The Consumer Duty and outsourcing: remediation or not?

The Consumer Duty (“Duty”) applies to all regulated firms that have a material influence over, or determine, retail customer outcomes. As firms approach the key 31 July 2023 milestone for their implementation work, focus turns to the potential impact on firms’ outsourced service arrangements for both day 1 and on operational controls on an ongoing basis.

In-scope agreements

The Duty will apply even where a firm does not have a direct contractual relationship with the retail customer. This may be where the firm has outsourced arrangements with:

• an unregulated service provider whose actions have the potential to impact end customers and as such, the firm’s compliance with the Duty (e.g. an unregulated call centre or print and mail services);
• a regulated service provider whose actions have the potential to impact end customers and as such, its own compliance and the firm’s compliance with the Duty (e.g.  a pension scheme administration service provider providing customer support and responding to complaints).

Compliance with the Duty cannot be delegated to third parties and remains the responsibility of the firm.

Contractual requirements

The Duty has no specific requirements for outsourcing agreements. However, firms will need to have systems and controls in place to monitor the support provided by third parties and to provide assurance that firms are meeting their regulatory obligations. Where systemic or recurring issues are identified, firms will need to have the ability to take action to remedy these.

We expect that robust material outsourcing agreements will already include helpful systems and controls that can be used to obtain relevant management information or conduct outcome testing activity to provide assurance that an appropriate level of consumer support is being delivered. This may be through existing governance arrangements, service levels or audit requirements. It will, however, be important for firms to check that these systems and controls are in place and, if not, update their contractual arrangements accordingly. In order to make changes to the agreement, change control provisions should be assessed as the third party may be entitled to charge for change requests / statements of work, even where this is facilitating the firm’s compliance with regulatory rules and guidance.

To help firms meet the requirements imposed by the Duty, in-scope material outsourcing agreements could include, or add to existing, contractual provisions, such as:

• Compliance with law – firms must ensure that third parties comply with applicable law (including regulatory guidance). The key issue that often arises here is that if the third party is itself unregulated then the Duty will not apply to it, so it is important from the firm’s perspective that compliance with applicable law is wider than only the law applying to the third party as otherwise this would not capture compliance with the Duty. The starting position should be that third parties should comply with applicable law (including regulatory guidance) applying to the firm, although this is often strongly resisted by third parties. In which case, how a firm intends to meet its Duty requirements will need to be translated into clear obligations built into service descriptions, operating procedures and service levels.
• Governance – firms should ensure that the Duty is considered as part of the agenda of relevant governance meetings with third parties. Firms should consider whether the governance requirements are wide enough to incorporate Duty considerations; for example, whether the Duty is being considered in all relevant discussions, such as on strategy, and whether all relevant committees (e.g. Risk / Internal Audit) are considering issues through the lens of customer outcomes.
• Service levels – firms should consider whether existing SLAs need to be updated to ensure third parties provide additional management information and support outcome testing activity regularly. Often management information can be limited to relating only to the services provided, which may not be wide enough. As part of these considerations, it will be important for the firm to consider how it defines good outcomes (over the short, medium and long term) for customers while using products and services and how SLAs ensure the third parties support these outcomes. In particular, the firm will need to consider what outcomes customers are getting from the relevant third party and whether they are aligned with reasonable expectations.
• Sub-contracting – firms will already be aware of the importance of ensuring oversight and control over any onward sub-contracting by a third party. It will be particularly important for firms to ensure that the Duty requirements, and appropriate systems and controls, are imposed on onward sub-contractors where relevant (particularly given the firm will not have a direct contractual relationship with those onward sub-contractors). Firms may wish to ensure that third parties are obliged to ensure that onward sub-contractors comply with the Duty requirements directly, particularly where those onward sub-contractors are unregulated such that the Duty does not apply to them directly.
• Business continuity / disaster recovery – firms may want to build in Duty considerations to their BCDR planning, which may require additional obligations on the third party to support those considerations. For example, firms will need to consider how customer outcomes could be impacted and what would need to happen in the event of business interruption. It may be prudent for firms to combine their approach here, and any subsequent change requests, with the work they may be doing on operational resilience which is likely to have some overlap in relation to identifying important business services and setting impact tolerances.
• Remediation and redress – where firms identify third party issues in the delivery of customer outcomes in line with the Duty, the outsourcing agreement should give the firm the ability to use remedial action where appropriate. This might include requirements on the third party to:
  • act in good faith and promptly and fairly remedy the issue;
  • provide reporting and updates to the firm on the remediation status;
  • allow the firm to step-in in the event of material failure;
  • provide redress commensurate with the benefit that was difficult to utilise; and/or
  • proactively contact customers to explain the issue and the steps the third party can take to fully utilise the product or service.
• Exit – following termination, firms may wish to ensure contractually that third parties are approaching exit arrangements with a focus on the Duty and are maintaining good customer outcomes throughout a transition to an alternative arrangement.

Wider considerations

In addition to contractual terms, firms will need to consider how the Duty will impact their wider business. Firms will be expected to embed the Duty throughout the lifecycle of an arrangement and will need to be able to demonstrate that it is appropriate to outsource the relevant function and consider how that assessment impacts on the firm’s outsourcing policy. We expect that certain trends may arise, for instance:

• Cultural shift – the FCA expects that firms’ cultures will need to fundamentally change in line with the Duty’s expectations. Firms will in turn want to ensure relevant third parties are culturally aligned to their business. Unregulated third party providers may challenge compliance but it is important that third party providers align culturally with the regulator’s expectations in this area in order to meet their client’s needs.
• Consumer duty champion – we may see a shift from third parties towards embedding specific roles like a Duty “champion” to support the provision of the product / service.
• Remuneration structures – we expect that providers will need to go further than has previously been expected for high impact material outsourcings. If, for example, call centre arrangements base performance on numbers of customers dealt with then this may drive bad behaviours and firms may be expected to question or challenge these arrangements and set new parameters.
• Training – we expect training for staff who are directly engaging with customers, e.g. customer support staff, will need to become deeper and more detailed as a result of the Duty. It will also need to be regularly reviewed and updated to implement lessons from consumer testing.

We approach financial services outsourcings from a regulatory perspective. This is particularly important where upcoming regulation, such as the Duty, has an impact across the whole of the outsourcing arrangement. Please get in contact if you would like to discuss any area of this article in more detail, or have any questions.