ASIC shines a spotlight on offshore outsourcing
The Australian Securities and Investments Commission (ASIC) is urging Australian financial services (AFS) licensees to strengthen their oversight and risk management practices when engaging offshore service providers (OSPs). This push follows ASIC’s review of offshore outsourcing arrangements, which uncovered significant deficiencies in governance frameworks across the sector.
What you need to know
- Offshore outsourcing carries significant risks if it is not sufficiently managed and supervised.
- While AFS licensees may choose to outsource functions, ASIC will hold the licensee accountable for failing to comply with its risk management obligations.
Background
ASIC's regulatory guidance confirms that AFS licensees may outsource functions and services but not their responsibilities as a licensee, such as having adequate resources available (including financial, technological and human resources) and carrying out supervisory arrangements. Amid rising operational costs and local skills shortages, licensees are increasingly outsourcing services offshore. Key services being outsourced to OSPs include administration, advice support, paraplanning, investment management, transaction processing, financial planning and client communication.
The regulator is concerned AFS licensees are neglecting their responsibilities when outsourcing. ASIC's recent review into AFS licensees' risk management arrangements relating to offshore outsourcing practices found large inconsistencies in the quality of these arrangements, with some entities lacking any OSP risk management framework.
ASIC’s review and findings
ASIC identified several critical risks stemming from outsourcing practices, including:
- compromised protection of confidential information and non-compliance with Australian privacy laws;
- unreliable infrastructure causing operational service disruptions;
- ineffective detection and management of data breaches; and
- loss of control over outsourced business functions.
These vulnerabilities pose direct threats to consumers and investors, most notably through heightened exposure to cyberattacks, and risk undermining public confidence in the financial system.
ASIC’s expectations
ASIC Commissioner Alan Kirkland has reminded licensees that they remain fully responsible for regulatory compliance even when functions are performed offshore. ASIC has published articles outlining good practices for the responsible use of OSPs by AFS licensees that provide financial product advice, and responsible entities of registered managed investment schemes.
Recommended measures include:
- rigorous due diligence in selecting OSPs;
- ongoing performance and compliance monitoring through robust audit mechanisms;
- prompt remediation of service breaches and failures;
- implementation of a formal, regularly updated risk management and governance framework for offshore outsourcing;
- transparent disclosure of OSP arrangements to consumers; and
- active oversight by licensees of OSP engagement by their representatives.
What this means for you
ASIC has warned that it will continue to scrutinise offshore outsourcing practices and will take enforcement action against AFS licensees that fail to implement adequate governance and risk management frameworks.
If your business currently engages OSPs, or intends to do so, it is imperative to assess how ASIC’s findings apply to your operations and take immediate steps to align with regulatory expectations.
For tailored advice or to discuss the implications for your business, please contact our team.
This article was prepared with the assistance of Annabelle Duke, Law Graduate.
Contact
