Reaching a decision to outsource a business function can be a difficult decision to get right; an equally crucial challenge is making sure quality of service and delivery is kept up to the mark, as this article explains.

To outsource or not to outsource – there is a question for wealth managers. Under pressure to improve margins and handle compliance requirements and client needs, getting the balance right between what to do in-house and what to farm out to specialists is a difficult one. In Asia, rapid growth in wealth, and the ascent of areas such as family offices, raises fresh challenges in managing costs and functions. This article by Orbium, a consultancy firm in the financial services space, examines how Asian businesses are handling this decision. This publication is pleased to share these views and invites readers to respond. The authors are Jacqueline Teoh, head of business consulting for APAC, and Amar Bisht, senior manager, wealth strategy and advisory.

Private banks in Asia have ambitious plans to manage the ever-growing wealth in the region. To improve profitability, there is a race for scale. However, before they implement their plans, they must first address unsustainable cost-to-income ratios. In order to achieve this, Asia’s major banks are focusing on mergers and acquisitions, restructuring and consolidation. To secure a scale advantage, banks are removing unreliable and ineffective aspects of their business while bringing in new expertise and fresh innovative ideas to stay ahead of competition, build resilience and create value.
 
Private banks seeking to increase shareholder value outsource to capture several benefits. By outsourcing to experienced service providers, private banks can quickly improve the quality of their services by focusing on core value added business functions, increasing operational or financial efficiencies, and in many cases reducing overall costs.  

Historically, most private banks would primarily outsource individual back office functions such as payments and corporate actions.  Now, in the face of increased regulatory costs and fierce competition, private banks are forming strategic partnerships with service providers in order to leverage their experience and existing infrastructure. Recently we have seen some private banks undertake a complete overhaul of their operating models by outsourcing their core banking IT platforms and offshoring their entire back office functions to a specialised business process outsourcing service provider.

Governance and accountability: The Good, the Bad and the Ugly 
Even though many private banks may have successfully lived through the de novo years in outsourcing arrangements, several risks associated with outsourcing must be understood and carefully managed, particularly when private banks have become more complex in their products, services and client base. 

There is one important thing that banks have realised; even if they can outsource an activity or function, they cannot outsource accountability. Recently, some outsourcing arrangements in the region have encountered major reputational, compliance and operational issues and some have even had confidential data breaches. 

In the planning phase, commercial considerations often are given too high a priority while a risk assessment is carried out simply as a tick-in-the-box exercise. Areas such as service monitoring and service recovery procedures are often coming into focus only when there has been a major incident impacting service delivery, by which time it is often too late.

Regulatory reprimands and fines have put the spotlight on ensuring banks manage correct levels of governance and maintain accountability. This spotlight will only grow brighter and sharper as the scale and complexity of outsourced arrangements increase. 

The question is: how can banks ensure that they maintain accountability and governance in the face of such risks?

Lifecycle approach
The key to effective governance is in banks adopting a “lifecycle approach” to outsourcing. The lifecycle can be broken down into the following stages and regulatory and governance considerations should be embedded into each stage:

1. Planning - Assess outsourcing risks, evaluate the supplier and agree the materiality of the arrangement. This can result in increased regulatory scrutiny as the Monetary Authority of Singapore (MAS) requires notification of any "material" outsourcing agreements. Material outsourcing agreements are defined as an arrangement which, if disrupted, could significantly impact an institution’s business operations, reputation or profitability; 

2. Setup – Secure any required regulatory approval, address any confidentiality concerns and implement a governance structure; 

3. Monitoring – Implement a control framework and carry out regular reviews and audits of the outsourcing provider. This should include reassessment of the outsourcing risks, re-evaluation of the supplier and review of business continuity. In some cases where there is a material outsourcing agreement, there may be a need to continue to work with regulators and keep them informed. Undertaking a post-implementation review at this stage is also a critical step in catching potential issues early; and,

4. Exit - Ensure removal of any data or records from the supplier’s possession and, if this is a material outsourcing agreement, ensure that the regulator is informed and involved in changes to the agreement (change of supplier or insourcing of the function).

Best practices and a call to action
In September 2014, the Monetary Authority of Singapore issued a consultation paper entitled “Guidelines on Outsourcing”. In 2015, the Association of Banks then rolled out new guidelines for service providers in Singapore. However, some private banks are still struggling to oversee their outsourcing effectively. In order to meet enhanced regulatory scrutiny, there are a number of best practices that banks should consider to effectively manage an outsourcing arrangement. 

Firstly, banks should manage an outsourcing relationship using a robust service provider selection process, contract management and ongoing control and monitoring. Carrying out a proper risk assessment is not simply a formality. Banks need to establish a comprehensive outsourcing risk management framework to assess the service provider’s ability and experience to provide the necessary level of service. 

This assessment should include the service provider’s thorough understanding of the bank’s products and service lines, the skills and experience of the service provider’s resources to deliver the outsourced activities including knowledge of any country specific legal, tax, regulatory and compliance obligations. Banks should also take appropriate steps to require that service providers protect confidential information.

There can be serious commercial impacts if these risks are not assessed correctly prior to setting up the service, either immediately, due to a failure in service, or further down the line with remediation costs. 

Secondly, banks should be prepared for an oversight role as well as having the necessary skillsets to effectively manage an outsourcing relationship. While the outsourcing board and committee has overall responsibility, the contract should also clearly define the rights and responsibilities of both parties and contain adequate and measurable service level requirements.

Service managers from both parties must also take ownership and be made accountable. They must be provided with adequate training and tools to fulfill their role from the planning and negotiation phase right through to the exit. While major banks may have set up contingencies to absorb costs associated with contractual issues, care should be taken to avoid unnecessary expense.

Finally, service providers must be subject to a high level of scrutiny as part of ongoing monitoring. Once a service is up and running, banks tend to move resources to other roles and they often fail to understand the importance of continuous oversight. 

The bank should periodically evaluate the service provider's compliance with service level expectations, in addition to regular audits. Service lapses must be duly reported to management and investigated as per the bank’s governance framework. In addition, the bank should consider whether the service provider's financial condition has changed and confirm that the contingency plans for service disruptions are still adequate, properly maintained and tested to accommodate any operational changes that may have occurred. 

In view of the ever increasing burdens of regulations and compliance in the region especially for private banks, an outsourcing relationship requires a very robust governance structure and processes to be put in place immediately. The service provider should be regarded as an extension of the organisation and the mantra should always be – “trust, but verify”.