Enforcement Action: J.P. Morgan Administration Services (Ireland) Limited reprimanded and fined €1,600,000 by the Central Bank of Ireland for regulatory breaches relating to the outsourcing of fund administration activities

26 June 2019 Press Release

Central Bank of Ireland

On 24 June 2019, the Central Bank of Ireland (the Central Bank) reprimanded and fined J.P. Morgan Administration Services (Ireland) Limited (JPMAS or the Firm) €1,600,000 in respect of regulatory breaches relating to the outsourcing of fund administration activities.

The Firm has admitted to three breaches of the Outsourcing Requirements contained in Annex II of Chapter 5 of the AIF Rulebook (the Outsourcing Requirements) and one breach of the Prudential Handbook for Investment Firms 2008 (the Handbook). The duration of the breaches varied between 7 months and 2 years and 11 months spanning the period from July 2013 to June 2016.

The Central Bank determined that the appropriate fine was €2,286,000, which was reduced by 30% in accordance with the settlement discount scheme provided for in the Central Bank’s Administrative Sanctions Procedure.

The Central Bank’s investigation identified serious failings in the Firm’s outsourcing framework including:

  1. Failure to obtain the prior approval of the Central Bank to outsource fund administration activities.
  2. Failure to have adequate control systems to ensure that the Firm satisfied the Central Bank’s outsourcing requirements for fund administrators.

As a result of these failings, JMPAS did not always have a clear understanding of, and controls around, its outsourcing arrangements. This undermined the ability of the Firm to effectively identify and manage the risks associated with its outsourcing arrangements. In addition, the Firm’s failings undermined the Central Bank’s ability to properly assess, monitor and supervise JPMAS’s outsourcing of regulated activities.

JPMAS persistently failed to remediate the root causes of these failings despite repeated supervisory intervention by the Central Bank over a number of years. This is an aggravating factor in this case.

The Central Bank’s Director of Enforcement and Anti-Money Laundering, Seána Cunningham, said:

“Outsourcing plays a key role in the provision of regulated financial services and it is vital that regulated firms can demonstrate a clear understanding of their outsourcing arrangements, the associated risks and the effectiveness of the governance and risk management measures in place in respect of those arrangements. This is the first enforcement action taken by the Central Bank against a fund administration firm in relation to outsourcing failures.

"When firms outsource activities, they do not outsource their responsibilities. It is important for firms to have strong controls in place around the governance and oversight of all outsourcing arrangements to ensure that they comply with all legal and regulatory requirements. The requirement for fund administrators to seek the approval of the Central Bank prior to outsourcing fund administration activities is a core regulatory requirement. Compliance with this requirement ensures that the Central Bank is in a position to effectively assess, monitor and supervise the outsourcing of regulated activities.

"JPMAS’s failures in this case demonstrated unacceptable weaknesses in its outsourcing framework. These weaknesses were further evidenced by the Firm’s repeated failures to satisfactorily remediate the issues identified by the Central Bank as part of its supervisory engagement with the Firm. The fine imposed reflects JPMAS’s failure to address the root causes of these weaknesses over several years.

"Outsourcing is, and will continue to be, an area of particular focus for the Central Bank. This enforcement action reflects the importance the Central Bank places on firms’ compliance with their legal and regulatory obligations where they seek to outsource regulated activities. Where firms fail to comply with these obligations, the Central Bank will follow targeted supervisory intervention with robust enforcement action.”

Background

JPMAS is an investment business firm authorised by the Central Bank under Section 10 of the Investment Intermediaries Act 1995 to provide fund administration services. It is a wholly owned subsidiary of J.P. Morgan Bank (Ireland) plc, which is itself an ultimate subsidiary of J.P. Morgan Chase & Co, incorporated in the United States. JPMAS was first authorised by the Central Bank on 9 August 1996. Outsourcing is core to the business model of JPMAS, with a significant proportion of its fund administration services currently outsourced.

