“Beyond Cost Reduction: The Risks and Rewards of Global Services Sourcing,” a report issued by Columbia Business School, provides the unvarnished lowdown on IT and business process offshoring experiences of financial services, in particular, venture capital and private equity, retail banking and institutional banking.
It makes for good reading (in spite of the fact that the text desperately needs another level of proofreading to call it ready for prime time).
Authors Hitendra Wadhwa, Rohit Arora and Harpreet Khurana make the point that offshoring is no longer an early-adopter strategy in financial services, but has entered the “rapid growth phase of its adoption cycle.” Though the report doesn’t spell this out, the offshoring they’re referring to is work done in India specifically.
The leading adopter segment: the venture capital community. This is due to its technology focus. It wants to wring more action and milestones out of fewer investment dollars. That’s why, of course, VCs put such pressure on start-ups to sort out their offshoring strategies early in the investment cycle. Thus it is that VCs have played an influential role in shaping current offshoring business models as we understand them.
Next comes retail banking, a low-margin, large-scale industry, which has much to “gain from small percentage improvements in operating costs.”
Institutional banks and private equity firms have “historically been more cautious about entering…offshoring…” the former because their business processes tend to be low-volume and high-skill and the latter because they follow “conservative business models.” Interest in offshoring for both segments has grown as success stories have been shared. For PEs in particular, the ramp-up has taken place as their investment in offshore operations have increased and as they’ve acquired companies with “strong offshoring potential.”
Although, as you’d expect, the BPO initially included call center and back-office finance and accounting work, now companies are setting up offshore teams for more complex activities. This requires more time and money for training and process design and may only incrementally lower cost. But what it does enable is projects that may never have been tried before.
Here’s where the report shines — in sharing the “sanitized” case studies of financial operations in each segment and distilling the “learnings” from each profile’s experiences.
For example, it offers this rundown on security considerations in a section on retail financial services.
In view of the recent incident of identity theft at a service provider based in India, where three employees stole US$350,000 from Citibank account holders, the data security issue in offshore locations has become a central concern. During our research and conversation with the industry players18 we came across certain measures being taken by service providers for customers in the retail financial services clients having a large incoming call volume. These include:
1. Dynamic Data masking – Ensuring that agents don't get full exposure to key confidential data
2. Paperless Office – Using automated workflows and electronic note pads, service providers are enabling a completely paperless office, ensuring that no data can be taken out of the production floors. [I’d like to add a thought to this; there’s nothing about a paperless office that prevents somebody with a “photographic memory” from walking off with consumer data details, for instance, read off a loan application on the screen. — Ed.]
3. Automated Monitoring and Alerting – A Business Performance Management platform is enabled to track systems usage in real-time and create alerts in case of deviations. Besides this an automated call monitoring software is deployed, which publishes alerts and prompts supervisor to listen in on the call when words like "password" are recognized.
4. User Provisioning – This system manages access to all systems based on user entitlements. It supports the process of employee on boarding, transfers and exit, as well as real-time monitoring of systems access by employees.
NASSCOM has also outlined a plan for stricter privacy protection laws by end of 2005. It will include greater self regulation by the service providers, greater awareness of the security concerns and higher standards of encrypting sensitive information. The issue of security of the data at offshore locations will become more important down the line as the nature and sensitivity of data being processed in offshore location increases in line with tighter regulations– Health Insurance Portability and Accountability act and Sarbanes Oxley being two prime examples.
In order to avoid any surprises, companies which are planning to offshore their operations need to have well defined risk tolerance strategy which should be based on the sensitivity of the operations being offshored to the operations of the company. One strategy being employed by some companies is to retain control over security. The approach here is to formulate rules, lay out the infrastructure and monitor the vendors including periodic security audits. This entails an extra cost – for highly sensitive data, the clients may need to forgo savings of around 15 to 19%.
(For more on this topic, read, “4 Steps to Secure IT Outsourcing.”)
If you’re in the financial services, data related to offshoring of operations is tough to come by. This report fills a vital gap.