REGULATORY GUIDELINES PROVIDE INSIGHT INTO OUTSOURCING. The Canadian IT outsourcing market currently generates approximately $6 billion in annual



Similar documents
Managing Outsourcing Arrangements

Guidelines for Financial Institutions Outsourcing of Business Activities, Functions, and Processes Date: July 2004

Guideline. Outsourcing of Business Activities, Functions and Processes. Category: Sound Business and Financial Practices

OUTSOURCING GUIDELINES FOR BANKS AND FINANCIAL INSTITUTIONS, 2008

Revised May Corporate Governance Guideline

Prudential Practice Guide

Regulatory Compliance Management (RCM) (formerly Legislative Compliance Management (LCM))

Guidance Note: Corporate Governance - Board of Directors. March Ce document est aussi disponible en français.

GUIDANCE FOR MANAGING THIRD-PARTY RISK

Credit Union Liability with Third-Party Processors

OUTSOURCING POLICY

Good Practice Checklist

Data Management: Considerations for Integrating Compliance Requirements At Home and Abroad. Toronto, Ontario June 14, 2005

Vendor Management Best Practices

FINANCIAL ASSESSMENT CRITERIA (The Assessment Criteria should be read in conjunction with OSFI s Supervisory Framework)

PRINCIPLES ON OUTSOURCING OF FINANCIAL SERVICES FOR MARKET INTERMEDIARIES

MEMORANDUM. Date: October 28, Federally Regulated Financial Institutions. Subject: Cyber Security Self-Assessment Guidance

System of Governance

Solvency Assessment and Management: Pillar II Sub Committee Governance Task Group Discussion Document 81 (v 3)

CORPORATE GOVERNANCE GUIDELINES

POLICY STATEMENT AND GUIDANCE NOTES ON: (1) OUTSOURCING; AND

Part E: Contract management

MORUMBI RESOURCES LTD. CORPORATE GOVERNANCE GUIDELINES

Finansinspektionen s Regulatory Code

BOARD OF DIRECTORS MANDATE

Guide for Incorporating Banks and Federally Regulated Trust and Loan Companies

Statement of Guidance: Outsourcing All Regulated Entities

Mandatory Provident Fund Schemes Authority COMPLIANCE STANDARDS FOR MPF APPROVED TRUSTEES. First Edition July Hong Kong

Recognised Investment Exchanges. Chapter 2. Recognition requirements

Category: Regulatory & Legislative NOTICE* Business and Powers Ownership Interests in Commodities. No: Issued: January 2013

SUPERVISORY AND REGULATORY GUIDELINES: PU GUIDELINES ON MINIMUM STANDARDS FOR THE OUTSOURCING OF MATERIAL FUNCTIONS

Operational Risk Publication Date: May Operational Risk... 3

Managing General Agents (MGAs) Guideline

APPLICATION OF THE KING III REPORT ON CORPORATE GOVERNANCE PRINCIPLES

The Canadian Public Venture Exchange S and E

GUIDELINE ON THE APPLICATION OF THE OUTSOURCING REQUIREMENTS UNDER THE FSA RULES IMPLEMENTING MIFID AND THE CRD IN THE UK

GUIDELINES ON OUTSOURCING ARRANGEMENTS

MANDATE OF THE BOARD OF DIRECTORS STINGRAY DIGITAL GROUP INC.

COMMERCIAL LENDING POLICY DEVELOPMENT GUIDE Minimum Expectations

COMMERCIAL LENDING POLICY DEVELOPMENT GUIDE Minimum Considerations

INSURANCE ACT 2008 CORPORATE GOVERNANCE CODE OF PRACTICE FOR REGULATED INSURANCE ENTITIES

GUIDELINES ON RISK MANAGEMENT AND INTERNAL CONTROLS FOR INSURANCE AND REINSURANCE COMPANIES

PRINCIPLES ON OUTSOURCING OF FINANCIAL SERVICES FOR MARKET INTERMEDIARIES

GUIDANCE NOTE FOR DEPOSIT-TAKERS. Operational Risk Management. March 2012

¼ããÀ ããè¾ã ¹ãÆãä ã¼ãîãä ã ããõà ãäìããä ã½ã¾ã ºããñ Ã

MISSION VALUES. The guide has been printed by:

Eclipx Group Limited Risk Management Policy

GUIDANCE NOTE OUTSOURCING OF FUNCTIONS BY ENTITIES LICENSED UNDER THE PROTECTION OF INVESTORS (BAILIWICK OF GUERNSEY) LAW, 1987

APPLICATION OF KING III CORPORATE GOVERNANCE PRINCIPLES 2014

SPECIAL ISSUES IN CANADIAN IT OUTSOURCING BY C. IAN KYER AND JOHN BEARDWOOD

FMCF certification checklist (incorporating the detailed procedures) certification period. Updated May 2015

FRAMEWORK FOR INTRODUCTION OF NEW PRODUCTS...5 SUPERVISORY EXPECTATIONS ON PRODUCT RISK MANAGEMENT AND FAIR TREATMENT OF CONSUMERS...

