{"id":1500,"date":"2011-06-04T10:37:00","date_gmt":"2011-06-04T10:37:00","guid":{"rendered":"http:\/\/localhost\/projects\/horsesforsources\/finra_impact_060411\/"},"modified":"2011-06-04T10:37:00","modified_gmt":"2011-06-04T10:37:00","slug":"finra_impact_060411","status":"publish","type":"post","link":"https:\/\/www.horsesforsources.com\/finra_impact_060411\/","title":{"rendered":"Libertarians, Outsourcing, Lobotomies and FINRA"},"content":{"rendered":"

FINRA<\/a> is the largest independent regulator for all securities firms doing business in the United States and its recent proposed rule changes are rattling the world of outsourcing. \u00a0So what happens when you mix these proposed FINRA regulatory rule changes, a well-known outsourcing partner from law firm powerhouse Loeb & Loeb, LLP<\/a>, and the HfS Governator<\/a>? <\/em><\/p>\n

Well, today\u2019s discussion, reserved especially for your weekend reading pleasure, is co-authored by Akiba Stern and Tony Filippone and focused on getting the dirty, detailed work of governance done right. \u00a0And for any of you who have the good fortune of never having met Akiba, he is the most feared sight for any service provider around the negotiating table. Don’t let the Jewish jokes and\u00a0Manhattan\u00a0charm fool you – this rabbinic lawyer can lobotomize the lox and matzah balls from any\u00a0proposed\u00a0litigation. \u00a0Apologies, Akiba, but when you send us in a picture of Charlie Sheen for your mugshot, you’re asking for trouble \ud83d\ude42<\/em><\/p>\n

<\/em> Anyway, who knew that you could have this much fun making regulations meaningful…<\/em><\/p>\n

<\/em><\/p>\n

Libertarians, Outsourcing and Lobotomies (LOL) and FINRA<\/span><\/span><\/strong><\/p>\n

\"\"<\/p>\n

Akiba Stern<\/p>\n<\/div>\n

There is a vocal group of “anything goes” executives that say crazy things like, “It’s not my problem anymore.\u00a0 It is my vendor’s problem.” and “You hired us to manage this.\u00a0 Don’t stick your nose in my business.”\u00a0 These executives are the libertarians of outsourcing.<\/p>\n

For some bizarre reason, they view an outsourcing contract as a lobotomy.\u00a0 Apparently, they believe that, upon signing a contract, they instantaneously have no responsibility to ensure their vendors have the expertise to perform the work or to ensure the outsourced function performs as expected.<\/p>\n

Year after year, the buy-side responsibility-lobotomized libertarians do as little work as possible.\u00a0 They look at SLAs and assess performance credits, and angrily call with complaints.\u00a0 Their site audits are international junkets, resembling the Fiesta Bowl marketing \u201cevents\u201d.\u00a0 These libertarians eschew statistical methods of quality auditing and rigorous, frequent performance management processes in favor of annual qualitative bitch sessions<\/span> performance appraisals.\u00a0 The effort to compete renewals is too internally politically overwhelming and the thought of a vendor-to-vendor transition is stroke inducing, no matter the level of incompetence.<\/p>\n

\"\"<\/p>\n

Stephen Cohen<\/p>\n<\/div>\n

The sell-side responsibility-lobotomized libertarians are no more motivated.\u00a0 They direct services to new facilities their clients have never seen, to team members their clients have never met, and subcontract the services to vendors their clients have no idea exist.\u00a0 They use systems that are supposedly best in class and used by other \u201cleading organizations\u201d, but are surprisingly feeble and the reporting is rarely insightful.\u00a0 If a performance hiccup occurs and service credits are given, service credit earn back clauses give these lazy people a chance to paper over damage done to their customers’ customers next month.<\/p>\n

Get Hands On, Get It Done Right<\/strong><\/p>\n

We come from the school of “hands on governance and vendor management.”\u00a0 It’s not good enough to be a coach, field the team, and hope for the best.\u00a0 You have to run the sidelines.\u00a0 You have to be the referee on the field ensuring you’re always close to the action.\u00a0 Sometimes, you even need to suit-up and play the game to get a first-hand understanding of the pace, effort, and activities of a real athlete.<\/p>\n

