Most financial services firms offshore at least one function-call centers, software design, telemarketing, back-office processing, IT maintenance, accounting services-and they're discovering that the path to promised cost savings may be littered with hidden expenses and obscured risks. With A.T. Kearney predicting 500,000 more financial services jobs moving overseas over the next five years, or eight percent of the workforce, are firms doing the due diligence to prevent the high cost of reputational risk or poorly managed overseas projects?
The top 15 U.S. financial institutions spent about $1 billion on IT offshore outsourcing in 2003, a figure expected to grow to $2.5 billion by 2008, according to TowerGroup, which reports that outsourced IT work will grow 34 percent annually over the next four years.
Offshoring is accelerating most rapidly among second-tier players, however, where it is doubling every year.
Lured by the promise that outsourcing can halve the cost of the same job in the U.S., positions are flowing to India, China, the Philippines, Russia, Malaysia, Vietnam, Egypt, Thailand, Ukraine, Russia, Ireland, Canada, Costa Rica, South Africa and elsewhere. While firms like Citigroup, American Express and GE Capital have been outsourcing for years, inexperienced banks may be moving too quickly in the rush to jump on the bandwagon. Problems that have surfaced over the last year include security breaches, error-prone software programs and service complaints. Some of the high-profile missteps include:
* In March, Capital One cancelled its telemarketing contract with India's largest call center, Wipro Spectramind, after an Indian worker was accused of misleading U.S. credit card company customers with unauthorized offers. The offers were uncovered during a routine internal inspection in January. Nearly 30 Indian employees were fired and another 65 resigned after being accused of offering incentives like free gifts or membership discounts.
* In December, Lehman Brothers cancelled its contract with India-based Wipro for an employee computer-help desk, saying it was dissatisfied with staffers' poor training. The deal was part of a $70 million to $100 million contract signed in November 2002 with Wipro and rival Tata. Other outsourcing contracts with Wipro continue, however.
* In November, both Web.com and Dell Computer cancelled call-center contracts in India after customer complaints of unintelligible accents, cultural misunderstandings and poorly trained tech staffers.
* In October, a disgruntled employee in Pakistan who transcribed medical files dictated by doctors at the University of California San Francisco Medical Center threatened to expose all voice files and patient records on the Internet if she wasn't paid the hundreds of dollars in back pay she was owed by her employer, the original contractor's subcontractor's subcontractor. A center spokeswoman could not confirm whether the woman was fired or is being prosecuted for the threat.
* In September, SolidWorks Corp., a Concord, MA-based software maker prosecuted a programmer at its Indian outsourcing partner, Geometric Software Solutions Co., after he allegedly stole SolidWorks' intellectual property and tried to sell it to company competitors in India. The FBI helped Indian authorities arrest the employee, who is now awaiting trial.
"Financial services firms will be very quiet about these kinds of incidents," says Virginia Garcia, a senior analyst in TowerGroup's Financial Services Strategies and IT Investments Practice. "With effective IT governance, managing that risk on a day-to-day basis wouldn't be much bigger overseas than it would be in the U.S. It's a matter of having the people, process and technology in place to manage whatever incremental or great risk there might be. The trick is to balance the risk. How much can you reasonably tolerate? Mistakes are going to be made and you're going to learn from them."
Knowledge transfer and internal commitment were identified as banks' biggest hurdles in launching offshore initiatives, according to research by the Weissman Center for International Business at Baruch College and The Paaras Group. But security and privacy issues are another enormous issue: New Jersey and California both are pushing bills that would prevent outsourcing work to a foreign location if confidential financial or medical information is transferred overseas; Democratic Congressman Edward Markey of Massachusetts is expected to introduce legislation requiring consent for such data transfers.
According to analysts, there are ways to minimize the risks:
Take the time to choose the right country, company and employees.
Most financial institutions make the mistake of not being open minded about where to offshore, and consider only India because it has the longest history, says Mark Hodges, chairman and co-founder of outsourcing advisory firm EquaTerra in Houston. "Do you marry the first person you kiss?" he quips. "You don't make a decision with a lack of knowledge. If you don't know the comparative advantage, you need to do the research." One mortgage processor, he says, wasted two years and between $5 million and $10 million when it shuttered its Mumbai, India, call center and moved it to Manila. "The providers there think in English and didn't need to read from a script," he says. Customer dissatisfaction, which had soared to 80 percent before the move, is now at an all-time high of 93, he says.
Ilya Billig, a vp at Russia's largest outsourcer, Luxoft, suggests banks learn the outsourcer's culture before setting up abroad. "Spend time learning how to work there," he says. "The nuances of language can cause big, big problems. In India, you give someone a task and you get exactly what you asked for. In Russia, they will argue and suggest how to do it better. Finding this balance is not an easy task."
