In 2004 the Monetary Authority of Singapore published its "Guidelines on Outsourcing," which applies to the banks, finance companies, insurance firms, exchanges and other institutions under its purview. I’m blogging about it because I’ve just read it while on a long flight, and it has some really useful guidance for anybody charged with developing the risk management framework for his or her company — whether or not it’s part of the financial services industry.
The version I read also included the feedback MAS had received from such firms as Accenture Singapore, Asia Life, Bermuda Trust, Deutsche Bank, EDS, Fidelity Investment Management, Goldman Sachs, HSBC Insurance, Merrill Lynch and Tata Consultancy — as well as the responses from MAS. (Mostly, the feedback consists of complaints that adhering to the guidelines will be too hard and too costly, and the responses consist of, "Do it anyway…")
The report is really only 19 pages long and includes excruciating definitions for any terminology or concepts that might boggle the reader.
And it’s remarkably common-sensical. That’s why I recommend it.
For example, on the topic of performing due diligence on the service providers you’re considering working with, the Guidelines advise evaluating all available information about the vendor, including:
- Experience and competence to implement and support the proposed activity over the contracted period;
- Financial strength and resources…;
- Business reputation and culture, compliance, complaints and outstanding or potential litigation;
- Security and internal control, audit coverage, reporting and monitoring environment;
- Business continuity management…;
- Reliance on and success in dealing with sub-contractors;
- Insurance coverage; and
- External factors…that may impact service performance.
In the scheme of things, this is dull stuff. But if you’ve been put in charge of putting together a similar document in your organization, here’s a straightforward starting point, and it’s free to download.
You’ll find it here: