If a firm can demonstrate that it has taken the following guidance into account and has satisfactorily concluded that it would be able to continue to satisfy the common platform outsourcing rules and provide adequate protection for consumers despite not satisfying the conditions, the FCA would not be likely to object to that outsourcing.
The following should be taken into account where the service provider is not authorised or registered in its home country and/or not subject to prudential supervision.
The firm should examine, and be able to demonstrate, to what extent the service provider may be subject to any form of voluntary regulation, including self-regulation in its home state.
In addition to the requirement to ensure that a service provider discloses any developments that may have a material impact on its ability to 2carry out the outsourcing (SYSC 8.1.8 R (6)), where the conditions are not met the developments to be disclosed should include, but are not limited to:
any adverse effect that any laws or regulations introduced in the service provider's home country may have on its carrying on the outsourced activity; and
any changes to its capital reserve levels or its prudential risks.
The firm should satisfy itself that the service provider is able to meet its liabilities as they fall due and that it has positive net assets.
The firm should require that the service provider prepares annual reports and accounts which:
are in accordance with the service provider's national law which, in all material respects, is the same as or equivalent to the international accounting standards;
have been independently audited and reported on in accordance with the service provider's national law which is the same as or equivalent to international auditing standards.
The firm should receive copies of each set of the audited annual report and accounts of the service provider. If the service provider expects or knows its auditor will qualify his report on the audited report and accounts, or add an explanatory paragraph, the service provider should be required to notify the firm without delay.
The firm should satisfy itself, and be able to demonstrate, that it has in place appropriate procedures to ensure that it is fully aware of the service provider's controls for protecting confidential information.
In addition to the requirement at SYSC 8.1.8 R (10) that the service provider must protect any confidential information relating to the firm or its clients, the outsourcing agreement should require the service provider to notify the firm immediately if there is a breach of confidentiality.
The following should be taken into account by a firm where there is no cooperation agreement between the FCA and the supervisory authority of the service provider or there is no supervisory authority of the service provider.
The outsourcing agreement should ensure the firm can provide the FCA with any information relating to the outsourced activity the FCA may require in order to carry out effective supervision. The firm should therefore assess the extent to which the service provider's regulator and/or local laws and regulations may restrict access to information about the outsourced activity. Any such restriction should be described in the notification to be sent to the FCA.
The outsourcing agreement should require the service provider to provide the firm's offices in the United Kingdom2 with all requested information required to meet the firm's regulatory obligations. The FCA should be given an enforceable right under the agreement to obtain such information from the firm and to require the service provider to provide the information directly.2