Dear CEO: IT Outsourcing Risk

When the FCA expressed its concerns about the operational risks of outsourcing critical functions to all UK asset managers in the ‘Dear CEO’ lett er of December 2012, interpretations and responses from the market (throughout 2013) were centred on the outsourcing of fund accounting, transfer agency and middle office operations functions.

But as an experienced member of the IT industry, which in many ways pioneered the outsourcing model and now drives head-long toward ‘the cloud’, the reader of that first paragraph has probably now realised that IT should surely be included in that functional scope, too. At least some, if not most of a fund’s IT systems must fall into the category of providing “critical functions”.

The FCA’s fundamental concerns stem from a mandate to address forms of endemic risk that could have a market-wide impact – if a large portion of the London market depends on a single provider for a critical operations function, and that provider collapses, how will the market be impacted?

Each fund also has a duty to investors, employees and shareholders to mitigate such outsourcing risks in order to maintain its own operational viability. Both of these perspectives are relevant and arguably at least as difficult to address in the world of outsourced IT.

Like all markets, the UK IT outsourcing market is populated with a wide range of good, bad and indiff erent vendors. The immature cloud market is still working through the natural selection process, so the range of quality is even greater.

The most reliable way to minimise cloud and traditional IT outsourcing risk is to choose an institutional quality vendor. The most reliable way to choose such a vendor is through an exhaustive vendor selection process.

But vendor selection for IT outsourcing is a specialisation, and even more so when the unique needs of the asset management sector and the new complexities of cloud are factored in. From the perspective of operational risk mitigation, a huge range of important factors must be taken into consideration, and only a relatively small portion of these are technical.

Vendor transparency is critical. In addition to a very detailed technical evaluation, to conduct thorough due diligence, you will need open detailed access to assess all manner of non-technical characteristics including client profile breakdown, client revenue breakdown, randomly chosen client references, fi nancial viability, future strategy and roadmap, management team pedigree, organisation structure, staffing and skill sets, independent accreditations, niche sector alignment, application layer support, vendor contractual T&Cs, solution topology, commercial flexibility and scalability. A resistance to providing such transparency should raise immediate concern.

Conducting this level of assessment for all of the vendors in consideration is a daunting, potentially expensive and time consuming task, which is consequently oft en the victim of ineffective “short-cutting” techniques (such as asking a peer who they use).

Behind Every Cloud recognised this issue and developed the Clover (Cloud Vendor Rating) Engine, which is a learning database containing 120 data points on more than 55 small, medium and large London cloud vendors who aspire to (or already) work with asset management clients. It has recently been expanded to include user groups, relationship and other functionality to make the vendor selection process faster, more effective and cheaper.

But what of the issue of endemic asset management market risk from outsourced IT? With some eight or so London niche market IT providers supporting several hundred small to medium clients between them from datacentres largely concentrated in E14 – the market-wide impact of a 2E2 like vendor collapse or a broad business continuity event such as Hurricane Sandy (or the failure of London’s flood defences) could indeed be significant.

The FCA and Investment Management Association (IMA) led working groups have to date focused on mitigation of this risk by individual funds through oversight, standardisation and exit planning – which are all important elements. To enhance and support this eff ort by working from the ground up with London Cloud Vendors, Behind Every Cloud has recently launched the Clover Mitigation Consortium, which has the stated goal of developing and coordinating the implementation of practical technical, contractual, commercial, interworking and standards based solutions to provide viable protection against this risk to clients in the asset management sector.

The consortium has four founder member firms already and is open to all parties interested in becoming involved in mitigating endemic IT outsourcing risk within the London asset management sector.

Download the Article

Leave a Reply

Pin It on Pinterest