Outsourcing has gone through a myriad of trends over the last ten years. From focus on the back office, to middle office outsourcing, and then to consolidation of providers – what has become apparent is the need for a strong, risk-based oversight model. The need for this oversight model is even more imperative in the U.S. based on the SEC’s recent rule proposal requiring registered investment advisers to conduct due diligence and define monitoring standards prior to outsourcing certain services and functions to third-party service providers (Investment Advisers Act of 1940, 206(4)-11). For investment organizations that currently have or are moving towards outsourcing relationships, there are multiple aspects of an oversight model which need consideration, three of which are explored in more detail in this article:
- People and Culture
- Evidencing and Key Performance Indicators
- Continuous Monitoring and Evaluation
People and Culture
While people and culture need to be at the forefront of a COO’s mind continuously, there are certain points in an outsourcing lifecycle that require particular focus.
If outsourcing for the very first time, employees can be defensive about work completed and worried about job security. To add to this, there is a need for people to switch from thinking about the ‘doing’ to the ‘reviewing,’ which can be a hard transition. There can also be temptation, whether through primary or secondary outsourcing, to move from a service provider’s standard operating model to a client-specific operating model, often leading to increased operational risk and issues in the long term.
There are several actions which can help mitigate these potential issues, with just a few examples listed below:
- Outlining agreed upon project guidelines at the beginning – this should include the use of the third parties’ standard operating model unless there are exceptional circumstances.
- Involvement of the asset manager’s operations teams from the requirements gathering phase – this can put pressure on an asset manager’s operations teams in the short-term as there is still the need to complete current BAU processes at the same time as implementing change. However, by socializing and involving the BAU operations teams from the beginning, knowledge transfer is more efficient and thorough. While it can also seem efficient to employ contractors to support the transition, it is best practice to backfill BAU staff so they can work on the project while contractors complete BAU tasks. This will maintain the knowledge transfer to staff who will be conducting the oversight in the long run.
Evidencing and Key Performance Indicators
A Service Level Agreement (SLA) framework should encompass Key Performance Indicators (KPIs), measured processes, and a service statement. The framework requires approval at the most senior level from both parties to ensure those ultimately responsible for performance and the relationship can be held accountable. An optimal SLA framework will need to demonstrate for Senior Management that both Business and Regulatory standards are being met, where the KPIs are set to manage critical processes enabling further evidencing of the service provided.
KPIs consist of a small subset of business-critical service metrics related to the third-party deliverables, taken across all process areas covered in the SLA, often used for Management Information (MI). These KPIs must be measurable, tailored, and controllable (a mix of standard industry-wide metrics and company specific metrics works the best). Additionally, a failure to meet an agreed KPI continually will often result in ‘Service Credits’ which can result in financial penalties for the third party. Although some managers believe service credits create the wrong culture/relationship, there needs to be a “so what” when KPIs are regularly missed.
In regions where the maturity of the outsourcing market is low:
- It is critical to get an external view of what good looks like for industry-standard KPIs to ensure acceptance thresholds are set appropriately – this will avoid scenarios of KPI reports painting a picture of the service provider delivering outstanding service when in fact the service quality is falling short of expectations and service credits should be triggered, or vice versa.
- KPIs should focus on what is under the service provider’s control to ensure they are meaningful and include both quality and timeliness of service delivery, not just one or the other.
- A small number of critical KPIs could be used for business-critical processes.
In regions where there are multiple service providers in the operating model, for example multiple custodians:
- It is critical to ensure the providers are well-integrated to avoid the risk of the investment organization acting as the ‘bridge’ between multiple providers.
- For organizations which have global and local outsourcing relationships, ensure KPIs and SLAs are inclusive of the wide range of partnerships with local servicers in key markets.
Continuous Monitoring and Governance
There are three key areas of Best Practice for an asset manager to consider and which are expected to demonstrate that the asset manager can provide adequate checks and challenges to a third party, while also identifying and escalating issues in a timely fashion.
- Process – documentation must include a thorough step-by-step definition of business processes, activities, and roles and responsibilities between the asset manager and the third party. This documentation should be supported by an automated workflow tool. Best Practice is for an asset manager to have live access to the workflow tool, so they can monitor activity in real-time.
- Monitoring – Management Information (MI) which clearly highlights areas of attention should flow through bespoke dashboards created to highlight historical areas where issues have arisen, as well as the key risks associated with these issues. Dashboards should be easily filtered and clearly highlight areas of concern and where KPIs or SLAs have been missed.
- Governance – Governance forums should look to review the KPIs and SLAs regularly with the third party to ensure they are adequate given the risk profile of both organizations, but also to maintain relevance through an ever-changing environment. Care must be taken to document the frequency of review (two to three reviews over five years, for example) in the contract between the asset manager and the third-party provider. Governance meetings should be scheduled at a frequency which not only suits both the asset manager and third party, but also the nature of events and issues in recent weeks / months. More frequent governance forums may be needed when there has been an increase in severity / occurrence of events.
Implementing best practice across People and Culture, Evidencing and KPIs, and Continuous Monitoring should result in an oversight model which is able to identify issues early and can determine clear actions while maintaining a harmonious working environment across the third party and asset manager. An oversight relationship where the two parties jointly agree to SLAs and KPIs and are transparent with one another in their oversight model is one which will be the most successful in the long run. While the SEC rule change is currently in the proposal stage, following this approach will help investment advisers significantly de-risk relationships with third-party outsource providers and future-proof outsourced operating models.
We would be delighted to discuss both our experience and capabilities with you in the context of these findings and broader market trends, to explore how your organization could benefit. For further information please contact us here.