Proactive Considerations for the Implementation of New Financial Services Outsourcing Rules in 2024

On the 16th of November, following an extensive consultation process, the CBI (Central Bank of Ireland) finally unveiled near-final regulations and guidance concerning SEAR (the Senior Executive Accountability Regime) and the broader IAF (Individual Accountability Framework).

Pictured from left to right, Barry Rojack, Head of Regulatory, Risk and Complinace at Uniquely. Kathy Jacobs (Director Consultant, Regionvale & Honorary Fellow of the Compliance Institute). Tánaiste Micheál Martin, Minister for Foreign Affairs and Minister for Defence. Elizabeth Brown, Head of Customer Engagement at Uniquely. Michael Kavanagh (CEO of the Compliance Institute).

The IAF encompasses 4 pivotal components:

• Senior Executive Accountability Regime (SEAR): This mandates in-scope financial services providers to meticulously specify the allocation of responsibilities and decision-making authority within their senior management ranks.
• Conduct Standards: encompassing
  • Common Conduct Standards, which establish expected conduct norms for certain individuals across all regulated financial services providers and
  • Additional Conduct Standards, applying to senior executives in all regulated financial services providers starting from 29th December 2023.
• Enhancements to the Fitness & Probity (F&P) Regime: These involve reinforcing financial services providers' responsibilities to proactively certify the fitness and propriety of individuals performing specific designated functions.
• Amendments to the Administrative Sanctions Procedure (ASP): Key changes include the Central Bank's power to enforce penalties directly against individuals for breaching their obligations, rather than solely targeting financial services providers as legal entities.

Why has this been introduced?

• The introduction of these measures stems from the valuable insights gained from past financial crises and the difficulties encountered in holding individuals accountable.
• Placing greater emphasis on individual accountability within leadership roles is expected to yield more prudent and informed long-term decision-making.
• Establishing and thoroughly documenting roles, responsibilities and reporting structures serves to diminish the likelihood of misunderstandings or operational lapses.
• These initiatives promote a culture of accountability and responsibility within the industry, further strengthening consumer protection mechanisms.

How is outsourcing primarily addressed in SEAR and the IAF?

As anticipated, the CBI regulations and guidance affirmed that SEAR necessitate a Pre-approved Control Function (PCF) role holder responsible for outsourcing arrangements within in-scope regulated financial services providers. Thus, outsourcing is addressed via a General Prescribed Responsibility (PR19 Responsibility for the financial services provider's outsourcing framework).

Furthermore, each financial services provider must distinctly delineate, within the 'Management Responsibilities Map' the individuals accountable for overseeing each outsourcing arrangement. This underscores how the activities certain individual PCFs are responsible for, such as the Head of Retail Sales or Chief Operating Officer, may be subject to outsourcing, with PCFs retaining oversight of these roles

Some considerations for PCFs responsible for overseeing outsourced activities

The commencement of a new year is an opportune moment for introspection, contemplating one's current position and future aspirations. This might encompass venturing into outsourcing for the first time, scrutinizing ongoing outsourcing agreements, or anticipating both known and unforeseen risks that might impact your business and customers.

Additionally, it is essential to consider how your business-as-usual (BAU) model can adapt to changing demands in operational activities and customer experience (CX), ensuring an agile response.

Tánaiste Micheál Martin, Minister for Foreign Affairs and Minister for Defence speaking at a recent financial services event held at Uniquelys Customer Engagement Centre in Dundalk. 

Looking ahead, as in-scope financial services providers complete the process of finalising their Management Responsibilities Maps and determining the specific inherent and prescribed responsibilities within the new Regime and Framework, executives and senior management overseeing outsourcing functions must reassess various aspects of their outsourcing arrangements in preparation for the implementation deadline of the new rules on 1 July 2024. These considerations align with the comprehensive guidelines provided by the Central Bank of Ireland (CBI) in its CBI's cross-industry guidelines on Outsourcing, issued in December 2021. It is advisable to thoroughly review and incorporate these guidelines as part of this evaluation process.

Onshore vs. Offshore Considerations:

In cases where outsourced activities occur offshore, it is worth evaluating the extent to which transferring them to an onshore Outsourced Service Provider (OSP) could mitigate personal risk exposure.

Benefits of Onshore Outsourcing:

• Offers greater physical accessibility for oversight and addressing "Step In" risks during service failures.
• Mitigates FX risks, particularly when outsourcing to non-EU countries.
• Enhances the customer experience, particularly for vulnerable or dissatisfied customers and capitalizes on local knowledge.
• Reduces regulatory concerns and streamlines inspections.
• Provides access to a larger talent pool for roles requiring domestic qualifications.
• Alleviates the need for ongoing assessments of equivalence in laws and regulations between countries.

Concentration Risk:

When a significant outsourced activity is managed by an outsourcer supporting multiple financial services providers, it may create systemic concentration risk . Regulators may advocate for diversifying the risk across a broader range of providers, potentially leading to time constraints and competition among financial services providers for alternative OSPs.

In preparation for such a development, financial services providers and those responsible for outsourcing arrangements within them should consider the potential benefit of proactively "sharing the outsourcing load" with other OSPs according to their terms and timeline, rather than reacting to regulatory pressures.

Addressing Surge or Contingency:

Regardless of whether a financial services provider currently outsources activities or not, it is prudent to continuously anticipate future demands. Having surge capacity through outsourcing readily available can enhance business performance and customer satisfaction. This proactive approach aligns with responsible PCFs' obligations.

To prepare for potential requirements in 2024, some consideration may be given to the benefits of tailored outsourcing support with respect of activities such as pre-arrears/collections, sanctions screening and remediation, driven by evolving regulations and external changes in the environment. Such changes may include:

• the large numbers of customers due to roll off long-term low fixed rates in 2024,
• consequences arising from the new requirements in the Payment Services Directive 3 and associated Regulations regarding the harmonised procedure for sanctions screening based on daily checks against relevant sanctions lists,
• the potential wider reach of remediation activity of ombudsman decisions and key court judgments in 2024

Due Diligence and OSP Relationship Management:

Among the myriad of responsibilities related to outsourcing within financial service providers, the importance of practical and effective engagement with the OSP is paramount. Considerations include the agility of the OSP in responding to crises, their expertise in problem-solving, their reputation, the seniority of their personnel and the pricing structure's alignment with the quality and reliability of services.

EU DORA Compliance:

As technical standards for the EU Digital Operational Resilience Act (DORA) requirements take final shape at the European level, financial service providers and their outsourcing relationship managers must swiftly engage with third parties to bridge any gaps against the final requirements.

Considering the ultimate implementation date is January 2025, quite a lot of work to be completed was referenced by Gerry Cross (Director of Financial Regulation – Policy and Risk at the Central Bank) in his recent speech on implementing DORA.

As the year concludes, reflection is in order, whether contemplating initial outsourcing endeavours, scrutinizing ongoing arrangements, or anticipating risks on the horizon. At Uniquely, we offer over two decades of expertise in customer engagement. Should you wish to explore solutions or further develop your business, please do not hesitate to contact us.

Host Kathy Jacobs, former President of Compliance Institute speaks with Barry Rojack