2024-10-11
Added · Updated
The Namibia Financial Institutions Supervision Authority issued General Standard 10.10-2024 to regulate the outsourcing of material business functions by financial institutions and intermediaries, particularly retirement funds and fund administrators. The standard clarifies that insourcing and ancillary IT functions remain permissible, confirms that board-designated employees must manage risk reporting, and mandates prompt data access for regulators and auditors. Maintaining a principle-based framework, the regulation ensures proportional application across varying entity sizes while preserving board accountability and orderly termination protocols.
1 RETIREMENT FUNDS INDUSTRY COMMENTS ON FIMA GENERAL STANDARD 10.10- 2024 (OUTSOURCING OF FUNCTIONS AND RESPONSIBILITIES BY FINANCIAL INSTITUTIONS AND FINANCIAL INTERMEDIARIES) Company Name: STD/REG No. & Section/Clause: Comment/Description of issue: Proposed Amendment/Solution: Accepted (Comments) Rejected (Comments) Methealth 8. Fund Administrators Functions and duties outsourced to a fund administrator Note that fund administrators are defined as financial intermediaries. Kindly delete. Accepted. Schedule 2- Fund Administrator i) Functions and duties outsourced to a fund administrator may not be outsourced ii) Providing financial advice There are ancillary functions related to IT and administration systems that allow fund administrators to administer funds and which are typically outsourced by the fund administrator to a 3rd party. To our understanding these ancillary type functions would constitute material functions and are not prohibited from being outsourced. It is also our understanding that investment management type functions would not constitute the principal business of a fund Kindly confirm/clarify. Correct. Ancillary functions and tools used to perform the functions are not the functions outsourced to the fund administrators. Therefore, they are not prohibited from being outsourced. Further, investment management is not the principal business of a fund administrator as defined in the Act.
2 administrator and are therefore not prohibited from being outsourced. Momentum Metropolita n Namibia (MMN Group) 5. Retirement Fund i) Benefit design ii) Admission of members/partici pating employers iii) Holding of contributions iv) Awarding, assigning, authorizing investment mandates v) Assessing and determining claims vi) Payment of benefits for defined benefit retirement funds How would iv) impact retirement funds that are underwritten or funds with policies of insurance? Kindly clarify. Declined. There will be no impact as underwritten funds are not outsourced as the fund bought a product. 8. Fund Administrators Functions and duties outsourced to a fund administrator Note that fund administrators are defined as financial intermediaries. Kindly delete. Accepted. Retirement Funds Institute of Namibia Standard No. GEN.S.10.10 Clause 1(1)(b) “in-sourcing arrangement” means the outsourcing of a material business function by a financial institution or Larger corporations insource functions to the specialized department, how is this seen as part of outsourcing if it remains under the name and scope and responsibility of the main incumbent of the duty? Could give many funds and administrators an added advantage and vantage point on costing if this is in-sourced which in the end would be We propose the removal of insourcing as a form of outsourcing. A cost benefit analysis should be conducted to determine of the Members of retirement funds would be better or worse off in terms of savings towards an adequate retirement. Declined. Insourcing is another method of outsourcing together with off-shoring and sub-outsourcing. In addition, if specialised departments are within the same legal entity, then it is not
3 financial intermediary to a related service provider such as a subsidiary, affiliate, or associate; beneficial to members in the funds and Collective investment schemes or even as far as risk premiums are concerned. Is the interest of the member considered? considered outsourcing. Clause 1(1)(e) “outsourcing” means and arrangement whereby a financial institution or financial intermediary uses a service provider to provide a material business function on its behalf, and it includes insourcing, off-shoring and sub outsourcing arrangements; What would be deemed as a material business function for the various types of entities in the regulated entities of the Regulator, NAMFISA? The net in this instance is cast too wide and may become subject to interpretation and manipulation. Rather state clearly which party should be responsible for which services relating to the outsourcing thereof. Declined. The test for whether a function is a material business function is provided for under section 6 of the Standard. Moreover, the Standard is principle based in line with NAMFISA’s risk based supervisory approach and international best practice. It is accepted that because regulated entities vary in size, complexity, products and services, and activities, that the extent to which they use outsourcing will differ. Therefore, the application and implementation of the Outsourcing Principles should be proportional to and suitable for the size, complexity and risks outsourcing poses to the regulated entity
