Member Obligations Regarding Outsourcing

This Notice is intended to remind Members and their Approved Persons of their obligations with respect to compliance with MFDA By-laws, Rules and Policies where the Member or Approved Person has outsourced certain functions to outside service providers.

Member Obligations

Pursuant to MFDA Rule 1.1.3 (Service Arrangements), Members and Approved Persons may engage any person to provide administrative services provided that the services themselves do not constitute securities related business or duties or responsibilities that are required to be performed by the Member or Approved Person pursuant to the By-laws, Rules or applicable securities legislation. Members may also enter into introducing/carrying dealer arrangements with another Member. The requirements regarding introducing/carrying dealer arrangements and the obligations of the parties to such arrangements are contained in MFDA Rule 1.1.6 (Introducing and Carrying Arrangement).

As noted in MFDA Staff Notice MSN-0044 Member Obligations Regarding Service Providers, issued on July 6, 2005, Members that enter into introducing/carrying arrangements or engage outside service providers must ensure that the outsourced services meet all applicable regulatory requirements. Members must exercise due care, skill and diligence in the selection of any service provider to ensure that it has the ability and capacity to effectively undertake the outsourced service. In addition, procedures for monitoring the performance of the third-party service provider on an ongoing basis should be established to ensure that services continue to be performed in compliance with all applicable regulatory requirements.

IOSCO Principles

The International Organization of Securities Commissions (“IOSCO”) has noted these and other issues in its “Principles on Outsourcing of Financial Services for Market Intermediaries”. IOSCO identified the following general principles to be considered with respect to outsourcing:

1. Due diligence in selection and monitoring of service provider and service provider’s performance - As discussed above, due diligence must be exercised in the selection of third party service providers.
2. The contract with a service provider - Outsourcing agreements should be clearly written to reduce the risks of non-performance and avoid disagreements regarding the scope and nature of the service to be performed.
3. Business continuity at the outsourcing firm - Business continuity arrangements should be established to ensure that business disruptions are minimized if the service provider is unable to continue providing the outsourced service.
4. Client confidentiality issues - Measures should be taken to confirm that the service provider does not misuse or misappropriate confidential firm and customer information.
5. Concentration of outsourcing functions - IOSCO has noted potential concentration risks when a large number of firms use a common service provider.
6. Termination procedures - Termination provisions in outsourcing agreements should be addressed to ensure that any outsourced functions may be effectively transitioned in the event that an outsourcing agreement is terminated.
7. Regulator’s and intermediary’s access to books and records, including rights of inspection - Regulators, the outsourcing firm and its auditors should have access to the books and records of service providers.