E N D
Outsourcing Louis P. Piergeti VP, IIROC March 29, 2011
“An event in which a regulated outsourcing firm contracts with a service provider for the performance of any aspect of the outsourcing firm’s regulated or unregulated functions that could otherwise be undertaken by the firm itself. It is intended to include only those services that were or can be delivered by internal staff and management…” IOSCO definition of outsourcing
Corporate governance Risk management No subrogation of regulatory responsibility Due diligence Contract Business Continuity Confidential Information Regulatory Assessment Concentration IOSCO 9 principles on outsourcing
“Core functions” are defined as “critical or material to the ongoing viability of an entity as well as meeting its regulatory obligations to customers”. Core or material outsourced functions
Accounting Compliance Back-office operations Information system management and maintenance Registration of salespersons Customer application processing and document administration Customer complaint handling Collection of margin and overdue cash accounts Research reports and market newsletters Example of core functions
Dealer Members remain responsible and accountable for all functions that they outsource to a service provider Cannot subrogate regulatory obligations to service provider Functions outsourced must be set out in a written legally binding contract Dealer Member must conduct and document due diligence analysis of third party service provider (including affiliates) Reputation Financial stability Internal controls and ability to deliver services Service provider must have safeguards in place to keep information confidential Dealer Member must conduct ongoing reviews of the quality of outsourced services NI 31-103 requirements on outsourcing
Service provider must develop and test a business continuity plan Arrangement must consider other legal requirements such as privacy laws Dealer Member, IIROC and auditors must have the same access to the work product of the third-party service provider as they would if the Dealer Member itself performed the activities. Dealer Member must ensure this access is provided and should include a provision requiring it in the contract with the service provider. NI 31-103 requirements on outsourcing (cont’d)
No subrogation of regulatory obligations. Rights of inspection and access to books, records and information relevant to the outsourced activity to Dealer Member, IIROC, and auditors. Define all activities outsourced and responsibilities of the parties. Establish precise service and performance levels and how they will be monitored. Service provider to immediately inform the Dealer Member of any material change in circumstances which could have a material impact on the provision of services. Agreement must cover the ownership of intellectual property and the protection of confidential information. Provision that requires prior consent of the Dealer Member to sub-outsourcing to other third-party providers. Cover termination and exit process to allow for transfer of the service to another service provider or to the Dealer Member itself. Required contract terms
Dealer Members to provide IIROC with prior written notification of material changes to business model. This includes outsourcing of core functions to third party service providers. Dealer Members must comply with the requirements as a registrant under NI 31-103 and Policy 11. Dealer Members must maintain a control log of all outsourcing arrangements and copies of executed agreements on file for inspection upon request. IIROC must be granted unfettered access to the operations of service provider(s) during the course of any examination of the Dealer Member. Regulatory expectations on all outsourcing arrangements (including ICB)
IIROC Notice 10-0060 – Reporting of changes to business models dated March 2010. National Instrument 31-103 and Part 11 – Internal controls and systems. Principles on Outsourcing of Financial Services for Market Intermediaries, Chapter 1 – Technical Committee of the International Organizations of Securities Commission (IOSCO), February 2005. Superintendent of Financial Institutions (OSFI) revised Guideline B-10 on “Outsourcing of Business Activities, Functions and Processes” dated March 2009. FSA Handbook (Chapter 8) – Adoption of Markets in Financial Instruments Directive (MiFID) Connect trade association industry guidance on outsourcing May 2010. Rules and Guidance References