5 key criteria when evaluating your financial regulation managed services partner

02 December 2020

Institutions are facing narrowing margins and increased cost pressures to manage their processes at a time when regulatory scrutiny and the need for greater due diligence is increasing. In a bid to enhance efficiency, operations teams are outsourcing low-value, manual processes that don't differentiate their services to external partners so that they can focus on the value-add processes, such as risk assessments and reviews.

Operational efficiencies are a key driver in the adoption of managed services, as operations teams seek to replace complicated, cross-functional workflows with a centralized process led by a managed services partner. The right managed services partner can further centralize and streamline complex activities such as KYC reviews or refreshes using data automation and web scraping technologies that many organizations are unable to develop and maintain internally without a significant and ongoing investment. Some partners are further able to accelerate risk and regulatory activities by conducting searches against their own extensive data inventories.

The efficiencies gained by outsourcing these manually intensive processes is considerable—and sometimes even transformative. In IHS Markit's own managed services for risk and compliance teams, we have been able to reduce the operational burden for our clients up to 75%. The ability to hand off the vendor review processes has reduced effort by 50% for business owners and 60% for SMEs.

But achieving these efficiencies means choosing the right service partner. The quality of the service team, the underlying technologies that support service delivery and many other factors can impact the value that internal teams see from a managed services engagement.

To identify a partner who can deliver the greatest benefit to your organization in terms of enhanced efficiency, peace of mind and value add, ensure that these five key considerations are included in your evaluation of a managed services partner.

Data-enriched service delivery

Compliance requires the collection of extensive data and documentation from reliable sources. As an example of the quantity of data required for global KYC and onboarding activities, IHS Markit maintains a proprietary fund dataset that covers over 230,000 active funds in addition to a data inventory that currently includes over 50,000 validated KYC profiles and 40,000 vendor profiles.

Managed services partners with access to robust datasets offer their clients an advantage in terms of the accuracy and speed of their KYC and onboarding processes. By including data resources as a point of comparison between managed services vendors, you can ensure that the service provider you select will be ready to support greater agility and help you achieve your target operating model.

Robust, interoperable technology

The technology that supports managed services is as important as the skills and experience levels of the people on your outsourced team. Make sure that the providers under consideration demonstrate that they have invested, and will continue to invest, in a full suite of technology solutions to support document exchange, data automation and tax validation.

It's equally important to ensure that these technologies can be integrated easily into your workflows and those of your counterparties. Look for platforms that are API-ready so that they can be connected to your own internal systems to facilitate the transfer of information and ease the workflow. For situations where API connections are not possible, providers should be able to offer SFTP drop sites, data portals and VPNs to facilitate the flow of post-review information and documentation into the client's system of record.

Technologies built on open architecture support even greater connectivity by enabling providers to connect to the client's auxiliary service providers to enhance workflow speed and coordination. The ability to establish a connection with a screening provider's systems, for example, can create a swift and seamless flow from AML review to screening to resolution to completed KYC review.

Ability to scale and flex as required

One of the hallmarks of an effective managed services relationship is the ability to expand, contract and adapt service delivery based on the client's needs. Providers should be able to support a flexible staffing model that includes onsite, offsite, onshore or nearshore deployment. They also need to demonstrate the capacity to support engagements of any size and scope, handle any volume increases or transition from short-term projects to longer, more permanent engagements, such as managing your tax validation process or running your KYC refresh program.

Depending on your organizational needs, you may also want to prioritize a provider that offers global coverage, multi-language service delivery and around-the-clock support throughout the work week.

Documented quality control processes

There is no room for error when it comes to regulatory compliance and risk mitigation. A managed services provider should be able to demonstrate the ability to deliver the highest levels of oversight and quality control.

Make sure that service delivery staff undergo rigorous training at the outset of each new engagement to provide them with a high degree of familiarity with the nuances of your organization's policies and procedures. Periodic refresh training should also take place to ensure all feedback and subsequent changes are communicated and reinforced across the broader team. End-to-end project management should be overseen by a primary point of contact to provide transparency and accountability.

For every service engagement, whether it's the delivery of KYC, outreach or tax validation services, the process should involve stringent quality control checkpoints staffed by subject matter experts who can confirm that delivery teams have followed policies and procedures. Further, those policies and procedures should be clearly documented and made accessible to the client in order to support their own internal review and any audit activities.

Rigorous security protocols

Financial services organizations need to maintain rigorous security at all times, and those security standards extend to the managed services providers they work with. A prospective service partner should be able to demonstrate the highest levels of control and oversight, including extensive background checks conducted on each staff member who joins the service team. Ideally, the provider will also be able to support the creation of a clean room environment, including secure workstations in an access-restricted environment, isolated and highly restricted network access, locked printer and scanner access, prohibition of mobile devices and other handheld devices and on-site video surveillance.

Service providers must further demonstrate that they submit to annual SSAE Type II audits and a semi-annual attestation, including an onsite visit by independent auditors. And as providers transition to full or partial remote service delivery, it's particularly important to find out how they are adapting security protocols in order to ensure continued protections for their clients.

The freedom to focus on what matters

Managed services can help risk and compliance teams delegate non-value add activities so that they can focus on high-value activities that contribute to the organization's reputation and competitive advantage, but the selection of a service partner requires careful consideration. Ensure that the provider you choose can deliver the data resources, supporting technology, and operational flexibility, control and security that support the unique requirements of your organization and its regulatory realities.

IHS Markit provides industry-leading data, software and technology platforms and managed services to tackle some of the most difficult challenges in financial markets. We help our customers better understand complicated markets, reduce risk, operate more efficiently and comply with financial regulation.