Morgan Stanley. Policy for the Management of Third Party Residential Mortgage Servicing Providers

Bridging the Purchase Price Gap in Business Acquisitions

INSURANCE LAWS AMENDMENT BILL

Objective and key requirements of this Prudential Standard

Requirements made under the Intermediaries Byelaw

Financial Services Guidance Note Outsourcing

SUPERVISION GUIDELINE

Common Student Information System for Schools and School Boards. Project Summary

White Paper on Financial Institution Vendor Management

The Town of Fort Frances

Applications Maintenance Outsourcing Joseph Judenberg

Vendor Management Compliance Top 10 Things Regulators Expect

GUIDANCE NOTE ON OUTSOURCING

To: Our Clients and Friends March 25, 2014

OCC 98-3 OCC BULLETIN

STELLENBOSCH MUNICIPALITY

Vendor Risk Management in the New Regulatory Environment. kpmg.com

Foreign Exchange. Prime Brokerage. Product Overview and Best Practice Recommendations

AUDIT COMMITTEE CHARTER THE BOARD OF DIRECTORS OF ALLIANCE SEMICONDUCTOR CORPORATION

Advisory Guidelines of the Financial Supervisory Authority. Requirements regarding the arrangement of operational risk management

NATIONAL BANK OF ETHIOPIA MICROFINANCE INSTITUIONS SUPERVISION DIRECTORATE. RISK MANAGEMENT GUIDLEIES for MICROFINANCE INSTITITTIONS (FINAL)

ALASKA PERMANENT FUND CORPORATION

APRA S FIT AND PROPER REQUIREMENTS

REGULATORY IMPLICATIONS OF CLOUD COMPUTING. Stephen B. Kerr Partner Financial Institutions Group

Outsourcing. FSA Regulated firms (including offshore outsourcing) Contents. March 2004

Toronto, Ontario Tuesday, June 9, 2009 CHECK AGAINST DELIVERY. For additional information contact:

Prudential Practice Guide

Guideline. Commercial Lending Criteria. No: E-2 Date: June 1992

Solvency II Detailed guidance notes

CONTRACT MANAGEMENT POLICY

POV on Draft Guidelines on Managing Risks and Code of Conduct in Outsourcing of Financial Services by NBFCs

Contracting for Services

How To Manage A Corporation

THE BANK OF NOVA SCOTIA. Corporate Governance Policies

MODEL STANDARDS OF CONDUCT

July 25, Dear Sirs/Mesdames:

Alberta Pensions Services Corporation. Business Plan

The role and function of insurance company board of directors risk committees

FUNCTION (X) INC. (the "Company") COMPENSATION COMMITTEE CHARTER

Proposed Principles to be addressed in APES GN 20 Outsourced Accounting Services

Guideline. Large Exposure Limits. Category: Prudential Limits and Restrictions. No: B-2 Date: August I. Introduction

DEFENSE RESEARCH INSTITUTE RECOMMENDED CASE HANDLING GUIDELINES FOR INSURERS

First Nations Wealth Management through Good Governance

RISK MANAGEMENT AND COMPLIANCE

Re: CAPSA Pension Plan Governance Guidelines and Self-Assessment Questionnaire

THE OPTIONS CLEARING CORPORATION BOARD OF DIRECTORS CORPORATE GOVERNANCE PRINCIPLES

Are You Ready for the New Foreclosure Processing Regulations?

