Outsourcing. Louis P. Piergeti VP, IIROC March 29, 2011.
Louis P. Piergeti
March 29, 2011
“An event in which a regulated outsourcing firm contracts with a service provider for the performance of any aspect of the outsourcing firm’s regulated or unregulated functions that could otherwise be undertaken by the firm itself. It is intended to include only those services that were or can be delivered by internal staff and management…”
No subrogation of regulatory responsibility
“Core functions” are defined as “critical or material to the ongoing viability of an entity as well as meeting its regulatory obligations to customers”.
Information system management and maintenance
Registration of salespersons
Customer application processing and document administration
Customer complaint handling
Collection of margin and overdue cash accounts
Research reports and market newsletters
Dealer Members remain responsible and accountable for all functions that they outsource to a service provider
Cannot subrogate regulatory obligations to service provider
Functions outsourced must be set out in a written legally binding contract
Dealer Member must conduct and document due diligence analysis of third party service provider (including affiliates)
Internal controls and ability to deliver services
Service provider must have safeguards in place to keep information confidential
Dealer Member must conduct ongoing reviews of the quality of outsourced services
Service provider must develop and test a business continuity plan
Arrangement must consider other legal requirements such as privacy laws
Dealer Member, IIROC and auditors must have the same access to the work product of the third-party service provider as they would if the Dealer Member itself performed the activities.
Dealer Member must ensure this access is provided and should include a provision requiring it in the contract with the service provider.
No subrogation of regulatory obligations.
Rights of inspection and access to books, records and information relevant to the outsourced activity to Dealer Member, IIROC, and auditors.
Define all activities outsourced and responsibilities of the parties.
Establish precise service and performance levels and how they will be monitored.
Service provider to immediately inform the Dealer Member of any material change in circumstances which could have a material impact on the provision of services.
Agreement must cover the ownership of intellectual property and the protection of confidential information.
Provision that requires prior consent of the Dealer Member to sub-outsourcing to other third-party providers.
Cover termination and exit process to allow for transfer of the service to another service provider or to the Dealer Member itself.
Dealer Members to provide IIROC with prior written notification of material changes to business model. This includes outsourcing of core functions to third party service providers.
Dealer Members must comply with the requirements as a registrant under NI 31-103 and Policy 11.
Dealer Members must maintain a control log of all outsourcing arrangements and copies of executed agreements on file for inspection upon request.
IIROC must be granted unfettered access to the operations of service provider(s) during the course of any examination of the Dealer Member.
IIROC Notice 10-0060 – Reporting of changes to business models dated March 2010.
National Instrument 31-103 and Part 11 – Internal controls and systems.
Principles on Outsourcing of Financial Services for Market Intermediaries, Chapter 1 – Technical Committee of the International Organizations of Securities Commission (IOSCO), February 2005.
Superintendent of Financial Institutions (OSFI) revised Guideline B-10 on “Outsourcing of Business Activities, Functions and Processes” dated March 2009.
FSA Handbook (Chapter 8) – Adoption of Markets in Financial Instruments Directive (MiFID) Connect trade association industry guidance on outsourcing May 2010.