The review was carried out in the first half of 2016, and a second review, focused on outsourcing across all financial sectors, is ongoing.
In a letter to the fund administration industry, the central bank revealed some of the findings of the review of outsourcing arrangement of fund administrators and outlined its recommendations for best practice.
The review found that between 48 and 61 percent of administrators’ activity were carried out by full-time equivalents at outsourcing service providers, as of 31 December 2015.
On average, firms outsourced to ten locations and primarily to other group entities. Reviewed firms were found to generally be subject to concentration exposure to one or more outsourced locations.
The letter said: “The level of outsourcing observed in this review is likely to be at or close to the outer limit of what is appropriate for this industry. In this regard, the central bank is undertaking a review of outsourcing across all financial sectors.”
In its letter, the central bank noted that, while outsourcing business processes can help to improve efficiency and reduce costs, it also brings challenges as firms remain responsible under the Requirements on Outsourcing of Administration Activities in Relation of Investment Funds.
It added that these risks can be managed through effective oversight and governance, but expressed concern that many firms do not have this in place, with many failing to properly maintain outsourcing records.
Further, the majority of the firms reviewed were found to have no tolerance level in place with regards to how much outsourcing is permitted, and many of the outsourcing providers were found to be either not regulated at all, or not regulated in the same way as Irish fund administrators.
Michael Hodson, director of asset management supervision at the Central Bank of Ireland, said: “This review found that outsourcing in larger fund administrators is extensive and continues to grow. Certain good governance arrangements, where firms were adequately managing risks in relation to outsourcing were observed, but some weaknesses in the oversight of service providers remain.”
“Fund administrators should review the examples of good practice outlined in the central bank’s letter. The information provided aims to support the development of consistent industry practices to assist in ensuring compliance by firms with the outsourcing requirements.”
The recommendation advised that firms should ensure their compliance monitoring programmes are conducted in compliance with the regulatory obligations, and that compliance risk should periodically reviewed.
The board of a firm should also be given all the necessary information regarding regulatory risks of outsourcing arrangements.
Fund administrators should review both sides of the outsourcing agreement, and make sure it has compliance resources at the location of the service provider.
They should conduct 12-month reports on outsourcing arrangements that should be “sufficiently detailed” and confirm regulatory compliance.
Internal audits should, at a minimum ensure that the service provider relationship is aligned with the firm’s business strategy; identify, manage and report all risks; respond to breaches or disruptions; and ensure the appropriate staff is in place to perform due diligence and monitoring of service providers.
Firms should review their processes for identifying and managing concentration risks that may arise from relying on a single third party for multiple activities.
Finally, clients should be notified of any outsourcing agreements, with proof of this made available to the central bank.