How Does MAS Regulate the Use of Fund Administrators and Other Service Providers?

Introduction to How Does MAS Regulate the Use of Fund Administrators and Other Service Providers

Singapore’s fund management industry regularly uses outside providers for administration, storage of assets, compliance advice and technology. They are very important in assisting fund management companies (FMCs) to perform well, manage problems and meet the demands of regulators. Yet, FMCs must continue to meet their duties regardless of outsourcing key things to other companies. This is especially vital for firms that aim to maintain MAS compliance for outsourced fund administration in Singapore.

Regarding these relationships, the Monetary Authority of Singapore issues clear rules under the Guidelines on Outsourcing, the Securities and Futures Act (SFA) and the Guidelines on Risk Management Practices. It discusses the ways MAS oversees fund administrators and other service providers by working on principles of oversight and having measures in place for due diligence, risk management and accountability.

Regulatory Framework and Oversight Principles

Fund administrators do not need a license or direct supervision from the MAS as a separate group. In most cases, it’s the FMC that employs these people or companies that must follow the rules. MAS requires FMCs to watch over and manage outsourced functions thoroughly, especially with regard to functions that matter a lot to their businesses and those that may affect regulations. These measures form a vital part of the regulatory framework for fund management outsourcing in Singapore, which continues to evolve as financial services become more complex.

The Guidelines on Outsourcing

The MAS Guidelines on Outsourcing are the main document helping financial institutions such as FMCs, ensure they handle and evaluate any risks that come with outsourcing. These guidelines consider outsourcing as getting another party to do an activity that the financial institution would usually handle internally.

Under this framework, MAS emphasizes several core principles:

• Proper governance: FMCs should check that their governance structures give enough oversight to outsourcing decisions.
• Drag the brakes: Companies ought to perform detailed analyses before getting involved with any outsourcing.
• All types of risks—operational, legal, reputational and concentration—have to be thoroughly assessed by management.
• There must always be supervision and regular audits to maintain quality and make sure it is followed.

In addition, outsourcing guidelines must also cover IT vendors, compliance consultants, legal counsel, data centers and KYC utilities, apart from just fund administrators.

Due Diligence and Selection of Service Providers

When choosing fund administrators or other significant service providers, FMCs are required to do detailed due diligence. This process checks the financial condition, trustworthiness, capabilities, use of internal controls, history with regulators and business continuity arrangements of the provider. It also ensures compliance with MAS guidelines for financial outsourcing and third-party risk management, helping firms maintain operational resilience and integrity.

MAS requires FMCs to make sure that:

• They have the skills and equipment needed to handle services safely and with good results.
• Any ties between the FMC and the provider, such as potential conflicts of interest, may lower the FMC’s independence and objectivity.
• The provider follows all needed laws and regulations in Singapore as well as the jurisdictions where customers are located.
• It covers service level agreements (SLAs), gives details on how performance will be measured and explains when the contract can be terminated.

It is important that FMCs keep effective control over outsourced tasks, despite the fact that the provider might be based outside the country. It should not happen that because of outsourcing, the FMC becomes empty or MAS cannot manage important functions for the company.

As an example, if an FMC delegates NAV (Net Asset Value) tasks to another administrator, it should still be able to review the approach and check the accuracy of reporting for its clients. Just because a function is delegated does not mean the person leading is no longer responsible for it.

Managing Risks and Ensuring Operational Resilience

MAS pay attention to managing risks linked to outsourcing. Threats can arise in data privacy, continuity of the service, compliance with rules and cybersecurity. FMCs have to set up good internal processes and check that their service providers follow the same requirements.

Business Continuity and Contingency Planning

When companies delegate manufacturing tasks, strong business continuity management (BCM) is necessary. It is important for FMCs to check that providers have tested what to do in case of disruptions related to cybercrime, disasters or challenging international situations.

MAS thinks that FMCs should find different ways to exit when addressing the failures of service providers. One should consider using other providers or develop in-house ways to lead the transition. Contingency plans should be changed regularly to work together with the firm’s overall strategy for managing risk.

Data Security and Cyber Risk Management

Sharing private client data, records of transactions or secret investment information as part of outsourcing should follow the MAS Technology Risk Management Guidelines. FMCs are responsible for requiring strong encryption, access restrictions and security rules from their service providers. For cloud-based services, users expect to see clear laws about data ownership, records of who has accessed the data and information on how data is transferred among different countries.

Risk management remains the responsibility of the FMC. Should a cybersecurity issue be found with the fund administration, the fund manager must still tell the MAS and handle it promptly.

Contractual and Legal Safeguards

Regulatory compliance and good service depend on signing the right contracts with fund administrators and service providers. Formal contracts are required by MAS for FMCs to use when outsourcing and these contracts should cover all relevant details.

• Range of things included in the services.
• Both performance standards and KPIs must be created.
• Sections on keeping confidentiality and protecting data.
• Following the rules set by the government and industry.
• Be able to audit, get access to and review service provider records and files.
• Ways to resolve disputes;
• The notice periods given for terminating an employee.

Inspections and thematic reviews might include reviews of these contracts to determine if they are up to regulatory standards by the MAS. They must maintain a register of all outsource contracts showing the name of each service provider, the dates they started and are expected to end, what functions are outsourced and categorized as material or non-material risks.

It is also necessary to notify or talk with MAS before outsourcing material work. In some instances, mainly for Retail LFMCs and Capital Markets Services License holders, if outsourcing is done for major functions such as compliance, risk management or fund accounting, it might be done subject to clearance by MAS or monitor by MAS regularly.

Regulatory Accountability and MAS Supervision

It is still the licensed FMC that has to meet the regulatory requirements, regardless of who provides external support. Under MAS, firms are required to handle compliance, governance and fiduciary duties themselves. The FMC is still responsible and could be fined even if issues occur because of mistakes by its third-party vendors.

MAS may do a thematic review, inspection or risk assessment that covers:

• Steps taken by the FMC to select and watch over its service providers;
• How well the service level targets are being achieved.
• When the arrangement for outsourcing makes it hard for the FMC to stick to regulations;
• How well prepared the company is for emergency situations and when it should exit a market.
• Any past problems or concerns about the outsourced activities.

If MAS considers a service provider on the FMC to pose major risks or fails to satisfy standards, it may tell the FMC to terminate the relationship. For more severe cases, MAS may issue supervisory rules, issue fines or restrict a company’s operations.

A business is expected to maintain strong integrity and ethical practices, even when using third parties. MAS wants board members to be involved in overseeing outsourcing choices and has senior management evaluating outsourcing strategies regularly.

Conclusion: Outsourcing with Accountability and Diligence

Using outsourced fund administration and services in Singapore can increase efficiency, lower costs and make it easy for companies to grow. But such ways of doing business come with important risks that should be controlled. Fund administrators are not managed by MAS directly; however, it demands clear and stringent responsibility from FMCs to make sure outsourced activities follow the rules.

When FMCs obey MAS rules, do detailed checks, manage outsource risks and ensure their systems remain stable, they can develop solid and legal relationships with third parties. The main point is this: outsourcing should not be a way to avoid following rules and firms are still required to maintain control over the quality and behavior of services done on their behalf.