The Luxembourg government is set to bring more flexibility in how financial institutions outsource certain activities. The Bill of Law 7024 aims at facilitating the implementation of outsourcing arrangements and related handling of sensitive client data. We’ve surveyed several business leaders to see what kind of outsourcing strategies they have or are planning to put in place.
Catching up with neighbouring countries
The strict regulation of professional secrecy requirements has well served its purpose over the last decades. It has supported the development of Luxembourg as one of the leading financial services hubs in Europe. Although confidentiality and risk management remain priorities on financial institutions’ agenda, the changing European context requires a new framework.
With neighbouring countries having had laxer outsourcing policies in place for at least ten years, restrictions can be counterproductive for the Grand Duchy’s attractiveness. The Government has therefore decided to bring some flexibility for outsourcing models and the treatment of client confidential data.
Who’s outsourcing what and why?
Our survey shows a significant presence of both intra-group and external outsourcing relationships. This is because most of the participants are subsidiaries of international groups with headquarters outside of Luxembourg.
Larger companies are more likely to set up international sourcing relationships than their smaller peers. According to our survey, financial players outsource more IT-related activities than support or business functions. Smaller entities seem to outsource higher skilled tasks and core systems compared to larger organisations.
The rationale for most outsourcing strategies is often cost reduction. Organisations outsource, however, also to gain more flexibility and scalability, get better controls or increase their scope for innovation. From what we’ve seen, smaller companies’ limited capabilities and resources influence their outsourcing. They also tend to outsource more at a local level.
When it comes to client identifying data (CID), which is underlying strict regulatory requirements, most organisations store it internally. They also outsource it to PFS service providers in Luxembourg.
Regardless of the current outsourcing strategy pursued by organisations, respondents believe that the Bill would boost the delegation of additional activities.
Are IT support jobs at risk?
According to the results of our survey, 20% of all employees in organisations are IT employees, compared to only 8% at a global level. This comparatively high number of IT staff in Luxembourg could be explained by the existing legal and regulatory requirements applicable to sourcing and professional secrecy.
Local IT PFS service providers, who have benefitted from the regulatory framework of IT outsourcing in the past, have already started thinking about adjusting their business strategy to remain attractive for the financial services industry in Luxembourg.
According to some estimations, there are around 5,000 people working for support PFS firms at the moment. Despite fears of job losses, it’s unlikely that the need for IT skills will suddenly decrease overnight. There are several reasons for this. Firstly, the growing FinTech trend suggests that Luxembourg could soon have a lack of highly-skilled IT profiles, rather than a surplus. Secondly, even under the new regulation, businesses will still need to keep an optimal level of IT governance in Luxembourg. They have to make sure that business continuity plans are workable and properly monitor outsourced processes.
What we think
The Bill of law in its initial and revised versions has been discussed and commented on by numerous stakeholders. This underlines its potential impact on the financial services industry in Luxembourg. Our survey results, as well as discussions with our clients, have shown that the underlying idea of increasing the attractiveness of the financial centre by cutting off some of the red tapes is a necessary step in the right direction.
Assuming that the volume and complexity of delegated activities will further increase in the future, both the initial selection of outsourcing partners, as well as ongoing governance and risk management activities will become crucial to achieving strategic goals and compliance with the regulation.