Outsourcing is a mechanism that allows an Irish regulated fund administrator to use a third party, which can be an affiliate, to perform fund administration activities that would normally be undertaken by that fund administrator in Ireland. It allows regulated firms to reduce costs or provide services more efficiently by accessing skills and technologies that may not be available within the firm. It can also allow firms to provide ‘round the clock’ services to clients across different time zones.

However, there are risks associated with outsourcing of regulated activities, and the Central Bank plays an important role in ensuring that firms minimise potential risks. For example, fund administration firms must seek the prior approval of the Central Bank to outsource regulated activity so that the Central Bank can effectively supervise and monitor the extent to which firms are identifying, mitigating and managing these risks. In particular, the Central Bank assesses the nature of the activity to be outsourced, the proposed operational and governance oversight for the proposed activity, the concentration of outsourcing at a particular location and/or to a particular outsourcing service provider to ensure that the level of outsourcing is appropriate having regard to the relevant risks.

Remediation of Outsourcing Issues

In March 2014, the Central Bank carried out a Thematic Review focused on the Firm’s compliance with the Outsourcing Requirements. This culminated in the issuing of a Risk Mitigation Programme (RMP) by the Central Bank, which required the Firm to take a number of measures to bring the Firm into compliance with the Outsourcing Requirements. Partly in response to the RMP, the Firm established an outsourcing governance committee it called the “Outsourcing Forum” which was to be responsible for maintaining an up-to-date record of all outsourced activity and the oversight and management of new outsourcing arrangements.

Subsequent to the establishment of the Outsourcing Forum and the Firm’s confirmation that the issues identified in the RMP had been remediated, the Central Bank identified two further breaches of the Outsourcing Requirements. The Central Bank subsequently conducted a Full Risk Assessment of the Firm and found that the same issues which gave rise to the 2014 RMP persisted.

A further RMP was issued to the Firm in 2016. The same weaknesses in the Firm’s outsourcing framework which were previously identified in the RMPs issued in 2014 and 2016 were also identified by the Firm’s own Internal Audit function in 2015 and again in 2016.

Following further extensive engagement, the Central Bank is now satisfied that JPMAS has taken the necessary steps to rectify the deficiencies that gave rise to the breaches.

Prescribed Contraventions

The Central Bank’s investigation identified the following contraventions:

Contravention 1

JPMAS breached Requirement 3.4 of the Outsourcing Requirements by failing to obtain the prior approval of the Central Bank to outsource the calculation and release of the final NAV for one sub-fund to a group entity located in North America between 10 February 2014 and the date that the Central Bank approved the arrangement on 1 August 2014.

Contravention 2

JPMAS breached Requirement 3.4 of the Outsourcing Requirements by failing to obtain the prior approval of the Central Bank to outsource three OTC Derivative activities to different offices of the same group entity located in North America and Asia between 22 July 2013 and the date that the Central Bank approved the arrangement on 26 November 2015.

Contravention 3

JPMAS breached Requirement 3.4 of the Outsourcing Requirements by failing to obtain the prior approval of the Central Bank to move its previously approved outsourced Corporate Actions activities between UK offices of the same group entity between 26 November 2015 and the date that the Central Bank approved the arrangement on 22 June 2016.

Contravention 4

The Firm failed to establish adequate control systems as required by section 2.3 of the Handbook. The Central Bank’s investigation found that the Firm’s control systems repeatedly failed to prevent the Firm from outsourcing fund administration activities without approval from the Central Bank between 22 July 2013 and 22 June 2016. This contravention is illustrated by the following three failures:

Failure to obtain approval to outsource the calculation and release of the final NAV

The calculation and release of the Final NAV is a core fund administration activity, which may only be outsourced in exceptional circumstances and where the Central Bank has provided its prior approval. The Central Bank’s investigation found that the Firm’s internal control systems in respect of the outsourcing of core fund administration activities failed to prevent the commencement of the outsourcing of the calculation and release of the final NAV for a sub-fund without the approval of the Central Bank.

Failure to maintain accurate and up-to-date records in relation to outsourced OTC Derivative activities

The Central Bank’s investigation found that the Firm’s controls were inadequate and resulted in the Firm’s failure to maintain accurate and up to date records of its outsourced arrangements.

