European Union: EU Rules Affecting Outsourcing In The Financial Services Sector In Europe

The financial services sector in Europe will become subject to a new regulatory regime as of November 1, 2007. The new regime implements the Markets in Financial Instruments Directive of the EU — known as MiFID. The new provisions introduce a change of emphasis in the regulation of outsourcing in the financial services sector and some new procedural factors for firms contemplating outsourcing arrangements in this area, and will be applicable to outsourcing relationships in existence on, or entered into after November 1st.

Managers of EU firms with outsourcing relationships should familiarize themselves with the new rules and, in particular, determine whether steps need to be taken to adjust their existing arrangements or whether the relevant regulators need to be notified about the terms of the outsourcing.

MiFID applies both to the core investment services and activities of financial institutions that are established in an EU member state and to certain ancillary services provided in conjunction with the core services. The core services include: reception and transmission of orders in relation to one or more financial instruments, execution of orders on behalf of clients, dealing on own account, portfolio management, investment advice, underwriting of financial instruments and/or placing of financial instruments on a firm commitment basis, placing of financial instruments without a firm commitment basis, and operation of Multilateral Trading Facilities. MiFID will therefore apply to EU-established subsidiaries of US financial institutions but will not apply directly to branches of US financial institutions operating in the European Union. Such branches will be subject to equivalent provisions as may be determined by each member state.

An objective of MiFID is to ensure that operational risk is not increased as a result of outsourcing. It seeks to regulate outsourcing of critical or important functions undertaken by financial institutions. There is little guidance as to what is a "critical" or an "important" function, but examples given in guidance in the United Kingdom indicate that the terms should be interpreted broadly — and certainly more so than in the current

regulatory system. For example, support and maintenance activities for software applications are seen as a potentially important or critical function. On the other hand, market data feed arrangements as well as those for obtaining legal advice are not — and indeed may not even be seen as — outsourcing arrangements.

Management of the firm is also obliged to consider the application of the MiFID rules to outsourcing of functions that are not critical or important in a proportionate manner.

There are detailed rules specifying contract provisions that need to be incorporated in outsourcing arrangements and clarifying how those arrangements should be managed in an effort to minimize operational risk. Broadly, these requirements are a distillation of good practice in outsourcing relationships. One new requirement — at least in relation to the current UK regulatory regime — focuses on the way in which a firm structures itself to govern the outsourcing relationship and how the firm monitors how well its relationships are being governed.

It would be prudent for firms to analyze any outsourcing relationships that may relate to critical or important functions and ensure that they do have in place all the protections that MiFID requires.

In the United Kingdom, the Regulator has issued guidance to the effect that it requires notice of any restructuring, re-organization, or business expansion that could significantly impact a firm’s risk profile or resources — such changes include a firm’s entry into or changing of a material outsourcing arrangement.

The concept of "material outsourcing" is the mechanism used in the pre-MiFID world to determine whether an outsourcing relationship is of such significance that it falls within the scope of regulation. On November 1, 2007, the test will be the broader "critical or important functions" test and it is likely that firms will want to consider whether there are additional relationships about which the Regulator ought to be notified.

Mayer Brown has outsourcing lawyers and financial services regulatory lawyers who can assist you with any concerns you may have aboutthe impact of this change in the legislation on your activities in Europe. In particular we can help you analyze existing arrangements to determine steps that should be taken in advance of the November 1 deadline.

Copyright © 2007, Mayer Brown LLP and/or Mayer Brown International LLP. This Mayer Brown article provides information and comments on legal issues and developments of interest. The foregoing is not a comprehensive treatment of the subject matter covered and is not intended to provide legal advice. Readers should seek specific legal advice before taking any action with respect to the matters discussed herein.

Mayer Brown is a combination of two limited liability partnerships: one named Mayer Brown LLP, established in Illinois, USA; and one named Mayer Brown International LLP, incorporated in England.