Out-Law / Your Daily Need-To-Know

Out-Law Analysis 5 min. read

How the Consumer Duty impacts outsourcing arrangements


The prevalence of outsourcing in financial services should spur firms and their providers to consider how the new Consumer Duty in the UK might impact on outsourced services arrangements.

A related issue is the move towards more direct regulation of critical service providers to financial services firms.

Impact of the Consumer Duty

The Consumer Duty requires authorised firms to act to deliver good outcomes for retail customers. It comprises “cross-cutting rules” which relate to the firm acting in good faith towards customers, seeking to avoid foreseeable harm and supporting customers to pursue their financial objectives. The Duty also sets out the FCA’s “four outcomes”, which are the key elements that the FCA expects of the firm-consumer relationship.


Read more on this topic


The Consumer Duty applies to all firms in a distribution chain that can influence material aspects of the design, target market or performance of a financial services product or service targeted at retail customers. It will apply even where those firms do not have a direct contractual relationship with the retail customer.

Outsourcing agreements that may be in scope

It is likely that many financial services outsourcing arrangements will not be in scope for the Duty because the service provider does not engage with end customers or provide services that are critical to the end customer experience. For those that are in scope, robust outsourcing agreements that comply with regulatory outsourcing and operational resilience requirements are likely to support financial institutions in meeting Consumer Duty requirements. 

Key triggers in an outsourcing for the application of the Duty would be where the service provider has direct customer interaction in the context of services, such as a business process outsourcing of pensions administration services, where they may be handling customer complaints or where they are directly involved in making decisions that will affect a customer. The authorised firm will in any event need to consider whether the contract provides appropriately for the oversight required of their outsourced service provider, whether that provider is authorised or not, since, as with most regulatory areas, outsourcing does not absolve the financial institution of responsibility.

Changes to outsourcing agreements may be necessary

Financial services outsourcing is already the subject of significant regulation: in the UK the PRA and FCA have issued guidelines relating to outsourcing and other material services arrangements.

In addition, the regulators’ focus on operational resilience in the context of outsourcing and services arrangements requires financial institutions to be comfortable, and back up that comfort contractually, that an arrangement will not lead to an inappropriate risk to resilience. In each case the regulatory requirements translate into direct and indirect contractual requirements to be flowed to third party service providers.

Even where there is no direct customer interaction or decision-making input, if the service being provided is critical to the end customer experience, the Duty is still likely to be relevant. This would be the case, for example, where there is a contract to provide all the technical support to maintain a key customer platform through which customers make their investments and manage their accounts. In this case there is a clear potential for customer harm if the support is not provided and the platform fails as a result.

If an outsourcing arrangement is subject to the Consumer Duty, it is quite likely that the kind of provisions the authorised firm will want to include to address this are already covered as part of meeting regulatory outsourcing or operational resilience requirements. For example:

  • requirements for the service provider to comply with law;
  • management information and reporting requirements to help the firm monitor service delivery;
  • ·obligations to engage appropriately trained staff to deliver the services and to ensure training and continuous development of staff.

If the Consumer Duty is relevant to the arrangement, there are some areas that may not be covered already that firms may want to consider. For example, often service providers will agree in an outsourcing contract to comply with “supplier laws”, which are those laws applicable to them as a service provider, rather than all laws applicable to the authorised firm. The argument is that the service provider is not a regulated entity and so cannot know what is required to ensure the firm’s compliance.

If this is the position in the contract then, in the context of the Consumer Duty, the firm should ensure that it is in a position to instruct the service provider on what is required to ensure compliance with the Consumer Duty, as a sub-set of “customer laws”. That way the firm can be comfortable that it can ensure compliance since it will be responsible for that compliance.

Dunn Yvonne_April 2020

Yvonne Dunn

Partner

It is important that firms properly consider the scope of services being delivered under an outsourced arrangement to confirm whether there are any Consumer Duty implications.

Another area to consider is in relation to service levels and key performance indicators (KPIs). If the Duty will apply to the arrangement, the firm may want to revisit these to include specific service level agreements or KPIs relating to customer outcomes.

While customer impact is often a consideration in issues such as change management and exit management, firms may wish to make this a more explicit consideration by embedding this into the contract.

‘Step-in’ rights are often not felt to be appropriate in outsourcing arrangements, or a modified form of “management step-in” or “hypercare” is agreed as an alternative. If the Duty is relevant, it is worth considering whether more step-in rights are appropriate for the firm but perhaps over a narrower scope. For example, the firm may be content to exercise “management step-in” over the majority of the services but require full step-in rights in relation to customer communications if step-in is triggered, to safeguard compliance with Consumer Duty requirements.

Similarly, when it comes to conduct of claims under an indemnity, although the “traditional” position is that the party providing the indemnity gets to control any underlying claims, in the case of a claim which links to Consumer Duty liability, the authorised firm may wish to carve out such claims such that it will always have conduct of claims. The principle behind this is consistent with the rationale for a data controller retaining conduct of indemnity claims in relation to data protection matters – as the financial institution has broad regulatory compliance risks that go beyond resolution of the claim, it should have greater control over how the claim is handled.

Compliance with the Consumer Duty is a significant issue for authorised firms given its application across their businesses and the broad scope of requirements that it introduces. In practice, we expect that most outsourcing arrangements will not require remediation to take account of the Duty on the basis either that they do not relate to products or services caught by the Duty or because, to the extent that the Duty does apply, the requirements are already covered by existing provisions. However, it is important that firms properly consider the scope of services being delivered under an outsourced arrangement to confirm whether there are any Consumer Duty implications.

We are processing your request. \n Thank you for your patience. An error occurred. This could be due to inactivity on the page - please try again.