On 28 June 2021, the Dutch Authority for the Financial Markets (Autoriteit Financiële Markten, the AFM) published a news item on good practices in relation to the risks resulting from the outsourcing of important or critical activities by financial services providers. A survey of nearly 250 financial services providers revealed a number of weaknesses in the management of outsourcing risks, such as the failure to have a signed contract. According to the AFM, outsourcing activities can pose unacceptable risks to the financial services provider and its clients if these risks are not adequately managed. In order to improve the control of such risks, the AFM has come up with a non-exhaustive list of points that are based on good practices which financial services providers should be aware of:
- If service levels are not (properly) monitored, there is a risk that the financial services provider may be unaware of any incidents that might occur. The AFM recommends ensuring that there are clear agreements with the financial services provider on how to deal with incidents. This should ensure that immediate action can be taken where necessary.
- The AFM points out that in a number of outsourcing arrangements, both with external and intra-group parties, there are at times no signed contracts. If no clear contracts are made, there is an increased risk that the quality of the services provided ultimately does not meet the expectations of the financial services provider. The AFM notes that clear agreements should be made on both parties’ responsibilities and obligations in a written contract, which is signed by both parties.
- Financial services providers should analyse the risks involved with outsourcing prior to entering into an outsourcing arrangement, as well as periodically throughout the duration of the outsourcing. Financial services providers should take measures to reduce risks involved in the outsourcing to an acceptable level.
