MAS’ Outsourcing Guidelines and Consultation

Paper on Customer’s Moneys and Assets

Bovill Briefing

August 2016

Asia Regulatory Radar – August 2016

MiFID II

Asset Mgt and Capital Market vulnerabilities

Asia Region

Funds

Passport

FAIR

Framework

OTC

Derivatives

Market Abuse

Investigations

Basel III

Liquidity

Rules

Regulatory

Safeguards for

Investors

Short Position

Reporting

Suitability

Requirement

Central

Depository

System

REITS

Insurance

Remuneration

Market Risk Capital

Requirements

Code on Take-Overs and Mergers

SFC Products

Handbook

Principles of Responsible Ownership

AML/CFT

Internal

Controls

Supervisory

Policy

Manual

FinTech

OTC

Derivatives

AIFMD Non-EEA AIFM Passports

Crowd

funding

Resolution regime

Market

Misconduct

Regime

Resolution

Regime

Professional

Investor

Regime

Suitability Requirement

Interest Rate Risk

Requirements

Fund

Authorisation

Cyber

Security

Listing

Regulation

Outsourcing

Common Reporting Standards

Protection of Customer

Money and Assets

Cyber

Crime

2

3

Key highlights

Implementation of the New Outsourcing Guidelines

• Self-assessment of existing outsourcing arrangements by 27 October 2016

• Deficiencies to be rectified by 26 July 2017

Outsourcing Arrangement Definition

• For an arrangement to be outsourcing arrangement, it does not need to be prohibitive or costly to change the service provider.

Material Outsourcing Arrangement - Definition

• If an outsourcing arrangement materially impacts an institution’s regulatory compliance and risk management ability, it is material

List of low-risk Outsourcing Arrangements

• This list is removed on the basis that every institution should make its own assessment of the materiality of an outsourcing arrangement

Notification to MAS

• Requirement to notify MAS prior to entering into a material outsourcing arrangement removed(!)

• Maintain Outsourcing Register (MAS Template)

Due Diligence on Service Providers

• Due diligence, monitoring and control of outsourced services

• Political, legal, economic assessment for overseas outsourcing

4

Outsourcing and non-outsourcing arrangements

MAS has provided additional examples to demonstrate which arrangements are

considered outsourcing and which are non-outsourcing arrangements

Outsourcing Arrangements:

White-labelling arrangements (for e.g., arrangements for trading and hedging

facilities)

Information systems hosting (for e.g., SaaS, PaaS, IaaS)

Compliance as a professional service

Support services related to archival and storage of data and records

5

Outsourcing and non-outsourcing arrangements

Non-Outsourcing Arrangements:

X Services which MAS expects independent service providers to provide (e.g.

Maintenance of custody account with specified custodians or independent fund

valuation)

X Global financial messaging infrastructure, which are subject to regulatory

oversight (e.g. SWIFT)

X Acceptance of business by underwriting agents as they relate to principal-agent

relationship

6

Outsourcing assessment

Is it an outsourcing arrangement?

Definition and Annex 1

MAS Outsourcing Guidelines do not

applyConduct usual vendor related due diligence

Is it a material outsourcing?

Definition and Annex 2

Apply the guidelines and additional requirements applicable to material outsourcing under the guidelines

Additional requirements imposed for material

outsourcing arrangements

Apply the guidelines commensurate with the nature of risks and materiality

of the outsourcing arrangements

Risk-based approach for non-material outsourcing

arrangements

No Yes

Yes No

7

Assess material outsourcing arrangements

Assess Impact

Financial

Reputation

Regulatory

Customer

Counterparty

Operating Costs

Aggregate Exposure

Political, Legal and

Economical

8

Questions to ask

Impact Factors/Questions

Financial How important is business activity that is being outsourced (e.g., in terms of contribution to

income and profit)?

Operating Costs Is the cost of the outsourcing as a proportion of total operating costs of the institution material?

Operating Costs Is the cost of outsourcing failure, which will require the institution to bring the outsourced activity

in-house or seek similar service from another service provider, as a proportion of total operating

costs of the institution material?

Concentration Risk Is the aggregate exposure to a particular service provider in cases where the institution

outsources various functions to the same service provider material?

