Due diligence on, and monitoring performance of, outsourced providers

Aim: To provide an overview of best practice processes for undertaking robust due diligence on, and monitoring of, outsourced service providers.

Outcome: Completion of this module will help compliance staff and directors of financial service providers who are applying for/maintaining a licence under the FMCA to:

  • Understand the relevant Standard Condition relating to outsourcing, and how to meet it;
  • Be aware of the consequences for a breach of the Standard Condition;
  • Understand the FMA’s assessment considerations on due diligence and monitoring of outsourced service providers;
  • Assess their own due diligence and monitoring practices to ensure they would meet the FMA’s expectations; and
  • Show how they demonstrate due diligence and monitoring of an outsourced service provider.

Abstract: If a business is not resourced to provide some functions in relation to the market service for which it is, or wishes to be, licensed for, it may choose to contract-out or outsource the provision of those functions to third party suppliers. While outsourcing may transfer some of the associated risks of the function to the third party supplier, ultimate responsibility and liability rests with the licensed entity to ensure that the service provided is appropriate and compliant. 

The FMA requires licensees to ensure outsourced functions are adequate, effective, and prescribes minimum standards for licensees to comply with. In addition, outsourcing is one of the Standard Conditions prescribed by the FMA for providers of licensed market services (except individuals holding an independent trustee licence) requiring them to regularly review outsourcing arrangements (at a frequency appropriate to the risk involved) and monitor the ongoing performance of the outsource providers