Reviewing the FCA’s guidelines, Simon Collins, managing director, and Simon Jones, partner and head of the automotive sector at Eversheds Sutherland, consider whether regulated firms are right to invest custody of their reputations with third parties, and assess what controls should be in place

In all industry sectors, firms will outsource or enter into business arrangements as a means of securing expertise, reducing costs or simply to fill an operational gap.

These arrangements, when connected to financial services, can take on a more complicated position such as activities like collections or complaints. The primary reason is that the use of third parties means the customer and your services are now entrusted to a third party.

Reputation is critical, and many businesses in the automotive sector may wish to consider to whom they entrust their customers, and what measures are in place to not only protect the interests of the customer, but also to ensure the reputation of their business is not compromised.

Within the sector, the provision of products which fall under the jurisdiction of the Financial Conduct Authority (FCA) may not be the primary business activity, but rather an important supportive activity to the main trade of the business but subject to significant regulatory expectations.

So what?

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

View profiles in store

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData

Submit

UK USA Afghanistan Åland Islands Albania Algeria American Samoa Andorra Angola Anguilla Antarctica Antigua and Barbuda Argentina Armenia Aruba Australia Austria Azerbaijan Bahamas Bahrain Bangladesh Barbados Belarus Belgium Belize Benin Bermuda Bhutan Bolivia Bonaire, Sint Eustatius and Saba Bosnia and Herzegovina Botswana Bouvet Island Brazil British Indian Ocean Territory Brunei Darussalam Bulgaria Burkina Faso Burundi Cambodia Cameroon Canada Cape Verde Cayman Islands Central African Republic Chad Chile China Christmas Island Cocos Islands Colombia Comoros Congo Democratic Republic of the Congo Cook Islands Costa Rica Côte d"Ivoire Croatia Cuba Curaçao Cyprus Czech Republic Denmark Djibouti Dominica Dominican Republic Ecuador Egypt El Salvador Equatorial Guinea Eritrea Estonia Ethiopia Falkland Islands Faroe Islands Fiji Finland France French Guiana French Polynesia French Southern Territories Gabon Gambia Georgia Germany Ghana Gibraltar Greece Greenland Grenada Guadeloupe Guam Guatemala Guernsey Guinea Guinea-Bissau Guyana Haiti Heard Island and McDonald Islands Holy See Honduras Hong Kong Hungary Iceland India Indonesia Iran Iraq Ireland Isle of Man Israel Italy Jamaica Japan Jersey Jordan Kazakhstan Kenya Kiribati North Korea South Korea Kuwait Kyrgyzstan Lao Latvia Lebanon Lesotho Liberia Libyan Arab Jamahiriya Liechtenstein Lithuania Luxembourg Macao Macedonia, The Former Yugoslav Republic of Madagascar Malawi Malaysia Maldives Mali Malta Marshall Islands Martinique Mauritania Mauritius Mayotte Mexico Micronesia Moldova Monaco Mongolia Montenegro Montserrat Morocco Mozambique Myanmar Namibia Nauru Nepal Netherlands New Caledonia New Zealand Nicaragua Niger Nigeria Niue Norfolk Island Northern Mariana Islands Norway Oman Pakistan Palau Palestinian Territory Panama Papua New Guinea Paraguay Peru Philippines Pitcairn Poland Portugal Puerto Rico Qatar Réunion Romania Russian Federation Rwanda Saint Helena, Ascension and Tristan da Cunha Saint Kitts and Nevis Saint Lucia Saint Pierre and Miquelon Saint Vincent and The Grenadines Samoa San Marino Sao Tome and Principe Saudi Arabia Senegal Serbia Seychelles Sierra Leone Singapore Slovakia Slovenia Solomon Islands Somalia South Africa South Georgia and The South Sandwich Islands Spain Sri Lanka Sudan Suriname Svalbard and Jan Mayen Swaziland Sweden Switzerland Syrian Arab Republic Taiwan Tajikistan Tanzania Thailand Timor-Leste Togo Tokelau Tonga Trinidad and Tobago Tunisia Turkey Turkmenistan Turks and Caicos Islands Tuvalu Uganda Ukraine United Arab Emirates US Minor Outlying Islands Uruguay Uzbekistan Vanuatu Venezuela Vietnam British Virgin Islands US Virgin Islands Wallis and Futuna Western Sahara Yemen Zambia Zimbabwe Kosovo