So, we have a different perspective: You cannot lobotomize yourself when you outsource a function.\u00a0 You cannot hand over your function to a service provider, structure a nasty limit of liability clause placing the onus of regulatory fines and customer lawsuits on your service provider, neglect your outsourced operation, and then punish your service provider for failure to perform.\u00a0 No matter how core or non-core your outsourced function, you have a fiduciary responsibility to proactively ensure it operates as it should.<\/p>\n

And … how hard is it really?\u00a0 Why can\u2019t you have a set of critical metrics you review with the service provider month after month?\u00a0 Why can\u2019t you have the service provider\u2019s key players (their operations team, not their snake oil salespeople) meet with their counterparts EVERY MONTH and go over those metrics, variances from budget, services problems, overbilling, opaque billing, negative trends, etc. \u00a0Okay, maybe it\u2019s boring but that\u2019s why you are making the big bucks (Or at least that\u2019s why you got saved from being riffed or moved to Bangaluru by your Rabbi in the executive suite. \u00a0So you really need to do some work and add value to justify your cost \u2013 which otherwise reduces the business case results!)<\/p>\n

Regulators Mandate Hands On Governance<\/strong><\/p>\n

Apparently, US regulatory bodies agree with me.\u00a0 Most recently, the Financial Industry Regulation Authority (FINRA), which is the securities industry\u2019s independent regulator, proposed for comment a rule change that states:<\/p>\n

1) Outsourcing doesn’t absolve you of the responsibility for the outsourced function’s outcomes.<\/strong> You keep responsibility to ensure your vendors perform, no matter what contrivances you write into your contract.\u00a0 When the government auditors come, they will don’t care what your contract says about responsibility.\u00a0 They’ll be coming to your cube and asking you the uncomfortable questions, including why you wrote contrivances into your contract.<\/p>\n

2) If your employees need certain qualifications and licenses to perform the work, so do your vendor\u2019s employees.<\/strong> Your work still needs to be performed by people who are legally qualified, licensed, and registered to do the work.\u00a0 You need to be sure they are.<\/p>\n

3) You must have a detailed governance and vendor management program<\/strong> with sufficiently rigorous processes that, in the words of FINRA, “should include, without limitation, conducting a due diligence analysis of all of its current or prospective third-party service providers to determine whether they are capable of performing the outsourced activities” and ensure compliance with regulations.<\/p>\n

4) Some activities are so important to the stability of your company and the industry that you have to supervise, review, audit transactions, and in some cases, even independently review your vendor’s systems<\/strong> to ensure that they apply the right calculations and processes to your work.\u00a0 The FINRA rules go so far as to say that you’re not only responsible for all the above, but when the auditors come, you, not your vendors, have to explain the details to the auditor. Statements like, “At a high level, I know what they do, but if you want the details, ask my vendor” or “My vendor says its systems are used by many other leading global institutions” are not going to be accepted by the auditor.\u00a0 You must have a rigorous, statistically-based approach to quality audits and you need to independently verify that your vendor\u2019s systems and processes comply.<\/p>\n

5) All the same rigor described above applies as much to the subcontractors as it does to the contractors.<\/strong> So, that means if your vendor subcontracts to three other vendors, you, not your prime contractor, have to exercise the detailed governance and vendor management approach to all the subcontractors.<\/p>\n

6) For Carrying and Clearing Member Firms, FINRA needs to be notified within 30 days of entering into an outsourcing agreement.<\/strong> In essence, the regulator needs to be quickly made aware that your organization intends to outsource.\u00a0 This includes locations (and changes to locations).<\/p>\n

FINRA is not alone. The various banking regulators (Federal Reserve, FDIC<\/a>, National Credit Union Administration, the Office of the Comptroller of the Currency (OCC<\/a>), and the (soon to be disbanded under Dodd-Frank) Office of Thrift Supervision), and URAC (health care management accrediting body) all limit delegation of oversight and place strict standards on the clients outsourcing.<\/p>\n

What This Means to You<\/strong><\/p>\n

Regardless of your opinion of extending the reach of regulators or our (maybe) tongue-in-cheek perspective on lobotomized outsourcing libertarians, FINRA, and other regulators, are really asking companies to do what they already should be doing:<\/p>\n