IT providers in the financial sector must comply with regulations

Financial services firms are looking at increased regulation, and so must their IT providers, says Stuart Drew

Nearly three years on from a major financial crisis, it’s not just the banks, insurers and hedge funds that have to concern themselves with regulatory change, their business partners, such as technology providers, have to too.

Financial services institutions are increasingly using third parties to do things that previously they would have done themselves. They are now outsourcing a lot of front- and back-office activities.

Prior to the economic downturn, a financial institution might split such functions as product manufacturing, marketing, back office and distribution.

However, outsourcing arrangements are increasingly complicated to manage. This has been compounded recently with the break-up of the Financial Services Authority (FSA) and speculation about securities regulation that combines market supervision, setting listing standards and oversight of corporate reporting and governance.

Recently, we have seen specialist service providers with expertise in financial services performing some activities, while unrelated providers perform others. In each case, the service provider may or may not be a regulated entity.

Among the other specific concerns to regulators, is the potential for over-reliance on specialist system integration activity that is critical to the ongoing viability of a business, such as the migration of two IT systems in the wake of a merger or acquisition. Both organisations may have to comply with various differing obligations to stakeholders.

The acquiring company could be based abroad and under obligation to comply with different laws to an acquired company based in the UK.

On the back of these concerns, outsourcing does in fact raise issues related to risk transfer and management, both within and across borders. An increased reliance on outsourcing may affect the ability of the outsourcing provider to manage its risks and monitor its compliance with various regulations.

Furthermore, rapid IT innovation, along with an increasing reliance on external service providers, may lead to systemic problems unless appropriately constrained by a combination of market control and regulatory influences.

More service providers are now waking up to the importance of compliance. Many are taking steps to mitigate risk by drawing up comprehensive and clear outsourcing policies. In addition, they are implementing stronger contingency plans, negotiating appropriate outsourcing contracts and analysing their financial and infrastructure resources before rushing into any agreement.

By partnering with a provider that is itself compliant with these regulations, customer financial organisations can rest assured their compliance concerns are understood and addressed.

Firms should work hand in hand with clients to maintain and develop compliance. A compliance management technology framework will help automate assessments, analysis, management and reporting tasks, helping customers to reduce the risk of compliance and security breaches, failed audits and even litigation.

This also helps organisations keep track of risks that may affect their business processes and compliance requirements.

Stuart Drew is executive vice president of financial services at HCL Technologies