US financial operations guide for outsourcing and offshoring service providers

As the world grows digitally, more minor and global communication and online access continue to shrink the world, opportunities for businesses to use offshore vendors and service providers open up virtually all over the world. 

However, using third-party service providers and overseas vendors carries inherent risks and many unknown factors. 

These potential problems demand you develop policies surrounding hiring, interacting with, and paying international vendors. In addition to policies, it’s also critical to implement a vendor risk management (VRM) program to protect your business, its reputation, intellectual property, client data, and financial costs (like paying unnecessarily high fees for international payments).  

Definition of Outsourced and Offshore Services

Businesses, especially small businesses, often find that using a vendor or service provider for specific necessary, and even mission-critical, processes makes far more sense than trying to reinvent that particular wheel for their purposes. 

• Outsourcing is obtaining goods or services from a foreign supplier of that good or service. (For example, having your advertising managed by a service in India.)

• Offshore services, such as IT, are outsourced to a service provider or vendor in a different country. It is a form of outsourcing that uses providers who may not even be on the same continent.  

Benefits of Offshore Outsourcing

Although offshore outsourcing has risks, it presents many benefits to small businesses, as we will discuss below. Among these benefits are:

• Cheaper labor costs and potentially improved production

• Overcoming your own company’s lack of expertise

• Allowing you to concentrate on the core operations of your business

• More straightforward response to changing customer demand when necessary 

Responsibility and Role Management

Consider how you will relate to all of your third-party vendors and service providers, regardless of location. Create written policies and procedures. Make sure your systems include all of the items discussed in this guide, including:

• Defining essential terms like vendors and service providers 

• Define the roles and responsibilities of each of your team members

• Setting up your due diligence procedures 

• Templates for any forms and checklists you want to use to document ongoing operations

• • Due diligence on providers

  • Due diligence on provider staff

  • Sample required contract terms

  • Checklist for each candidate vendor or provider document process and basis for decision

• Procedures for ongoing review and due diligence of providers and vendors, including an audit process

• Establish a process for reports to upper management 

Risk Assessing Your Vendors and Service Providers

No matter how good your VRM is, each offshore vendor and third-party service provider will present some level of inherent or residual risk that you have to manage rather than eliminate. To achieve this, you will need to assess the risk presented by each prospective vendor or service provider. You should probably develop a form for doing this so that all your risk assessments are consistent. If you don’t have easy access to a form, there are templates online that you can use to develop your own forms. 

Once you have assessed a particular candidate, you need to determine:

• What risks can be eliminated or mitigated

• What inherent or residual risks exist

• Is the vendor within your company’s risk appetite (post due diligence)?

Significant Risks in Outsourcing and Offshoring

No matter how well you plan and assess your risks, there will always be inherent and residual risks in outsourcing and offshoring.  

Outside Risks to Your Vendor or Provider

It does matter where your vendors are. In some countries, your vendor may face infrastructure issues that could, through, for example, internet connectivity problems, interfere with your service. With others, government action or turmoil could interrupt your service. In either case, if you accept the risk, be sure to plan for handling any such failures.  

Risks to Your Organization

There are significant risks to your organization coming from outsourcing and offshoring. 

• Reputational risk: If your vendor or service provider fails, it will appear to your clients and counterparties as your failure. And, if you are a regulated company, your regulators will also see it as your failure and responsibility. 

• Quality Issues: Your offshore vendor's poor performance or poor reliability will be your poor performance to your clients and counterparties. That is, it will be your poor performance if you can work at all.

• Poor communication: Everyone has their favorite frustration story of dealing with an offshore service provider who simply does not speak the language well enough to communicate. 

Financial Risks

There are financial risks involved in outsourcing and offshoring that must be acknowledged and managed.

• Payment issues: When dealing with offshore vendors and service providers, you face failures of payment systems, hacking risks, and exchange rate risks. One way to deal with this is to get an international payment card like Airwallex for your teams.

• Tax and regulatory compliance: Your offshore vendors may not be doing all they should do regarding taxes and compliance or even giving you the information to ensure these obligations are met. Once again, their failures are your failures. 

• Exchange rates: Monitor their currency versus yours. Make sure your contract anticipates and deals with exchange rate problems. 

Mitigating Risks

You simply cannot eliminate all of the risks of using offshore vendors and service providers. 

Instead, take every known step to mitigate and manage those risks.

The use of offshore vendors often creates additional regulatory and privacy issues to deal with in your vendor management program. And as a side note, consider using these same recommendations for your onshore vendors and service providers.

Remember, lawyers and regulators (particularly financial authorities) look very carefully at everything you do in this area. 

Know Your Vendors & Service Providers

Your regulators and the business community will expect you to take on offshore vendors and service providers with care. Some suggestions for doing so follow.  

Do Your Due Diligence

Look at the provider's history and background — also considering where they are located.

A vendor’s location potentially impacts regulatory requirements. Consider developing a checklist for this part of your selection process and keep it on your chosen vendors and those you did not select. 

Research Vendor Personnel

Look at each candidate provider’s reviews and contact previous clients or read their feedback. Check out things your candidates have published. Check also for any regulatory or legal issues relating to your candidates. 

• Extra tip: Consider any recommendations from colleagues. Others who have employed the services of international consultants are very valuable in finding candidates.

Look at the People, Too

You’re not just dealing with your vendor and service provider companies; you’re also dealing with the people. You want to run – and document – the same kind of checks on the people who will be staffing your projects. Again, consider developing a checklist and maintaining it on each candidate. If there is a troubling candidate at a service provider you might use, you should follow up. Find out if you can work without that candidate. If you can’t, or if the problem staffer is a significant service provider component, you may want to consider a different provider. 

Risk Assess Your Vendors and Service Providers 

No matter how good your VRM is, each offshore vendor and third-party service provider will present some level of inherent or residual risk that you have to manage rather than eliminate. To achieve this, you will need to assess the inherent risk of each prospective vendor or service provider. 

Note: As mentioned, consider developing a form so that all your risk assessments are consistent. If you don’t have easy access to a document, there are templates online that you can use to develop your form. 

Clear Written Expectations

One of the best ways to control and mitigate risks is to anticipate them in your contract with your vendors. 

State in your contract precisely who is responsible for doing what. Ensure that you have privacy, trade secrets, and intellectual property protection provisions in the contract. Also, your agreement should provide a method and place for resolving disputes. You may also want to include certain kinds of remedies in the contract terms, especially any conduct that might result in termination of the relationship. 

Include specified methods for payments in your contracts and remedies for failed payments. A clear explanation of how vendors receive payment is critical for dealing with any outsourced service (domestic or abroad).

Poor payment handling often negatively affects both the cost of projects and relationships with your provider(s)

• Example: You pay an invoice in U.S. dollars, even though the invoice amount is in Great British Pounds. Funds run through a correspondent bank, charging your business fees while potentially slowing down the final payment from hitting the bank account of your service provider.

Consider using our Airwallex Borderless Business Cards to handle and manage business payments quickly. In addition, exchange rates are automatic, saving you fees each time you pay vendors. 

Treat It Like a Partnership

In partnerships, everyone is responsible and liable for the actions of any other partner. So, treat your offshore vendors and service providers as partners. Ensure you know enough about each provider not to worry about their acts creating your liability. 

• Communicate: Make sure you keep in contact with your offshore colleagues and encourage them to stay in contact with you. It’s unnecessary to travel but use phone calls and video conferences where possible. Don’t wait for a crisis to talk. 

• Share Your Aims: Make sure your offshore service providers and vendors understand and share your goals and objectives. Where appropriate, don’t just use them – work together with their staff and yours. 

• Try to Avoid Feeling Like It’s a One-Off: Let your offshore people understand that this can be more than a one-time venture. Instead, build relationships and continue working together.  

Don’t Be the Roadblock

Try to build efficiency and, where appropriate, speed into your processing with offshore vendors and service providers.

• Make Quick Responses a Goal: Delays by clients (i.e., you) are significant factors in project delays. Don’t be that client; get a reputation with your service providers and vendors for responding quickly and intelligently to their requests.

•  Anticipate What Might Go Wrong: Don’t wait for problems to develop. Instead, try to figure out and resolve what can go wrong with your offshore providers and vendors before you begin working together. It will make working together far easier.

• Be Reasonable: Any major project involving third parties is challenging. Add an ocean or a continent between you, and the challenges multiply. Set realistic and achievable deadlines for every part of each project.  

Keep It Secure

Want to avoid litigation and trouble with any regulators or lawyers? Make sure to protect intellectual property, customer data, and any other private information your organization is charged with keeping safe.

• Use a suitable non-disclosure agreement; prepared by an attorney

• Verify your networking monitoring settings

• Limit access to necessary systems and data

• Keep your client NPPI in-house – require a return or destroy clause in your contract

• Include standard data projection policies in all your contracts 

Build the Right Relationship

Think about how you want to relate to your offshore vendors and service providers. Different relationships require different structures. 

Each of these models offers different advantages. 

If your project is short and concrete, it might be best suited to a project-based fee. On the other hand, you may simply need to use some staff or a team from the third party and thus would best pay on a time and materials model. Finally, you may have an ongoing relationship of indefinite length, making having your team at the vendor the ideal situation.  

A vendor risk management program, primarily where you commonly deal with outsourcing and offshore vendors and service providers, can be one of the best decisions your company makes. 

It protects client relationships, your business's reputation, and builds long-lasting relationships with excellent services from around the world. 

Related article: The benefits of virtual debit & credit cards

Sources

https://www.fdic.gov/news/financial-institution-letters/2006/FIL-52-2006a.pdf

5 Best Practices for Effectively Managing Offshore Teams (uplers.com)

Kevin Oskow, 3/30/2020 Uplers, an outsourcing manager

6 Steps for Establishing a Vendor Risk Management Program (venminder.com)

Venminder, 7/27/2021, vendor management software developer

How to effectively determine your company’s risk appetite? | PECB

PECB University, an online security and risk management training provider; accessed 1/26/22