In the dynamic landscape of banking, financial services, and insurance (BFSI), risk and compliance (R&C) functions have become critical. Read on to explore the growing trend of outsourcing R&C processes, including the strategic advantages, regulatory considerations, and the role of specialized service providers in bolstering operational efficiency and compliance resilience amid evolving industry dynamics. Reach out to us to discuss further.
Risk and compliance (R&C) functions may not directly generate revenue, but they are crucial for the effective execution of business strategies and ongoing operations of banking, financial services, and insurance (BFSI) enterprises. Conventionally, R&C only receive attention when something goes wrong, like regulatory enforcement. It’s time to adopt a proactive and strategic approach.
Recently, there have been rising volumes for processes related to R&C, putting significant pressure on in-house compliance teams of BFSI enterprises, as the cost of failing to meet R&C mandates is extremely high. For example, Binance faced a US$4.3 billion penalty in 2023 due to lapses in anti-money laundering program. Similarly, in 2024 HSBC has been fined £57.4 million for customer deposit protection failings.
So, what’s the solution? While some BFSI enterprises, due to regulatory requirements or other sensitivities, must keep all compliance activities in-house, for others, outsourcing part or all of their compliance functions is a viable alternative. This shift not only addresses immediate pressures but also positions BFSI enterprises for future resilience and competitiveness.
The catch? Regulatory guidance emphasizes that even when compliance activities are outsourced, the company retains accountability for meeting its regulatory obligations. Hence, the need to have a thorough decisioning strategy when it comes to risk and compliance outsourcing.
Traditionally, R&C outsourcing in the BFSI sector has been limited to areas like KYC, AML, credit risk, operational, and third-party risk management, with some audit support services. However, the industry has recently become more open to outsourcing critical processes such as market and liquidity risk, fraud management and chargeback, enterprise risk management, internal audit support, risk consulting, and ESG services.
Exhibit 1: Risk and compliance value chain as defined by Everest Group
The rising propensity to outsource R&C processes is driven by a multitude of factors, including:
Current macroeconomic headwinds: The ongoing recessionary pressures are putting cost constraints on BFSI enterprises as they navigate a high-interest environment. Outsourcing R&C promises much-needed cost-effectiveness when compared to maintaining an in-house compliance team.
Rising volumes of R&C requirements: Current geopolitical scenarios, such as the Israel-Palestine and Russia-Ukraine conflicts, along with major global elections, have heightened the need for processes like sanction screening and Politically Exposed People (PEP) monitoring. Additionally, the macroeconomic environment, where many are living paycheck-to-paycheck, has led to an increase in fraud and chargeback instances. Outsourcing to specialist firms can help increase efficiencies due to economies of scale and a clear operational focus.
The increasing complexity of R&C processes: Fraudsters have become tech-savvy, and the global regulations keep on evolving. Outsourcing can provide quicker access to advanced systems, such as compliance analytics and AI-based risk models, that might be costly or time-consuming to develop in-house. By outsourcing compliance tasks, BFSI enterprises can focus on their core capabilities and strategic goals, thereby increasing productivity and competitiveness.
Access to specialized talent: As BFSI enterprises expand their compliance efforts and integrate them within core business operations, the demand for skilled compliance talent has risen. Effective compliance management now requires not only financial, legal, and analytical skills but also strong operational experience, a combination that is in short supply and can be complemented by an R&C specialist outsourcing partner.
Evolving enterprise priorities within risk and compliance
The COVID-19 pandemic forced BFSI enterprises to rapidly adapt their operations. As the pandemic evolved into an economic crisis, it triggered unemployment and social unrest, presenting challenges like business disruption, remote work, data security, cyber threats, and increased risk and compliance monitoring.
Failures of major banks such as Silicon Valley Bank, Credit Suisse, Silvergate Bank, and First Republic Bank highlighted the urgent need for continuous investment in legal, risk, audit, and compliance functions amid rising inflation and asset/liability mismatches.
Enhanced regulatory scrutiny is another key factor, as highlighted below:
- AI and external data use control: The EU Artificial Intelligence Act, the first comprehensive legal framework for AI, was adopted on March 13, 2024. The new Colorado Division of Insurance regulations require insurers to test AI/data systems for bias
- Cybersecurity and data safety: The Consumer Financial Protection Bureau (CFPB) proposed rules on consumer-authorized financial data-sharing, and New York’s expanded cybersecurity rule mandates annual reviews of written policies by a governance committee
- Capital and solvency oversight: The Financial Stability Oversight Council (FSOC) finalized a framework for assessing risks to US financial stability, including non-bank financial companies and payment systems. The CFPB proposed supervision of digital wallet and payment apps, while the National Association of Insurance Commissioners (NAIC) seeks to protect consumers by ensuring the solvency of life insurers through revised risk-based capital requirements
This more stringent supervisory environment pressures banking organizations to accelerate remediation efforts and operate with less room for error.
The road ahead
Outsourcing broader R&C is similar to the early days of IT outsourcing, where companies gradually outsourced processes one or two at a time. BFSI enterprises should strategically decide which compliance activities to outsource, ensuring these processes are already stable and effective in-house, as outsourcing alone won’t fix existing issues.
As the R&C landscape evolves, financial institutions must proactively adapt by assigning clear compliance responsibilities, integrating technology (AI, analytics, automation), and establishing robust risk management frameworks. Service providers will be essential in supporting these compliance efforts.
For more on R&C outsourcing trends and achieving regulatory compliance, contact Dheeraj Maken ([email protected]), Kriti Gupta ([email protected]) and Ritwik Rudra ([email protected]), or download our report, “High Tide of Transformation – Financial Crime and Compliance (FCC) State of the Market 2024.”
Don’t miss our webinar, What’s Next in Financial Services? Driving Transformation Through Sourcing, Technology, and Operations, to learn how BFSI firms are driving business transformation in response to the macroeconomic environment, evolving customer needs, the tightening regulatory landscape, and the rapid adoption of AI and cloud technologies.