Upload
bovill
View
147
Download
1
Embed Size (px)
Citation preview
MAS’ Outsourcing Guidelines and Consultation
Paper on Customer’s Moneys and Assets
Bovill Briefing
August 2016
Asia Regulatory Radar – August 2016
MiFID II
Asset Mgt and Capital Market vulnerabilities
Asia Region
Funds
Passport
FAIR
Framework
OTC
Derivatives
Market Abuse
Investigations
Basel III
Liquidity
Rules
Regulatory
Safeguards for
Investors
Short Position
Reporting
Suitability
Requirement
Central
Depository
System
REITS
Insurance
Remuneration
Market Risk Capital
Requirements
Code on Take-Overs and Mergers
SFC Products
Handbook
Principles of Responsible Ownership
AML/CFT
Internal
Controls
Supervisory
Policy
Manual
FinTech
OTC
Derivatives
AIFMD Non-EEA AIFM Passports
Crowd
funding
Resolution regime
Market
Misconduct
Regime
Resolution
Regime
Professional
Investor
Regime
Suitability Requirement
Interest Rate Risk
Requirements
Fund
Authorisation
Cyber
Security
Listing
Regulation
Outsourcing
Common Reporting Standards
Protection of Customer
Money and Assets
Cyber
Crime
2
3
Key highlights
Implementation of the New Outsourcing Guidelines
• Self-assessment of existing outsourcing arrangements by 27 October 2016
• Deficiencies to be rectified by 26 July 2017
Outsourcing Arrangement Definition
• For an arrangement to be outsourcing arrangement, it does not need to be prohibitive or costly to change the service provider.
Material Outsourcing Arrangement - Definition
• If an outsourcing arrangement materially impacts an institution’s regulatory compliance and risk management ability, it is material
List of low-risk Outsourcing Arrangements
• This list is removed on the basis that every institution should make its own assessment of the materiality of an outsourcing arrangement
Notification to MAS
• Requirement to notify MAS prior to entering into a material outsourcing arrangement removed(!)
• Maintain Outsourcing Register (MAS Template)
Due Diligence on Service Providers
• Due diligence, monitoring and control of outsourced services
• Political, legal, economic assessment for overseas outsourcing
4
Outsourcing and non-outsourcing arrangements
MAS has provided additional examples to demonstrate which arrangements are
considered outsourcing and which are non-outsourcing arrangements
Outsourcing Arrangements:
White-labelling arrangements (for e.g., arrangements for trading and hedging
facilities)
Information systems hosting (for e.g., SaaS, PaaS, IaaS)
Compliance as a professional service
Support services related to archival and storage of data and records
5
Outsourcing and non-outsourcing arrangements
Non-Outsourcing Arrangements:
X Services which MAS expects independent service providers to provide (e.g.
Maintenance of custody account with specified custodians or independent fund
valuation)
X Global financial messaging infrastructure, which are subject to regulatory
oversight (e.g. SWIFT)
X Acceptance of business by underwriting agents as they relate to principal-agent
relationship
6
Outsourcing assessment
Is it an outsourcing arrangement?
Definition and Annex 1
MAS Outsourcing Guidelines do not
applyConduct usual vendor related due diligence
Is it a material outsourcing?
Definition and Annex 2
Apply the guidelines and additional requirements applicable to material outsourcing under the guidelines
Additional requirements imposed for material
outsourcing arrangements
Apply the guidelines commensurate with the nature of risks and materiality
of the outsourcing arrangements
Risk-based approach for non-material outsourcing
arrangements
No Yes
Yes No
7
Assess material outsourcing arrangements
Assess Impact
Financial
Reputation
Regulatory
Customer
Counterparty
Operating Costs
Aggregate Exposure
Political, Legal and
Economical
8
Questions to ask
Impact Factors/Questions
Financial How important is business activity that is being outsourced (e.g., in terms of contribution to
income and profit)?
Operating Costs Is the cost of the outsourcing as a proportion of total operating costs of the institution material?
Operating Costs Is the cost of outsourcing failure, which will require the institution to bring the outsourced activity
in-house or seek similar service from another service provider, as a proportion of total operating
costs of the institution material?
