Why is this important?
Third party refers to any external entity that has entered into a business relationship or contract with the regulated firm to provide a product or service. This includes suppliers, vendors, business partners and affiliates, brokers, distributors, resellers, and agents. They can be both upstream (suppliers and vendors) and downstream (distributors and agents).
Outsourcing is an arrangement of any form whereby a service provider performs a process, a service or an activity, which would otherwise be undertaken by the firm itself (PRA and FCA)
The criteria to determine whether an arrangement constitutes outsourcing or not include the following:
- Is the product or service performed on a recurrent or an ongoing basis by the third-party provider?
- Would the product or service normally fall within the scope of functions that would or could realistically be performed by the firm, even if it has not performed this function in the past itself?
The PRA has provided a list of exceptions (for instance, one-off purchases such as software licences would not be regarded as outsourcing). There is some room for judgment and interpretation. Debates within firms and providers as to whether a relationship should be classified as outsourcing have tended to focus on the letter of the definition and have often had the objective of trying to avoid higher levels of scrutiny and oversight.
With the new policy statement, there is a key shift in emphasis from ‘Outsourcing’ per se to ‘Materiality’. Whilst the definition of outsourcing is unchanged, there is recognition that some non-outsourcing third-party arrangements can give rise to comparable risk.
Non-outsourcing third-party arrangements are those third-party arrangements which fall outside the definition of outsourcing. Effective risk-based controls are required for material non-outsourcing third-party arrangements commensurate to the risks of the arrangement. Hence there is a requirement to assess materiality for all third-party arrangements.
The three main points of difference to note compared with the consultation paper from December 2019 relate to:
- Non-outsourcing third-party arrangements
- Proportionality (for instance, intragroup outsourcing)
- Access, information and audit
What is Materiality?
A function is regarded as material (also referred to as critical or important) where a weakness or failure of the service would cast doubt on the firm’s safety and soundness, including its financial performance, financial resilience (i.e. assets, capital, funding and liquidity), operational resilience (ability to continue providing important business services) and soundness or continuity of its regulated activities and continued satisfaction of the Threshold Conditions and of the Firm’s regulatory obligations.
Have you read our responses behind other key questions? You can view them by clicking on the links to the pages below: