Strategy

For Wealth Managers, Outsourcing Is No Panacea, Requires Close Oversight

Tom Burroughes Group Editor London 10 September 2024

For Wealth Managers, Outsourcing Is No Panacea, Requires Close Oversight

Everybody – well, nearly everybody – seems to be outsourcing services to external providers these days. The reasons are well known: rising costs, the need for expertise, flexible business models, and cross-border complexities. But regulators are starting to put this business under the microscope. We talk to a firm about what's happening.

A big task for wealth managers, private banks and others is ensuring that they don’t expose themselves – and their clients – to failings of the outsourced and third-party party providers they use. Overseeing the relationship requires constant vigilance, a compliance expert argues.

With a new UK government in office, and the world having received a lesson in resilience from the worldwide Microsoft/CrowdStrike outage in July, “resilience” is – or ought to be – front of mind.

Separately, keeping abreast of anti-money laundering and counter-terrorism rules is a relentless task, with geopolitical conflicts and associated financial sanctions and tech such as AI allowing compliance chiefs no respite.

The need to monitor outsourcing is a big responsibility, ACA Group, a US-headquartered firm which provides compliance, risk, and technology solutions for financial services firms, told this publication recently.

“For those on the buy-side, for every provider you take on, you must consider the risk to your side of the business…this is about asking the right questions and making sure that your due diligence is up to date,” Roxana Nadershahi, director, UK compliance division at ACA, said. 

“If you’ve signed a contract two years ago then the services covered might not still be relevant,” she continued. Companies going through organic growth or M&A expansion can “outgrow” their outsourced providers, making regular oversight essential, she said. 

Nadershahi and her colleagues have a lot of work on their hands as a new UK government takes over. So far, it appears that the Financial Conduct Authority and other bodies are taking more of an evolutionary than revolutionary approach to rule-making on financial services, she said. At a recent conference attended by this news service, hosted by St James’s Place alongside Schroders, speakers appeared to endorse the idea that the government will want to focus on making the City and wider financial sector more competitive – not so different than the approach taken by the previous government. At the end of July, the UK marked the first anniversary of the Consumer Duty regime in the UK. 

There has been an “explosion” in the number of firms providing outsourcing functions which makes monitoring them more demanding, she said.

A note on 2 May from the FCA said that firms increasingly depend on third-party providers and outsourcers. For example, there are many outsourced chief investment office (OCIO) providers, such as SEI and Hirtle Callaghan in the US, which operate internally. A major platform provider for wealth and asset managers is FNZ, to give another example. Businesses such as SS&C Technologies, Avaloq, ERI Bancaire, WIZE by Teamwork, and Charles River Development, to give a few, provide the systems, advice and resources that firms typically find too burdensome or expensive to do in-house. 

“Firms need to effectively manage these providers to reduce the risk of operational disruption and harm to their consumers,” the FCA said in its note. “We expect your firm to be operationally resilient by having a comprehensive understanding and mapping of the people, processes, technology, facilities and information necessary to deliver each of your important business services. This includes people and other dependencies such as third parties. Your firm should assess the risks and controls in place to ensure it is operationally resilient.”

Among the details, the FCA said businesses should have a risk management approach to outsourcing. It pinpointed cybersecurity as an example: “We expect firms to manage the amount of data being stored, processed or transmitted by third-party providers on behalf of the firm, and how critical to operations that data is.”

The reasons for this outsourcing are clear: wealth management firms face mounting profitability pressures, changing regulatory requirements, expanding product lines, and increasingly savvy clients. 

According to a Boston Consulting Group report, produced in conjunction with FNZ (1 June 2023), wealth and asset managers have been struggling to keep cost-to-income ratios in check. 

“While larger asset managers witnessed a gradual increase between 2018 and 2021 – with a rise to 74 per cent in 2022 – smaller asset managers with less than $300 billion in AuM saw a more pronounced increase to 78 per cent,” the report said. “CIRs for larger wealth managers have been stable at 71 per cent, while smaller wealth players, with AuM below $150 billion, suffered a steep increase to surpass 82 per cent in 2022, on average."

Part of the reason for this margin compression, the report said, is technology. The average share of technology in total operating expenses (also known as IT intensity) reached over 15 per cent across both wealth and asset managers in 2022, up from 13 per cent five years earlier. Over the same period, IT spending was particularly on the rise in application development (+25 per cent) and hosting (+19 per cent), mirroring both the expansion of new requirements as well as large investments in cloud migration.

In early February, the European Central Bank raised a red flag about tech outsourcing risks, saying that non-EU firms play a disproportionate role.

“Even though a growing number of external providers are offering their services within the EU, more than 30 per cent of the total outsourcing budget of significant banks is concentrated on 10 providers, most of which are headquartered outside the EU (mainly in the US). This relatively short list of major providers has remained rather stable in recent years, although banks’ reliance on a few large providers is potentially leading to idiosyncratic and systemic concentration risks,” the ECB said. 

AML
Nadershahi said that AML and associated controls on potentially questionable transfers remain a constant focus for ACA and its clients. And a related theme – as highlighted last summer by the Coutts “debanking” saga – is the need for firms to understand how to apply rules affecting politically exposed persons (PEPs), for example. 

“Are we asking the right questions and reviewing who potential PEPs might be in a year or two?” she said. Banks and other firms must remember that people designated as PEPs can and do lose that status.

It is important that firms remember to document their decisions and processes as objectively as possible so that they can explain their reasoning to regulators, she added. 

Register for WealthBriefing today

Gain access to regular and exclusive research on the global wealth management sector along with the opportunity to attend industry events such as exclusive invites to Breakfast Briefings and Summits in the major wealth management centres and industry leading awards programmes