Why open communication, closer relationships and deep business understanding are critical for successful outsourcing
Lorraine Dryland, Chief Information Security Officer, First Sentier Investors examines the key risks when it comes to outsourcing, why regulators are cracking down and top tips choosing the right vendors.
Sara Benwell POSTED ON 4/6/2021 8:29:19 AM
Sara Benwell: What are the key risks to consider when depending on providers to deliver crucial business activities and how do you manage these risks?
Lorraine Dryland: I aim to have a deep understanding of the business. If you don’t know what they are doing, how you are doing it, and the deep processes of your business, then you will be unable to select the correct vendors.
You can’t do a request for proposal (RFP) or select vendors if you don’t have a deep understanding of what you want to do and the direction of your strategy.
Many people go out and seek help from vendors, because they have a problem to fix, but the problem is aligned to every other problem they have, and it might not be the biggest problem they have.
“Having good relationships and open lines of communication is crucial”
You need to select the vendor with all the other issues in mind, as well as the strategies and processes to really understand your business.
Strong RFP processes and digging into vendors is also key, as it is often after the fact that you realise someone can’t do something.
They will always say they can do anything for you during their sales pitch, but proof of concept only takes you so far. It tends to be those minor things that you think are small and perhaps not so much of a problem that become larger as you go into a relationship.
Having good relationships and open lines of communication is crucial, whether you’re a small or large business, in order to remain agile.
Sara: How do you oversee your outsourced functions and make sure that your third parties are compliant and ensuring that you are keeping on top of regulations?
Lorraine: This is becoming quite a focus for the regulator at the moment. The Hong Kong Securities and Futures Commission (SFC) recently published a circular on the use of electronic data storage providers (EDSPs) and the regulators are putting a lot of pressure on individuals.
There is a lot of liability for firms in ensuring that they are selecting the right vendors and that the vendors themselves have access to the right records at the right time.
I think this means that you have to understand your data and what creates this regulatory record and regulatory aspect.
“There is a lot of liability for firms in ensuring that they are selecting the right vendors”
You must then make the regulator understand that they are not having a full say in the selection of your vendor, but they can scrutinise those you are selecting.
They are also considering the critical mass of all us asset managers utilising central key services. If one vendor goes down it obviously impacts along with sustainability and other aspects they are considering.
It is important for them to do this but there is a lot of pressure on the industry to meet regulatory requirements in an area that is new to us.
“We are still learning at the same time as the regulators are pushing down with a lot more activity”
We understand that there is a transition into digital, Cloud storage and outsourcing, and we are still learning at the same time as the regulators are pushing down with a lot more activity.
It is important for us to have very clear processes, workflows, etc. Vendor due diligence and vendor management is something we have done fairly regularly and is not a new concept for us. But we are more focused on it right now.
The consequences of not having the right vendor are considerable at the moment, because its third-party suppliers that are causing most of the security issues at the moment.
Sara: Have concerns around the supply chain increased since the onset of the pandemic? What have you learned from this?
Lorraine: Failure of a vendor at a point when we are at an already stressed level, with people working from home and managing systems and capabilities that were originally in an office, has given us an understanding of the importance of having strong relationships.
It shouldn’t be a surprise to you if your vendor goes bust. If you have got the right processes, relationships, oversight, and SLAs in place, then you should see this coming.
You should have the ability to plan for this and support your vendor in getting them through a certain period or understand that you might have to decouple and make changes.
“It shouldn’t be a surprise to you if your vendor goes bust”
We have learnt to become much closer in our relationships with vendors and use the parts of contracts that we built in at the outset with SLAs. We have been exercising and using the corners of contracts that we haven’t until now and are really seeing the value in this.
I think we should continue to use them, as this gives us much more visibility and understanding. As a result, we can make quicker and earlier decisions about whether to move with the vendor or away from them.
Get the recent popular stories straight into your inbox