OutsourcingFinancialServicesIndustry_22march12

8/12/2019 OutsourcingFinancialServicesIndustry_22march12

http://slidepdf.com/reader/full/outsourcingfinancialservicesindustry22march12 1/39

Outsourcing in the

March 22, 2012

John Ayanian Barbara Melby Marc Stark Peter Watt-Morse Joe Zanko

www.morganlewis.com



Introduction

Please note that any advice contained in this presentation is notintended or written to be used, and should not be used, as legal advice.

© Morgan, Lewis & Bockius LLP 3



• n ro uc on

• Industry Trends (Marc Stark and Joe Zanko)

• An Overview of the Regulatory Environment (John

A anian

• Identifying Key Security Issues (Peter Watt-Morse)

• Wrap-up and CLE information




John A anianPartner

Morgan LewisP: 202.739.5946Email: [email protected]

-

PartnerMorgan LewisP: 412.560.3320E: watt-morse mor anlewis.com

Barbara Melby

Partner Mor an Lewis

Joe ZankoKPMG

P: 215.963.5053E: [email protected]

P: 908.403.0964E: [email protected]

Director

KPMGP: 917.375.9610E: mastark k m .com




Industry Trends

© Morgan, Lewis & Bockius LLP© 2012 KPMG LLP 6



Overarching Issues Impacting thenanc a erv ces n us ry

• egu a ory c anges

– Emerging FINRA Rules (e.g. 3190)

– Dodd-Frank Act

– Stricter capital requirements (e.g., Basel III)• Market turbulence/uncertainty

• Continued margin pressures

• vercapac y• Continued industry contraction




Increasing regulatory scrutinyforcing core operational changes

Evolving regulatory requirementsforcing operational changes

Increased margin pressurespushing continued evaluation

Difficult market conditions puttingnew pressure on operationalefficiency

Continued pressure on back andmiddle office operationsto transform operating modelsand enable a lower cost, high-

Slow but continued expansion ofalternative delivery models withhorizontal process areas

alternative operating modelsfor horizontal process areas

Continued expansion of

Profitability challenges due toexcess capacity and increasedcapital requirements

,

Financial pressures forcingcontinued adoption of alternativemodels for middle-office

for core operational areas Increased adoption of outsourcing

Continued evaluation of viability ofcaptive operations

,calls, underwriting)

Intense competition andincreased customer turnover

© Morgan, Lewis & Bockius LLP© 2012 KPMG LLP



Financial Services Firms are Increasing Outsourcingin Response to Unrelenting Market Pressures

OutsourcingOutsourcing

gaininggaining

Investment banks are increasingly opting for a buy model to support their transactional

processes, rather than housing them in their local or offshore centers

This is pr imarily being driven by a need to lower costs by leveraging the scale of the

outsourcing provider and its expertise and experience

strengthstrength – Two large financial institutions have recently sold off their captive centers in India to outsourcing providers and arepurchasing services back under BPO arrangements

– Several other institutions are in the process of outsourcing activities from their captive operations, or are in earlyplanning stages

MoreMore

valuevalue--addedadded

work movingwork moving

s t e s mature, an s are now oo ng at mov ng more g -en , comp ex or

analytical processes to their offshore centers, while they move more vanilla processes

to th ird parties. Examples at several institut ions include:

– Many institutions are adopting multigeography strategies (even, at times, with multiple sites in a single country) – One Euro ean institution uses its nearshore centers in the US and UK, to su ort an outa es in its offshore centers

DecreasingDecreasing More banks are now spreading their operations across locations in an effort to

o cap veso cap ves – Banks are also mitigating risk by adopting multivendor strategies, moving toward a stable of vendors as

opposed to a single partner

risk appetiterisk appetitemakes banksmakes banks

adopt aadopt a

multilocationmultilocation

of processes

– Many institutions are adopting multigeography strategies (even, at times, with multiple sites in a single country)

