Outsourcing & Third Party Risk Management Training Course

As the risk inherent to business relationships grow, regulators have been drafting and implementing outsourcing and third-party risk management rules and guidance. 

Our Outsourcing & Third Party Risk Management course provides insight into outsourcing and third-party risk management rules and procedures firms must comply with.

Request a Free Trial

Chevron Skillcast chevron graphic
Outsourcing and Third Party Risk Management Training Course

About this Course

Our Outsourcing and Third Party Risk Management course is available as part of our comprehensive FCA Compliance Library, which contains training modules covering everything from high-level and conduct of business standards to thematic topics.

Learning Objectives

This course will prepare you to:

  • Identify when an arrangement might be considered to be outsourcing
  • Identify and manage risks arising from third parties
  • Recognise the regulators' high-level expectations
  • Identify critical and important functions
  • Establish good governance and retained accountability
  • Put in place a written agreement
  • Know when to notify the regulators about material outsourcing

Course Outline

Welcome

What do we mean by outsourcing & third-party risk management?

- Definitions
- Regulatory concerns about outsourcing and third-party risk management

High-level expectations

- Fundamental rules and principles
- Systems and controls
- Organisational arrangements
- Risk management
- Examples of risks
- Risk mitigation

Governance & accountability

Due skill, care & diligence

Written agreement

- Access rights
- Exercising the right to audit an outsourced provider
- You decide: Access and audit rights
- Exercise: Data in outsourcing relationships
- Data security in outsourcing and third-party relationships

Material outsourcing

Summary

Affirmation

Assessment

Course Specifications

This course is designed to  for all staff members.

Structure

Structure

Approximately 60 minutes followed by a 10-question assessment.

Audience

Audience

Suitable for all staff - examples and interactivities designed for staff at all levels. No previous knowledge or experience is required.

Design

Design

SHARD-compliant, responsive display on all devices, accessibility on screen readers, visual design controlled via client style sheet.

Fast track

Fast Track Option

Ability to offer optional test-out, whereby users can choose to skip the course content and complete the learning assignment by simply passing the assessment.

Compatibility

Compatibility

All Windows, Mac OSX, iOS, Android (Flash-free for mobile compatibility). AICC and SCORM 1.2-compliant, suitable for both hosted and deployed SCORM or AICC.

Tailoring

Tailoring

Fully customisable on Skillcast Portal CMS.

Translation

Translation

Pre-translated versions not available, but all text content can be exported for translation into all languages.

Localisation

Localisation

Based on UK legislation, but suitable for global audiences upon the removal of UK-specific references and translation as necessary.

Access Our Courses on Skillcast Plans

Our compliance training courses are available across Skillcast plans. Our plans cover businesses with small to large teams and offer a mix of tailored and off-the-shelf courses.

We have three plans available; simply choose the one that meets your needs below.

CoreCompliance

Skillcast CoreCompliance provides your own portal pre-loaded with the key compliance courses needed in your sector. It's the most comprehensive and cost-effective compliance training solution on the market for teams of up to 50 staff.

Prices start from £349 for 12 months.

Standard Plan

Skillcast Standard is a flexible plan for building your digital compliance portal. You start with our award-winning Learning Management System and select one or more course libraries to train your staff.

Later, you can add the Policy Hub for policy attestations, DSE self-assessment, Gifts and Hospitality register, and other features to streamline staff compliance.

Premium Plan

Skillcast Premium combines our innovative technology tools and features into one simple solution. The premium plan is designed for companies that want a fully featured, branded and managed portal to transform their staff compliance.

It enables you to create comprehensive user journeys to deliver learning and policies, obtain declarations and submissions, and consolidate data to achieve your compliance outcomes.

More on SMCR

In the United Kingdom, the Senior Managers and Certification Regime (SMCR) is designed to foster accountability among senior managers at financial services companies while elevating ethical and professional standards across the entire workforce.

The SMCR replaced the Approved Persons Regime (APR), which was previously applicable to key individuals in regulated entities. In the realm of insurance companies, this regime effectively superseded the Senior Insurance Managers Regime (SIMR), marking a significant shift in how financial services firms manage and hold their senior personnel accountable.

There are three key parts to the SMCR: Senior Managers Regime, Certified Persons Regime and Conduct Rules.

  • Senior Managers Regime
    This enforces a detailed and clear allocation of responsibilities between senior managers at each firm, with particular emphasis placed on key documents - 'Statements of Responsibilities' and 'Responsibilities Maps'. These help to record the distribution of responsibility to individual Senior Managers and to demonstrate to the regulators that there are no gaps or excessive overlaps. Always bear in mind that Senior Managers have a statutory duty of responsibility "to take reasonable steps to prevent regulatory breaches in the areas of the firm for which they are responsible".
  • Certification Regime
    This requires firms to check and confirm that employees performing roles relating to the firm's regulated activities are fit and proper, based on their qualifications, competence and personal characteristics. Once this has been confirmed, the firm needs to issue them with a certificate that must be renewed every year.
  • Conduct Rules
    This consists of a set of rules provided in the FCA's Code of Conduct Handbook (COCON) that covers all individuals:Senior Managers, Certified Persons and other employees.

