1、1 外文翻译 Outsourcing in Financial Services Material Source:Business Credit October 2005,Vol.107, No.9,64-70 Author:The Joint Forum 1 Executive Summary Financial services businesses throughout the world are increasingly using third parties to carry out activities that the businesses themselves would no
2、rmally have undertaken. Industry research and surveys by regulators show financial firms outsourcing significant parts of their regulated and unregulated activities. These outsourcing arrangements are also becoming increasingly complex. Outsourcing has the potential to transfer risk, management and
3、compliance to third parties who may not be regulated, and who may operate offshore. In these situations, how can financial service businesses remain confident that they remain in charge of their own business and in control of their business risks? How do they know they are complying with their regul
4、atory responsibilities? How can these businesses demonstrate that they are doing so when regulators ask? To help answer these questions and to guide regulated businesses, the Joint Forum established a working group to develop high-level principles about outsourcing. In this paper, the key issues and
5、 risks are spelt out in more detail and principles are put forward that can serve as benchmarks. The principles apply across the banking, insurance and securities sectors, and the international committees involved in each sector1 may build on these principles to offer more specific and focused guida
6、nce. Selected international case studies (see Annex A) show why these questions matter. Today outsourcing is increasingly used as a means of both reducing costs and achieving strategic aims. Its potential impact can be seen across many business activities, including information technology (e.g., app
7、lications development, programming, and coding), specific operations (e.g., some aspects of finance and accounting, back-office activities & processing, and administration), and contract 1 The Basel Committee on Banking Supervision (BCBS), the International Organization of Securities Commissions (IO
8、SCO) and the International Association of Insurance Supervisors (IAIS). 2 functions (e.g., call centres). Industry reports and regulatory surveys of industry practice indicate that financial firms are entering into arrangements in which other firms related firms within a corporate group and third-pa
9、rty service providers conduct significant parts of the enterprises regulated and unregulated activities.2 Activities and functions within an organisation are performed and delivered in diverse ways. An institution might split such functions as product manufacturing, marketing, back-office and distri
10、bution within the regulated entity. Where a regulated entity keeps such arrangements in-house, but operates some activities from various locations, this would not be classified as outsourcing. The entity would therefore be expected to provide for any risks posed by this in its regular risk managemen
11、t framework. Increasingly more complex arrangements are developing whereby related entities perform some activities, while unrelated service providers perform others. In each case the service provider may or may not be a regulated entity. The Joint Forum principles are designed to apply whether or n
12、ot the service provider is a regulated entity. Outsourcing has been identified in various industry and regulatory reports as raising issues related to risk transfer and management, frequently on a cross-border basis, and industry and regulators acknowledge that this increased reliance on the outsour
13、cing of activities may impact on the ability of regulated entities to manage their risks and monitor their compliance with regulatory requirements. Additionally, there is concern among regulators as to how outsourcing potentially could impede the ability of regulated entities to demonstrate to regul
14、ators (e.g., through examinations) that they are taking appropriate steps to manage their risks and comply with applicable regulations. Among the specific concerns raised by outsourcing activities is the potential for over-reliance on outsourced activities that are critical to the ongoing viability
15、of a regulated entity as well as its obligations to customers. Regulated entities can mitigate these risks by taking steps (as discussed in the principles) to: draw up comprehensive and clear outsourcing policies, establish effective risk management programmes, require contingency planning by the ou
16、tsourcing firm, negotiate appropriate outsourcing contracts, and analyse the 2 Bank Information Technology Secretariat (BITS) Framework for Managing Technology Risk for IT Service Provider Relationships, Version II, November 2003, p. 2. 3 financial and infrastructure resources of the service provide
17、r. Regulators can also mitigate concerns by ensuring that outsourcing is adequately considered in their assessments of individual firms whilst taking account of concentration risks in third-party providers when considering systemic risk issues. Of particular interest to regulators is the preservatio