– One European institution uses its nearshore centers in the United States and UK to support any outages in itsoffshore centers

© Morgan, Lewis & Bockius LLP© 2012 KPMG LLP

s ra egys ra egy – an s are a so m t gat ng r s y a opt ng mu t ven or strateg es, mov ng towar a sta e o ven ors asopposed to a single partner



Shared Services and Outsourcing:

Well-Established Methods for Mana in SG&AFunctions

Global Outsourcing ExpendituresOver 80% of Large CompaniesHave Adopted Shared Services

the delivery model of choice…

…

delivered through outsourcing

250

300

IT Outsourcing

Level Integrated Across Functions,Geographies & Business Units

100

150

200

Business ProcessOutsourcing

High

MediumLow

None

0

50

2001 2005 2009 2013

Of these, nearly two-thirds are operatingin a model that is multifunctional

and loball inte rated


“Gartner on Outsourcing, 2009 – 2010,” Gartner, Inc., December 23, 2009Source: Corporate Executive Board



For Many Organizations, Their Approach into a Leveraged

Significant interest levels over the pastBPO as

Ke ElementTransformed

Global O erat in

Adoption

12 months suggest that the insurance

segment, in general, is accelerating matur ity

DomesticBPO Pilot

Scaleof Business

Strategy

Model

•

• Offshore integratedas holistic part of

• In-countryoperation only

age

Global ServiceDelivery

Service Delivery

• Initial offshoringste s

• Build on successfulpilot

• Grow initialprocesses/functions

(strategic supplierrelationships,captive, etc.)

global servicedelivery framework

ROI/

Value Realization/

Risk Awareness

No Global

• May includeonshoreoutsourcing

Characteristics

Pilot/Education/

Proof of Concept

Supplier• Disparateinitiatives

• new unct ons

Delivery

Strategic


Onshore Cost saving Integrated Strategy/Transformation



An Overview of the Regulatory Environment




NASD Notice to Members 05-48 – July 2005 – Primary focus on accountability and supervision

– ro ons on ou sourc ng cer a n covere ac v es

• E.g., order taking, handling of customer funds and securities,and supervisory responsibilities

– A member may not “contract its supervisory andcompliance activities away from its direct control”

• “Does not preclude a member from outsourcing certain activitiesthat support the performance of its supervisory and complianceresponsibilities”




ac groun

– Clarify obligations and supervisory responsibilities

– Codify FINRA outsourcing guidance

– Require additional obligations for clearing and carrying




enera equ remen s pp ca e o em ers

– Continued responsibility to comply with applicable

– No delegation of responsibilities for, or control over,

covered outsourced activities

– Supervisory system and written procedures for coveredactivities

– Registration and qualifications

– Ongoing due diligence requirements




ear ng an arry ng rms

– Restrictions on outsourcing specified activities

– Oversight requirements

– Notifications to FINRA – Exceptions




Restrictions for Clearing and Carrying Firms – A clearing or carrying member shall “vest” an associated

“ responsibility” for:

• The movement of customer or proprietary cash or securities;

• The preparation of net capital or reserve formula computations;and

• The adoption or execution of compliance or risk-managementsystems.




Clearing and Carrying Firms Must AdoptProcedures to:

– Enable the firms to take “prompt corrective action” toachieve compliance with applicable securities lawsand FINRA and MSRB rules

– Approve transfer of third-party service providerduties to a subvendor






o ca on mus nc u e:

– Functions being performed by a third-party service

– Identity and location of the third-party service provider (and

subvendors if known)

– The identity of the third-party service provider’s regulator(if any)

– A description of any affiliation between the firm and thethird-party service provider




Exceptions:

– Ministerial activities

– Carrying agreement approved under FINRA Rule 4311




-

Status of Rule Proposal




Identifying Key Security Issues




– egu a ory equ remen s

–

• Amount of Damages vs. Service Costs

• “ ”

