legal Entity providing Fund Administration Services;
• Brendan O’Regan, Head of Business Governance and Outsourcing Oversight based in Ireland;
• Anna-Marie Jupp, Head of EMEA Outsourcing Office and
• Yenni Leighton, Product Strategy & Regulatory Intelligence EMEA Lead.
Navigating Outsourcing Governance
2Information Classification: Limited Access
Outsourcing is a critical focus for regulators, however nuances complicate the context
Governance of outsourcing arrangements
evolved over the last decade, largely driven
by market conditions and global events.
This led regulators, financial institutions and
fund boards to increase their scrutiny and
enhance outsourcing oversight. Even though
regulators cover broadly the same outsourcing
themes - strong internal process and robust
contractual arrangements, there are few
variations in Europe and internationally.
Luxembourg’s legislative policy Commission
de Surveillance du Secteur Financier (CSSF)
Circular 12/552 as amended focusses on
register and inventory, risk assessment,
monitoring and exit plans. The Central Bank
of Ireland (CBI) laid emphasis on board
awareness, risk management, business
continuity and resiliency. UK Prudential
Regulatory Authority (PRA) proposed upgraded
guidelines on outsourcing and third-party
risk management, which is heavily focused
upon resiliency. In May, the International
Organization of Securities Commissions
(IOSCO) introduced seven Principles of
Outsourcing Governance that lean towards
cloud outsourcing and resiliency. UK PRA
and IOSCO consultations closed in October.
The European Banking Authority (EBA) has
outsourcing of critical functions of investment
firms or credit institutions subject to Capital
Requirements Directive V that entered, reviewed
or amended their outsourced arrangement.
At its core, EBA guidelines include concentration,
aggregated risk and line of sight to monitor
contractual parties in the outsourcing chain.
The Guidelines are in force.
Leighton: Akbar, as Chair of State Street’s Irish
legal entity, you are in discussions with senior
leaders and board members, what is top of
mind for the C-suite?
Sheriff: Outsourcing is not new. There has
been a natural evolution from where we were
five years ago when there was a narrower focus.
Focus today tends to be broad: “how well do you
know your service provider?”, “how do you get
comfortable that you have the right business
oversight over your outsourcing provider?”.
Further, there is a much greater focus on
accountability. The Senior Manager Regime
(SMR), which now covers asset managers, links
personal liability to failures in governance.
The CBI is heading the same way. Finally, EBA
guidelines continue to raise the bar, but also
leave variability in execution.
Within this context, Legal Entity and Fund
Boards have come under increased scrutiny.
Board composition and governance practices
are an acute focus – the question we frequently
get asked: ‘how do we get comfortable that we
have the right representation and expertise to
understand and manage entity risk related to
outsourcing and IT?’
3Information Classification: Limited Access
In this environment, many fund managers
C-Suites are increasingly challenged.
For example, a mid-sized multi-jurisdictional
firm, based in the US with passive funds or
Irish UCITS, may see impact on their business
models, their economics and find it difficult to
navigate the nuances by jurisdiction. This would
result in re-trenching to the core or M&A activity.
Ultimately, the conversation is about balancing
your obligation with your stakeholders while
maintaining the strength of the business.
Sheriff: Brendan, you face off to Irish legal
entity boards and the industry, how are peers
thinking about it operationally and practically?
O’Regan: I present at these board meetings.
In the last 18 months there has been a noticeable
shift in the type of reporting directors and clients
request for due diligence meetings. It is clear
regulators are putting an onus on boards and
directors to demonstrate full ownership and
the responsibility to challenge service providers
on their outsourcing and reporting. Regulators
want more granularity from clients and fund
directors by evidencing via a “look through”
of the fund administrator’ service provider’s
outsourcing footprint, delegation chain and
related governance models. Directors must
be able to have a clear understanding of for
instance, what is outsourced and where, and
how oversight is completed throughout the
outsourcing lifecycle – from selection to exit
strategy, should this arise. Fund Boards want
more details related to the on-going oversight
of service providers, to know about the challenges,
issues and how we are addressing these.
The details are essential to that responsibility.
Leighton: While each firm is unique, when
you engage at an industry level, you see
commonalities. What are the challenges
the industry faces Anna-Marie and
problems that need industry solution?