Although the outsourcing market is mature, and best practices have been established among major outsourcers, Garcia says firms can't underestimate the need to vet outsourcers and their subcontractors through verification of financial health, customer references and software-certification levels. "Companies simply underestimate the need for due diligence, which can take months," says Garcia. While hiring experienced reputable providers like India's Infosys Technologies Ltd., which has two decades' of outsourcing experience, may make the most sense, they'll also cost more than the average firm.
But many analysts agree employees often pose the most risk. Background checks in emerging markets, most of which don't have criminal databases or credit reporting agencies, is difficult. William A. Tanenbaum, chair of the Technology, Intellectual Property and Outsourcing Group at Kaye Scholer in New York City, suggests potential employees be quizzed with a preset list of questions designed, if answered honestly, to ferret out those with the potential for criminal or fraudulent behavior.
Keep cost-savings expectations low.
One of the greatest mistakes firms make is overestimating how much they'll save with outsourcing. A recent Gartner study of 219 clients that outsource projects offshore noted that half that projects undertaken in 2003 didn't deliver anticipated savings. "Most people think they're saving 50 percent, but it only ends up being 20 or 30 percent," says Tanenbaum. "There are continued management expenses and costs that are always larger or unanticipated. And you're usually adding another management layer that you hadn't expected." Garcia agrees, suggesting banks trim initial savings estimates of 35 to 50 percent to 20 to 27 percent.
Hidden costs creep into all three phases of outsourcing, from selecting a provider to managing the transition to handling the long-term relationship. Michael Haney, senior analyst in the Securities and Investments Practice at Celent Communications, recommends firms add up to two percent of the total project's costs to the first phase; between six percent and 18 percent to the second phase; and between four and 37 percent to the third. However, once everything is in place, banks can expect to begin reaping the rewards. "If the relationship between the customer and vendor is very good, you'll get your 50 percent savings," says Billig. "But that will not happen immediately. You might only get 20 percent the first year. Knowledge transfer takes time."
Make fraud protection a priority.
Banks won't talk about it publicly, but off the record they'll admit that their greatest fear is data leakage. "Cybersabotage is underestimated," admits Tanenbaum. "You never know when you'll have an employee with an ideological bent who might think, 'Wouldn't it be fun to stick it to the Americans?' People can do real harm at putting malicious code in writing."
Many overseas firms employ fraud-detection software that monitors instant messaging and locks data from being printed or downloaded. "Data protection is something Americans do think about," says Haney. "These Indian guys know everything about my financial history, from mortgage to credit cards to taxes. What protects the bank? Nothing really. They build in reserves for their expected losses and they have regulatory capital for unexpected losses. It's a cost of doing business. But IT security procedures are pretty secure and data is highly encrypted."
And should the need arise to prosecute a contractor's employee for fraud, for example, the rule of law is, ahem, not the rule in many emerging markets. "When you measure court time in India, you're measuring in geological time," quips Tanenbaum. "Prosecution can take years."
Joydeep Datta Gupta, executive director of PricewaterhouseCoopers Private Ltd. in Calcutta, admits legal issues can be a problem. "Indian courts are known to be backlogged," he says. "[The rule of law] is not as strong as it is in other countries and that is a concern about India. One of the complexities is you cannot have one law for offshore units and one law for the rest of India." He says multinationals running their own centers create "adequate internal controls" to curb fraud.
Physically spread out the risk.
Many larger firms with long outsourcing experience are moving toward a multiple-location strategy, with various vendors and a blend of both in-sourced and outsourced models to minimize risks and maximize flexibility, according to the Baruch College-Paaras Group survey.
"Captive sites provide the benefits of both worlds: the controlled environment and the cost savings of being able to hire locally," says Celent's Haney. Citigroup, long a leader in this venue, is going one better by acquiring its own outsourcers. It recently announced plans to buy out the remaining shares of its Indian back-office processing arm, E-Serve International, for $122 million; it had previously owned a 44.4 percent stake.
Bank of America also opened its own wholly owned subsidiary, Continuum Solutions Pvt. Ltd., last month in Hyderabad, India, which is expected to employ 1,000 people by mid-2005. The unit will handle back-office processing from the bank's London-based Global Treasury Services International Group, but no customer-facing operations, according to a bank spokeswoman. The bank saved $10 million in 2002 by moving its software development and maintenance to India. A captive site is also a hedge against chaos. "With a captive site, financial institutions have full control," says TowerGroup's Garcia.
Start small and then expand.
