Keeping Your Foot on the Outsourcing Control Pedal
Regulators globally have expressed concerns over how financial institutions that outsource business-critical functions operate their relationships with third-party service providers. In particular, they are scrutinising whether financial institutions have robust and independent controls in place, and the potential for greater systemic risk across the whole industry given service providers typically operate multiple outsourced relationships.
With outsourcing arrangements prevalent across the fund management value chain, asset managers, asset owners and administrators have struggled to varying degrees with the challenge of delivering the appropriate level of oversight. Oversight teams often balloon as they attempt to stay on top of a wide range of outsourced functions, challenged by competing demands of accuracy and timeliness with little time for detailed service level agreement (SLA) reviews.
Replicating or ‘shadowing’ outsourced functions can have the effect of eroding the economic value that outsourcing would otherwise deliver. Nevertheless, the role of effective and independent oversight is now recognised as a positive and mutually beneficial dynamic. Timely detection and remediation of service ‘blips’ prior to investor impacts occurring can strengthen the relationship and support a more objective understanding of the service interface.
Under sweeping regulatory reform of Australia’s US$1.3 trillion superannuation funds industry, the Australian Prudential Regulation Authority (APRA) has outlined mandatory standards that require legally binding arrangements in place with outsourced service providers such as custodians, investment managers, asset consultants and financial planners. This follows APRA’s recent review of the key risks and issues facing custodians that provide services to superannuation funds, in which it identified numerous issues, including a failure to perform sufficient checks of the data being incorporated into net asset value (NAV) calculations.
Meanwhile, the Monetary Authority of Singapore (MAS) issued a circular to remind financial institutions that responsibility for effective due diligence, oversight and management of outsourcing and accountability for all outsourcing decisions continues to rest with the institution, its board and senior management. MAS advised that a financial institution should “put in place proper framework, policies and procedures to evaluate, approve, review, control and monitor the risks and materiality of all its outsourcing activities.”
In Europe, the UK’s Financial Services Authority (FSA) mandates that a firm must retain the necessary expertise to supervise outsourced functions effectively and manage the associated risks. Similarly, the German Federal Financial Supervisory Authority (BaFin) released a circular in June 2010 stipulating that an investment company must always have available sufficient staff and resources to monitor its outsourcing arrangements carefully. The US is not exempt either, with the SEC’s Rule 38a-1 mandating registered investment companies to adopt and implement written policies and procedures reasonably designed to prevent violation of the Federal Securities Laws by the fund. This includes policies and procedures that provide for the oversight of compliance by each investment adviser, principal underwriter, administrator and transfer agent of the fund.
Despite outsourcing proving an effective element of a financial institution’s operating model, without efficient and rigorous control, it can also result in additional risk. This is where parallels can be drawn with the need for efficient and rigorous supplier quality management in the manufacturing industry and, in particular, the automotive industry.
Using lean manufacturing principles, Toyota became the biggest car manufacturer in the world by sales volume in 2008, with its rapid growth and success largely attributed to its production system that focused on eliminating waste and inefficiency, and improving quality. But, in early 2010, Toyota had to recall 2.3 million cars in the US to correct sticking accelerator pedals. Almost overnight, the firm’s reputation as a high quality, reliable manufacturer was compromised.
So what happened? While many industry commentators point to a combination of rapid growth and loss of focus on quality, others have gone further and identified that supplier quality management was the root cause. Effectively, rapid growth had made managing and overseeing the myriad supplier relationships more difficult, particularly when primary suppliers were also outsourcing parts of their supply chain as well.
One only has to consider the amount of outsourcing of fund processing activities that now takes place in the financial services sector to realise that a financial institution using an incorrect NAV price, for example, has a stuck accelerator problem: large recalls resulting in financial exposure, loss of confidence resulting in damaged reputation and time and energy spent resolving problems rather than achieving business plans.
An effective oversight function is essential for financial institutions looking to ensure they are not currently cruising with a stuck accelerator pedal and, even worse, that they know nothing about it until it’s too late.
In a best case scenario, the error would fall under the market recommended tolerance the regulator has – e.g. 50 basis points (bps) of impact. Yet tolerance levels vary across regions and, even if it’s only small errors that are occurring, eventually they will lead to a much bigger problem. To borrow the tag line from another major player in the automotive industry: ‘power is nothing without control’.
Toyota’s supplier quality management programme worked well before growth outpaced its ability to maintain the necessary levels of oversight as the value chain expanded and became more complex. This was alluded to by the president of Toyota, when he noted in his address to US Congress that: “I fear we may have grown too quickly”.
Financial institutions face a similar danger as outsourcing initiatives gain momentum. Those that directly hold liability with end-investors – and life assurance and larger pension fund operators in particular – will appreciate the gravity of what happened at Toyota. Some of the biggest restitutions of pricing errors have been in these segments, where firms typically have larger funds under management (FUM). Because they deal directly with the end investor, they are the ones that have to send out statements, accommodate the increased volume of enquiries at their call centres and remediate the funds in the account.
In the best case, the financial institution will need to resolve an internal or external audit ‘black mark’. In the worst case, regulatory and reputational damage will be incurred and possibly substantial measures of restitution required. There is also the prospect of unforeseen head count increases to manually oversee these measures.
In the world of manufacturing, supplier quality management protects against the risk of delivering poor quality outputs because the manufacturer does not have to check quality of input. For investment management firms, it’s no different. Rigour in the oversight process is the key ingredient to ensure that the accelerator pedal does not get stuck.
Management of outsourced fund administration activities can be summarised in three key steps. First, financial institutions must understand the quality processes that the outsourcer has in place including how they ensure the quality of the data and services they themselves outsource. Second, they must regularly review this process and the output from it with the provider to ensure that the quality processes are both documented and actively pursued to ensure that quality processes operate effectively. And finally, firms must put in place an active oversight function that independently tests and validates the quality of the goods being delivered to them by their service providers as a failsafe that they are continuing to meet high standards of quality.
The oversight function should also follow another of Toyota’s manufacturing principles: zero inspection. This refers to the automated detection of errors wherever possible, with human resources focused on responding to the exceptions and anomalies that are raised. In other words, having effective oversight in place does not call for large shadow teams of people destroying the original outsourcing business case financials.
Instead, a small number of skilled resources can support the risk reduction aspects of the business case by designing appropriate tests to measure the quality of supplied data. A suitable oversight control system will use the results from these tests to identify failures and alert users automatically.
This way, issues can quickly be resolved with the relevant third parties before anything rolls off the production line.
As demands for operational accuracy and efficiency continue to increase, financial institutions must start to look for ways to minimise costs, validate results and monitor service levels associated with their outsourced relationships. The financial services industry is now taking a fresh approach to the oversight of outsourcing and recent developments in technology can provide holistic solutions that increase transparency, efficiency and control across a fund’s entire internal and external operations.
For example, where organisations have multiple service providers and deal with more than one custodian, automation allows firms to aggregate information internally and, ultimately, to assess and compare performance through time. Top-line information provides 360-degree management views, while more granular information can be analysed to gain a clear and robust picture of key service delivery metrics. Fund managers can therefore base assessments of outsourced performance upon accurate insight rather than anecdotes and gut feelings.
Crucially, effective and independent oversight creates a positive and mutually beneficial dynamic between financial institutions and service providers, strengthening the relationship and supporting a more objective understanding of the service interface.