COMPUTERSHARE TRUST COMPANY OF CANADA BASEL III PILLAR 3 DISCLOSURES

Transcription:

REGULATORY GUIDELINES PROVIDE INSIGHT INTO OUTSOURCING By C. Ian Kyer and Warren Sheffer The Canadian IT outsourcing market currently generates approximately $6 billion in annual revenue with forecasted annual growth of about 10 per cent. 1 However, expansion in outsourcing activity, is not simply relegated to the information technology sector. In fact, the growing number of business operations that organizations are presently choosing to outsource from human resource functions to real estate administration -- seem only to be matched by the growing variety of reasons that such organizations choose to outsource from cost considerations to improved customer relations. Having a clear understanding of the varied reasons behind why one s oganization wants to outsource a particular function, as well as the expectations of doing so, is crucial to a successful redeployment. In this regard, decision-makers are wise to pay heed to the Socratic maxim know thyself prior to undertaking an outsourcing, and to appreciate the fact that outsourcing is not a strategy in and of itself but rather can be part of a good overall corporate strategy. 2 Without such introspective forethought, an organization risks failing to fully realize the significant benefits that can come from an outsourcing arrangement. 1 M.Snell, Outsourcing IT Functions paper presented at Ontario Bar Association conference, March 21, 2003. 2 G.Kimball, Outsourcing Business Processes: Building Successful Contracts (March 2003) The Licensing Journal 13.

- 2 - It is upon this fundamental principle that the Office of the Superintendent of Financial Institutions (OFSI) 3 has crafted its Guideline for Outsourcing of Business Functions by federally regulated financial institutions (FRFIs). 4 This article explores the Guideline: however, it is not about the OFSI or FRFIs per se. 5 Instead, it is our aim to show how the Guideline can be generally instructive for organizations that are considering outsourcing activities. Accordingly, we will explain the main components of the Guideline with a view to demonstrating how organizations can adopt them as part of a good corporate strategy. The Guideline, while specifically applicable to FRFIs, provides a useful host of considerations and recommendations that all organizations can and should employ before embarking on an outsourcing arrangement. By following the prescriptions of the Guideline, an organization can more clearly identify what it expects to gain from outsourcing one or more of its functions, and in this way can help ensure that it gets what it wants. Overview of the Guideline The Guideline requires FRFIs to develop a risk-management program for outsourcing activities that: 1) establishes an outsourcing risk philosophy; 2) identifies material outsourcing risks, existing or potential, to which the FRFI is exposed; 3) establishes sound and prudent policies 3 OSFI supervises and regulates all banks, and all federally incorporated or registered trust and loan companies, insurance companies, cooperative credit associations, and fraternal benefit societies and pension plans. OFSI draws its authority to regulate from the Office of the Superintendent of Financial Institutions Act. 4 Outsourcing of Business Function by FRFIs, No. B-10, May 2001. 5 Interestingly, the Ontario Securities Commission ( OSC ), in connection with its recent continued recognition of TSX Inc. ( TSX ) as a stock exchange, and the recognition of the TSX s parent, TSX Group Inc., as a stock exchange, has mandated that the TSX comply with certain outsourcing rules which share similarities to the provisions of the Guideline.

- 3 - governing the risks which arise from outsourcing business functions; and 4) monitors and controls associated risks. 1. Outsourcing Risk Philosophy Establishing an outsourcing risk philosophy involves setting out the objectives of the organization s outsourcing strategy, which may include controlling costs to improving the quality and/or the efficiency of the outsourced function, as well as the parameters for the control of the associated risks. Such risk parameters will be informed by the importance of the function(s) the organization intends to outsource within the context of the organization s overall structure and the organization s ability to absorb losses. This exercise of examining the objectives and risks of outsourcing is an important first step in guiding the organization in contracting with its service provider. 2. Identifying Material Outsourcing Risks (a) Risk/Materiality Assessment and Risk/Materiality Criteria Pursuant to the Guideline, FRFIs are required to evaluate the risk and materiality of existing and proposed outsourcing arrangements in order to determine whether such arrangements are subject to the provisions of the Guideline. Risk and materiality are to be determined against at least six weighted factors (the Guideline Factors ), the weighting of which, may vary depending upon the nature of the function to be outsourced:

- 4 - (i) Importance of business activity or function if the function is considered to be critical or important to the major objectives of the FRFI such function is considered material; (ii) Importance of outsourcing arrangement to the business activity if the outsourcing arrangement encompasses more than 25 per cent of the total business, it is considered to be material against this factor; (iii) Size of contractual expenditures if the function exceeds one per cent of the FRFI s net assets it is considered to be material; (iv) Potential impact of the outsourcing arrangement on the FRFIs external customers and/or reputation if more than 10 per cent of a FRFI s external customers are directly impacted by the outsourcing or if the FRFI s reputation could be impacted, the arrangement would be considered material; (v) Ability to replace the service provider at reasonable cost and in a timely manner if the service provider could not be replaced within 60 days and at an annual cost not exceeding 120 per cent of the previous year s annual cost, the outsourced function would be considered material; (vi) Likelihood that the service provider may become insolvent/be unable to continue service if there is a reasonable possibility that the service