Operations Would there be a material impact on the institutions ability to maintain appropriate internal

controls and meet regulatory requirements, if the service provider faces operational problems?

If the service provider fails to provide the service or encounters a breach of confidentiality or

security…

Financial impact Will there be a material impact on earnings, solvency, liquidity, funding and capital, and risk

profile?

Reputational Impact Will there be a material impact on the institution’s reputation and brand value, and ability to

achieve its business objectives, strategy and plans?

Customer impact Will there be a material impact on the institution’s customers?

Counterparty impact Will there be a material impact on the institution’s counterparties and the Singapore financial

market?

9

Outsourcing risk management

Role of Senior

Management and Board

Cost/benefit analysis + aggregate exposure

assessment

Outsourcing Arrangements Due Diligence

Service provider suitability

Monitoring and Control of

Outsourcing Arrangements

Documenting and

recording

10

MAS reminders

Board and Senior Management remain ultimately responsible for

implementing adequate outsourcing risk management framework

Delegate not abdicate!

Ensure that there is a robust risk management framework for

Outsourcing Arrangements

Outsourcing of all or substantially all of the risk management or internal

controls by an institution will be considered material outsourcing

arrangement (for e.g. internal audit, compliance, financial accounting

etc.)

Be ready to demonstrate compliance to MAS

11

Importance of Business Continuity Management

• Increased dependence on technology

• ‘Know Your Service Provider’ – BCP

requirements and joint testing

• Interdependence risks and Cloud services

Customer’s Moneys and Assets

Why it’s so important

2007 Present

day

Global

financial

crisis

Sept 2008

Lehman files

for bankruptcy

March 2012

World

Spreads

bankruptcy

Oct 2011

MF Global

bankruptcy

Sept 2013

Aberdeen

fined (eqv

S$13m)

July 2016

MAS consultation

on enhancements

to Protection of

Customer’s

Moneys and

Assets

Sept 2011

Towry fined

(eqv S$862k)

Sept 2012

Blackrock

fined (eqv

S$16.6m)

June 2010

JP Morgan

fined (eqv

S$58m)

Jan 2011

Barclays

Capital fined

(eqv S$1.8m)

March 2011

ActivTrades

fined (eqv

S$148k)Jan 2012

MF Global

Singapore

Liquidated

14

Definition of customer’s moneys

• Current rules only cover money received from or on

account of a customer

• Proposal to include contractual rights arising from

transactions entered into on behalf of or with a customer

Rule ref: LCB part 15. (2)

15

Due diligence on banks

• Proposal to introduce a DD requirement on banks who

maintain the customer’s money account

• Periodic assessment of diversification

• Periodic review of due diligence on bank

16

Appointing a custodian

• Selecting – remember diversification is important

• Appointing

• Periodically reviewing

• Due diligence is key!

• Don’t just rely on one source of information

17

Acknowledgement letters – from FIs

Extension of the Acknowledgement Letter

to overseas financial institutions

Need to remember to review and update

periodically

18

Recovery [and Resolution] Packs

Need to introduce information systems and controls to set out:

Location of customer’s moneys and assets

How assets are held, identity of all depositories

Type of segregation at all levels of the holding chain

Applicable rules (where overseas)

Outstanding loans of customer’s securities

19

Computations and reconciliations

Daily computation requirement extended to all licensees, not just futures

or leveraged FX traders

Will require at least daily computation of total amount of moneys and

assets deposited, for all instruments

Rule ref: LCB part 37

20

Re-hypothecation and other use

Currently risk disclosure and consent is required when lending

customer’s securities

Proposal to extend this to situations when licensee

- Mortgages

- Charges

- Pledges

- Hypothecates

their customer’s assets

21

Other areas

Customer Disclosure

Prompt response to request for statement of account from customer

Dis-application of Reg 16(1)(b), which allows the customer to direct

which account to use

Application to banks:

- Current rules also apply to banks

- Proposal to dis-apply Money Rules

22

Takeaways

As always – the creation and retention of records is paramount

Increased operational demands

Ongoing review of existing controls and processes

IT requirements, governance arrangements, policies and procedures

23

Questions?