Compliance and Outsourcing

Research Project

Outsourcing was
� a way to reduce cost
� a way to focus only on your core activities
� a way to be flexible
� even a way to transfer some risks to a third party
Outsourcing becomes
� a way to transfer compliance

Due Diligence...

New criteria, like�
� long-term reputation
� business culture
� understanding of the legislation and regulatory compliance challenges and disclosure requirements
� ability to monitor

It is absolutely certain: Providers focused merely on technical issues will lose market share or be out of business.

The key legal risks for the board of directors and executive management  - outsourcing after Sarbanes Oxley and Basel ii

1. Strategic Risk
1.1. The third party may conduct activities on its own behalf which are inconsistent with the overall strategic goals of the regulated entity
1.2. Failure to implement appropriate oversight of the outsource provider
1.3. Inadequate expertise to oversee the service provider

2. Reputation Risk
2.1. Poor service from third party
2.2. Customer interaction is not consistent with overall standards of the regulated entity
Third party practices not in line with stated practices (ethical or otherwise) of regulated entity

3. Compliance Risk
3.1. Privacy laws are not complied with
3.2. Consumer and prudential laws not adequately complied with
3.3. Outsource provider has inadequate compliance systems and controls

4. Operational Risk
4.1. Technology failure
4.2. Inadequate financial capacity to fulfill obligations and/or provide remedies
4.3. Fraud or error
4.4. Risk that firms find it difficult/costly to undertake inspections
5. Exit Strategy Risk
5.1. The risk that appropriate exit strategies are not in place. This could arise from over-reliance on one firm, the loss of relevant skills in the institution itself preventing it bringing the activity back in-house, and contracts which make a speedy exit prohibitively expensive.
5.2. Limited ability to return services to home country due to lack of staff or loss of intellectual history

6. Counterparty Risk
6.1. Inappropriate underwriting or credit assessments
6.2. Quality of receivables may diminish

7. Country Risk
7.1. Political, social and legal climate may create added risk
7.2. Business continuity planning is more complex

8. Contractual Risk
8.1. Ability to enforce contract
8.2. For offshoring, choice of law is important

9. Access Risk
9.1. Outsourcing arrangement hinders ability of regulated entity to provide timely data and other information to regulators.
9.2. Additional layer of difficulty in regulator understanding activities of the outsource provider

10. Concentration and Systemic Risk
10.1. Overall industry has significant exposure to outsource provider. This concentration risk has a number of facets, including: Lack of control of individual firms over provider; and
Systemic risk to industry as a whole