The Changing Face of Outsourcing

Outsourcing reference data has steadily increased in popularity over the past few years, but changes in regulation are already affecting this practice, meaning additional care or a review of contracts might have to be considered.

A few years ago reference data experts predicted that the outsourcing trend would grow dramatically, with new businesses appearing to deal with the demand. Outsourcing did happen, but not in the way that most people originally expected.

Initially, some believed financial institutions would want to outsource the majority of their reference data, but it has become more common to outsource certain chunks. "There's a very strong appetite for outsourcing parts of it," says John Wallis, head of EMEA sales, FAME/referencePoint at SunGard, adding that a lot of smaller deals have been happening.

Best Market Practice

In future, outsourcing deals will have to be treated differently, ensuring they are in line with new regulatory initiatives such as Europe's Markets in Financial Instruments Directive (MiFID). "You don't have to repaper outsourcing agreements, but you do have to ensure you comply. You must do that exercise before November 1 [when MiFID becomes law]," says Tim Dolan, associate at London-based law firm SJ Berwin, speaking at the company's seminar on outsourcing in London in May.

The outsourcing requirements of MiFID are similar to those set out in the Capital Requirements Directive (CRD), the vehicle used to implement the new Basel Accord in the European Union. In the UK, the regulator, the Financial Services Authority, has created SYSC 8, a common platform adopting both MiFID and CRD requirements. Dolan says the directives do not introduce "drastic changes," but deal with best market practice.

Critical and Important

The main difference with MiFID in general is that it is wider in scope than previous regulatory initiatives, with the outsourcing aspect being no exception. The regulation covers "critical or important" operational functions, and reference data could fit within this category.

"I think provision of data services and data storage would be caught," says James Gill, partner at SJ Berwin, adding that there will be some gray areas in terms of what is meant by critical or important functions. Referring to SYSC 8, he says the new rules also apply to functions provided on an industry basis.

Managing the Supplier

In general, regulation is often seen to drive an increase in the outsourcing of reference data, as firms without the resources necessary to meet requirements look for alternative options. However, although service providers promise solutions in line with regulation, lawyers warn that outsourcing does not necessarily equal compliance.

The problem tends to be that the customer must comply with regulations that are not imposed on the supplier. When outsourcing a function, it is still the firm's responsibility to ensure it meets regulatory requirements.

But, as mentioned, changes are not drastic and financial institutions can comply if they have the right arrangements. Gill emphasizes that it is the customer who needs to impose compliance on the supplier and supervise the outsourced function.

At the recent North American Financial Information Summit, ­panelists suggested that "little pockets" of reference data may be suitable for outsourcing. Nevertheless, even such "little pockets" are likely to be considered key functions of the business and will have to comply with regulation.

Again, data services and storage are likely to be caught, and contracts must include certain details that may not have been considered vital previously. Gill points to SYSC 8.1.1(2), which replicates MiFID Article 13(5), stating that outsourcing should not impair "the ability of the supervisor to monitor the firm's compliance with all obligations." He explains that, because of this, firms need to ensure that rights to gain access to business premises are extended to the competent authorities.

In addition, the need for governance is highlighted in the new regulation. Financial institutions will have to allocate a team to actively manage outsourced data. "You always need to have people on your team managing the supplier," says David Meredith, head of outsourcing at SJ Berwin. In terms of the UK's SYSC, there is a "four eyes" principle, meaning it is not sufficient to have just one person dealing with outsourcing decisions.

Outsourcing Monitor

Software vendor DST International (DSTi) is one of the firms that has launched a solution to deal with all these changes. In 2006, it released the Outsourcing Monitor, a system that helps financial institutions control outsourced data. Having reviewed how MiFID would affect their clients, DSTi created a system with capabilities for storing reference data, transaction and position data and valuations that may have been created elsewhere. The data can then be used for client report packs or to run performance calculations, for example, as well as to provide checks of accuracy and service level agreements (SLAs).

John Kirkby, head of data solutions at DSTi, says financial institutions might want to recalculate performance figures and ensure the outsourcer meets SLA targets. "You can look in the Monitor and make sure the data is available at a specific time. You can do historic checks. You can then see how frequently your SLAs were met, and how frequently they were missed," he explains.

In addition to meeting the MiFID requirement that firms ensure such things are managed, the Monitor can be useful for providing evidence of failure to meet contracts. "You can walk into discussions saying, here's some hard evidence of deadlines missed," notes Kirkby. Even though this sounds like a worst-case scenario, it might be necessary to end an outsourcing relationship at some point. "MiFID mentions that as an organization you must not abdicate responsibility: you must retain a level of control and a level of skill within the organization to be able to effectively monitor your outsourced activity, but also to take it back if you ultimately have to," says Kirkby.

He underlines that firms have to retain these skills, which can be difficult considering that outsourcers rarely allow clients physical access, meaning they will not have the skills to use the capabilities. With an Outsourcing Monitor, organizations can build up skills in-house. "They own that system and have the skills to ask the question and know they'll get the answer from that. The Outsourcing Monitor is a system under your control," he adds.

Kirkby says there are other good non-MiFID related reasons for monitoring outsourced data. "It's a good idea to have one central place where you have got consistency and all the data," he remarks, adding: "I think a number of organizations are finding it hard to justify products solely on MiFID, so if there are other very good reasons for doing it as well, it makes the business case just that much more easy to justify."

Overall, governance and operational risk have probably been on firms' agendas when dealing with outsourcing since before MiFID. The new regulation mainly highlights the importance of best market practice and negotiating good contracts. The top priority for firms with outsourcing arrangements in place should be to review the contracts to ensure they meet all the requirements by November 1. "Now is effectively the transitional period," says Gill.