Mix-and-match (out)sourcing: maximising opportunities

10 key ingredients for success: Correctly planned, executed and monitored, an IT and business process outsourcing (ITO/BPO) environment will enjoy maximum benefits with minimal risks.

Today outsourcing is taken for granted. All banks outsource to stay competitive. But, with outsourcing models and options continuously evolving, are banks taking full advantage of what’s on offer?

Sourcing, the more accurate name for the multi-facetted methods of procuring services, is no longer just about cost saving. Reasons abound: scalability and flexibility in terms of infrastructure and workforce, concentration on a bank’s core business, availability of expertise, and improvements in quality and risk mitigation, among others.

Of course, with benefits come risks. Outsourcing still conjures up negative images for many banks concerned about privacy, data security, regulatory compliance, and loss of coordination and control. 

All this matters more with the advent of cloud computing, vendor-hosted solutions, fintech challengers, globalisation, 24/7 on-demand service and the continuing pressure on costs. Banks must consider a mix-and-match approach for their business processes that may include on-shore/near-shore/off-shore and vendor-based sourcing frameworks. Correctly planned, executed and monitored, such an IT and business process outsourcing (ITO/BPO) environment will enjoy maximum benefits with minimal risks.


Here we explore the skills and techniques required for such an environment.


1.     Location strategy: Multi-vendor, multi-location

Most financial institutions aim to provide the best possible technology, people and business support coverage at the lowest possible cost. The elements which constitute technology, people and cost tend to be fluid due to rapidly evolving technologies and market volatility. Unsurprisingly, cost saving is not the top priority in a location strategy for many institutions.

A multi-vendor, multi-location approach is often the most rational. Here the focus should be on effective sourcing governance based on approaches that generate value such as centralisation, scale advantages, process standardisation, automation and labour arbitrage. Ultimately, an institution will be looking to optimise its on-, near- and off-shore services whether in-house or vendor-sourced.


2.     Time zone strategy: A ‘globalised’ world

A bank needs to be able to offer a personalised (support) service anywhere and anytime. Early offshoring projects aimed to cut IT costs, but it has become a highly effective way of serving customers and solving their problems 24 hours a day. If a bank correctly plans and implements a time zone strategy, client satisfaction will increase with a positive impact on the overall brand experience.


3.     Vendor assessment: Finding the perfect match

Once the decision has been made to externally source some or all of a bank’s IT or business processes, the next step is a feasibility study of the possible sourced services, platforms, applications and data. To successfully compare providers, banks should follow a structured selection process covering requirements selection and prioritisation, identification and documentation of all risk factors and evaluation scenarios of the main processes. 

Banks should also allocate resources on additional due diligence for selected vendors which present the least confidence in protecting confidential data. This is to ensure service and application stability and availability, including resource transfer, process efficiency, life-cycle status of technical environment, contract management and financial background.

Buyers beware! The single, most important objective of a sourcing selection process is to select the right company (or companies) for long-term cooperation. This is not a one-time process. Periodic re-assessments will detect vendor risks and weaknesses which need to be managed and mitigated. Automatic alerts should be generated for major changes.


4.     Core and support process: Differentiate and separate

Financial core processes are not the same for all types of financial services. They can differ according to the type of institution including universal, publicly owned, private, and investment banks. However, in every case, a bank must analyse its core and non-core processes, clustering them into layers with ever-deepening granularity and well-structured interface definitions.

Core processes should be separated from non-core and support processes to understand where sourcing will have the greatest impact. Typically, a bank wants to keep control of its core processes as these are its greatest strength, adding value and often including proprietary data and algorithms. Other processes providing less critical services become candidates for possible sourcing.


5.     Streamline processes: Are you as efficient as you can be?

Natural targets for outsourcing have the most mature processes or are most bogged down by inefficient processes. In the first case, this is because they are easily transferred to a third party with little risk. In the second case, an experienced service provider is already supplying similar services to other customers and can absorb, optimise and automate the bank’s own process. In both cases, streamlining involves standardising, consolidating and re-engineering the processes leading to improved operational efficiency. A combination of shared services and BPO can be used to create a hybrid model which adds substantial value to an organisation.