18、n at the regulated entity of strong corporate governance. In this regard outsourcing activities that may impede an outsourcing firms management from fulfilling its regulatory responsibilities are of concern to regulators. The rapid rate of IT innovation, along with an increasing reliance on external
19、 service providers have the potential of leading to systemic problems unless appropriately constrained by a combination of market and regulatory influences. This paper attempts to spell out these concerns in more detail and develop a set of principles that gives guidance to firms, and to regulators,
20、 to help them better mitigate these concerns without hindering the efficiency and effectiveness of firms. 2 Guiding Principles - Overview The Joint Forum has developed the following high- level principles. The first seven principles cover the responsibilities of regulated entities when they outsourc
21、e their activities, and the last two principles cover regulatory roles and responsibilities. Here we present an overview of the principles. More detail may be found in section 9. A regulated entity seeking to outsource activities should have in place a comprehensive policy to guide the assessment of
22、 whether and how those activities can be appropriately outsourced. The board of directors or equivalent body retains responsibility for the outsourcing policy and related overall responsibility for activities undertaken under that policy. The regulated entity should establish a comprehensive outsour
23、cing risk management programme to address the outsourced activities and the relationship with the service provider. The regulated entity should ensure that outsourcing arrangements neither diminish its ability to fulfil its obligations to customers and regulators, nor impede effective supervision by
24、 regulators. The regulated entity should conduct appropriate due diligence in selecting third-party service providers. Outsourcing relationships should be governed by written contracts that clearly describe all material aspects of the outsourcing arrangement, including the 4 rights, responsibilities
25、 and expectations of all parties. The regulated entity and its service providers should establish and maintain contingency plans, including a plan for disaster recovery and periodic testing of backup facilities. The regulated entity should take appropriate steps to require that service providers pro
26、tect confidential information of both the regulated entity and its clients from intentional or inadvertent disclosure to unauthorised persons. Regulators should take into account outsourcing activities as an integral part of their ongoing assessment of the regulated entity. Regulators should assure
27、themselves by appropriate means that any outsourcing arrangements do not hamper the ability of a regulated entity to meet its regulatory requirements. Regulators should be aware of the potential risks posed where the outsourced activities of multiple regulated entities are concentrated within a limi
28、ted number of service providers. 3 Definition Outsourcing is defined in this paper as a regulated entitys use of a third party (either an affiliated entity within a corporate group or an entity that is external to the corporate group) to perform activities on a continuing basis that would normally b
29、e undertaken by the regulated entity, now or in the future. Outsourcing can be the initial transfer of an activity (or a part of that activity) from a regulated entity to a third party or the further transfer of an activity (or a part thereof) from one third-party service provider to another, someti
30、mes referred to as “subcontracting.” In some jurisdictions, the initial outsourcing is also referred to as subcontracting. Firms should consider several factors as they apply these principles to activities that fall under the outsourcing definition. First, these principles should be applied accordin
31、g to the degree of materiality of the outsourced activity to the firms business. Even where the activity is not material, the outsourcing entity should consider the appropriateness of applying the principles. Second, firms should consider any affiliation or other relationship between the outsourcing
32、 entity and the service provider. While it is necessary to apply the Outsourcing Principles to affiliated entities, it may be appropriate to adopt them with some modification to account for the potential for differing degrees of risk with respect to intra-group outsourcing. Third, the firm may consi
33、der whether the service provider is a regulated 5 entity subject to independent supervision. According to this definition, outsourcing would not cover purchasing contracts, although as with outsourcing, firms should ensure that what they are buying is appropriate for the intended purpose. Purchasing