Concentration Risk Is the aggregate exposure to a particular service provider in cases where the institution
outsources various functions to the same service provider material?
Operations Would there be a material impact on the institutions ability to maintain appropriate internal
controls and meet regulatory requirements, if the service provider faces operational problems?
If the service provider fails to provide the service or encounters a breach of confidentiality or
security…
Financial impact Will there be a material impact on earnings, solvency, liquidity, funding and capital, and risk
profile?
Reputational Impact Will there be a material impact on the institution’s reputation and brand value, and ability to
achieve its business objectives, strategy and plans?
Customer impact Will there be a material impact on the institution’s customers?
Counterparty impact Will there be a material impact on the institution’s counterparties and the Singapore financial
market?
9
Outsourcing risk management
Role of Senior
Management and Board
Cost/benefit analysis + aggregate exposure
assessment
Outsourcing Arrangements Due Diligence
Service provider suitability
Monitoring and Control of
Outsourcing Arrangements
Documenting and
recording
10
MAS reminders
Board and Senior Management remain ultimately responsible for
implementing adequate outsourcing risk management framework
Delegate not abdicate!
Ensure that there is a robust risk management framework for
Outsourcing Arrangements
Outsourcing of all or substantially all of the risk management or internal
controls by an institution will be considered material outsourcing
arrangement (for e.g. internal audit, compliance, financial accounting
etc.)
Be ready to demonstrate compliance to MAS
11
Importance of Business Continuity Management
• Increased dependence on technology
• ‘Know Your Service Provider’ – BCP
requirements and joint testing
• Interdependence risks and Cloud services
Why it’s so important
2007 Present
day
Global
financial
crisis
Sept 2008
Lehman files
for bankruptcy
March 2012
World
Spreads
bankruptcy
Oct 2011
MF Global
bankruptcy
Sept 2013
Aberdeen
fined (eqv
S$13m)
July 2016
MAS consultation
on enhancements
to Protection of
Customer’s
Moneys and
Assets
Sept 2011
Towry fined
(eqv S$862k)
Sept 2012
Blackrock
fined (eqv
S$16.6m)
June 2010
JP Morgan
fined (eqv
S$58m)
Jan 2011
Barclays
Capital fined
(eqv S$1.8m)
March 2011
ActivTrades
fined (eqv
S$148k)Jan 2012
MF Global
Singapore
Liquidated
14
Definition of customer’s moneys
• Current rules only cover money received from or on
account of a customer
• Proposal to include contractual rights arising from
transactions entered into on behalf of or with a customer
Rule ref: LCB part 15. (2)
15
Due diligence on banks
• Proposal to introduce a DD requirement on banks who
maintain the customer’s money account
• Periodic assessment of diversification
• Periodic review of due diligence on bank
16
Appointing a custodian
• Selecting – remember diversification is important
• Appointing
• Periodically reviewing
• Due diligence is key!
• Don’t just rely on one source of information
17
Acknowledgement letters – from FIs
Extension of the Acknowledgement Letter
to overseas financial institutions
Need to remember to review and update
periodically
18
Recovery [and Resolution] Packs
Need to introduce information systems and controls to set out:
Location of customer’s moneys and assets
How assets are held, identity of all depositories
Type of segregation at all levels of the holding chain
Applicable rules (where overseas)
Outstanding loans of customer’s securities
19
Computations and reconciliations
Daily computation requirement extended to all licensees, not just futures
or leveraged FX traders
Will require at least daily computation of total amount of moneys and
assets deposited, for all instruments
Rule ref: LCB part 37
20
Re-hypothecation and other use
Currently risk disclosure and consent is required when lending
customer’s securities
Proposal to extend this to situations when licensee
- Mortgages
- Charges
- Pledges
- Hypothecates
their customer’s assets
21
Other areas
Customer Disclosure
Prompt response to request for statement of account from customer
Dis-application of Reg 16(1)(b), which allows the customer to direct
which account to use
Application to banks:
- Current rules also apply to banks
- Proposal to dis-apply Money Rules
22
Takeaways
As always – the creation and retention of records is paramount
Increased operational demands
Ongoing review of existing controls and processes
IT requirements, governance arrangements, policies and procedures