• Cost of Corrective Measures

– Reputational Risk




• e era eserve

– Federal Reserve Bank of New York:

• White Paper

– Independent validation of security processes

– Responsible for management

– Federal Reserve Board (FRB):

• Supervisory Letter

– Institutional controls for security are at least equivalent tointernal controls




•

– Guidance:

• Structure agreements to protect against internal and external

security threats

– Recommendations:

• Due diligence/risk assessment

• Monitoring/audit

• Termination rights




• xam na ons – , ,

– Compliance with Section 501 of Gramm-Leach-Bliley

• Comprehensive information security program to safeguard

nonpublic personal financial information

– Securit Guidelines:

• Outsourcing agreement includes all requirements contained

in customer’s internal written information security program

– Information Access:• Transparency


• Limits on service provider



en ors:

“ Don’t worry – our security protections are adequate” :

“ We will provide you the same protection

we provide for our own information”

“ We are regulated and those

regulations protect you”

“ You cannot review our internal proceduresbased on confidentiality/security concerns”




Understand the what, where, who, and how

What is the security offering vs. What are the

Work with What types of data will be processed/hosted?

– Nonpublic personal information (NPPI),Audit, Risk,

DR,Compliance

us ness-sens ve n orma on

Where are the services being provided?

How is data segregated and used? – May vary by environment (production,


, ac up, arc ve



• mpor ance o ge ng respec ve eams oge er

– Early in due diligence process – contract and exhibitdocuments align with discussions

• Comparison of security policies:

– Meeting or exceeding internal security – Bridging the gaps

– Attachment to contract

• omp e e n epen en r s assessmen




–

• on en a y rov s ons:

– Important but not sufficient – need process standards,,

– Issues:

• –

transparency/vendor confidentiality

• Segregation of Data – access and third-party information




• wners p o a a

• Limitations on Other Uses

– Backup

– Access

– Return

• Record Retention

– Policy alignment – Litigation holds/regulatory requirements

© Morgan, Lewis & Bockius LLP

– es ruc on pro ec ons

32



• anges o ecur y o c es

– Regulatory Requirements (e.g. PCI)

– Customer-Initiated

• Change management process

– Vendor-Initiated

• No negative impact on security

• vance no ce ocumen a on – comp ance

• Cost issues




• us omer a a

– Compliance with GLBA

• Compliance required of subcontractors

• Ensure proper disposal of NPPI

• ,

payment for resultant credit monitoring services

– Fair Credit Reporting Act (Red Flags)

– Massachusetts Regulations

• 3/1/12 – Certification




• o on uc s u

– Existing Internal Processes – Independent Auditors

• Fre uenc

– Annual Plus

• Breaches

• o cy anges

• Vendor Audits

– Right to Notice of Results

• Regulatory Requirements• SSAE16




• “Permitted Subcontractors”

– Right of Approval/Customer Data

• Standards

– GLBA Compliance

• evocat on

– Regulatory Issues

– Change Management• Audit Rights




• or w e mo e wor er popu a on w grow o o

workforce (1.19 billion people) by the end of this year •

– Laptops, mobile devices, noncompany devices, network

connections• Align vendor policies

– Passwords, monitoring requirements, antivirus software,

local storage, encryption, incident management• Monitoring/future modifications




• equ remen s or o ce

– Security vs. Data Breach

– Investigation/Transparency/Participation

• Remediation

– eme a an – ccep ance es ng

– Change Management




• a y

– Cap Issues

• Costs of investigation/notification/monitoring excluded from

cap

– Conse uential Dama es

• Primary damage

• Exception to exclusion

• Nonexcluded but capped




international presence


Beijing Boston Brussels Chicago Dallas Frankfurt Harrisburg Houston IrvineLondon Los Angeles Miami New York Palo Alto Paris Philadelphia Pittsburgh

Princeton San Francisco Tokyo Washington Wilmington

Documents

OutsourcingFinancialServicesIndustry_22march12