Download presentation
Presentation is loading. Please wait.
Published byCatherine Nicholson Modified over 9 years ago
1
Outsourcing risk Wade Martin Risk Manager - Cbus Super
2
Risk Management Declaration the Trustee has assessed the risks of outsourcing any business activity; is satisfied that the risks and relevant controls relating to these risks are appropriate to the Trustee, having regard to the size, business mix and complexity of business operations and the operational capabilities of the Trustee itself. the Trustee has assessed the risks of outsourcing any business activity; is satisfied that the risks and relevant controls relating to these risks are appropriate to the Trustee, having regard to the size, business mix and complexity of business operations and the operational capabilities of the Trustee itself.
3
Trustee Duties – s52 SIS Act to perform the trustee’s duties and exercise the trustee’s powers in the best interests of the beneficiaries; to formulate, review regularly and give effect to a risk management strategy that relates to the risks that arise in operating the entity;
4
Risk Appetite Has the Board clearly articulated its appetite to outsource? What tolerances have been defined? Whilst 231 mandates the inclusion of certain provisions, the nature of those provisions will ultimately be reflective of an entity’s risk appetite. Consider: Caps on liability and indemnity Insurance Subcontracting
5
Risk Management Framework In assessing the options for outsourcing and entering into the agreement, Trustee must be able to demonstrate that: It has taken into account the changes to the risk profile of the business activity; and How this changes risk profile is addressed within the trustee’s RMF.
6
Outsourcing risks Non-compliance Adequacy of resources Business disruption Remuneration and pricing Offshoring Exit and transition risks Liability for loss Underperformance Conflicts of interest Data security and privacy
7
Links to other Prudential Standards Business Continuity Management Conflicts of Interest Investment Governance Governance Risk Management
8
Internal Control Framework Tiers of outsourced providers Outsourcing Policy Due diligence Delegations Linking outsourced provider profiles to: – business risks – business processes – incidents and breaches
9
Appointment process Business case Selection process Change in risk profile Adequacy of resources Board & Committee involvement All para. 21 matters Monitoring procedures Renewal process Contingency plans ‘Best interests’ determination
10
Monitoring Adequacy of resources to monitor and manage the relationship ‘Appropriate level’ of regular contact Process for performance monitoring including service levels Consider: – Provider’s resources – Data management – Conflicts – Compliance – Offshoring and subcontracting
11
Offshoring Definition Offshoring risks Subcontracting APRA consultation process
12
Offshoring Risks Choice of law Security and confidentiality of information Monitoring of the arrangement Country risk Compliance Contractual risk Access risk Counterparty risk
13
Assurance Internal Audit requirement APRA variation of para. 33 Practical experience Risk Management Declaration
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.