Insights from Latham’s flagship event: Managing the risk and promise of digitisation in financial services

Authors: Andrew Moyle, Nicola Higgs, Christian McDermott, and Kirsty Watkins.

The financial services industry is leading the way in outsourcing, with contract values in excess of US$10.7 billion in 2018, causing regulators to focus more than ever on the associated risks. Guidelines on outsourcing arrangements from the European Banking Authority (EBA), which came into effect on 30 September 2019, expand the requirements on institutions in this area, while both the Financial Conduct Authority (FCA) and the Prudential Regulation Authority (PRA) are also increasing their outsourcing supervision and enforcement activity.

Latest FCA and PRA fines against a retail bank show little tolerance for poor outsourcing systems and controls.

By Fiona M. Maclean, Christian F. McDermott, Laura Holden, and Charlotte Collins

On 29 May 2019, the FCA and PRA announced that they had fined an independent UK bank for failing to manage its outsourcing arrangements properly between April 2014 and December 2016. The bank received separate fines of £775,100 from the FCA and £1,112,152 from the PRA (resulting in a combined fine of £1,887,252) for breaches of the regulators’ high-level principles for authorised firms, as well as their more detailed rules on outsourcing. Each fine includes a 30% early settlement discount.

The guidelines create new obligations for financial, payment, and electronic money institutions that will impact cloud outsourcing and deployment of FinTech.

By Fiona M. Maclean and Laura Holden

On 25 February 2019, the European Banking Authority (EBA) published a final report on its draft guidelines on outsourcing arrangements (Guidelines). The report followed the EBA’s publication of draft guidelines in June 2018 (Draft Guidelines) and the ensuing public consultation in September 2018 (Public Consultation).

The Guidelines replace the 2006 Committee of European Banking Supervisors (CEBS) Guidelines on Outsourcing (CEBS Guidelines) and replace and incorporate the EBA’s final recommendations on outsourcing to cloud service providers (Cloud Recommendations). Financial institutions will now only need to consult one set of guidelines for cloud and non-cloud outsourcing.

By Nicola Higgs, Fiona MacLean, Brett Carr, and Catherine Campbell

Technology outsourcing by financial institutions (FIs) has increased in recent years as FIs look to the latest innovations to improve their day-to-day business processes and to reduce costs. FIs outsource key functions to a host of regulated and unregulated third-party service providers, and the sector is poised for continued growth. According to research conducted by business outsourcing provider Arvato and analyst firm NelsonHall, outsourcing agreements worth £6.74 billion were agreed in the UK last year across all industries (a 9% increase on the prior year), and financial services firms signed £3.26 billion of them. With this continued growth, the outsourcing sector is increasingly likely to be a hotbed of PE deal activity; and, as regulators place a greater focus on outsource providers, deal teams should monitor regulatory engagement and policy developments.

The EBA’s draft guidelines on outsourcing will impact cloud outsourcing and institutions’ deployment of FinTech.

By Fiona MacleanCharlotte Collins, and Terese Saplys

On 4 September 2018, a wide audience of interested individuals gathered at Canary Wharf for a public hearing (Public Consultation) to listen to what the European Banking Authority (EBA) had to say in relation to its long-awaited Draft Guidelines on Outsourcing (Draft Guidelines). The Draft Guidelines, which review the existing CEBS Guidelines on Outsourcing published in 2006 (CEBS Guidelines), are the EBA’s opportunity to refresh its recommendations on outsourcing to align more closely with the technical, political, and operational landscape banks face today. The attendees at the Public Consultation raised a number of questions which have, no doubt, given the EBA considerable food for thought. This blog post identifies and explores the key themes of the day. Beyond the key themes identified below, the Public Consultation included discussions of the issues of internal audit, reporting and registration, and supervisory oversight.

FCA Chair hints that new regulation addressing data ethics in the FinTech space may be on the horizon.

By Nicola Higgs, Fiona Maclean and Terese Saplys

Will societies of the future be ruled by algocracy, in which algorithms decide how humans are governed? Charles Randell, Chair of the Financial Conduct Authority (FCA) and Payment Systems Regulator, addressed how to avoid this hypothetical scenario in a broad-ranging speech on that he delivered on 11 July 2018 in London.

Randell’s Remarks

Contributing Factors to an Algocracy

According to Randell, the following three conditions could collectively give rise to a future algocracy:

  • If a small number of major corporations were to hold the largest datasets for a significant number of individuals (as is currently the case)
  • Continuing vast and rapid improvements in artificial intelligence and machine learning that allows firms to mine Big Data sets with greater ease and speed
  • Further developments in behavioural science allowing firms to target their sales efforts by exploiting consumers’ decision-making biases

By Fiona Maclean, Stuart Davis and Charlotte Collins

Cloud services come with the promise of many benefits for the financial services sector. Cloud computing offers large-scale and cost-effective solutions for data storage and efficient processing and is also the underlying technology for many FinTech platforms. As with a lot of new technology, however, financial institutions are struggling to see how they can embrace cloud services fully in the context of the current regulatory landscape. This is particularly so given that use of cloud services is often considered a material outsourcing, meaning that banks and investment firms must follow strict rules in order to ensure that the risks posed by migrating data to the cloud are mitigated appropriately.