Outsourcing. Louis P. Piergeti VP, IIROC March 29, 2011.
Louis P. Piergeti
March 29, 2011
Information system management and maintenance
Registration of salespersons
Customer application processing and document administration
Customer complaint handling
Collection of margin and overdue cash accounts
Research reports and market newslettersExample of core functions
Cannot subrogate regulatory obligations to service provider
Functions outsourced must be set out in a written legally binding contract
Dealer Member must conduct and document due diligence analysis of third party service provider (including affiliates)
Internal controls and ability to deliver services
Service provider must have safeguards in place to keep information confidential
Dealer Member must conduct ongoing reviews of the quality of outsourced servicesNI 31-103 requirements on outsourcing
Arrangement must consider other legal requirements such as privacy laws
Dealer Member, IIROC and auditors must have the same access to the work product of the third-party service provider as they would if the Dealer Member itself performed the activities.
Dealer Member must ensure this access is provided and should include a provision requiring it in the contract with the service provider.NI 31-103 requirements on outsourcing (cont’d)
Rights of inspection and access to books, records and information relevant to the outsourced activity to Dealer Member, IIROC, and auditors.
Define all activities outsourced and responsibilities of the parties.
Establish precise service and performance levels and how they will be monitored.
Service provider to immediately inform the Dealer Member of any material change in circumstances which could have a material impact on the provision of services.
Agreement must cover the ownership of intellectual property and the protection of confidential information.
Provision that requires prior consent of the Dealer Member to sub-outsourcing to other third-party providers.
Cover termination and exit process to allow for transfer of the service to another service provider or to the Dealer Member itself.Required contract terms
Dealer Members must comply with the requirements as a registrant under NI 31-103 and Policy 11.
Dealer Members must maintain a control log of all outsourcing arrangements and copies of executed agreements on file for inspection upon request.
IIROC must be granted unfettered access to the operations of service provider(s) during the course of any examination of the Dealer Member.Regulatory expectations on all outsourcing arrangements (including ICB)
National Instrument 31-103 and Part 11 – Internal controls and systems.
Principles on Outsourcing of Financial Services for Market Intermediaries, Chapter 1 – Technical Committee of the International Organizations of Securities Commission (IOSCO), February 2005.
Superintendent of Financial Institutions (OSFI) revised Guideline B-10 on “Outsourcing of Business Activities, Functions and Processes” dated March 2009.
FSA Handbook (Chapter 8) – Adoption of Markets in Financial Instruments Directive (MiFID) Connect trade association industry guidance on outsourcing May 2010.Rules and Guidance References