The use of contemporary technologies (e.g., cloud, artificial intelligence, data analytics, and distributed ledger technologies) to disrupt traditional banking models and operational practices is currently very relevant to the financial services industry. Fintech is an umbrella term used to describe the post-crisis growth of disruptive technologies and transformative services operating within and across the financial services industry. The UK’s Financial Conduct Authority (FCA) “Risk Outlook” report states:

Some firms in financial services rely on technological systems of firms that are emerging outside the perimeter. While unregulated entities — such as alternative payment platforms or digital currencies — sit outside our scope of responsibility, they can generate pro-competitive benefits. They can also pose risks to market integrity and consumer protection through technological interfaces with regulated activities. These activities may have the potential to create systemic and financial crime risks that would be outside our perimeter.

While the use of technology to underpin financial services is well established, the drivers of this phenom­enon are embedded in growing financialization, digitization hybridization, and the “democratization” of serv­ices. Currently, this is a highly contested space. The rise of fintech hubs in London, New York, Frankfurt, and Singapore, where startups and existing players are developing approaches for conducting financial business, are examples of the wave of disruptive technologies within the financial services industry. Although fintech has often been billed as a battle between incumbent financial institutions and new startups, research reveals that in the majority of cases, new fintechs are seeking to collaborate with existing players and, by doing so, will create new and complex outsourcing arrangements. For example, firms that offer enhanced cyber­security technologies for online banking are providing technologies that underpin critical banking services. Yet such tech firms do not come under the purview of financial services regulators.

Before and after the 2008 financial crisis, operational failures and related malpractices increased demands for more transparency and regulatory scrutiny of management practices.[1] Consequently, firms are now faced with a “new normal” of higher operational costs, derived from the need to meet a tsunami of new regula­tory rules, with short deadlines for implementation, while being subject to heightened levels of supervision. Fines levied against financial organizations have also increased dramatically since the financial crisis. As a result, many financial firms, particularly asset management houses, have looked to technology-based outsourcing and offshoring models to cut costs and make efficiencies and support operational activities, even those deemed critical by regulators. Firms began handing back-office (e.g., custody and unit value accounting), middle (e.g., trade services, data management, and record keeping), and even front-office (e.g., client servicing and strategy formation) work to service providers to update underpinning technologies and reduce costs in an uncertain environment. Due to this increase in outsourcing activity, regulatory bodies are becoming concerned about new uncertainties and risks arising from this complex environment.

Figure 1 is a timeline outlining outsourcing policy, risk warnings, and guidance missives issued by key regulatory authorities in the US and Europe since the financial crisis (2010-2016). This timeline reveals how regulatory authorities are becoming increasingly focused on monitoring outsourcing arrangements in the financial services industry. Table 1 provides illustrative examples of common global regulatory perspectives.
 

Figure 1 — Post-crisis timeline of financial services regulators’ responses to outsourcing.
(Source: Various regulators’ websites.)

As Table 1 shows, a common rule across regulatory jurisdictions is that financial organizations cannot outsource their responsibilities to remain compliant. Such rules require that firms have necessary over­sight and governance of outsourcing arrangements and that proper risk assessments have been conducted. Firms must keep regulators informed of changes in their outsourcing arrangements, so that authorities may also view related risks and the appropriateness of the arrangement.
 

Table 1 — Common outsourcing obligations. (Source: Various regulators’ websites.)
 

Note

1. Select examples include the Libor and forex rate-rigging scandals, HSBC money-laundering scandal, and J.P. Morgan’s mis-selling mortgage-backed securities prior to the financial crisis.

[For more from the authors on this topic, see: “Fire Alarm in Financial Services: The Regulatory Landscape for Cloud and Outsourcing.”]