New FCA recommendations for firms outsourcing IT services
In the Financial Conduct Authority’s (FCA’s) recent document entitled ‘Considerations for firms thinking of using third-party technology (off-the-shelf) banking solutions’, it provides a list of questions for regulated firms to consider when using third parties in the delivery of technology services that are critical to the firm’s business operations.
If a firm uses a third party for critical business services, it must comply with the outsourcing requirements in the FCA Handbook at SYSC 8. The aim of these obligations is that firms appropriately manage the operational risk associated with their use of third parties and that such arrangements do not impair the FCA’s ability to regulate the firm.
In practice, the FCA expects firms to have IT services that are effective, resilient and secure and designed to meet business needs. A firm must also be able to provide reasonable assurance that those of its outsource service providers (OSPs) critical to its business will deliver services effectively, resiliently and securely, as well as have arrangements for risk management and oversight of the OSPs to meet regulatory requirements. Crucially, firms retain full accountability for all of their regulatory responsibilities and cannot delegate them to a third party…
Click on the link below to read the rest of the Kemp Little briefing.
News from Kemp Little
Briefings from Kemp Little
Earlier this summer, the EBA published an analysis and opinion on virtual currencies — focusing on if they could or ought to be regulated.
The UK DMA has released a code of practice to address consumer concerns around data privacy and UK marketing practices.