In 2014, the Central Bank found that JPMAS had outsourced three OTC Derivative activities without Central Bank approval. The Central Bank sought information from the Firm in respect of these activities. In response, the Firm provided incorrect and inaccurate information to the Central Bank notwithstanding the extensive engagement between the Firm and the Central Bank.

The Firm failed for a period of over five months to submit sufficiently accurate information to allow the Central Bank to assess the nature and location of these outsourced activities. The lack of information inhibited the Central Bank from accurately assessing the extent of fund administration activities conducted by the Firm at offshore locations.

Failure to obtain prior approval to migrate the Corporate Action activities

On 26 November 2015, the Firm moved its previously approved outsourced Corporate Action activities between UK offices in the same group entity without the prior approval of the Central Bank.

The investigation found that there was a lack of proper oversight by the Firm of its outsourcing arrangements. The Firm’s Outsourcing Forum had oversight of the migration between two group entities located in the UK from as early as July 2015. The Firm had also advised the group entities that the migration of the Corporate Action activities should not take place until the Central Bank had provided the necessary approval. Despite the oversight function of the Outsourcing Forum and the communication as to the requirement for prior approval from the Central Bank, the Corporate Action activities were migrated, without Central Bank approval, on 26 November 2015. The Outsourcing Forum failed to prevent the commencement of the outsourcing arrangement without the prior approval of the Central Bank. This demonstrates that the Outsourcing Forum did not have adequate oversight or control over JPMAS’s outsourcing arrangements.

Penalty Decision Factors

In deciding the appropriate penalty to impose, the Central Bank considered the following matters:

  • The nature, seriousness and duration of the breaches.
  • The extent to which the breaches depart from best practice in the fund administration industry.
  • The need to have an appropriate deterrent impact on the Firm and the fund administration industry.
  • The Firm’s cooperation with the Central Bank during the investigation and in settling at an early stage in Central Bank’s Administrative Sanctions Procedure.

Aggravating Factors

The Firm’s repeated failure to adequately address and remediate weaknesses in the Firm’s outsourcing control framework identified in RMPs issued to the Firm in 2014 and 2016.

Notes

  1. The fine was imposed under Section 33AQ of the Central Bank Act 1942. The maximum penalty available under that Act is €10,000,000, or an amount equal to 10% of the annual turnover of a regulated financial service provider, whichever is the greater.
  2. The fine reflects the application of the maximum percentage settlement discount of 30%. For further information on the discount scheme, see the Central Banks “Outline of the Administrative Sanctions Procedure 2018”.
  3. This is the Central Bank’s 130th settlement since 2006 under its Administrative Sanctions Procedure, bringing total fines imposed by the Central Bank to over €91 million.
  4. Funds collected from penalties are included in the Central Bank’s Surplus Income, which is payable directly to the Exchequer, following approval of the Statements of Accounts. The penalties are not included in general Central Bank revenue.
  5. The Outsourcing Requirements and the Handbook were replaced on 7 March 2017, by S.I. No. 60 of 2017 Central Bank (Supervision and Enforcement) Act 2013 (Section 48(1)) (Investment Firms) Regulations 2017. As a result, the requirements placed on Fund Administration Firms under the Outsourcing Requirements and the Handbook have now been consolidated.
  6. Requirement 3.4 of the Outsourcing Requirements required Fund Administrators to obtain Central Bank approval prior to the commencement of an outsourced activity.
  7. Section 2.3 of the Handbook required Investment Business Firms to satisfy the Central Bank on a continuing basis, that it had adequate control systems and accounting procedures to facilitate effective management of the firm and to ensure that the firm was in a position to satisfy the Central Bank’s supervisory and reporting requirements.
  8. On 7 March 2017, the Central Bank issued a Dear CEO letter on the Outsourcing of Fund Administration activities. The letter outlined the findings of a review conducted on outsourcing arrangements and made a number of observations and recommendations arising from the findings.
  9. In November 2018, the Central Bank published a paper on outsourcing activities in financial service providers, “Discussion Paper 8: Outsourcing – Findings and Issues for Discussion”.