Strategy
For Wealth Managers, Outsourcing Is No Panacea, Requires Close Oversight
Everybody – well, nearly everybody – seems to be outsourcing services to external providers these days. The reasons are well known: rising costs, the need for expertise, flexible business models, and cross-border complexities. But regulators are starting to put this business under the microscope. We talk to a firm about what's happening.
A big task for wealth managers, private banks and others is
ensuring that they don’t expose themselves – and their clients –
to failings of the outsourced and third-party party providers
they use. Overseeing the relationship requires constant
vigilance, a compliance expert argues.
With a new UK government in office, and the world having received
a lesson in resilience from the worldwide
Microsoft/CrowdStrike outage in July, “resilience” is – or
ought to be – front of mind.
Separately, keeping abreast of anti-money laundering and
counter-terrorism rules is a relentless task, with geopolitical
conflicts and associated financial sanctions and tech such as AI
allowing compliance chiefs no respite.
The need to monitor outsourcing is a big responsibility, ACA Group, a
US-headquartered firm which provides compliance, risk, and
technology solutions for financial services firms, told this
publication recently.
“For those on the buy-side, for every provider you take on, you
must consider the risk to your side of the business…this is about
asking the right questions and making sure that your due
diligence is up to date,” Roxana Nadershahi, director, UK
compliance division at ACA, said.
“If you’ve signed a contract two years ago then the services
covered might not still be relevant,” she continued. Companies
going through organic growth or M&A expansion can “outgrow”
their outsourced providers, making regular oversight essential,
she said.
Nadershahi and her colleagues have a lot of work on their hands
as a new UK government takes over. So far, it appears that the
Financial
Conduct Authority and other bodies are taking more of an
evolutionary than revolutionary approach to rule-making on
financial services, she said. At a recent conference attended by
this news service, hosted by St James’s
Place alongside Schroders, speakers appeared
to endorse the idea that the government will want to focus on
making the City and wider financial sector more competitive – not
so different than the approach taken by the previous government.
At the end of July, the UK marked the
first anniversary of the Consumer Duty regime in the
UK.
There has been an “explosion” in the number of firms
providing outsourcing functions which makes monitoring them more
demanding, she said.
A note on 2 May from the FCA said that firms increasingly depend
on third-party providers and outsourcers. For example, there are
many outsourced chief investment office (OCIO) providers, such as
SEI and Hirtle Callaghan in
the US, which operate internally. A major platform provider
for wealth and asset managers is FNZ, to give another example.
Businesses such as SS&C
Technologies, Avaloq, ERI Bancaire, WIZE by Teamwork,
and Charles
River Development, to give a few, provide the systems, advice
and resources that firms typically find too burdensome or
expensive to do in-house.
“Firms need to effectively manage these providers to reduce the
risk of operational disruption and harm to their consumers,” the
FCA said in its note. “We expect your firm to be operationally
resilient by having a comprehensive understanding and mapping of
the people, processes, technology, facilities and information
necessary to deliver each of your important business services.
This includes people and other dependencies such as third
parties. Your firm should assess the risks and controls in place
to ensure it is operationally resilient.”
Among the details, the FCA said businesses should have a risk
management approach to outsourcing. It pinpointed cybersecurity
as an example: “We expect firms to manage the amount of data
being stored, processed or transmitted by third-party providers
on behalf of the firm, and how critical to operations that data
is.”
The reasons for this outsourcing are clear: wealth management
firms face mounting profitability pressures, changing regulatory
requirements, expanding product lines, and increasingly savvy
clients.
According to a Boston
Consulting Group report, produced in conjunction with
FNZ (1 June 2023), wealth
and asset managers have been struggling to keep cost-to-income
ratios in check.
“While larger asset managers witnessed a gradual increase between
2018 and 2021 – with a rise to 74 per cent in 2022 – smaller
asset managers with less than $300 billion in AuM saw a more
pronounced increase to 78 per cent,” the report said. “CIRs for
larger wealth managers have been stable at 71 per cent, while
smaller wealth players, with AuM below $150 billion, suffered a
steep increase to surpass 82 per cent in 2022, on average."
Part of the reason for this margin compression, the report said,
is technology. The average share of technology in total operating
expenses (also known as IT intensity) reached over 15 per cent
across both wealth and asset managers in 2022, up from 13 per
cent five years earlier. Over the same period, IT spending was
particularly on the rise in application development (+25 per
cent) and hosting (+19 per cent), mirroring both the expansion of
new requirements as well as large investments in cloud
migration.
In early February, the European Central Bank raised a red flag
about tech outsourcing risks, saying that non-EU firms play a
disproportionate role.
“Even though a growing number of external providers are offering
their services within the EU, more than 30 per cent of the total
outsourcing budget of significant banks is concentrated on 10
providers, most of which are headquartered outside the EU (mainly
in the US). This relatively short list of major providers has
remained rather stable in recent years, although banks’ reliance
on a few large providers is potentially leading to idiosyncratic
and systemic concentration risks,” the ECB said.
AML
Nadershahi said that AML and associated controls on potentially
questionable transfers remain a constant focus for ACA and its
clients. And a related theme – as highlighted last summer by the
Coutts “debanking” saga – is the need for firms to
understand how to apply rules affecting politically exposed
persons (PEPs), for example.
“Are we asking the right questions and reviewing who potential
PEPs might be in a year or two?” she said. Banks and other firms
must remember that people designated as PEPs can and do lose that
status.
It is important that firms remember to document their decisions and processes as objectively as possible so that they can explain their reasoning to regulators, she added.