The Chill of Sarbanes-Oxley

Large U.S. banks have been slower to turn to bundling arrangements than many of their financial services competitors. Because banking is a highly regulated industry, commercial banks tend to be conservatively managed. “The operational risk profile is greater and that makes people nervous,” says Peter Lowes, a London-based principal and banking practice leader at Deloitte Consulting.

Some banks have grown more concerned about the compliance challenges that are embedded in every outsourcing arrangement. Federal regulations and most notably the Sarbanes-Oxley Act may have had a modestly chilling effect on the BPO market. Sarbanes-Oxley requires that chief executive and chief financial officers at publicly traded companies include an attestation in every quarterly filing that their companies have a system of internal controls in place and those controls are believed to be effective.

Virginia Garcia, a research analyst at Needham, Mass.-based TowerGroup, says that many vendors were forecasting a 25% growth in the BPO market in 2004, but the market’s actual expansion was closer to 20%. “We have observed a slowdown in business process outsourcing,” she says.

In an ordinary BPO arrangement, the third-party provider has the functional responsibility for making sure all the necessary controls are in place because they are actually managing the process. But banks cannot transfer accountability for regulatory compliance, including Sarbanes-Oxley, which means they must consider the BPO vendor’s compliance skills when making a selection. Garcia says that some BPO vendors have been slow to respond to their clients’ need for guidance on compliance matters and this has led to some hesitancy in the banking industry. “Providers really need to recognize the burden they bear in the marketplace,” she says. “They really need to be able to make that leap.”

Jack Milligan