Outsourcing Compliance?


As compliance expectations periodically grow, the need to look external is driving the compliance outsourcing trend. Increasingly stringent regulations, the talent crisis and diminishing compliance budgets are the pressures driving outsourcing, alongside the rising reputational pressure connected to compliance scandals.

One-quarter of companies have already turned to these third-party options such as consultants or law firms in attempts to elevate the regulatory compliance burden according to Thomson Reuters ninth annual Cost of Compliance report. Through outsourcing, Chief Compliance Officers, Chief Risk Officers and the wider compliance teams can pivot focus to core business functions, which is essentially the underlying intention of outsourcing.

Deloitte’s research found that “a strategy of selective outsourcing – choosing which compliance processes to conduct in-house and which to outsource – can enable the organization to improve its allocation of resources.” Boasting quality and specialisation, when operational functions are outsourced to third parties, internal focus can turn to revenue and big-picture initiatives. These third parties are characteristically responsive and cost-effect.

From the outside those unfamiliar or sceptical about outsourcing might think looking external is unnecessary or even impossible. Concerns surrounding data protection, regulatory restrictions or accuracy may be deterring initially however when considered more deeply these three factors actually create a case for external help. Through outsourcing, specifically in specialised fields, compliance may be most effective when shifted external.

Opting to outsource surprisingly sees financial benefits. Rather than investing in upskilling and in-house training, companies are able to reduce costs by transferring certain functions externally. With the skills and expertise, third party compliance companies also bring assurance.

Looking at a different compliance approach, some companies are considering a hack-a-thon style approach. Common practice in the cyber sphere, hack-a-thons are traditionally a coding marathon which can last a matter of hours, weekends or even weeks. In cyber they look to find weaknesses and flaws, and if spotted the participant is financially rewarded. The benefit of such events is their fast turnaround and ability to bring specialists together. Rather than an ongoing outsourcing arrangement, hack-a-thons would look to a company’s compliance function as a whole to unearth vulnerabilities and flaws. As opposed to a third party, a hack-a-thon is more of a one-time strategy.

This concept is seeing gradual adoption. The Financial Conduct Authority is among those trialling the concept holding their first week-long Global Anti-Money Laundering and Financial Crime TechSprint in July 2019. Such approaches see diversity of innovation and expertise driving benefits. They bring completely different perspectives. In theory, hack-a-thons appear viable, however when the sensitive information surrounding compliance are considered, allowing individuals access to this information is considerable hurdle and may see the concept short lived.

Aside from these hack-a-thons, selective outsourcing equips companies to plug gaps and build a robust compliance function. Is the meeting of external and internal compliance the answer to increasingly stringent regulations? Whilst uncertain, with more companies adopting this blended approach, the next few years will be telling.

Back to article list