Sarbanes Oxley Act and Outsourcing, Basel ii Accord and Outsourcing, MiFID and Outsourcing - Compliance LLC, Basel ii, Sarbanes Oxley, MiFID and compliance training, executive coaching and consulting to 36 countries

Compliance and Outsourcing

Research Project

Outsourcing was…
… a way to reduce cost
… a way to focus only on your core activities
… a way to be flexible
… even a way to transfer some risks to a third party
Outsourcing becomes…
… a way to transfer compliance

Due Diligence...

New criteria, like…
… long-term reputation
… business culture
… understanding of the legislation and regulatory compliance challenges and disclosure requirements
… ability to monitor

It is absolutely certain: Providers focused merely on technical issues will lose market share or be out of business.

The key legal risks for the board of directors and executive management - outsourcing after Sarbanes Oxley and Basel ii

1. Strategic Risk
1.1. The third party may conduct activities on its own behalf which are inconsistent with the overall strategic goals of the regulated entity
1.2. Failure to implement appropriate oversight of the outsource provider
1.3. Inadequate expertise to oversee the service provider

2. Reputation Risk
2.1. Poor service from third party
2.2. Customer interaction is not consistent with overall standards of the regulated entity
Third party practices not in line with stated practices (ethical or otherwise) of regulated entity

3. Compliance Risk
3.1. Privacy laws are not complied with
3.2. Consumer and prudential laws not adequately complied with
3.3. Outsource provider has inadequate compliance systems and controls

4. Operational Risk
4.1. Technology failure
4.2. Inadequate financial capacity to fulfill obligations and/or provide remedies
4.3. Fraud or error
4.4. Risk that firms find it difficult/costly to undertake inspections
5. Exit Strategy Risk
5.1. The risk that appropriate exit strategies are not in place. This could arise from over-reliance on one firm, the loss of relevant skills in the institution itself preventing it bringing the activity back in-house, and contracts which make a speedy exit prohibitively expensive.
5.2. Limited ability to return services to home country due to lack of staff or loss of intellectual history

6. Counterparty Risk
6.1. Inappropriate underwriting or credit assessments
6.2. Quality of receivables may diminish

7. Country Risk
7.1. Political, social and legal climate may create added risk
7.2. Business continuity planning is more complex

8. Contractual Risk
8.1. Ability to enforce contract
8.2. For offshoring, choice of law is important

9. Access Risk
9.1. Outsourcing arrangement hinders ability of regulated entity to provide timely data and other information to regulators.
9.2. Additional layer of difficulty in regulator understanding activities of the outsource provider

10. Concentration and Systemic Risk
10.1. Overall industry has significant exposure to outsource provider. This concentration risk has a number of facets, including: Lack of control of individual firms over provider; and
Systemic risk to industry as a whole

Sarbanes Oxley, Basel ii, MiFID and Compliance Consulting and Training Services

Sarbanes Oxley, Basel ii, MiFID and Compliance Training Services for Banks

Our Web Sites

Our Web Sites

Basel ii Training

Courses designed to provide with the knowledge and skills needed to understand and support Basel ii compliance.

www.basel-ii-training.com

Sarbanes Oxley Training

Courses designed to provide with the knowledge and skills needed to understand and support Sarbanes-Oxley compliance.

www.sarbanes-oxley-training.com

Compliance LLC

Compliance LCC is a company specializing in risk management, Sarbanes Oxley and Basel ii compliance from an IT and Information Security perspective

www.compliance-llc.com

Our Web Sites

MiFID and Outsourcing

MiFID, Article 13.5.

An investment firm shall ensure, when relying on a third party for the performance of operational functions which are critical for the provision of continuous and satisfactory service to clients and the performance of investment activities on a continuous and satisfactory basis, that it takes reasonable steps to avoid undue additional operational risk.

Outsourcing of important operational functions may not be undertaken in such a way as to impair materially the quality of its internal control and the ability of the supervisor to monitor the firm's compliance with all obligations.

An investment firm shall have sound administrative and accounting procedures, internal control mechanisms, effective procedures for risk assessment, and effective control and safeguard arrangements for information processing systems.