The asset management industry has come under increasing pressure in recent years from increasing regulation and the need to maintain up to date technology, while focusing on strict cost-control.
As a result, asset managers are becoming reliant on the outsourcing of a number of key functions to external third party service providers. These include a range of activities that are essential to ensure a basic level of service to customers, from back office and middle office functions such as custody and accounting services and record keeping, to operational elements such as IT and HR.
The UK Financial Conduct Authority has raised concerns that this increasing dependence on service providers is creating industry risk. The areas of concern are inadequate contingency plans to deal with failure of service provider (Resilience Risk) and inadequate oversight of service provider (Oversight Risk), plus Data Breach Risk.
I’ve highlighted four ways to effectively manage and work to mitigate vendor risk:
- Due diligence – do your homework. When choosing a third-party vendor, make sure you fully understand and monitor your service provider’s contingency and security plans. These include their business continuity, compliance and regulatory controls and IT security.
- Use multiple service providers – spread the risk. What seems like a basic common-sense approach has been widely adopted by the Hedge Fund industry in order to ensure seamless service delivery. By identifying the core outsourced activities that are essential to ensure a basic level of service, asset managers can spread their service delivery across a number of vendors so that should one part of the chain fail, there is adequate back-up and contingency in place to ensure customers are not affected.
- Bring core functions back in-house – take control of your services. The FCA found that in certain cases, asset managers were not maintaining adequate in-house expertise to supervise their outsourced activities effectively, either through shortage of key staff or by not having the relevant depth of experience in-house to monitor service providers. Asset managers need to balance the cost-benefits of outsourcing with the continued employment of qualified individuals with the expertise to manage their vendor services through strict performance reporting and metrics.
- Data Security is paramount – keep your customer data secure. Two data risks facing asset managers are data transfer and cloud-based storage solutions. When selecting third-party IT services, it is important to obtain detailed information about their security programs, including who can access the data, where it will be located (country of jurisdiction), technical aspects of the infrastructure, and what steps the provider has taken to protect the integrity and security of the data.
Third parties provide critical support for the asset management industry, from core financial management, to operational services such as IT and HR. Managing your third party risk exposure is about understanding the risks related to each relationship and making sure that you understand that you – the asset manager – are responsible for these interactions.
==========
My name is Delphine Leroy. As the Financial Lines Underwriting Director for Continental Europe, I head up CNA Hardy’s Management Liability, Financial Institutions and Professional Indemnity Continental underwriting team. Follow CNA Hardy’s blog series on LinkedIn.