FSA to issue risk guidelines

The FSA will issue a feedback statement based on consultations for its draft handbook, Operational Risk Systems and Controls, which was released last August.

The final version is due later this year, with the guidelines to come into effect in 2004. A spokesman for the FSA said the feedback had been ‘broadly supportive’.

The handbook largely covers the area of disaster recovery in the event of a terrorist attack or natural disaster for the 11,500 organisations the FSA regulates.

The failure of increasingly automated IT systems and the security hazards of e-commerce are cited as the most important threats to business continuity, despite the guidelines coming in the aftermath of the terrorist attacks in the US.

The FSA also confirmed that the statement would clarify its position on outsourcing, which it increasingly regards as an ‘operational risk’.

‘Companies can outsource, and increasingly do, but we require them to have a firm grip on the policy and procedure such that the outsourcing work is done as well as if it was in-house,’ the spokesman said.

The handbook will state that organisations should document their business continuity strategy and reporting structure for IT operations clearly and, where necessary, should use technology to ensure the security of information.

Compliance with international security standard ISO17799 is recommended, and outsourced back-up arrangements should be re-evaluated.

Robert Morgan, chief executive of outsourcing consultancy Morgan Chambers, which advises users on large deals, said regulation is becoming an increasing headache when negotiating contracts.

‘The FSA will not tell you what they want but if you submit something they will tell you where it is wrong,’ he said.

And with the introduction of the Basel Capital Accord on credit risk in 2006, the structuring of outsourcing deals is set to become much more complicated, Morgan predicted.

The so-called Basel II accord will force compliance with reporting regulations concerning the capital requirements for financial institutions to ensure solvency.

Morgan said it would be a ‘fool’ who was not taking this into account when negotiating outsourcing contracts and fees now.

Related reading

Life Belt with Computer Folders
HMRC banknotes