What does this cover?

The FCA has produced draft outsourcing guidance for financial firms; applicable to ‘cloud’ and other third-party IT services (the "Proposed Guidance"). The Proposed Guidance, which seeks to clarify financial firms' regulatory requirements, is intended "to help all firms to effectively oversee all aspects of the life cycle of their outsourcing arrangements: from making the decision to outsource, selecting an outsource provider, and monitoring outsourced activities on an ongoing basis, through to exit."

Whilst the Proposed Guidance covers issues discussed in the FCA's July 2014 document "Considerations for firms thinking of using third-party technology (off-the-shelf) banking solutions', guide ", this new Guidance has a broader scope as it is intended to cover all regulated firms. The July 2014 guidance focussed on outsourced banking solutions.

The Proposed Guidance contains a table which lists key areas for consideration by firms planning for or undertaking I.T. outsourcing together with guidance covering how firms should comply with their oversight obligations. This includes:

  • having choice and control regarding the jurisdiction in which their data is stored, processed and managed;  
  • ensuring there are no restrictions on the number of requests the firm, its auditor or the regulator can make to access or receive data;  
  • rights of audit for the firm, its auditors and the regulators.  

The FCA is inviting feedback on the Proposed Guidance. The consultation is open until the 12 February 2016.

To view the draft guidance, please click here.

What action could be taken to manage risks that may arise from this development?

Financial Services Companies should consider whether they wish to partake in the FCA consultation. The consultation will close for comments on 12 February 2016.

In the meantime, this is a good checklist for financial services companies to use when outsourcing IT functions.