34、 is defined, inter alia, as the acquisition from a vendor of services, goods or facilities without the transfer of the purchasing firms non-public proprietary information pertaining to its customers or other information connected with its business activities. This paper will refer to a regulated ent
35、ity as the body that is authorised for a regulated activity by a regulator. The principles set forth in this paper are targeted at such entities. Third party or service provider refers to the entity that is undertaking the outsourced activity on behalf of the regulated entity. The term regulator ref
36、ers to all supervisory and regulatory authorities that authorise firms to undertake any regulated activity and supervise that activity. 4 Developments in industry Practice Motivation 5 Current Trends in Outsourcing Financial firms have entered into outsourcing arrangements for many years, albeit not
37、 to the extent seen in the recent past. For example, in the securities industry, since the 1970s, firms have outsourced quasi-clerical activity, such as the printing and storage of records. This was undertaken because of the comparative cost savings. As technology has evolved, outsourcing of informa
38、tion services has become more common. In the 1980s and 1990s, such deals tended to be large scale and often involved the outsourcing of whole IT divisions primarily based on cost and the importance of remaining up to date with rapidly evolving technology. Subsequently, we have seen a growth of outso
39、urcing in more strategic areas such as human resources and some have observed the trend of “business processing outsourcing” (BPO), i.e., end-to-end outsourcing of a business line or process in its entirety. BPOs also mean that the relationship between the outsourcer and the third party changes some
40、what as the latter becomes more of a strategic partner than a traditional supplier. Another major trend in outsourcing that appears to have gained momentum is “off-shoring”, i.e., effectively outsourcing activities beyond national borders. Many conglomerates are trying to create global efficiencies
41、by basing transaction processing and call centres offshore. Arrangements are sometimes entered into with 6 unrelated parties, while in other cases the outsourcing firm establishes its own offshore base (i.e., through an affiliate) to provide services. In India alone a range of organisations have set
42、 up outsourcing arrangements as illustrated by the sample of firms in the table below. (Approximate staff numbers are indicated in parentheses.) Table 1:Financial Services Companies in India in 2003 Source: Deloitte presentation to Board of Governors of the Federal Reserve System Offshoring and Cros
43、s-Border Outsourcing by Banks, March 30 2004. Anecdotal evidence suggests that China, Malaysia and the Philippines are also seen as desirable outsourcing locations. According to a 2004 report by Deloitte5, offshoring will continue to grow throughout this decade. The report estimates the percentage o
44、f global financial services companies with offshore facilities grew to 67% in 2003 compared with 29% in 2002. It further estimates that by 2005 some $210 billion of industry costs will be offshore, rising to $400 billion or 20% of the total industry cost base in 2010. The report notes that the perce
45、ntage for large firms is significantly higher than for small firms and also notes that increasingly firms are setting up their own operations offshore, distinguishing this trend from the growth of outsourcing, per se. At a practical level this growth in offshoring has led to a need for regular monit
46、oring of “country risk”, which means that an outsourcing institution needs to monitor foreign government policies and political, social, economic and legal conditions in the country where it has a contractual relationship with a service provider. It should also develop appropriate contingency plans
47、and exit strategies. As part of an organisations need to consider business continuity issues, it should consider whether the processes could quickly revert to the home country in extremis. ABN Amro (300+) Amex (1000+) Axa (380) Citigroup (3,000) Deutsche Bank (500) GE (11,000) HSBC (2000) JP Morgan
48、Chase (480) Mellon Financial (240) Merril Lynch (350) Standard Chartered (3,000) 7 金融服务外包 资料来源:商业信用, 2005 年 10 月,卷 107,第 9 期,第 64-70 页 作者:联合论坛 1 概要 在世界范围内,金融企业越来越多地利用第三方进行业务活动。行业监管机构的研究和调查结果显示,金融机构将部分重 要业务及不受管制的业务进行外包。进行外包的业务也变得越来越复杂。 金融服务外包能转移风险,对不受管制,可以经营离岸的第三方进行管理。 在这样的情况下,如何能使金融企业仍有信心经营该企业,控制其经营
49、风险?企业如何知道他们遵循其监管职责?如何证明他们在外包业务时正按照监管部门的规定? 为解决这些问题,引导企业规范运营,联合论坛成立了一个工作小组来制定关于外包的深入条款。 该本文件中,考虑到更多关于关键问题及风险问题的细节,产生的原则性条款可以作为基准。这些原则条款适用于所有银行,保险和证券业,并且在这些原则条款 的基础上,对每个参与的部门提供更具体的集中指导 这些部门包括巴塞尔银行监管委员会( BCBS),国际证监会组织( IOSCO) ,国际保险监管官协会( IAIS) 。部分国际案例分析(见附件一)。 目前,金融服务外包越来越作为一种降低成本,实现战略目标的手段。企业组织从事的许多业务活动都可以看出其潜在影响,包括信息技术(例如,应用软件开发,编程和编码),具体操作(例如,会计服务,后台服务及管理工作等),契约功能(如呼叫中心)。行业报告研究和行业惯例的监管调查显示,金融机构将业务活动外包给第三方服务供应商,从而构成管 制和不受管制的外包业务的重要组成部分( IT 服务供应商与风险管理技术框架的关系,BITS,2003(11):2) 企业组织
