HomeBusiness DigestRegulating outsourcing financial services

Regulating outsourcing financial services


Dr Alex T Magaisa

THE outsourcing of business functions and activities is a growing trend in the business community in many parts of the world.



na, Arial, Helvetica, sans-serif”>In basic terms, outsourcing refers to the phenomenon whereby a business entity enters into an agreement with another entity to perform a business activity or function on its behalf.


In the absence of empirical research, it is difficult to gauge the level of outsourcing within the financial services industry in Zimbabwe. However, we proceed on the assumption that there is some outsourcing that takes place, and even if it is insignificant at this stage, there is every chance that following global trends, it will certainly grow in time to come.


That way we could prepare policies that the regulatory authorities such as the RBZ might need to adopt to confront the challenges.


Outsourcing can take place between companies in the same financial group. It could also involve an outside company. Also, functions may be outsourced to a company within or outside the relevant jurisdiction – Zimbabwe.


In the latter case, a number of issues arise that require careful attention before outsourcing can take place.


Financial services companies outsource their functions for various reasons.

The grounds that are commonly cited are to achieve economies of scale, to improve the quality of service by outsourcing certain functions to specialised service providers and in some cases, to utilise expertise that is not ordinarily available in the company or the jurisdiction.


In this case, one might think of the shortage of actuaries whose expertise is critical in the insurance industry, and companies might therefore need to outsource certain actuarial functions to entities in South Africa.


It could also be that functions are outsourced to places where labour costs are cheaper. This is a common trend in the UK and other Western countries where companies are outsourcing the customer service functions to companies in jurisdictions like India where labour costs are lower.


Nonetheless, despite the advantages that outsourcing might bring, there are risks that arise which require the attention of both the regulator and management.


The problems arising from outsourcing include reduced levels of protection to financial services clients where services are carried out by a non-licensed entity. Additionally, it may be that the financial services company outsources functions in order to circumvent legitimate regulatory legislation within the particular jurisdiction.


Therefore, there are risks to the consumer, that is the depositor, the investor and the employees, etc that arise from outsourcing, while from a supervisory point of view the regulators might find it hard to keep the regulated entities within their grasp.


This is especially the case where the regulated entities outsource to companies outside the jurisdiction. The main challenge is to mitigate the risks and enable the regulatory authorities to retain oversight in relation to outsourced functions.


The chief point is that the authorities must ensure that they remain in a position whereby they are able to monitor compliance with the laws of the service providers to whom functions are outsourced.


Primarily, this requires the regulated entities to retain a physical presence within the jurisdiction. Alternatively, where it is necessary to outsource beyond the border, there should be safeguards to ensure that the regulatory authority is able to access and gather the necessary information to monitor compliance. Most jurisdictions have dealt with the problem of outsourcing by issuing guidelines to financial services businesses in their jurisdictions.


The principal way of maintaining oversight is to require all outsourcing proposals that involve material (core) functions to be approved by the regulator, in the case of Zimbabwe being the RBZ.


This can be achieved through simple guidelines or secondary legislation prepared in consultation with industry. The proposals must meet certain specifications and should contain the required levels of information. The main types of information required are as follows: the details of the outsourced function to help the authority to determine whether or not it is material, the rationale for outsourcing to establish whether there are sufficient and genuine grounds for outsourcing, the details of service provider to whom the outsourcing is granted in order to judge its credentials and suitability and the methods that the regulated entity will employ in order to retain the ability to control and monitor the outsourced function.


It is especially significant where the service provider to whom functions are to be outsourced, is based in a foreign jurisdiction. The regulatory authority must be satisfied that it is able to obtain access to supervise or at least to information from the service provider in that foreign jurisdiction.


Where it is unable to do so, its supervisory capacity is undermined and this increases the risk factor of the regulated entity. In the financial industry it may be useful to consider two critical things: first, whether or not the service provider is also a regulated entity which is licensed to carry out the type of functions to be outsourced to it and secondly, whether the jurisdiction in which it is based has bank regulatory laws conforming at least to the levels prescribed under the Basel Committee Core Principles of Banking Supervision.


It may also be necessary to ensure that there is an information sharing agreement with the regulator in the jurisdiction where the service provider is based. At the very least, before approving the outsourcing proposal, the regulatory authority must ensure that the service provider gives consent for its home regulator to supply information whenever called upon to do so.

That way, at least the RBZ is in a position to retain some measure of control over the outsourced function even though it will be carried on outside its jurisdiction.


There are also other key points such as the fact that accountability for the outsourced function ultimately rests with the regulated entity in Zimbabwe. It is important to insist that the board and management carry out a due diligence test on the service provider to whom a function is to be outsourced. In doing a due diligence test, it checks whether the service provider would meet the test as to whether it is “fit and proper” to carry out banking business or that function in the jurisdiction.


The due diligence test helps to determine whether the service provider is capable of delivering the service, whether or not it has integrity and indeed whether or not there are conflicts of interest. The regulator could also insist on checking the due diligence report before allowing the proposal to outsource.


Ultimately, the board and management should be responsible for the risks even those that materialise when the function is outsourced. Therefore, it is important to ensure that the internal and external controls to assess and manage risk are well-established.


There are also other concerns of a legal nature, such as the effect of outsourcing on the principle of confidentiality of customer information. It is well-known that the relationship between the banker and customer is underpinned by the principle of confidentiality. The outsourcing of certain core functions can impact negatively on confidentiality. It becomes a source of concern to the regulator, which is responsible for protecting consumer interests.


But the financial entity must also be careful because it could face litigation from its customers for breach of the duty of confidentiality in certain cases. It could be that a bank might outsource functions to a foreign company where confidentiality rules are not respected and this could pose some legal difficulties for customers and the bank or even the regulator for failing to properly supervise banks under its jurisdiction.


* Dr Alex Magaisa is a specialist in corporate and financial services law and can be contacted at wamagaisa@yahoo.co.uk.

Recent Posts

Stories you will enjoy

Recommended reading