Upload
sowmikchakraverty
View
216
Download
0
Embed Size (px)
Citation preview
8/12/2019 OutsourcingFinancialServicesIndustry_22march12
http://slidepdf.com/reader/full/outsourcingfinancialservicesindustry22march12 1/39
Outsourcing in the
March 22, 2012
John Ayanian Barbara Melby Marc Stark Peter Watt-Morse Joe Zanko
www.morganlewis.com
8/12/2019 OutsourcingFinancialServicesIndustry_22march12
http://slidepdf.com/reader/full/outsourcingfinancialservicesindustry22march12 2/39
Introduction
Please note that any advice contained in this presentation is notintended or written to be used, and should not be used, as legal advice.
© Morgan, Lewis & Bockius LLP 3
8/12/2019 OutsourcingFinancialServicesIndustry_22march12
http://slidepdf.com/reader/full/outsourcingfinancialservicesindustry22march12 3/39
• n ro uc on
• Industry Trends (Marc Stark and Joe Zanko)
• An Overview of the Regulatory Environment (John
A anian
• Identifying Key Security Issues (Peter Watt-Morse)
• Wrap-up and CLE information
© Morgan, Lewis & Bockius LLP 4
8/12/2019 OutsourcingFinancialServicesIndustry_22march12
http://slidepdf.com/reader/full/outsourcingfinancialservicesindustry22march12 4/39
John A anianPartner
Morgan LewisP: 202.739.5946Email: [email protected]
-
PartnerMorgan LewisP: 412.560.3320E: watt-morse mor anlewis.com
Barbara Melby
Partner Mor an Lewis
Joe ZankoKPMG
P: 215.963.5053E: [email protected]
P: 908.403.0964E: [email protected]
Director
KPMGP: 917.375.9610E: mastark k m .com
© Morgan, Lewis & Bockius LLP 5
8/12/2019 OutsourcingFinancialServicesIndustry_22march12
http://slidepdf.com/reader/full/outsourcingfinancialservicesindustry22march12 5/39
Industry Trends
© Morgan, Lewis & Bockius LLP© 2012 KPMG LLP 6
8/12/2019 OutsourcingFinancialServicesIndustry_22march12
http://slidepdf.com/reader/full/outsourcingfinancialservicesindustry22march12 6/39
Overarching Issues Impacting thenanc a erv ces n us ry
• egu a ory c anges
– Emerging FINRA Rules (e.g. 3190)
– Dodd-Frank Act
– Stricter capital requirements (e.g., Basel III)• Market turbulence/uncertainty
• Continued margin pressures
• vercapac y• Continued industry contraction
© Morgan, Lewis & Bockius LLP© 2012 KPMG LLP 7
8/12/2019 OutsourcingFinancialServicesIndustry_22march12
http://slidepdf.com/reader/full/outsourcingfinancialservicesindustry22march12 7/39
Increasing regulatory scrutinyforcing core operational changes
Evolving regulatory requirementsforcing operational changes
Increased margin pressurespushing continued evaluation
Difficult market conditions puttingnew pressure on operationalefficiency
Continued pressure on back andmiddle office operationsto transform operating modelsand enable a lower cost, high-
Slow but continued expansion ofalternative delivery models withhorizontal process areas
alternative operating modelsfor horizontal process areas
Continued expansion of
Profitability challenges due toexcess capacity and increasedcapital requirements
,
Financial pressures forcingcontinued adoption of alternativemodels for middle-office
for core operational areas Increased adoption of outsourcing
Continued evaluation of viability ofcaptive operations
,calls, underwriting)
Intense competition andincreased customer turnover
© Morgan, Lewis & Bockius LLP© 2012 KPMG LLP
8/12/2019 OutsourcingFinancialServicesIndustry_22march12
http://slidepdf.com/reader/full/outsourcingfinancialservicesindustry22march12 8/39
Financial Services Firms are Increasing Outsourcingin Response to Unrelenting Market Pressures
