As with any business process that is regulated by government, business process outsourcing elicits regulatory interest. Regulation of private enterprise may stem from a variety of public policies. These include:
- to ensure that the regulated industries remain safe and sound;
- national security and public safety;
- the protection of fundamental civil rights of members of society;
- the protection of investors by timely informing them of important events in the life of the regulated enterprise; and
- other public interests unique to the particular regulatory environment.
Key considerations that regulators wish to see managed include normal considerations of prudent business managers. These include:
- security of data;
- privacy of personally identifiable information;
- business continuity planning and disaster recovery;
- managed processes for adopting and implementing changes in the services;
- compliance with regulatory procedures including timely reporting to enable timely submission of regulatory disclosures and the preservation of information for regulatory audit;
- the licensing of individuals performing services for which individual licenses are required;
- preservation of appropriate rights and remedies for the regulated enterprise customer in case of a dispute; and
- flexibility for the regulated enterprise customer to terminate the outsourcing agreement in the customer’s prerogative.
Every regulator has a different list of concerns, but these are universally important. Special-purpose considerations should be identified before the parties enter into the agreement.