Sun reflecting on RPC building.

FSA warns firms about outsourcing of transaction monitoring

01 April 2011

FSA regulated firms must comply with their transaction reporting obligations and ensure adequate procedures are in place to check the accuracy of their reports to the FSA.

High profile fines for breaches of transaction reporting demonstrate the FSA's willingness to use its enforcement powers. Since August 2009, the FSA has fined seven firms for transaction reporting breaches.

The FSA's Market Watch newsletter recently warned firms that they must monitor transaction reporting outsourcing arrangements. If a firm outsources operational functions or any relevant services and activities, it remains fully responsible for discharging all of its obligations, including transaction reporting (SYSC 8.1.6). Firms must be aware of the risks outsourcing services present for controlling the accuracy and completeness of transaction reporting. It is essential that firms have procedures to verify and monitor the service provided by the third party, including by auditing.

As Robbie noted in respect of CASS audits, the FSA is imposing ever increasing burdens on firms to monitor their service providers. In the CASS context, it effectively requires firms to audit their auditors.  For transaction reporting, firms use Approved Reporting Mechanisms (ARMs), which are specialised systems approved by the FSA for the purpose of transaction reporting.  Most of the fines imposed by the FSA arose from systems and controls or training failures relating to the ARMs used. I note Jonathan's comments that the FSA is unforgiving when firms' IT fails them.  By contrast, in that situation, the regulator simply delayed the implementation of the new Controlled Function rules when its ONA system was not yet ready.