OutsourcingOutsourcing
gaininggaining
Investment banks are increasingly opting for a buy model to support their transactional
processes, rather than housing them in their local or offshore centers
This is pr imarily being driven by a need to lower costs by leveraging the scale of the
outsourcing provider and its expertise and experience
strengthstrength – Two large financial institutions have recently sold off their captive centers in India to outsourcing providers and arepurchasing services back under BPO arrangements
– Several other institutions are in the process of outsourcing activities from their captive operations, or are in earlyplanning stages
MoreMore
valuevalue--addedadded
work movingwork moving
s t e s mature, an s are now oo ng at mov ng more g -en , comp ex or
analytical processes to their offshore centers, while they move more vanilla processes
to th ird parties. Examples at several institut ions include:
– Many institutions are adopting multigeography strategies (even, at times, with multiple sites in a single country) – One Euro ean institution uses its nearshore centers in the US and UK, to su ort an outa es in its offshore centers
DecreasingDecreasing More banks are now spreading their operations across locations in an effort to
o cap veso cap ves – Banks are also mitigating risk by adopting multivendor strategies, moving toward a stable of vendors as
opposed to a single partner
risk appetiterisk appetitemakes banksmakes banks
adopt aadopt a
multilocationmultilocation
of processes
– Many institutions are adopting multigeography strategies (even, at times, with multiple sites in a single country)
– One European institution uses its nearshore centers in the United States and UK to support any outages in itsoffshore centers
© Morgan, Lewis & Bockius LLP© 2012 KPMG LLP
s ra egys ra egy – an s are a so m t gat ng r s y a opt ng mu t ven or strateg es, mov ng towar a sta e o ven ors asopposed to a single partner
8/12/2019 OutsourcingFinancialServicesIndustry_22march12
http://slidepdf.com/reader/full/outsourcingfinancialservicesindustry22march12 9/39
Shared Services and Outsourcing:
Well-Established Methods for Mana in SG&AFunctions
Global Outsourcing ExpendituresOver 80% of Large CompaniesHave Adopted Shared Services
the delivery model of choice…
…
delivered through outsourcing
250
300
IT Outsourcing
Level Integrated Across Functions,Geographies & Business Units
100
150
200
Business ProcessOutsourcing
High
MediumLow
None
0
50
2001 2005 2009 2013
Of these, nearly two-thirds are operatingin a model that is multifunctional
and loball inte rated
© Morgan, Lewis & Bockius LLP© 2012 KPMG LLP 10
“Gartner on Outsourcing, 2009 – 2010,” Gartner, Inc., December 23, 2009Source: Corporate Executive Board
8/12/2019 OutsourcingFinancialServicesIndustry_22march12
http://slidepdf.com/reader/full/outsourcingfinancialservicesindustry22march12 10/39
For Many Organizations, Their Approach into a Leveraged
Significant interest levels over the pastBPO as
Ke ElementTransformed
Global O erat in
Adoption
12 months suggest that the insurance
segment, in general, is accelerating matur ity
DomesticBPO Pilot
Scaleof Business
Strategy
Model
•
• Offshore integratedas holistic part of
• In-countryoperation only
age
Global ServiceDelivery
Service Delivery
• Initial offshoringste s
• Build on successfulpilot
• Grow initialprocesses/functions
(strategic supplierrelationships,captive, etc.)
