They have to take swift action to remediate mandates and enforcement actions issued in response to regulatory non-compliance. But these projects require substantial resource, posing something of a dilemma for the organisation. Should the Business As Usual (BAU) team be built out or remediation outsourced to a third party?
A remediation team has to be able to identify how products and services and processes need to be changed and to provide redress to the affected customer population. This requires specialist skill sets such as knowledge of regulatory requirements, industry best practice, operational risk and information security and an understanding of how automated solutions can be used to improve workflow and task management, adding IT skills to the mix. It’s this combination of people, process and technology that makes for an effective remediation team.
Achieving this inhouse can be challenging. It’s possible to build out the BAU team by bringing in additional people with legal, regulatory and technological acumen although it’s difficult to justify the investment. Admittedly, bringing these skills into the organisation gives the business ownership of the process, enabling it to respond to customer issues speedily, but the resource cannot scale to meet the needs of larger remediation projects.
Insourcing ultimately prevents the business from flexing to meet remediation demands.
It saddles the business with unnecessary overheads and the maintenance of that resource - from ongoing staff training to maintaining remediation workflow solutions - and then there’s the issue of compromise of that resource. Staff churn can see expertise lost. Technology can age and depreciate.
Outsourcing as an option
The alternative is to use a provider that can scale to meet demand and has the flexibility to offer what is needed, from an end-to-end independent project, to an integrated BAU operation or a fully managed end-to-end service. Outsourcing alleviates pressure on the internal BAU team and frees them to focus on their core competencies while the external team brings to the table a wealth of expertise, having previously worked as actuaries, auditors, bankers, consultants, or former regulators.
For most organisations, it’s simply not financially viable to retain either the range of expertise or capacity to undertake remediation programmes on a permanent basis, making outsourcing projects the most flexible and cost effective option. The issue then becomes of how to go about selecting a suitable provider. Key questions to ask are:
- Scope: Can the provider meet the full gamut of requirements associated with the project from assessment to reviews and redress and payment processing? If the provider can meet end-to-end commitments this will prevent piecemeal provisioning and reduce risk.
- Experience: Does the provider have the requisite expertise? Does it have other clients in your sector? Does its regulatory knowledge go to enable you to deliver the right evidence of compliance? Can the provider demonstrate success in previous projects? Does it have the skillsets you require?
- Transparency: Is the provider able to provide you with the deep dive analytics required? Can it provide actionable intelligence from the Management Information and Root Cause Analysis (RCA)? Does the remediation solution monitor for non-compliance going forward?
The FCA Handbook also contains some useful pointers under SYS 13.9 Outsourcing on how financial firms should critically assess the proposed remediation solution by examining:
- Suitability: How will the provider’s arrangement fit within the business and its reporting structure, overall risk profile and allow the business to meet its regulatory obligations?
- Risk: How will the agreements established with the provider allow the business to monitor and control operational risk exposure associated with outsourcing.
- Due diligence: Assess the provider on the merits of its financial stability and expertise
- Handover: How will the business ensure a smooth transition of operations? Does it have an exit strategy for when the contract ends?
- Business continuity: Look at any conflicts of interest if the provider is used by several firms and any associated risk implications.
Once the organisation has worked through these criteria it should put in place a clear framework and Service Level Agreement (SLA) to ensure provision meets requirements, thereby reducing risk, and with these in place the business will have at its disposal a scalable resource. A resource that is now not only the most cost effective way to meet the challenge of remediation projects that are part and parcel of the regulatory landscape, but a resource that is also fast becoming the only way to tap into the specialist skillsets and knowledge required to enhance the customer experience.