Industry * Academia & Education Aerospace, Defense & Security Agriculture Asset Management Automotive Banking & Payments Chemicals Construction Consumer Foodservice Government, trade bodies and NGOs Health & Fitness Hospitals & Healthcare HR, Staffing & Recruitment Insurance Investment Banking Legal Services Management Consulting Marketing & Advertising Media & Publishing Medical Devices Mining Oil & Gas Packaging Pharmaceuticals Power & Utilities Private Equity Real Estate Retail Sport Technology Telecom Transportation & Logistics Travel, Tourism & Hospitality Venture Capital

Tick here to opt out of curated industry news, reports, and event updates from Motor Finance Online.

Submit and download

Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

Inevitably, a business’s reputation in its market sector is pivotal to its ongoing and future success. Aligned to this is the FCA’s objective to ensure that a customer receives “good outcomes” throughout the whole customer journey – irrespective of the number of businesses that are involved in delivery of the product or service.

While the FCA’s SYSC requirements regarding outsourcing are well known, the expectations of the FCA have been further clarified through documents such as the Responsibilities of Providers and Distributors in the Fair Treatment of Customers (RPPD).

We have seen a number of firms put in place proportionate arrangements for governance – whether the third party is an FCA-regulated entity or not, and our primary observation is that firms must assess the arrangements in place, as well as the potential for a poor customer outcome if the arrangement did not to work as intended.

The objective of the FCA in relation to third parties is enshrined within its handbook:

Principle 3 – Management and Control: “A firm must take reasonable care to organise and control its affairs responsibly and effectively, with adequate risk-management systems.”

Principle 6 – Customer Interests: “A firm must pay due regard to the interests of its customers and treat them fairly.”

So, aside from the general good business practice of needing to protect a business’s reputation, there are very clear requirements from the FCA in relation to its expectations of businesses when they use third parties, of any description.

What is the FCA doing?

Aside from general supervisory activity, the FCA has recently conducted a thematic review considering the use of third parties and outsource providers.

The FCA thematic review within the general insurance sector – Principles and their appointed representatives in the general insurance sector, July 2016 – clearly sets out the FCA’s expectations, and firms across the auto finance sector would be wise to take on board the views of the FCA and apply the findings (as appropriate) to their businesses.

The thematic review report was followed by the FCA issuing a “Dear CEO” letter, in respect of controls in place for appointed representatives.

The FCA also has concerns where the authorised business delegates regulated activities – for example, by outsourcing their processes to unauthorised entities or to other authorised businesses that do not have the relevant permissions.

The FCA has set out the steps that businesses should undertake to ensure that their relationships with introducers and lead generators meet regulatory expectations. The key pillars of a good governance arrangement for third parties are:

• Clarity of roles and expectations
• Detailed due diligence and onboarding of third parties
• Proportionate monitoring of third -party activities which impact on your customers and your regulatory obligations
• Targeted management information to be able to assess on a continuous basis whether regulatory expectations continue to be met
• Arrangements for providing training for third parties
• Defined and workable arrangements for ceasing a relationship with a third party.

What to do?

The FCA’s guidance on outsourcing makes clear that a business is expected to take reasonable care to supervise the discharge of outsourced functions.

What the FCA considers to be reasonable is not defined. However, as part of the due diligence process, businesses should consider how the arrangement will fit with their governance and general organisation, the financial stability of the service provider and the reporting structures in place to ensure that the arrangement is operating as intended.

This is important, as even where the consumer is engaging directly with the third party, they will view it as an extension of their relationship with your business. As such, businesses must be cognisant of the potential reputational damage in the event that something goes wrong.

The following list can also be used as a guide for any current relationships you have:

1. Is the basis of the agreement clearly defined within the SLA?
2. Has the management information required from a third party been defined and agreed?
3. What on-site monitoring activity will be conducted?
4. What monitoring activity will be conducted by the outsourcer?
5. Does the third party firm have the ‘right’ culture? Does their culture align with yours?
6. Where the third party is dealing with customers, are appropriate controls in place?
7. Does the third party take its data protection responsibilities seriously?
8. What disaster-recovery arrangements are in place?
9. Finally, is there a clear exit strategy for when the relationship comes to an end?

Businesses must assure themselves that services being provided by third parties do not compromise their ability to ensure fair treatment of customers. <

Sign up for our daily news round-up!

Give your business an edge with our leading industry insights.

Sign up