global servicedelivery framework
ROI/
Value Realization/
Risk Awareness
No Global
• May includeonshoreoutsourcing
Characteristics
Pilot/Education/
Proof of Concept
Supplier• Disparateinitiatives
• new unct ons
Delivery
Strategic
© Morgan, Lewis & Bockius LLP© 2012 KPMG LLP 11
Onshore Cost saving Integrated Strategy/Transformation
8/12/2019 OutsourcingFinancialServicesIndustry_22march12
http://slidepdf.com/reader/full/outsourcingfinancialservicesindustry22march12 11/39
An Overview of the Regulatory Environment
© Morgan, Lewis & Bockius LLP 12
8/12/2019 OutsourcingFinancialServicesIndustry_22march12
http://slidepdf.com/reader/full/outsourcingfinancialservicesindustry22march12 12/39
NASD Notice to Members 05-48 – July 2005 – Primary focus on accountability and supervision
– ro ons on ou sourc ng cer a n covere ac v es
• E.g., order taking, handling of customer funds and securities,and supervisory responsibilities
– A member may not “contract its supervisory andcompliance activities away from its direct control”
• “Does not preclude a member from outsourcing certain activitiesthat support the performance of its supervisory and complianceresponsibilities”
© Morgan, Lewis & Bockius LLP 13
8/12/2019 OutsourcingFinancialServicesIndustry_22march12
http://slidepdf.com/reader/full/outsourcingfinancialservicesindustry22march12 13/39
ac groun
– Clarify obligations and supervisory responsibilities
– Codify FINRA outsourcing guidance
– Require additional obligations for clearing and carrying
© Morgan, Lewis & Bockius LLP 14
8/12/2019 OutsourcingFinancialServicesIndustry_22march12
http://slidepdf.com/reader/full/outsourcingfinancialservicesindustry22march12 14/39
enera equ remen s pp ca e o em ers
– Continued responsibility to comply with applicable
– No delegation of responsibilities for, or control over,
covered outsourced activities
– Supervisory system and written procedures for coveredactivities
– Registration and qualifications
– Ongoing due diligence requirements
© Morgan, Lewis & Bockius LLP 15
8/12/2019 OutsourcingFinancialServicesIndustry_22march12
http://slidepdf.com/reader/full/outsourcingfinancialservicesindustry22march12 15/39
ear ng an arry ng rms
– Restrictions on outsourcing specified activities
– Oversight requirements
– Notifications to FINRA – Exceptions
© Morgan, Lewis & Bockius LLP 16
8/12/2019 OutsourcingFinancialServicesIndustry_22march12
http://slidepdf.com/reader/full/outsourcingfinancialservicesindustry22march12 16/39
Restrictions for Clearing and Carrying Firms – A clearing or carrying member shall “vest” an associated
“ responsibility” for:
• The movement of customer or proprietary cash or securities;
• The preparation of net capital or reserve formula computations;and
• The adoption or execution of compliance or risk-managementsystems.
© Morgan, Lewis & Bockius LLP 17
8/12/2019 OutsourcingFinancialServicesIndustry_22march12
http://slidepdf.com/reader/full/outsourcingfinancialservicesindustry22march12 17/39
Clearing and Carrying Firms Must AdoptProcedures to:
– Enable the firms to take “prompt corrective action” toachieve compliance with applicable securities lawsand FINRA and MSRB rules
– Approve transfer of third-party service providerduties to a subvendor
© Morgan, Lewis & Bockius LLP 18
8/12/2019 OutsourcingFinancialServicesIndustry_22march12
http://slidepdf.com/reader/full/outsourcingfinancialservicesindustry22march12 18/39
8/12/2019 OutsourcingFinancialServicesIndustry_22march12
http://slidepdf.com/reader/full/outsourcingfinancialservicesindustry22march12 19/39
