Thu, Apr 2, 2015
Globally, regulators are updating the standards that financial institutions must adhere to when outsourcing services*.
With isolated high-profile lapses in Singapore by outsourced service providers**, the Monetary Authority of Singapore (MAS) similarly proposed to revise its outsourcing standards, which were last updated in 2005. Public consultation on MAS’ proposals ended last October.
This article explains why Singapore firms and their outsourced service providers should monitor the release of MAS’ revised outsourcing standards, which is expected soon.
Key takeaways include:
MAS’ outsourcing standards apply now to MAS-licensed banks, finance companies, registered insurers, approved exchanges, designated clearing houses, capital markets services licensees (comprising certain securities firms and fund managers) and approved collective investment scheme trustees.
MAS proposes to extend outsourcing standards to other entities, including licensed insurers, registered or regulated insurance intermediaries, licensed financial advisers, recognized market operators, licensed trade repositories, trustee-managers of registered business trusts and licensed trust companies.
While there is no exhaustive list, MAS proposed new examples of services that if performed by a service provider for a firm would need to be assessed for outsourcing risk. These include middle office functions, order processing, trade settlement, risk management, legal, compliance, business continuity and disaster recovery functions and activities, IT systems hosting and security and data archiving and storage.
Currently, employment of temporary staff, credit and background checks and printing services are not intended to be subject to assessment for outsourcing risk. MAS proposed to change this so that firms must consider if the provision of such services needs to be subject to, and is adequately served by, risk management and controls.
Examples are:
Currently, MAS’ outsourcing standards are contained in guidelines and breaches result in supervisory action. MAS proposed that selected standards form the subject of formal notices, possibly to levy fines in the event of breach. These standards relate for instance to the need to:
*The US Office of the Comptroller of the Currency issued guidance on Third-Party Relationships in October 2013. The UK Financial Conduct Authority issued “Considerations for firms thinking of using third-party technology (off-the-shelf) banking solutions” in July 2014.
**Standard Chartered Client Data Stolen in Singapore”, Wall Street Journal, 5 Dec 2013. Read the MAS media release here.
End-to-end governance, advisory and monitorship solutions to detect, mitigate, drive efficiencies and remediate operational, legal, compliance and regulatory risk.