The services or goods that an organization buys must conform to the standards applicable to the organization. Such standards come from shareholders and others who fund the organization, customers and those who protect customer interests, regulators and even the suppliers themselves.
Before planning any outsourcing, an organization must first identify its own internal standards for everything it does. For any outsourcing, the organization’s own policies and procedures can frame the requirements for its external suppliers and their supply chains.
Sources of Standards.
Shareholders and Funders. Publicly traded companies have adopted Codes of Conduct following the well-publicized scandals. Such Codes of Conduct serve to assure the shareholders and other funding sources (such as member of a non-profit, voters for a governmental body and advertisers) that the organization will act ethically and in compliance with applicable laws and regulations. Shareholders and funding sources benefit from effective compliance programs by avoiding waste (fines, penalties, legal fees), distractions and reputational damage.
Customers and Consumer Protection Regulators. Every organization depends on the goodwill of its customers. Customers, and those representing their interests as consumer protection regulators, rely upon trustworthy sellers. Any breach of trust, or deceptive or unfair practice, can result in lost profits and reduced shareholder value.
Operations Regulators. Outsourcing of any business process or function entails regulatory compliance with both generally applicable laws – such as the duty to pay one’s taxes and treat one’s employee’s properly – and industry-specific laws.
Generic Regulations. Generic regulations apply to an organization regardless of its business, size, location or customers. These include:
- Advertising, branding practices and truth in disclosures.
- Anti-corruption, anti-bribery laws and other “social responsibility” rules.
- Conflicts of interest, both pecuniary interests, gifts and non-money relationships involving personal contacts, reputation and shared affiliations.
- Corporate governance.
- Data protection and privacy.
- Employment laws.
- Obtaining business permits and licenses to conduct the particular business.
- Occupational safety and health in the workplace.
- Respect for the rights of others under laws that grant rights, such as intellectual property, zoning and land use.
- Tax compliance.
While outsourcers generally have an idea about the basic compliance roles, their knowledge, competence and compliance with specific industry regulations will set them apart from their competitors. The following discussion offers an overview of legal issues confronting particular industries.
- Academic. Academic institutions are licensed to provide educational services. They may receive funding from the government, private donors, students and their parents, non-profit organizations and commercial enterprises as suppliers, suppliers or co-developers of research in science and technology. Each of these relationships imposes a legal framework for compliance.
- Aerospace. Aerospace industries support military and civilian customers. In each case, product designers must meet strict compliance and testing requirements for software that is increasingly complex. At the design phase, outsourcing of segments of the product development (as Boeing did with its 787 Dreamliner®) can have an impact on intellectual property, export controls, import duties, export trade regulation and international trade in arms ( “ITAR” in the U.S.) regulations. At the manufacturing phase, outsourcing of even the smallest component could impact the bottom line by changing customs classification, country of origin, and thus eliminate cost savings programs such as duty drawback and the U.S. Generalized System of Preferences. If there is a technology transfer or deemed export of a regulated technology, site visits and special security requirements will be need, particularly if the manufacturer participates in an expedited customs entry procedure (such as C-TPAT in the U.S.).
- Banking, Financial Services and Insurance (“BFSI”). Providers of services to the banking, financial services or insurance face extensive governmental regulations, particularly after the Crash of 2007 and governmental bailouts under programs like the Troubled Assets Relief Program (“TARP”) in the United States and corresponding programs in the Group of 20. As the BFSI regulatory environment morphs to segregate lending from risk-oriented investment activities, outsourcers in the BFSI sector will need to adapt to changing rules, so their roles may differ, requiring greater contractual flexibility.
- Entertainment and Gaming. The entertainment industry has evolved into a consumer-oriented software graphics business with human resources. The gaming industry is highly regulated to avoid corruption, fraud and illegal enterprise operations. In each case, outsourcers supporting the industry must meet the standards for intellectual property creation and management, consumer protection and safety and background checks of owners and individuals serving the public.
- Food, Drugs and Pharmaceuticals. These products are highly regulated to protect human safety. Outsourcing offers an opportunity to automate and scale the volume of tests needed to get approval for a new drug. Where the tests are done in one country for use in another country’s regulatory process, the laws of both countries must be complied with.
- Government Contracts. Providers of services to government (and government subcontractors and governmentally-owned industry) must know the government procurement regulations. For military contracts, the service provider must conform to rules governing nationality of the individuals performing tasks, the ownership of intellectual property generated under the contract, the disclosure or exportation of the work product or processes to nationals of foreign countries.
- Human Resources and Staffing. Staffing agencies have traditionally provided interim, short-term and long-term human resources to assist organizations on projects or general functions. As employers, staffing agencies must comply with special industry regulations on advertising, civil rights, non-discrimination, whistle-blower rights, life-cycle administration of the employment relationship, employee benefits plans and retirement benefit plans. Judicial doctrines may affect the compliance profile, since certain business relationships with clients could create unintended co-employment or agency relationships. In certain jurisdictions, staffing agencies are limited by unique rules governing the “acquired rights” of employees upon changes of position within one organization or upon the transfer to another organization by merger, divestiture, outsourcing or other arrangement.
- Manufacturing. Manufacturers have an interest in demanding that their extended supply chains comply with laws all jurisdictions where value is added to their products. Such laws involve employment, intellectual property, government subsidies (and countervailing duties), unfair pricing (and anti-dumping duties), consumer product safety and strict liability, export of sensitive confidential information, patent protection and data protection.
- Non-Profit Organizations. By definition, a non-profit organization is established under special tax and corporate laws to serve the public, and to avoid self-dealing. Compliance standards for non-profits thus include rules on conflicts of interest, self-dealing, lobbying activity,
- Energy (including Oil, Gas, Petrochemicals and Utilities). Current regulations environmental regulations are fairly well understood. However, the future of energy policy and its impact on outsourcing need to be carefully analyzed, or at least anticipated with reasonable planning. The impact of emerging standards for “green computing,” carbon credits, cap-and-trade pricing for carbon emissions will have a significant effect upon global enterprises and their supply chains.
- Telecommunications. Telecommunication regulation is increasingly governed by governmental policies relating to national security, data protection, privacy and Internet regulation across technologies (landline, cable and satellite). In addition, consumer regulations apply increasingly to mobile telephony.
In short, each industry and each enterprise needs a clear idea of its regulatory compliance needs and those that it wishes its sourcing providers to honor.
Implementing An Appropriate Compliance Program.
An appropriate compliance program involves identifying and documenting compliance mandates, adopting documented standards and communicating them to all individuals responsible for complying. In outsourcing, this means ensuring that the service provider complies with the enterprise’s compliance standards and programs, including training and possibly testing.
Design. When outsourcing, the enterprise customer’s sourcing or procurement team can work closely with its legal team and compliance professionals to implement strategies that not only ensure respect for legal standards but also structure the outsourcing to prevent loss of cost savings or other efficiencies for the enterprise and its own customers.
Audit and Control. The heart of any compliance program is the right to audit and control the performance of the service provider. Enterprise customers will thus need to identify strategies and procedures to meet their own internal strategies, external compliance rules and supply chain management of the service provider and its supply chain.
Reassessment and Change. Compliance directives change with new laws, regulations and judicial decisions. The outsourcing relationship should identify ways to adapt to change in the regulatory environment.
Further Help. Your compliance officer and your law firm can offer advice on effective compliance programs and integration with your outsourcing suppliers and your supply chain.