When outsourcing goes awry - Raphaels Bank:
Raphaels Bank is a timely reminder as to why outsourcing rules/regulations are essential; for example
- European Banking Authority (EBA) guidelines
- JFSC Outsourcing Policy - March 2017
- FCA SYSC 13.9 Outsourcing -
In May 2019, when Raphaels Bank was fined £1.89m for failing to manage its outsourcing arrangements properly. The failings came to light after an eight-hour technology “incident” on Christmas Eve 2015 at a service provider replied upon by Raphaels’ payment services division to manage its card programmes and payment authorisation services.
As a result, 5,356 point-of-sale, cash machine and online transactions worth a total of £550,000 could not be authorised.
A subsequent investigation by the Financial Conduct Authority and Prudential Regulation Authority uncovered what the pair called
- “deeper flaws” in the overall management and oversight of outsourcing risk at the company, from “board level down”, and
- “weaknesses” throughout its outsourcing systems that they claimed the bank should have known about since April 2014.
In a statement released on May 2019, Mark Steward, executive director of enforcement and market oversight at the FCA, said:
- “Raphaels’ systems and controls supporting the oversight and governance of its outsourcing arrangements were inadequate and exposed customers to unnecessary and avoidable harm and inconvenience.
- “There is no lower standard for outsourced systems and controls, and firms are accountable for failures by outsourcing providers.”
- there are specific, additional provisions that will apply in relation to business continuity planning for these types of outsourcing and there is a higher level of due diligence required in relation to entering into a critical or important outsourcing
- For example,
- All the guidelines (SEE ABOVE) put the onus on financial institutions to ensure their chosen outsourcing partner has some form of track record with taking care of critical and important functions on behalf of their clients.
- the EBA SAY.
- “The guidelines clarify that the management body of each financial institution remains responsible for that institution and its activities at all times,”
- To this end, the management body should ensure that sufficient resources are available to appropriately support and ensure the performance of those responsibilities, including overseeing all risks and managing the outsourcing arrangements.
- Outsourcing must not lead to a situation in which an institution becomes an ‘empty shell’ that lacks the substance to remain authorised
Meet the team of industry experts behind ComsureFind out more
Keep up to date with the very latest news from ComsureFind out more
View our latest imagery from our news and workFind out more
Think we can help you and your business? Chat to us todayGet In Touch
As well as owning and publishing Comsure's copyrighted works, Comsure wishes to use the copyright-protected works of others. To do so, Comsure is applying for exemptions in the UK copyright law. There are certain very specific situations where Comsure is permitted to do so without seeking permission from the owner. These exemptions are in the copyright sections of the Copyright, Designs and Patents Act 1988 (as amended)[www.gov.UK/government/publications/copyright-acts-and-related-laws]. Many situations allow for Comsure to apply for exemptions. These include 1] Non-commercial research and private study, 2] Criticism, review and reporting of current events, 3] the copying of works in any medium as long as the use is to illustrate a point. 4] no posting is for commercial purposes [payment]. (for a full list of exemptions, please read here www.gov.uk/guidance/exceptions-to-copyright]. Concerning the exceptions, Comsure will acknowledge the work of the source author by providing a link to the source material. Comsure claims no ownership of non-Comsure content. The non-Comsure articles posted on the Comsure website are deemed important, relevant, and newsworthy to a Comsure audience (e.g. regulated financial services and professional firms [DNFSBs]). Comsure does not wish to take any credit for the publication, and the publication can be read in full in its original form if you click the articles link that always accompanies the news item. Also, Comsure does not seek any payment for highlighting these important articles. If you want any article removed, Comsure will automatically do so on a reasonable request if you email firstname.lastname@example.org.