Jupp: I have sat on many panels on PRA
consultations and EBA guidelines. Our main
areas of challenge industry-wide are concentration
and aggregated risk. This requires building
an appropriate methodology to assess, monitor
and inform decision making or strategic
considerations. This creates a further challenge
in an increasingly cost pressured environment.
If concentration exists, the resiliency then
becomes critical in being robustly monitored
and managed. The PRA wishes to have firms
report on their vendor services to assess
market wide concentration, how this will be
implemented by the PRA is subject to questions
relating to confidential strategy and data concerns.
The challenge may be with vendors not under
their regulatory regime and how the PRA can
influence their resiliency to protect the market.
“Oversight and resilience are core to business strategy. Ultimately, its about balancing your obligation with your stakeholders while maintaining the strength of the business.”
— AKBAR SHERIFF
4Information Classification: Limited Access
Fourth party and beyond ongoing monitoring
governance has proved problematic, where
one party has the contractual relationship
as a third party. Yet the EBA requirements
extends beyond this relationship, it requires
a fine balance between legal, contractual
agreements and reporting. There are many
potential layers and a certain level of maturity
development between contracting entities
providing sufficient line of sight to evidence
service delivery and any related risk.
There are widespread concerns that individual
regulators in each jurisdiction may add further
guidance but be contrary to one another.
For global entities this will be a real challenge
to balance appropriately.
Leighton: Are these the same challenges in
Ireland, Brendan? What are the industry steps
to navigate?
O’Regan: Challenges are common across our
peers in Ireland. Oversight models tend to be
heavily weighted towards First Line of Defense
(FLOD). The CBI wants all areas to be engaged
from Board down through to governance forums
and specifically across the three LOD with
clearly defined roles and how outsourcing
fits into the overall risk framework of the firm.
Local Boards should have a segregation model
where independent decisions are made to
demonstrate they are not unduly influenced
by the parent organisation.
The CBI was helping shape the EBA guidelines;
resulting in similar standards, now expected
across the region. Regional and local regulations
broadly aligned across EMEA; CBI being first
mover, EBA has caught up. The industry is
responding locally through engagement, formally
and informally via industry associations such as
Irish Funds, to share best practice. At State Street,
we are sharing information with our other legal
entities Germany, Luxembourg, the UK, to
name a few.
Leighton: This is a challenging environment
for asset owners/managers. When with
clients, Anna-Marie how do you suggest
oversight is managed?
Jupp: Clients should be discussing with
their provider Relationship Manager’s their
footprint and services and considering service
reporting that encompasses the breadth of
service sufficiently, and with proportionality
to their critical risks. It is reasonable for clients
to consider how the reporting can be analysed
and can provide valuable insights driving
active oversight with suitable outcomes.
“Regulators want more granularity, directors want a better understanding of their outsourcing lifecycle and Fund Boards, line of sight on challenges and issues being addressed.”
— BRENDAN O’REGAN
5Information Classification: Limited Access
Leighton: Amongst your peers Akbar,
what practical solutions and best practices
are there? How are clients responding to
drive decisions?
Sheriff: As one of our client’s articulates‘
more here is not always better; the secret
sauce we need is a level of information that
gets me to the right level of accountability,
while driving insight with a practical outcome?”
There is no silver bullet here, however,
the C-suite is reacting in a few ways:
• Oversight and resilience have become core
to Business Strategy versus a consideration
for the strategy, or a supplementary effort.
This is not dissimilar to the ESG space
where increasing regulatory and business
integration means that ‘sustainable investing’
is being replaced by just ‘investing’.
• Business models are being challenged.
Going back to the earlier example of
the mid-sized firm with Irish UCITS,
where substance and further oversight
may drive M&A or exit.
• Focus on practicality. Given potential
information overload and jurisdictional
nuances, CROs and COOs focused
on how to exhibit insight driving
outcomes in their oversight models.
• War on talent has intensified. Strong
technology savvy and insight driven
oversight managers are rare and in
high demand.
Leighton: It wouldn’t be right to have
a meeting without mentioning COVID-19.
What does this mean for resiliency,
Anna-Marie?
Jupp: The main area for the industry has
been the inability to deliver on-site inspections
in a virtual environment. This does not mean
due diligence is not covered, the process
is different. While using different methods,
outsourcing service providers need to ensure
there are suitable approaches to perform
a comprehensive review.