6.     Cost saving and operational efficiency: Making the most from your sourcing model

BPO transfers the burden from the bank’s staff to BPO providers, allowing the bank more time to focus on core business activities. BPO firms provide an innovative way for business processing outsourcing services to help clients reduce their costs, increase office efficiency and streamline workflows (as discussed in the previous point). The improved operational efficiency achieved by these streamlined processes provides other secondary benefits to the organisation such as reducing the number of systems, physical locations and headcount. It can also help centralise process documentation and training, further adding to efficiency.


7.     Flexibility of contract and SLAs: One size contract doesn’t fit all

A bank must understand its processes, exceptions, roles and performance requirements well before discussing a contract with a vendor or service provider. For business-essential or time-critical processes, a bank should negotiate a high service-level contract covering availability, latency, monitoring reactivity, roles, response and resolution time for issues as well as any deliverables expected from internal services. Lower priority processes or tasks would be subject to less stringent Service Level Agreements (SLAs) allowing a variable and ultimately better value pricing model. By understanding performance peaks and troughs, capacity planning can be included within the contract to negotiate better resource costs.

Don’t forget that if (or realistically when) there is an issue, the provider will need to fix it. A bank should specify its minimum requirements for quality assurance and unavailability of services to ensure that critical processes are not interrupted for longer than necessary.


8.     Performance management and metrics: Actively monitoring SLAs

Once SLAs have been established with a vendor, the next step is to determine how to measure the performance of the ITO/BPO vendor. These should be set based on industry performance levels and the bank’s business management requirements. The bank and the vendor will finalise metrics definitions and methods of measurement and calculation prior to developing baseline data for each of the services. Ongoing performance management should consider balanced scorecard and KPIs, service management lifecycle and risk management in order to measure and track the performance of budgets, projects, operations and SLAs.


9.     Security and business continuity management: Closing all gaps

All vendors offer normal security management processes such as malware protection, disaster recovery, site failover, business continuity processes, and encrypted data and data replication. However, the biggest security weakness is always human. This can manifest itself in three ways:

  • Trust: What level of vetting and background checks does the service provider carry out for its staff and contractors? The best failover processes are inadequate against a rogue employee.
  • Human error or lack of familiarity with tasks: This is often forgotten in security management. A well-documented failover process is useless if it doesn’t work correctly or no-one knows how to carry it out. There are many examples of botched business continuity plans or unusable backed-up data. All processes should be subject to the four-eye principle (i.e. at least two person’s review and approval) and rigorously tested before being used and re-tested at least annually.
  • Skills: To completely outsource a process, the vendor/service provider must have the necessary skills to run that process. As banks outsource higher business value processes, they must ensure that the provider has all of the specialist skills needed to execute their tasks correctly to the same standard that the bank would expect internally. A bank may even consider interviewing the proposed staff to ensure they are sufficiently qualified.


10.     Regulation: Increasing governance of service provider selection

The upcoming MiFID II regulation (expected to come into force in 2017) is increasing the need for investment firms to apply strict governance to outsourcing of key processes. There are clearly defined measures of quality that need to be considered (as well as continuously monitored and evidenced) as part of investor protection regime, to ensure that the choice of service provider is effective. The formality and stringency of these regulations support banks who choose an outsourcing solution following a holistic assessment of service objectives, a defined governance model, measured KPIs and effective partnerships.

To sum up, there are numerous sourcing options that banks can and should take advantage of, in addition to the traditional near- and off-shore centres. But until now, banks have been slow on the uptake of other routes such as vendor-based and cloud solution options. This has been mainly due to valid concerns about privacy, security and loss of control. However, with a tailored ITO/BPO strategy, governance and partners, banks can continue to control their security as well as their core value-add processes to provide the best and most cost-effective service to customers.


Contributors: Yogesh Arora, Natasha Giles, Mani Saravanan, Jörg Strässer


About the Authors

caroline beaman

Caroline Beaman is a Principal Consultant at Capco Zurich with over 13 years of experience as a project manager, business analyst and consultant. She specialises in large software implementation projects from inception to go-live, for customers worldwide.

adriano sammarchi

Adriano Sammarchi is an Associate Consultant at Capco Zurich, specialising in digitalisation and business transformation. His Masters degree thesis focused on channel management.


The content and opinions posted on this blog and any corresponding comments are the personal opinions of the original authors, not those of Capco.