You have a highly skilled compliance staff and want to make the most of its expertise, but there are times when the task at hand falls outside their realm. Perhaps, like many companies, you’re feeling the pressure of increased workloads and talent shortages as top compliance officers take more generous offers from big banks and other businesses.
You have to make tough decisions about whether to rely on yourself and your staff or call in an outside firm to do the job.Before you hire, consider these questions:
- Is this a regulatory issue that requires a third-party investigator? When there are suspicions of widespread corruption that has infiltrated an entire department or allegations that would result in serious fines if an investigation is botched, outsourcing is not an option but a necessity.
- Do you have someone else at the company with the expertise to handle it, such as an internal auditor, or do you need someone who’s skilled in forensic auditing? It’s important to make an accurate assessment of your team and its skills. Your team will have plenty of opportunities to stretch its skill set, but an investigation shouldn’t be one of them. Unless your department has documented experience of handling similar cases, you’re better off finding a firm that does.
- Are you doing due diligence in a new market where you’re unfamiliar with local regulations? If so, you’ll want to work with the local authority, at least initially.
- Is this a program to address a developing area of law, such as anti-corruption or cybersecurity? Although you may be able to develop that program yourself, it’s always wise to vet it with a third party to be sure you’ve addressed all areas.
- What is the scope of the project or initiative? If a group of professionals working together can tackle it more efficiently than any one person working alone, it’s likely worth the cost.
- How will outsourcing impact the budget? Although cost should never be the sole deciding factor, particularly in high-risk areas, it is still an important consideration. Depending on the task, the scope and the level of expertise needed, many companies can save. In a 2014 Deloitte survey of more than 200 companies, 57 percent said they achieved cost savings of more than 10 percent. Six percent, however, experienced increased costs.
- Liability: What’s at stake, and what recourse does your company have? Outsourcing compliance carries inherent risks. A 2012 survey on global outsourcing and insourcing found nearly half of companies surveyed had previously terminated an outsourcing contract due to concerns about quality. If a significant issue arises, an agreement with an outside firm can provide for corrective action or indemnify for specific issues. The only recourse against an employee may be termination.
- Is it a large-scale project with long-term implications, such as record-management? If managing it incorrectly could put you in violation of the law and you don’t have the expertise, be sure to vet it with someone who does.
If your team already has a good handle on these areas, consider using an outside expert on a project basis to do a periodic evaluation of the programs that carry the most risk.
Outside vendors can be useful in managing specific programs, such as training or the employee ethics hotline. When selecting a vendor, make sure you choose one that has the global experience to understand the distinct regulations in each country.
Some companies also use a managed service provider to handle data compliance, particularly if that role has been traditionally relegated to the IT department. Although IT often has a significant role in managing compliance risks related to cybersecurity, don’t assume they have the specific expertise and training to meet the emerging challenges of data protection and privacy.
Use outside firms as tools, not crutches. When used judiciously, they can help you analyze trends, optimize your processes and make better use of your existing talent.
To learn more about what four global companies have done to manage risk as they're building a compliance department, download our guide, “How to Build a World-Class Compliance Department.”