Following our March publication regarding challenges the FRC Standards present to the industry, this blog focuses on one in particular - how to manage your Third Party Administrator (TPA).
The FCA fine issued last October reminded the industry that although the responsibility of the TPA should be considered in instances of failure, from the FCA’s perspective it is the outsourcing firm’s responsibility to ensure it has effective oversight in place.
Although outsourcing appears a cost-effective option for firms, this is brought into question once the rigor required to comply with the FCA rules is applied. While there may be strategic reasons for compromise regarding a TPA’s capability, it is key to ensure due diligence and oversight are proportional. When selecting a TPA, the outsourcing firm should always consider the true-cost equation (cost of outsourcing plus cost of oversight).
Baringa recently launched a CASS Industry Benchmarking survey, in which we asked firms about the greatest challenges they encountered when using TPAs. Here we provide examples of challenges and recommended practices that can help address some of these:
Challenge #1: Lack of CASS-specific knowledge within the TPA
Performing pre-launch due diligence and testing of the TPA’s CASS capabilities is a way to address this. This will indicate to a firm whether the TPA has adequate CASS oversight across all areas. It is recommended to focus on the TPA’s own oversight capabilities and their ability to demonstrate their CASS compliance.
Challenge #2: Misaligned expectations on how client assets should be managed
The best way to overcome this is to establish a governance structure with accountable individuals, enabling a firm to:
Conversely, from a TPA’s perspective it can prove difficult to meet specific requirements from outsourcing firms; the Service Level Agreement (SLA) should be aligned with how both parties interpret the CASS rulebook.
Challenge #3: Insufficient management information (MI) to effectively perform oversight of the TPA’s activities.
There are controls that firms can exert on the TPA and these must be documented in the SLA between the two parties. Examples of good practices are:
As firms go through their first audit under the enhanced FRC Standards, it is important to analyse the outputs specific to their TPAs; and ensure potential failures and challenges are self-identified and addressed, and not left for the Auditor to uncover.
 If you wish to participate in the survey, please do get in touch with Guy Munton (firstname.lastname@example.org)
We're keen to hear your views on this issue - or issues relating to it.Contact us if you have a view on this that you would like to share.