Digitalization in the region has fuelled a flurry of outsourcing activities in the financial sector but both regulators and industry players are increasingly concerned about the risks involved, especially after recent headline security breaches.

«There has been a strong push in the last 24 to 36 months from financial institutions to move away from legacy infrastructure – monolithic core banking platforms, to put it bluntly,» said Rhys McWhirter, Hong Kong-based partner and head of technology at law firm Eversheds Sutherland at a virtual panel during the ASIFMA Tech & Ops Week.

According to McWhirter, not only the amount but even the diversity of outsourcing activities has intensified such as demand for micro-services that interface with one another. 

«Financial firms are going for more nuanced [and agile] solutions and I think that’s largely as a result of the digital finance push we see in Hong Kong and Singapore.» 

Supply Chain Attacks

Despite the growing demand, there is also growing concerns about various forms of risk, especially after the recent supply chain attacks linked with IT infrastructure firm SolarWinds which McWhirter called «an incident that has captured the financial sector globally».

As a result, more spotlight has been placed on outsourcing risk management with financial firms considering a myriad of factors including social, political and economic concerns. Jurisdictional risk, in particular, has been a key focus due to the need for resolution in the event of any disagreements. 

«Quite often, you’ll find that you aren’t able to have a dispute resolved in the jurisdiction where you are headquartered,» said Morgan Stanely’s Asia head of tech and data legal Natalie Swallow. «[You have to] really ascertain whether you going to get consistent, fair outcomes in the event of a dispute.»

More Cooperation

Regardless of future developments, both industry participants and regulators agreed that more interaction would be welcome especially as outsourcing complexity increases due to technological and business changes, such as increasing use of cloud solutions or subcontractors.

«The regulator will not be able to solve [outsourcing problems] by itself,» said Vincent Loy, assistant managing director (technology) at Monetary Authority of Singapore, highlighting that vendors often operate outside their regulatory net. «It needs the whole ecosystem to work together.»

«The first step is to have a discussion,» added Yasushi Shiina, member of secretariat at the Financial Stability Board.

finews.asia is an official media partner of the ASIFMA Tech & Ops Week.