MiFID was the buzzword in European Financial Services Regulatory circles in 2007 and 2008. The implementation projects have gone away – but the rules haven’t. Outsourcing rules received little attention in 2008 but has now become the focus of regulatory inspections and audits in various European jurisdictions. Many financial services firms are now taking specific action to address the rules around outsourcing. So how do you ensure that you are compliant with the MiFID outsourcing rules?
- Identify all critical and important functions which you have outsourced.
- Ensure that service level agreements are in place for these arrangements
- Ensure that processes and tools are in place to ensure adequate supervision of both risk and performance associated with outsourced services.
As a rule of thumb you should start by listing all the external sourcing arrangements you have (bearing in mind that National Regulators may view some shared services arrangements as ‘outsourcing’ – particularly where services are being provided by one legal entity to another). The MiFID legislation outlines guidance on what should be considered critical or important. It is important to identify all of these arrangements – particularly as you are supposed to have already notified your national regulator where they exist.
The next step is to ensure that effective Service Level Agreements are documented. Most service levels agreements are designed to drive clear, consistent and effective performance. In most cases creating service level agreements can be a long drawn out process. This is usually driven by negotiations around service levels. The regulatory requirements around MiFID are driven by a need to ensure that services are accurately catalogued and that performance and risk are reported on consistently. The regulator is not interested in what level of service you have negotiated. So prioritise the following in creating a service level agreement;
- Documenting the key services being provided
- Documenting the key parties responsible on both sides
- Start and end dates for the agreements
- Service Levels (these need to be reported on for control purposes)
- Issue and Risk management process
Managing SLAs on an ongoing basis is usually a time consuming and laborious process. We recommend using a simple online SLA Management solution to ensure that SLAs are reported on by Service Providers on a regular basis. Whilst National Regulators will implement the principle of proportionality to gauge the appropriate level of supervision most banks will want to take a consistent approach to the management of all service providers. Using an SLA management tool will allow banks to ensure
