|
Financial institutions increasingly rely on third parties to provide their core business processes and information technology. With the rapid growth and spread of outsourcing in the financial services market, the key question is how to establish a governance framework to limit agency problems and manage risk.
Authors find that most financial institutions mention IT and data management systems as the most frequently outsourced activities, together with traditional accounting and compliance processes as the next most common outsourced activities. In making the decision to outsource, they find that financial institutions place the most emphasis on the overall cost and competitive benefits of outsourcing. Moreover, institutions outsource for a variety of other important reasons, including access to specific knowledge, greater focus on core processes, scalability, and increased service-level performance. Authors show that the outsourced activities that pose the most risk are data management and core business processes. They further examine how and to what extent different types of risk affect the outsourcing relationship. They find that a number of factors, including frequent staff and senior management changes, will contribute to the increased likelihood of fraud.
Next, they study the governance mechanisms of outsourcing and the institution’s ability to monitor third parties. Authors find that firms rely mainly on internal auditing and whistleblowing to uncover fraud in third-party relationships. Firms also use several specific actions to detect fraud: site visits and special investigative team monitoring are examples of techniques that firms employ to monitor fraud risk. Finally, they investigate contractual termination as a response to supplier misconduct. They find that vendor dependency and product complexity play a pronounced role in delaying the termination of the contract. Their results suggest that there are great difficulties associated with replacing a supplier, suggesting that well-designed contingency plans are important.