FCA Compliant IT Systems and Support
Information Technology is an area that is quite daunting to most regulated Firms. There is a strong temptation to look for a single Systems Integrator to take the pain away. This is a perfectly rational decision to make, unless your intend to be regulated by the FCA or another competent body when the decision is not so clear cut.
Regulation, regulation, regulation
Regulation in the UK is principal based, the whys and wherefores are set out in rule books. The Systems and Controls rule book is the most important if you intend to outsource any functions like IT. Specifically SYSC 8.1 – General Outsourcing Requirements. The single most important bit of which is SYSC 8.1.6 which states “If a firm outsources critical or important operational functions or any relevant services and activities, it remains fully responsible for discharging all of its obligations under the regulatory system….”, which in plain English means you can outsource the delivery but NOT the responsibility. The FCA take this quite seriously having issued a “Dear CEO letter” in November 2013.
In terms of IT systems this means that you the Fund Manager are actually responsible for, need to show suitable over-sight of, and regular due diligence into the health of your suppliers. To dive back into the SYSC rulebook again SYSC 9.1 – General Rules On Record Keeping states in rule 9.1.2 that records should be kept for five (5) years. So you as a fund Manager have the responsibility to provide any information requested by the FCA back to the FCA within 24 hours on anything in the previous 5 years. Again you can outsource the delivery but not the responsibility. SYSC 8.1.7 compels a Fund Manager to undertake due diligence before entering into an Outsourcing arrangement and SYSC 8.1.8 requires a continual monitoring of the outsourcing. Again the Fund Manager retains the responsibility for this at all times.
What is the best approach
If you as the Fund Manager have managed to find a System Integrator to provide all your IT in one place and have the competence to engage, negotiate and manage an FCA compliant outsourcing contract with them then you have got a camel through the eye of the needle.
IP Sentinel believe that a single Systems Integrator cannot provide a full FCA compliant outsourcing service as the Fund Manager always retains the responsibility. IP Sentinel sit on the side of the Fund Manager, selecting a broad range of vendors, undertaking the due diligence, negotiating consistent T&C’s and putting in place contracts direct with the Fund Manager which can then be managed by the COO on a cost and delivery basis.
IP Sentinel the Prime Contractor
We implement an appropriate & scalable infrastructure using a broad range of suppliers. The Fund Manager contracts directly with suppliers to satisfy FCA due diligence requirements. IP Sentinel then manages the suppliers for the Fund Manager ongoing to ensure SYSC 8.1.7, 8.1.8 & 8.1.9 are satisfied.
Ongoing IP Sentinel acts a single point of support contact for the infrastructure in place and as a CTO for Fund Raising, Fund Consultant DD or Regulatory inquiries.
Design, Source and Implementation
Reference architecture for pricing purposes:
- PC with MS Office software
- Email with iPhone/Android capability
- Phone with voicemail
- File storage
- Backup & Archive
- Website & Intranet
- Print & Scan
- Office network & Internet
- AntiVirus & Malware Protection
- Multi Factor Authentication
Negotiate the best deal
Back to back T&C’s
Manage the implementation
IP Sentinel acts as prime contractor
Manage the front end for any ongoing support.
Support delivered by partner network
Metrics based service reporting