- 5 - provider could be unable to continue service during the term of the contract, the arrangement would be considered material. In the event that a weighted assessment of the Guideline Factors reveals a score of more than 50 out of 100 (a Positive Assessment ), the Guideline s provisions on mitigating the risks associated with outsourcing are to govern the FRFI s outsourcing arrangement. For non-frfis, simply being aware of the Guideline Factors can be useful. However, more important is the development of awareness of the Guidelines provisions on mitigating risks, to which we now turn. 3. Sound and Prudent Policies Governing the Risks A FRFI that has completed a Positive Assessment must ensure that the following provisions designed to mitigate risk are established in respect of its planned outsourcing arrangement. (i) Approval Authorities OFSI takes the position that clearly defined and appropriate levels of authority for approval are required to help ensure prudent outsourcing decisions. Accordingly, OFSI states in the Guideline that delegation of authority must be clearly documented setting out, among other things, the positions or committees to whom authority is delegated and the scope of such authority. (ii) Capability/Expertise of Service Provider OFSI stipulates two components upon which the FRFI must assess its service provider. First, the FRFI must ensure through its own due diligence that its proposed

- 6 - service provider has sufficient capability and expertise to undertake the outsourced function. OFSI states that the FRFI should consider the service provider s experience, business strategy, human resource policies and service philosophy. Second, the FRFI must satisfy itself that its proposed service provider has sufficient financial resources to provide the contracted services on an ongoing basis. OFSI recommends that this be evaluated by reviewing publicly available financial information as well as internal audit reports of the service provider. (iii) Acceptable Contract for Services OFSI requires that service contracts contain provisions on the following key elements: Service Levels and Performance Standards; Audit Rights and Monitoring Procedures; Contingency Planning; Defaults and Termination; Pricing; Resolution of Differences; and Confidentiality and Security. 6 Service Levels and Performance Standards OFSI suggests that the FRFI s service provider contract address the frequency, content and format of the service being provided; time schedules for receipt and delivery of work, including processing priorities; performance benchmarks, some of which may trigger an event of default if not redressed, and the associated measurement system. Moreover, OFSI makes the important observation that contract provisions should be

- 7 - sufficiently flexible to accommodate both new services and modifications to existing processes. Audit Rights and Monitoring Procedures OFSI requires that the FRFI monitor the outsourced business function, which it recommends may take the form of regular and formal meetings with the service provider and/or periodic reviews to measure the success of the outsourced function. OFSI states that responsibility for auditing contracts must be assigned to an internal auditor who has sufficient expertise to identify issues related to the business function or to a qualified member of management not involved in the outsourced business function. Contingency Planning OFSI dictates that the FRFI s service provider contract must provide for backup records and facilities. It recommends that a disaster plan detailing how the outsourced function will continue in a disaster be contained in the service provider contract. Defaults and Termination OFSI notes in the Guideline that there can be significant risks associated with contract defaults and/or termination. Accordingly, OFSI states that termination possibilities must be contemplated in the contract, indicating which party can bring about contract termination, when it is triggered, how it is exercised, the right and 6 OFSI also requires that service contracts contain financial reporting and retention of records requirements, which will not be discussed here.

- 8 - responsibilities of each party, and what sort of transition assistance must be made available. Pricing With respect to this contractual element, OFSI suggest that [w]hen comparing the pricing of competing outsourcing proposals, FRFIs should measure long term stability and viability against potential shortterm cost savings. OFSI also suggests developing mechanisms for the sharing of unanticipated gains or short falls and incentives for reducing costs. Resolution of Differences OFSI advocates incorporating resolution mechanisms that include provisions covering service levels during a dispute, escalation procedures, and differences resolvable by arbitration, mediation and other means of dispute resolution. Confidentiality and Security OFSI states that a FRFI s service provider contract must address which party has responsibility for protection mechanisms, the scope of the information to be protected, and the powers of each party to change security procedures and requirements. 4. Monitoring and Controlling Associated Risks A FRFI s risk management program is also to address the monitoring and control of the risks that its outsourcing policies are designed to mitigate. OFSI supports a FRFIs use of audits to ensure, for example, that its risk-management policies and procedures for outsourcing are being

- 9 - followed internally and externally and that personnel involved in outsourcing risk-management have the expertise required to make effective outsourcing decisions. In this vein, OFSI also recommends the periodic review of a FRFI s risk management program by the FRFI s Board of Directors. There is no magical outsourcing formula that will guarantee the success of an outsourcing arrangement. However, taking notice and consideration of the foregoing Guideline prescriptions can help an organization be clear on its outsourcing needs and expectations.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information