The risks and compliance pressures facing asset managers show few signs of abating in 2021, with many firms choosing to invest in third-party technology platforms to help with their ongoing risk, reporting and compliance.
Regulatory reporting is obviously one solution that many firms have chosen to outsource, with providers like AQMetrics saving firms time, money and effort in automating the process as much as possible. Increasingly, however, firms are also looking to outsource their UCITS monitoring solutions as well, with vendors able to make sure that their funds are always fully compliant with the UCITS framework.
So, when does it make sense to outsource? And how do you know you’re getting the most out of your UCITS compliance monitoring solution.
Build or buy?
There are a lot of reasons to outsource, of course, but one of the most frequently cited by asset managers is the time and money it saves.
The high cost of ownership for self-built solutions, for instance, is a major consideration, with more capital expenditure and higher headcounts often needed in order to build and maintain the solution.
Meanwhile, an additional difficulty of in-house software tools can be the separation of pre and post-trade monitoring. For UCITS regulated firms, the pre-trade compliance function often resides with OMS, while the post-trade compliance monitoring is frequently an in-house tool, created in a user-developed application.
A streamlined third-party platform can help you get around these issues, and it should bring a level of independence that can’t be achieved with an in-house created tool.
This independence is further bolstered with the third-party managing the implementation and testing of regulatory change, thus complementing the compliance testing framework in the firm itself. And adding a layer of independence will ensure you’re acting in spirit, rather than just the letter, of the law.
What to look for in a third-party?
When selecting a third-party platform, particularly with cloud solutions, it’s important that the vendor has a robust governance framework in place. The framework should include controls for information security (e.g. ISO 27001), compliance change management, business continuity and risk management.
While the FCA and ESMA have both published guidelines for the adoption and governance of technology solutions, these guidelines are to help firms and remain non-binding. However, it’s recommended firms take a risk-based approach, depending on the critical nature of the function. ’
For UCITS pre- and post-trade monitoring, therefore, any automated rulebooks should be reviewed by independent UCITS-specialised regulatory legal experts to ensure compliance with the regulations. An experienced technology provider with a robust compliance framework can ensure this happens without you having to seek independent legal advice.
Single Platform vs multiple vendors
Finally, the decision on whether to go with one or more technology providers is another governance consideration, and is particularly relevant with the rise of Super ManCos providing operational oversight, regulatory compliance and risk management across both UCITS and AIFMs (Alternative Investments).
With CP86 regulations requiring demonstrable substance to be evidenced across the six key functions of the ManCo, a single platform, with strong workflow capabilities, helps demonstrate organisational effectiveness in a consolidated, meaningful way.
In addition, a single platform brings efficiencies for vendor management, model governance, data management, regulatory change, compliance testing and business resilience. As noted in the FCA report, benefits include:
- Reducing manual input, lowering the risk of errors from data being re-keyed or presented differently on various tools
- Improved oversight, in both first and second-line, due to consistent and controlled data handling and creating a ‘single source of truth’
While there are potential drawbacks when it comes to relying on a single platform, these can be mitigated by thorough due diligence and making sure any third-party provider enhances your overall operational resilience.