o ca on mus nc u e:
– Functions being performed by a third-party service
– Identity and location of the third-party service provider (and
subvendors if known)
– The identity of the third-party service provider’s regulator(if any)
– A description of any affiliation between the firm and thethird-party service provider
© Morgan, Lewis & Bockius LLP 20
8/12/2019 OutsourcingFinancialServicesIndustry_22march12
http://slidepdf.com/reader/full/outsourcingfinancialservicesindustry22march12 20/39
Exceptions:
– Ministerial activities
– Carrying agreement approved under FINRA Rule 4311
© Morgan, Lewis & Bockius LLP 21
8/12/2019 OutsourcingFinancialServicesIndustry_22march12
http://slidepdf.com/reader/full/outsourcingfinancialservicesindustry22march12 21/39
-
Status of Rule Proposal
© Morgan, Lewis & Bockius LLP 22
8/12/2019 OutsourcingFinancialServicesIndustry_22march12
http://slidepdf.com/reader/full/outsourcingfinancialservicesindustry22march12 22/39
Identifying Key Security Issues
© Morgan, Lewis & Bockius LLP 23
8/12/2019 OutsourcingFinancialServicesIndustry_22march12
http://slidepdf.com/reader/full/outsourcingfinancialservicesindustry22march12 23/39
– egu a ory equ remen s
–
• Amount of Damages vs. Service Costs
• “ ”
• Cost of Corrective Measures
– Reputational Risk
© Morgan, Lewis & Bockius LLP 24
8/12/2019 OutsourcingFinancialServicesIndustry_22march12
http://slidepdf.com/reader/full/outsourcingfinancialservicesindustry22march12 24/39
• e era eserve
– Federal Reserve Bank of New York:
• White Paper
– Independent validation of security processes
– Responsible for management
– Federal Reserve Board (FRB):
• Supervisory Letter
– Institutional controls for security are at least equivalent tointernal controls
© Morgan, Lewis & Bockius LLP 25
8/12/2019 OutsourcingFinancialServicesIndustry_22march12
http://slidepdf.com/reader/full/outsourcingfinancialservicesindustry22march12 25/39
•
– Guidance:
• Structure agreements to protect against internal and external
security threats
– Recommendations:
• Due diligence/risk assessment
• Monitoring/audit
• Termination rights
© Morgan, Lewis & Bockius LLP 26
8/12/2019 OutsourcingFinancialServicesIndustry_22march12
http://slidepdf.com/reader/full/outsourcingfinancialservicesindustry22march12 26/39
• xam na ons – , ,
– Compliance with Section 501 of Gramm-Leach-Bliley
• Comprehensive information security program to safeguard
nonpublic personal financial information
– Securit Guidelines:
• Outsourcing agreement includes all requirements contained
in customer’s internal written information security program
– Information Access:• Transparency
© Morgan, Lewis & Bockius LLP 27
• Limits on service provider
8/12/2019 OutsourcingFinancialServicesIndustry_22march12
http://slidepdf.com/reader/full/outsourcingfinancialservicesindustry22march12 27/39
en ors:
“ Don’t worry – our security protections are adequate” :
“ We will provide you the same protection
we provide for our own information”
“ We are regulated and those
regulations protect you”
“ You cannot review our internal proceduresbased on confidentiality/security concerns”
© Morgan, Lewis & Bockius LLP 28
8/12/2019 OutsourcingFinancialServicesIndustry_22march12
http://slidepdf.com/reader/full/outsourcingfinancialservicesindustry22march12 28/39
Understand the what, where, who, and how
What is the security offering vs. What are the
Work with What types of data will be processed/hosted?
– Nonpublic personal information (NPPI),Audit, Risk,
DR,Compliance
us ness-sens ve n orma on
Where are the services being provided?