4 i.e. the application of the Outsourcing Principles should be tailored to fit the specific characteristics and challenges posed by the regulated entity. Clause 1(1)(g) “Outsourcing arrangement” means the outsourcing of a material business function by a financial institution or financial intermediary to a service provider; Would the appointment of a data protection representative be deemed outsourcing of the material business function of an administrator responsible for the data protection for instance? Define material business function in the sense of funds, asset managers, administrators, benefit consultants and all other accountable institutions, to avoid areas of ambiguity in the “outsourcing” of services. Declined. Considering sections 6 and 7 of the Standard, the Standard is principle based in line with NAMFISA’s risk based supervisory approach and international best practice. It is accepted that because regulated entities vary in size, complexity, products and services, and activities, that the extent to which they use outsourcing will differ. Therefore, the application and implementation of the Outsourcing Principles should be proportional to and suitable for the size, complexity and risks outsourcing poses to the regulated entity i.e. the application of
5 the Outsourcing Principles should be tailored to fit the specific characteristics and challenges posed by the regulated entity. Clause 1(1)(j) “sub-outsourcing arrangement” means an arrangement whereby a service provider in an outsourcing arrangement further outsources the whole or part of an outsourced material business function to another service provider. Many agreements make provision for the severability of a portion of the agreement and thereby indirectly also provides for sub outsourcing with the consent and upon signature of the financial institution, will this then not be allowed, in essence this would amount to the removal of a service from the outsourcing agreement and then appointing a separate specialized service provider for that portion only, and no appointment by the outsourced entity. Allow for severability of clauses in the event of having obtained the consent of the financial institution or on instruction of the financial institution. Funds / Accountable institutions should have the autonomy to sever the services from a service provider for more prudent service delivery elsewhere if and when required. Entities to whom services are outsourced must request permission to further outsource portions of the service to another entity and should not be allowed if not express permission is obtained. Clarification. Sub-outsourcing is not prohibited. Except what is explicitly prohibited by the Standards and Act. Principle business Clause 3. A financial institution or financial intermediary may not outsource its principal business. For retirement funds in schedule 2, admission of members / participating employers, assessing of claims and the payment of benefits for defined benefit funds are specifically excluded from being outsourced in terms of clause 1. These are normally the functions outsourced to the Administrators in the admin SLA, so how could the fund be expected to admit members and their data as well as the dealing with claims, apart from Clarity needed as to what does the administration services relate to and how does it differs from the list of items of schedule 2 for Retirement Funds as not being able to be outsourced? Clarity is required around the confusion as to the allowable services and the specifics related to the actual admitting of members on the administrative system. All items listed under item 5 of Schedule 2 are matters that funds ordinarily provide in according to the Rules of the fund. Therefore there is no reason to outsource them. The admission of a member means determining the eligibility of a member into the retirement
6 death claims. Should the clause not make provision for the outsourcing of the administrative functions of the fund as provided for in chapter 8 of Schedule 2? Clarity is needed on what exactly is meant by the holding of contributions as highlighted in the schedule. Does the holding of contributions mean that fund must have their own bank account to receipt contributions to or conduit the contributions through, or exactly what is the intention therewith? fund. Uploading a member on an administrative system is an administrative function that may be outsourced. The holding of contributions should be in the bank account of the retirement fund and not of the administrator’s bank account. Clause 4 (2) The board and senior management of a financial institution or financial intermediary must designate employees responsible for continuously identifying, reporting, and mitigating risks strategies of outsourced activities. (3) The designated employees referred to in sub-clause (2), must timeously inform the board and senior management of the financial institution Although prudent this might add to the running costs of the fund which members pay for, is the intention that this be the case and impact on members where there is currently no capacity for shared services in the financial institution. What would constitute timeously informing the board and senior management? Can this be outsourced? Clarity needed in this regard where there is no scope can it be designated to the Administration team as part of the admin function? Clarity is therefore sought as to whether a designated person should be appointed or a person in the employee of the must be designated with this function? How does this tie into the board duties to manage and mitigate risks, the board remains ultimately accountable. Propose that outsourcing be managed through the risk register and not through a staff member. Clarification. Governance functions are functions that a regulated entity must perform and should not be outsourced because ensuring good governance is integral to the effective operations and performance of the regulated entity. The board has the discretion to designate employees responsible for risk management and timeously informing the board of those risks, whether that will be done by the PO, or a certain employee appointed, it must be done.