Firms that work on making pilot programs work before expanding do the best overseas. The goal, Garcia says, is to turn small projects into long-term agreements, and then multi-year contracts and, finally, long-standing business-process outsourcing relationships. "That's the kind of maturing we're seeing in the industry," she says.
Ramping up your project too rapidly is often a problem for first-timers, says Datta Gupta, who has been following outsourcing in India for 14 years. He points to an unidentified financial services firm that shut down one of its call centers because of customer complaints about employees without sufficient product knowledge. He says the firm was so eager to get the call center running that it didn't take the time to recruit or train employees thoroughly. "They compromised on quality and reduced their standards," he says.
Monitor the project closely during the transition phase.
Managing the transition is probably more important than the final relationship, says Hodges. He points to one credit card-processing company that thought it only needed three people to complete the transition of its $10 million, five-year contract from the U.S. to India. "They should have had seven to 10 people," he says, noting that the transition took eight months instead of three and key bank employees were so frustrated by the experience that they left. "There was real value leakage in the contract."
Staying focused on the core project can be a challenge. "What you're trying to accomplish tends to grow. We call that scope creep," says Haney. "Someone in the middle of the project says, 'Can't we also do this?' If you don't have someone with the experience and knowledge to manage an offshore project, you're probably doomed."
To effectively manage the transition, Tanenbaum recommends performance goals and due dates-fueled by financial penalties and bonuses. "Banks need to set the right expectations from the beginning," says Guillermo Kopp, director of the Financial Services Strategies & IT Investments Practice at TowerGroup. "How do you measure success? You need to know exactly what you wanted to achieve and then build into the contract a number of measurement intervals." In fact, he says good IT governance will add about 15 percent to your estimated cost, but it's "absolutely worth it."
Don't underestimate ongoing relationship management.
But once the transition phase has passed and operations appear to be running smoothly, banks can't take a breather. "Your job is not done," notes Haney. "Problems can still escalate anywhere in that process. A lot of people think, 'I just give it to the guy and he takes care of it from there.' That's a false assumption."
Hodges suggests banks do regular and surprise audits of vendors, as well as their subcontractors, to verify that banks' standards are being met.
If in doubt, put it in the contract.
Everybody agrees that the contract, which should spell out all the details of the transition and final operation, is where it's at. Tanenbaum warns against banks having "shared responsibility" for a project, since "that means nobody is responsible," he says.
Tanenbaum, who says 30 percent to 40 percent of new outsourcing ventures fail, urges contracts to include clauses that govern moving the process back to the U.S. "No one wants to negotiate failure in the beginning," he says. "It's not comfortable. But it works much much better when you do."
Garcia applauded Lehman's decision to cancel its internal help-desk contract with Winpro, saying the firm had 104 other projects overseas that were successful. "They took the time to make the decision wisely," she says. "That is a sign of very effective measurement capability and IT governance to recognize that something is not working. You have to be willing to sink a project if it doesn't make sense, rather than keep it alive."
Tanenbaum also warns of potential "patent wars" between banks and outsource providers over business method patents and which firm has the right to use the proprietary methods. He recommends that firms planning to outsource review their software licenses to be sure that their enterprise, site license and others are up to date and that all fees are being paid. The bank may also benefit from adding an arbitration clause that mandates negotiation in a neutral country in the event of a dispute.
Consider not outsourcing customer-facing functions.
With reputation damage a top risk, banks need to be cautious of political sensitivity about offshore outsourcing. Garcia suggests many U.S. firms may have been too quick to move their customer-facing operations, such as call centers, overseas. "I may not care where my loan is processed [as a customer], because I don't talk to that person, but if I'm inclined to believe that offshore outsourcing is bad for this country, I may not like to hear an accent when I call [as a consumer] with a question," she points out.
She urges banks to face the issue head-on, and applauds on-line lender E-LOAN's decision to ask customers whether they prefer their loan be processed domestically or in India. More than 86 percent of customers have opted for the overseas processing, which is much faster.
Remember a business continuity plan.
An adequate business continuity plan, adequately tested before the project goes live, is a must for offshore outsourcing. "If the electricity fails and data is unavailable, you may find you've outsourced a critical process to a firm that didn't have the protection that should have been provided," Tanenbaum says.
Many of the financial services companies are carrying more risk than they would like to carry, agrees Datta Gupta, but a disaster-recovery plan helps mitigate that. "Their business continuity plans are not in place completely. When they create the original plan, they should have a backup."
As the financial services landscape becomes ever more competitive, overseas outsourcing is here to stay. The trick for banks, says Tanenbaum, is preparation. "The job of the lawyer is what to do when something goes wrong," he says. "And if you have a right and not a remedy, it's a license for someone to do something wrong."
