Overview: the revised Outsourcing Policy (the Policy)
The Policy published by the Jersey Financial Services Commission (the JFSC) on 1 March 2017 achieves much by doing away with the distinction between delegation and outsourcing which has historically been a source of confusion for registered persons conducting financial services business in Jersey.
However it has added an extra layer of regulatory burden on registered persons and non-regulated entities alike by broadening the definition of outsourced activity to capture activity which in itself is not regulated activity but by virtue of its ability to materially impact the provision of services for which the registered person is licenced falls within the realm of activity that will henceforth be covered by the Policy.
The Policy has been published on 1 March 2017 and comes into effect three months from the date of publication i.e. 1 June 2017. What this means in practice is:
- the Policy applies to all new outsourcing arrangements entered into from 1 June 2017;
- existing outsourcing arrangements have until 1 June 2018 to become compliant with the Policy;
- outsourcing arrangements entered into between the date of publication and 1 June 2017 may choose to be in conformity with 2011 policy or the Policy;
- where a registered person chooses prior to 1 June 2017 to opt in to the Policy in respect of existing outsourcing arrangements, it must file the Outsourcing Notification and (i) confirm in writing that it will adhere to the Policy and (ii) agree to be supervised by the JFSC in conformity with the Policy;
- notwithstanding any of the above timelines provided, all outsourcing arrangements must be compliant with the Policy from 1 June 2018.
Key Practice Points
The underlying premise of the Policy is that registered persons remain fully responsible and accountable to the JFSC for any activity that is outsourced.
Business Risk Assessment
It is clear that any outsourcing arrangements entered into by a registered person are required to be risk assessed by the registered person prior to entering into such arrangements. This is in conformity with existing requirements under the relevant Codes of Practice and AML/Money Laundering compliance requirements that registered persons are subject to. In addition, registered persons are required to ensure that any sub-outsourcing arrangements are also in compliance with the requirements of the Policy.
In keeping with the requirement to assess the risk associated with any outsourcing, the guidance provides that due diligence must be conducted on the service provider, which would include considering any conflicts of interest or concentration/jurisdictional risks involved. The JFSC will expect to see board minutes and internal policies and procedures as evidence of such due diligence conducted on a service provider.
All outsourcing arrangements must be governed by documented, legally binding and enforceable agreements. Among other things, these contracts must (i) specify the activity to be outsourced (ii) provide the circumstances under which any sub-outsourcing is allowed (if applicable) (iii) the performance standards and reporting requirements upon the service provider (iv) termination provisions and (v) access rights to the JFSC to information and records relating to the outsourced activity.
Termination of outsourcing contracts
The requirements of the Policy with respect to termination of outsourcing arrangements present an additional burden on registered persons. A registered person is required to ensure:
- contingency plans are documented and in place to enable alternative arrangements to be put in place 'without undue delay and with minimum disruption to its business';
- such contingency plans should include provisions which allow the registered person/member of the group to take over the activity or transfer such to another suitable service provider;
- it is reasonable to assume that the JFSC will expect such 'suitable' providers to also be risk assessed and due diligence to be undertaken in respect of all such proposed alternate service providers;
- contingency plans must be periodically tested;
- no outsourcing arrangement is to be terminated until the JFSC is notified that either (i) the registered person will undertake the activity outsourced itself or (ii) the JFSC's written no-objection has been procured to proposed new arrangements.
Outsourcing Notification and No-Objection
The notification form is available on the JFSC website and seeks information on, among other things, the type of activity outsourced, the reasons for the outsourcing and a summary of how the activity impacts upon the regulated activity of the registered person including a risk assessment. Any proposal to outsource or make material changes to an existing outsourcing arrangement will require a prior 'no-objection' from the JFSC. The JFSC will use 'best endeavours' to respond within 20 days and, as such, notice of such proposed outsourcing arrangements should be given at an early stage in the process. No outsourcing arrangements are to be entered into until such no-objection is received.
Funds and Fund Services Business Providers
There are certain exemptions from adherence to the Policy provided to funds and fund service providers, which are available as long as the following conditions are met:
- the service providers to the fund are clearly disclosed to the JFSC and investors in the offer document;
- a change of service providers post authorisation of the fund where the offer document is not to be updated and where investor consent is not required is to be notified to the investors;
- the offer document/investor notification seeking investor consent to a change in service provider makes clear and unequivocal (in a manner suitable to the level of the investors’ financial sophistication, statements as to the following):
- the nature of any activity to be undertaken by such service providers;
- any material risks connected with the activity (including any conflicts of interest); and
- where the fund’s investors should deal directly with those service providers in respect of the activities they carry out.
- For completeness, where a custodian/prime broker acting in relation to a Certified Fund is a member of an international corporate Group, and the sub-custodians engaged by the custodian are also members of the same Group, the JFSC would not expect the fund prospectus to list or describe each sub-custodian separately.
- Where the service provider to the fund enters into any sub-outsourcing or any of the above conditions are not met, the Policy will apply.
Other Relevant Exemptions
Certain activities that might otherwise be outsourcing for the purposes of the Policy are exempt from compliance with the Policy. These include:
- MoME arrangements;
- provisions of advisory and other services to a registered person e.g. purchase of investment advisory services (where investment advice is not part of the licenced/regulated activity conducted by the registered person) or purchase of standardised services (e.g. market information services); and
- activity which is performed by a branch on behalf of its head office or another branch where all of these entities are parts of the same legal person.
The Policy is not inflexible and an application to the JFSC for a variation to the requirements of the Policy is permitted under certain circumstances. The JFSC will consider each application on a case-by-case basis. Notwithstanding this flexibility, all arrangements with service providers (even those which were/are ostensibly not captured as 'outsourcing' or 'delegation' under the 2011 policy) will need to be reviewed to ensure that they are not captured by the Policy and if they are, must become compliant with the Policy by 1 June 2018.