What new FCA guidance on outsourcing means for your firm?

In November 2015, The Financial Conduct Authority (FCA) consulted on the issue of outsourcing to the ‘cloud’ and other third party IT services, as we covered in our blog at the time.

Last week (7th July 2016), the FCA issued its finalised outsourcing guidance for regulated firms. The full guidance – running to 17 pages – is available to download from the FCA website.

What has changed in the new guidance?

The feedback the regulator received to its consultation has informed the new guidance – although has not led to major changes to the approach it originally proposed.

In the guidance summary, the FCA states that:

“We do not consider that the feedback received requires substantial changes to our guidance and proposed approach…However, in some areas we have amended the draft guidance, mostly to clarify our expectations.”

How can regulated firms make the most of outsourcing within the FCA’s parameters?

Outsourcing IT services to the cloud and other third parties has great potential for financial services firms. We look at this in more detail in our blog on how firms can make use of cloud based technology.

But outsourcing comes with potential compliance pitfalls. We cover some of these, particularly relating to marketing – looking at social media, SEO and creative outsourcing to external agencies – in another recent blog.

Making sure you outsource in a way that conforms to the FCA guidance and minimises your firm’s risk of compliance breaches is essential.

What does the FCA guidance on outsourcing mean for you?

This new guidance will be relevant to all firms authorised by the FCA. The regulator makes the point that any dual regulated firms ‘should also confirm the position of the Prudential Regulation Authority in relation to firms outsourcing to the ‘cloud’ and other third party IT services’.

If you currently – or are planning to outsource to the cloud or to other third parties, you should familiarise yourself with the new guidance to make sure your approach complies.

Ensuring a compliant culture – whatever your approach

Whether you outsource or not, remaining on the right side of the regulator increasingly means making a compliant ethos central to the way you work.

How to embed a compliance culture into your business has some good tips and advice on how to achieve a compliant culture. You can download a free copy here.

 Author: Dimitriya Paunova – Perivan Solutions

Further reading: Outsourcing guidance to the ‘cloud’ and other third party IT services

Use the comments box below if you would like to share your thoughts on the content of this blog post, we would like to hear from you.