How to comply with SMCR

1. Statement of Responsibilities - Set out the areas for which each Senior Manager is personally accountable
2. Responsibilities Map - This knits together the Statement of Responsibilities
3. Pre-approval for all Senior Managers - obtain this from the regulators before they carry out their roles
4. Duty of Responsibility - Ensure that Senior Managers understand their responsibilities and take reasonable steps to prevent regulatory breaches in their areas of responsibility
5. Identify all Certified Persons - These are all material risk takers
6. Fit and Proper Assessment - Of all Certified Persons, then re-assess on an annual basis
7. Training - Of all those who are subject to the Conduct Rules

SMCR Scope

SMCR rollout waves

The SMCR has been rolled out in three waves:

Wave 1: Banks, building societies, credit unions and large investment firms in March 2016 (updated July 2018)
Wave 2: Extended to insurance firms (those regulated by the FCA and PRA) in December 2018
Wave 3: The remaining financial services firms (otherwise known as 'solo-regulated firms' since they are regulated only by the FCA, not the FCA and PRA) came under the scope of this regime in December 2019.

SMCR categories

The third wave encompasses a wide variety of firms. To ensure that regulation is appropriate to their sizes and activities, the FCA has categorised them into three distinct groups:

Core: Firms that have to comply with the baseline requirements for solo-regulated firms
Limited scope: Firms that already had exemptions under the Approved Persons Regime, and are exempt from some requirements and require fewer senior management functions
Enhanced: Firms that have extra requirements - these are large, complex firms with potential impact on consumers or markets which warrant more attention from the FCA

SMCR & Duty of Responsibility

Senior Managers have a statutory duty of responsibility "to take reasonable steps to prevent regulatory breaches in the areas of the firm for which they are responsible". The FCA can take action against a Senior Manager (SM) where it can show that:

  • There was misconduct by the SM's firm,
  • At the time of the misconduct or during any part of it, the SM was responsible for the management of any of the firm's activities in relation to which the misconduct occurred, and the SM did not take such steps as a person in their position could reasonably have been expected to take to avoid the misconduct occurring or continuing.

The burden of proof for all these elements lies on the FCA. The SM does not need to show that they took reasonable steps - rather, it is for the FCA to prove that they did not. The defence against such action is if the senior manager can show that they took "the steps that are reasonable for a person in that position to take to prevent a regulatory breach from occurring".

Fitness and Propriety

The FCA must approve all senior managers, which assess whether they are fit and proper to perform the given function or responsibility.

Three key factors determine whether you are Fit and Proper:

  1. Honesty, integrity and reputation
  2. Competence and capability
  3. Financial soundness

When assessing a person's financial soundness, the FCA typically does not require a statement of the individual's assets or liabilities. Having limited financial means does not, by itself, impact the suitability of a person to perform a Senior Management Function (SMF).

When appointing a Senior Manager or Certified Person, firms must obtain regulatory references from all of their past employers from the past six years. This requirement also applies to the appointment of Non-Executive Directors (NEDs) who are not Senior Managers.

To meet this requirement, firms must keep records of disciplinary actions and fit and proper assessments for the past six years and avoid any agreements that would conflict with their disclosure obligations.

Want to learn more about SMCR?

This training aid is just one of 100+ free compliance training resources, including assessments, best practice guides, checklists, desk aids, eBooks, games, handouts, posters, training presentations and even e-learning modules!

You can keep up to date with SMCR best practices, industry insights and key trends across regulatory compliance, digital learning, EdTech, and RegTech news, by subscribing to our FCA Compliance Bulletin.

Our SMCR Compliance roadmap will help you navigate the compliance landscape supported by a comprehensive library of SMCR Courses and a fully integrated SMCR 360 Compliance Toolkit to streamline, unify and automate your processes.

Finally, SkillcastConnect provides a unique opportunity to network with other compliance professionals in a vendor-free environment, as well as exclusive benefits, including access to our free online learning portal.

ll
quote mark top quote mark bottom

We, as a firm, are very satisfied with the Skillcast training platform, its course design and its content. The online tools and guidance provided by the platform are super easy, enabling anyone to incorporate their own designed training modules with the help of course editor options.

Trusted Customer, Feefo Review

FCA Course Library

Our FCA Course library of over 60 training modules covers everything from high-level and conduct of business standards to thematic topics, including treating customers fairly.

Request a Free Trial

Chevron Skillcast chevron graphic
FCA Course Library