Global Innovator Mike Pierides on Outsourcing in the Financial Services Industry | Morgan Lewis – Engineering & Procurement
We spoke to them as part of our Spotlight series Mike PieridesDeputy Head of our Technology, Outsourcing and Commercial Transactions team and Co-Head of our Digital Solutions Industry team, on Outsourcing in the Financial Services (FS) Sector.
From an outsourcing perspective, what differentiates the financial services sector from other sectors?
The FS sector continues to be at the forefront of outsourcing development and innovation as it pushes cloud and AI adoption, and is arguably the sector that really was the first step in outsourcing (although I’m far too young to know to remember). . This makes it a very mature outsourcing sector that brings with it positives such as a sophisticated understanding of outsourcing, but also some negatives including significant and complex legacy systems that can make transitioning to new technologies difficult and expensive.
Regulation is also an important differentiator from most other sectors, which has shaped many contracting approaches in this sector.
Tell us a little more about the regulatory framework.
The European Union and the UK have largely paved the way with a number of outsourcing-related FS policies developed over the last 20 years. There are now specific guidelines from the European Banking Authority, the European Securities and Markets Authority for investment companies and the European Insurance and Occupational Pensions Authority – which are broadly, but not entirely, aligned. The UK has similar rules in place.
The United States also has similar federal and state policies. One of the most important developments in the US is the proposed “Guidance on Third-Party Relationships: Risk Management” issued for consultation by the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation and the Office of the Comptroller of the currency.
What do these regulations include?
A key issue for all regulators is ensuring adequate controls for the institution and its regulators over the outsourced functions so that they can monitor and audit them while they exist, or terminate them and bring them back in-house or outsource them elsewhere if it is problems with the delivery. Another important issue is information security. Ultimately, the regulations are about reducing the risk of using a third party to perform a function of the institution.
The current direction is certainly more regulation rather than less, and outsourced arrangements or even SaaS and cloud-based arrangements such as CRM platforms, deal execution platforms, virtual desktop infrastructures, etc. all fall within the remit of regulation.
What influence do they have on the negotiation of outsourcing contracts?
My experience is that FS outsourcing transactions usually take longer. In general, there is a good understanding of the issues to be solved throughout the industry and also among industry suppliers, but when there is a lack of understanding or a cautious interpretation or even misinterpretation of the regulatory requirements, then this inevitably slows down the negotiations.
The considerable need for interaction with small and medium-sized companies whose functions are subject to these regulations, for example in the context of infosec, also increases the time and complexity.
The regulations can also act as a kind of barrier to entry for new suppliers without the experience and knowledge of the FS sector.
Finally, you mentioned legacy systems and digital transformation; can you add a few words to that?
We have advised on a number of FS-related transformations as institutions such as banks or insurance companies wish to migrate from or overlay their core legacy systems to cloud-enabled or cloud-native solutions. Of course, these are business-critical activities as FS institutions try to automate processes or use digital platforms to serve and interact with their customers.
Digital transformation is also potentially risky and, particularly in a regulatory context, any material adverse impact on services during the transformation is unacceptable to the institution or its regulators. While the key challenges at one level may seem mostly technical – for example, ensuring that the functionality of the new system is aligned with the customer’s requirements, ensuring that data is mapped and transferred without major problems – it is usually not the technology, which fails. More often, it’s bad interactions between people, the customer’s teams and the supplier’s that cause the most problems.
The outsourcing contract and its enforcement are very powerful tools, perhaps the most powerful next to executive engagement, to motivate and stimulate appropriate behavior on both sides. In my view, ensuring that the contract holistically addresses the transformation plan and processes, with associated change mechanisms and commercial incentives and disincentives, is imperative to ensure transformation success and mitigate the institution’s risk of embarking on a transformation program.