How is data segregated and used? – May vary by environment (production,
© Morgan, Lewis & Bockius LLP 29
, ac up, arc ve
8/12/2019 OutsourcingFinancialServicesIndustry_22march12
http://slidepdf.com/reader/full/outsourcingfinancialservicesindustry22march12 29/39
• mpor ance o ge ng respec ve eams oge er
– Early in due diligence process – contract and exhibitdocuments align with discussions
• Comparison of security policies:
– Meeting or exceeding internal security – Bridging the gaps
– Attachment to contract
• omp e e n epen en r s assessmen
© Morgan, Lewis & Bockius LLP 30
8/12/2019 OutsourcingFinancialServicesIndustry_22march12
http://slidepdf.com/reader/full/outsourcingfinancialservicesindustry22march12 30/39
–
• on en a y rov s ons:
– Important but not sufficient – need process standards,,
– Issues:
• –
transparency/vendor confidentiality
• Segregation of Data – access and third-party information
© Morgan, Lewis & Bockius LLP 31
8/12/2019 OutsourcingFinancialServicesIndustry_22march12
http://slidepdf.com/reader/full/outsourcingfinancialservicesindustry22march12 31/39
• wners p o a a
• Limitations on Other Uses
– Backup
– Access
– Return
• Record Retention
– Policy alignment – Litigation holds/regulatory requirements
© Morgan, Lewis & Bockius LLP
– es ruc on pro ec ons
32
8/12/2019 OutsourcingFinancialServicesIndustry_22march12
http://slidepdf.com/reader/full/outsourcingfinancialservicesindustry22march12 32/39
• anges o ecur y o c es
– Regulatory Requirements (e.g. PCI)
– Customer-Initiated
• Change management process
– Vendor-Initiated
• No negative impact on security
• vance no ce ocumen a on – comp ance
• Cost issues
© Morgan, Lewis & Bockius LLP 33
8/12/2019 OutsourcingFinancialServicesIndustry_22march12
http://slidepdf.com/reader/full/outsourcingfinancialservicesindustry22march12 33/39
• us omer a a
– Compliance with GLBA
• Compliance required of subcontractors
• Ensure proper disposal of NPPI
• ,
payment for resultant credit monitoring services
– Fair Credit Reporting Act (Red Flags)
– Massachusetts Regulations
• 3/1/12 – Certification
© Morgan, Lewis & Bockius LLP 34
8/12/2019 OutsourcingFinancialServicesIndustry_22march12
http://slidepdf.com/reader/full/outsourcingfinancialservicesindustry22march12 34/39
• o on uc s u
– Existing Internal Processes – Independent Auditors
• Fre uenc
– Annual Plus
• Breaches
• o cy anges
• Vendor Audits
– Right to Notice of Results
• Regulatory Requirements• SSAE16
© Morgan, Lewis & Bockius LLP 35
8/12/2019 OutsourcingFinancialServicesIndustry_22march12
http://slidepdf.com/reader/full/outsourcingfinancialservicesindustry22march12 35/39
• “Permitted Subcontractors”
– Right of Approval/Customer Data
• Standards
– GLBA Compliance
• evocat on
– Regulatory Issues
– Change Management• Audit Rights
© Morgan, Lewis & Bockius LLP 36
8/12/2019 OutsourcingFinancialServicesIndustry_22march12
http://slidepdf.com/reader/full/outsourcingfinancialservicesindustry22march12 36/39
• or w e mo e wor er popu a on w grow o o
workforce (1.19 billion people) by the end of this year •
– Laptops, mobile devices, noncompany devices, network
connections• Align vendor policies
– Passwords, monitoring requirements, antivirus software,
local storage, encryption, incident management• Monitoring/future modifications
© Morgan, Lewis & Bockius LLP 37
8/12/2019 OutsourcingFinancialServicesIndustry_22march12
http://slidepdf.com/reader/full/outsourcingfinancialservicesindustry22march12 37/39
• equ remen s or o ce
– Security vs. Data Breach
– Investigation/Transparency/Participation
• Remediation
– eme a an – ccep ance es ng
– Change Management
© Morgan, Lewis & Bockius LLP 38
8/12/2019 OutsourcingFinancialServicesIndustry_22march12
http://slidepdf.com/reader/full/outsourcingfinancialservicesindustry22march12 38/39
• a y
– Cap Issues
• Costs of investigation/notification/monitoring excluded from
cap
– Conse uential Dama es
• Primary damage
• Exception to exclusion
• Nonexcluded but capped
© Morgan, Lewis & Bockius LLP 39
8/12/2019 OutsourcingFinancialServicesIndustry_22march12
http://slidepdf.com/reader/full/outsourcingfinancialservicesindustry22march12 39/39
international presence
© Morgan, Lewis & Bockius LLP 42
Beijing Boston Brussels Chicago Dallas Frankfurt Harrisburg Houston IrvineLondon Los Angeles Miami New York Palo Alto Paris Philadelphia Pittsburgh
Princeton San Francisco Tokyo Washington Wilmington