7 or financial intermediary about those risks. Clause 6(2)(i) ability of the financial institution or financial intermediary to meet NAMFISA’s supervisory powers and maintain internal controls should the service provider fail to perform their activities or functions; These are normally matters dealt with under the breach or specific performance clauses in agreements. Should this not be left to the devices of the Financial Institution and if impeding the Regulator, the Financial Institution remains accountable to the Regulator as it in any case does. Allow for the contractual terms to be agreed on between the parties in the event of non-performance and placement of the breaching party on terms for so long as the relationship exists and provided the Financial Institution does not abdicate its duties through the SLA. Clarity is sought as to whether the dealing of the matter through the breach provisions of an LSA shall suffice for this requirement. Provision should be made for the occurrence of a force majeure and indication to be provided for such events occurring and preventing performance. Clarification. The intention of section 6(2)(i) is to ensure operational resilience of the regulated entity so that NAMFISA can continue to supervise it. The contractual requirements suggested are provide for under parts c), (d) and m) of Schedule 1. Principle 6: Access to data, premises, and personnel 13. (1) A financial institution or financial intermediary must ensure that NAMFISA, their auditors (if applicable) and the financial institution or financial intermediary themselves can promptly obtain, Why would the Financial Institutions have to grant access to NAMFISA’s auditors. Does the audit of the Regulator not relate to the conduct and financial information of the Regulator alone? Remove provision of auditor access and clearly specify whose auditors should be allowed to access, the financial institution’s auditor of NAMFISA’s auditors. Accepted. Amended to read: A financial institution or financial intermediary must ensure that NAMFISA, the auditors of the financial institution or financial intermediary (if applicable) and the financial institution or financial intermediary themselves can promptly obtain, upon request, information concerning the outsourced material business function and
8 upon request, information concerning the outsourced material business function and where necessary, there must be prompt access to the data, information technology systems, premises, and personnel of the service provider. where necessary, there must be prompt access to the data, information technology systems, premises and personnel of the service provider. Principle 7: Termination of Outsourcing 14. (1) A financial institution or financial intermediary must ensure that there is an orderly transition in the event of an outsourcing agreement being terminated. This would obviously be the ideal situation, but this cannot be dictated from a regulatory standpoint in addition to the nonabdication of board duties. If the relationship ends on a sour note, then this is beyond the control of the Financial Institution who should in any case ensure that there is a backup copy of all information and data available. Remove requirement for the fact that it is beyond the power of the Financial Institution on how the relationship will be terminated and provide for the Financial Institution to be accountable for the continuous upkeep of data and accuracy thereof. Declined. Principle 7 requires the parties to agree on how their relationship will be terminated, so that even if the relationship ends on a contentious note that the parties exit the relationship in the agreed upon order. RFS Fund Administrat ors GEN.S.10.10 Outsourcing Clause 3/ Schedule 2 Clause 3 prohibits a financial institution or financial intermediary from outsourcing its principal business. Schedule 2 defines the principal business function or activity of a fund administrator as all “functions and duties outsourced to a fund administrator”. Limit the prohibition of outsourcing by the fund administrator to the material business functions or activities by insertion of the following underlined words to the wording in Schedule 2: “Material business functions and duties outsourced to a fund administrator” Clarification. The principal business of a fund administrator is to perform the functions and duties prescribed by the retirement fund in the service level agreement. Therefore, those duties cannot further be outsourced by the fund
9 A fund administrator may therefore not outsource any functions outsourced to the fund administrator, resulting in the retirement fund having to outsource those functions directly to the service provider. There may be instances where it is beneficial to the retirement fund to channel an outsourcing function via the fund administrator. For example, where the source of the data used by the third-party service provider is data obtained directly from the fund administration system, for member communication or unit pricing, or similar functions. (“Material business function or activity” is defined under clause 1 of the standard.) administrator to a third party.