Search This Blog

Monday, 11 July 2016

#FinTech Service Providers Must Proactively Support FCA Compliance

The FCA has finalised its new guidance to authorised firms on outsourcing to the 'cloud' and other third party IT services, which is mandatory for some firms but (strongly) advisory for others. Unfortunately, exactly what amounts to 'outsourcing' remains grey and short of examples, as do important issues such as the meaning of 'cloud' (largely a marketing term anyway), whether access to data centres is necessary and so on. Not only does that leave FCA staff and finance firms in doubt, but it leaves service providers exposed to the need for financial firms to suddenly switch providers where the FCA considers that guidelines should have been followed but have not been.

The FCA guidance says that outsourcing is "where a third party delivers services on behalf of a regulated firm". That suggests the service in question must effectively be part of the firm's service to its customers, like answering customer calls on the firm's behalf in a call centre, as opposed to, say, the supply of commercial IT hosting services for web sites, apps or back-office software etc., which the firm is not in the business of providing to customers. 

A table in the guidelines sets out an extensive process and related paper trail designed to show that a firm has outsourced a function appropriately.

So lack of clarity on the boundary between outsourcing and normal service provision means that some IT providers may not realise that a financial firm has incorrectly classified the use of its services; and/or the service provider may not be willing or able to help the regulated firm jump through the many hoops laid out in the FCA's guidance. 

As a result, service providers risk losing customers who are finance firms that have failed to grind through the FCA's requirements and have to re-run their outsourcing process.

For all practical purposes, this places the burden on IT service providers to clarify the nature of their offering and make sure they are ready to help their finance customers either explain why there is no outourcing or demonstrate compliance with the FCA's outsourcing guidelines.

Some might observe that this represents regulatory 'scope creep', since it effectively subjects outsourcing providers to FCA regulatory requirements even where they are not required to be authorised (and may even be based outside the UK). Whether this is ever challenged as being ultra vires - beyond the FCA's powers - remains to be seen, but it is certainly a cost of doing business with UK financial firms.


FCA Calls For Input On #P2Plending and #CrowdInvestment Rules

It's been two years since the FCA created specific rules governing peer-to-peer lending and crowd-investment in securities, and the FCA promised a review of those rules in 2016. That review has just begun with a call for input closing on 8 September. 

This comes at an important time for the industry, as the FCA's report reveals that it has only processed 9 of 97 applications for authorisation by P2P lending platforms (44 of which operate under a two year old interim permission) and only 9 firms have been authorised to join the 25 firms that were operating in the crowd-investment market during the FCA's interim review in 2015. This shows that the FCA authorisation process, and regulation itself, are significant 'choke points' in the development of innovative financial services, notwithstanding firm support for the sector from the Treasury and strong growth in supply and demand from consumers and small businesses on existing platforms. 

It remains to be seen whether the FCA will further complicate life for crowdfunding entrepreneurs and their customers or clear the regulatory path to facilitate the growth of alternatives to the declining supply of bank finance, likely to worsen post-Brexit...