Leighton: In your opinion Akbar, what is
the new normal and future for outsourcing?
To what extent will technology innovation
play a part?
Sheriff: Outsourcing will continue to evolve
as part of broader resiliency agenda which
increasingly incorporates technology risk.
Elements such as 4th party oversight will remain
industry-wide challenges. Visibility and tools
to enable such will increase; automation will
be critical. Evolution of digital assets will add
further complexity.
Client questions are in themselves very
different and even if similar, the context
for each client is different. This requires
a more granular and contextualized
conversation with you.
6Information Classification: Limited Access
7
Akbar SheriffChair of Irish Legal Entity and
Regional Head of Product
Management & Innovation
Anna-Marie JuppHead of EMEA Outsourcing Office
Brendan O’Regan Head of Business Governance and
Outsourcing Oversight based in Ireland
Yenni Leighton Product Strategy and Regulatory
Intelligence, EMEA Lead
Outsourcing Governance Panel
“We know that Outsourcing Governance is important to you. If you have questions, we encourage you to engage with us through your Client Relationship Manager, so we can have a conversation with your Boards and team on the industry’s actions as well as our own.”
Information Classification: Limited Access
For more information, go to:
https://www.statestreet.com/ideas
State Street CorporationOne Lincoln Street, Boston, MA 02111
www.statestreet.com
Disclaimers and Important Risk Information
The material presented herein is for informational purposes only. The views expressed herein are subject to change based on market and other conditions and factors. The opinions expressed herein reflect general perspectives and information and are not tailored to specific requirements, circumstances and / or investment philosophies. The information presented herein does not take into account any particular investment objectives, strategies, tax status or investment horizon. It does not constitute investment research or investment, legal, or tax advice and it should not be relied on as such. It should not be considered an offer or solicitation to buy or sell any product, service, investment, security or financial instrument or to pursue any trading or investment strategy. It does not constitute any binding contractual arrangement or commitment of any kind. State Street is not, by virtue of providing the material presented herein or otherwise, undertaking to manage money or act as your fiduciary. You acknowledge and agree that the material presented herein is not intended to and does not, and shall not, serve as the primary basis for any investment decisions. You should evaluate and assess this material independently in light of those circumstances. We encourage you to consult your tax or financial advisor.
All material, including information from or attributed to State Street, has been obtained from sources believed to be reliable, but its accuracy is not guaranteed and State Street does not assume any responsibility for its accuracy, efficacy or use. Any information provided herein and obtained by State Street from third parties has not been reviewed for accuracy. In addition, forecasts, projections, or other forward-looking statements or information, whether by State Street or third parties, are not guarantees of future results or future performance, are inherently uncertain, are based on assumptions that, at the time, are difficult to predict, and involve a number of risks and uncertainties. Actual outcomes and results may differ materially from what is expressed herein.
The information presented herein may or may not produce results beneficial to you. State Street does not undertake and is under no obligation to update or keep current the information or opinions contained in this communication.
To the fullest extent permitted by law, this information is provided “as-is” at your sole risk and neither State Street nor any of its affiliates or third party providers makes any guarantee, representation, or warranty of any kind regarding such information, including, without limitation, any representation that any investment, security or other property is suitable for you or for others or that any materials presented herein will achieve the results intended. State Street and its affiliates and third party providers disclaim any warranty and all liability, whether arising in contract, tort or otherwise, for any losses, liabilities, damages, expenses or costs, either direct, indirect, consequential, special or punitive, arising from or in connection with your access to and / or use of the information herein. Neither State Street nor any of its affiliates or third party providers shall have any liability, monetary or otherwise, to you or any other person or entity in the event the information presented herein produces incorrect, invalid or detrimental results.
To learn how State Street looks after your personal data, visit: http://www.statestreet.com/utility/data-processing-and-privacy-notice.html. Our Privacy Statement provides important information about how we manage personal information.
No permission is granted to reprint, sell, copy, distribute, or modify any material herein, in any form or by any means without the prior written consent of State Street.
© 2021 State Street Corporation and/or its applicable third party licensor. All rights reserved.
3419562.1.1.GBL.INST Expiration date: 11/30/2021
Information Classification: Limited Access
