31 Aug 2007, Victoria Pennington, Operational Risk & Regulation
Most firms are risking missing the November 1 deadline on meeting requirements for outsourcing contracts under the Markets in Financial Instruments Directive (Mifid). The requirements for outsourcing under Mifid are dealt with in the systems and controls element of the directive, which encompasses an entire range of issues relating to everyday business practices for financial services firms, such as conflicts of interest, compliance, internal audit, risk control, record keeping, business continuity planning (BCP) and outsourcing. This is one area of Mifid that firms are most confident about, as it covers elements that are enshrined in good business practice, but confidence has turned to laissez-faire in some cases, and now firms will struggle to get all their outsourcing contracts Mifid-compliant by November.
Now mindful of the short time to review and potentially renegotiate all their outsourcing contracts, firms are focusing on getting those contracts governing critical functions Mifid compliant. Article 13(5) of Mifid states: "An investment firm shall ensure, when relying on a third party for the performance of operational functions which are critical for the provision of continuous and satisfactory service to clients and the performance of investment activities on a continuous basis, that it takes reasonable steps to avoid undue operational risk."
Outsourcing is one area that could catch firms out, and they will need to do a lot of background checking, because Mifid does not allow for grandfathering of existing material outsourcing arrangements, so they will be required to review their existing arrangements to ensure they are in line with the new rules.
Moreover, firms using service providers located outside the EU must ensure the third-party companies are authorised in their home countries to provide portfolio management services, and that they are subject to prudent supervision. There must also be a co-operation agreement in place between the supervisor of the investment firm and the supervisor of the service provider. If these conditions are not met, the investment firm must notify its regulator, and may only proceed if there are no objections from them.
Senior management will need to decide which functions are critical to them and review their existing outsourcing contracts accordingly, especially those located outside the EU, which need to be in place by the November deadline to allow for any notification to the regulators.
Depending on the amount of functions a firm has outsourced, this task has various impact levels, and will require a high degree of organisation and management. For firms who do not want to hire expensive consultants, law firm Eversheds has developed a tool kit to help businesses meet their Mifid outsourcing requirements.
“With Mifid coming into force on November 1, it is essential that firms act now to ensure their outsourcing agreements are compliant,” says Simon Gamlin, an associate at Eversheds. “A large majority of firms have not yet put processes in place to ensure they meet the Mifid regulations, and they are only now starting to realise the work involved to get to a point where they can be confident that their arrangements are compliant in time. Various steps need to be taken. First, a firm must identify which of its contracts are material under Mifid. Second, firms must identify what the Mifid requirements mean in practical terms for the firm and their outsourcing arrangements. Third, a firm must then review each agreement to see if it meets the Mifid requirements. Finally, where an existing agreement is non-compliant, a firm has to negotiate a variation to the contract. All of this is time consuming, and many firms are faced with a considerable number of contracts to consider. Firms can undertake this internally, hire an external adviser, or use a pre-designed Mifid toolkit to ensure the contracts are compliant.”