FCA and PRA licenses (authorisations) and ongoing compliance support, training, recruitment. Contact us 7 days a week, 8am-11pm. Free consultations. Phone / Whatsapp: +4478 3368 4449  Email: hirett.co.uk@gmail.com

A firm may outsource activities to a third party; however, it cannot outsource or delegate its regulatory responsibilities. When relying on a third party for performance of operational functions that are critical for the performance of a regulated activity, then the firm should ensure:

  • it takes reasonable steps to avoid any additional operational risk;
  • it does not impair materially the FCA’s ability to monitor the firm’s compliance with FCA regulation;
  • it has effective processes to identify, manage, monitor and report risks;
  • has adequate and effective internal controls in place;
  • it has informed the FCA that it intends to outsource the function to a third party; and
  • makes available to the FCA, on request, all information necessary for the FCA to supervise compliance of the outsourced activities.

If a firm outsources critical operational functions or services, it remains fully responsible for discharging all of its regulatory obligations and must comply with the following conditions:

  • the outsourcing must not result in the delegation by senior management of their responsibility;
  • the relationship and obligations of the firm towards its clients under the regulatory system, must not be altered;
  • the conditions with which the firm must comply to be authorised must not be undermined; and
  • none of the conditions for the firm’s authorisation must be removed or modified.

The firm should have a written agreement in place with all third parties performing outsource functions: identifying its own responsibilities, third party responsibilities, activities that are to be outsourced and the means for terminating the contract. Activities that are not deemed critical include:

  • provision of advisory services and other services which do not form part of the relevant services of the firm, such as: legal advice, staff training, billing services and security of the firm’s premises and staff; and
  • purchase of standardised services, such as market information services and provision of price feeds.

Outsourcing activities to service providers

A firm should, before outsourcing an activity, ensure the following conditions are met:

  • the service provider has the ability, capacity and authorisation;
  • the service provider can carry out the service effectively (the firm will need to be able to assess this effectively) and that action is taken if this does not happen;
  • the service provider can adequately supervise the operation of the function or service; the firm has adequate expertise and resource to monitor the service provider;
  • the service provider must disclose to the firm any development that may materially impact its ability to continue to undertake the outsourced activity;
  • the firm is able to terminate the arrangement without detriment to the continuity and quality of the provision of the service;
  • the service provider must co-operate with the FCA;
  • the firm, its auditors and the FCA must have affective access to data related to outsource activity, as well as the business premises of the service provider;
  • the service provider must protect any confidential information relating to the firm and its clients;
  • the firms and service provider must maintain a business continuity plan and undertake periodic testing if back up facilities; and
  • there must be a written agreement in place detailing the respective rights and obligations of the firm and the service provider (we would recommend that
  • firms obtain an independent review of any outsourcing agreements, before entering into any outsourcing arrangements).