Contributors

Bundling Your BPO

Combining multiple business functions into a single BPO agreement.

by Mark Hodges

We are frequently asked by our clients a series of questions around the efficacy of bundling more than one business function such as HR, F&A, IT, or procurementwith another business function into a single and larger BPO agreement. The questions range from: What are the benefits to bundling? and How much additional cost savings are possible by bundling? to Are there BPO providers who can deliver on two or more business functions? and Is it more risky than outsourcing a single business function?

If you are wrestling with these same questions, there are a set of factors and additional questions to address that will help determine whether bundling the business functions for BPO is a sensible strategy for your organization.

First, the market has proven that when two or more business functions are bundledfor example, HR and IT or F&A and HRan additional 10 to 15 percent in savings can be achieved over a single business-function BPO agreement. Therefore, if maximizing cost savings is critical to your organizations requirements, as opposed to other BPO objectives such as adding capability or increasing flexibility, a bundled BPO relationship can make sense.

Second, consider collaboration. Do your functional leaders work well as a team? Have your HR leader and CFO collaborated previously on large-scale initiatives? Do they usually see eye to eye? Does the CIO respect the head of HR or the SVP of Procurement and vice versa? If the business function leaders are merely factions, it can be very difficult to harmonize a BPO initiative across these fiefdoms.

Third, what about BPO objectives? Are your CEO and executive management team in agreement? Will they act as a team when various functional leaders try to break from the pack? Often the selected BPO provider on a bundled deal is not the unanimous choice among the functional leaders, increasing the possibility of opt out actions. Will your CEO and executive management ensure this does not happen and enforce compliance?

Fourth, do you have the organizational capacity and capability to manage a BPO initiative across multiple business functions? The amount of resources, energy, and choreography necessary to accomplish this task is enormous. Think of managing three M&A deals at once it is difficult to conceive if an organization is not used to cutting across functional towers and driving harmonized organizational change.

Fifth, is there a compelling business reason to, Do it once and get it over with? If there is a new CEO in place, often that individual has a honeymoon period during which change and cost reduction is expected. Another example is a company in the midst of massive restructuringit often makes sense to bundle the functions together in a BPO agreement. It is also a good reason to do a bundled BPO deal when there is going to be a massive restructuring in the coming 12 to 24 months.

Sixth, will your company be comfortable with the fact that there are only a handful of BPO providers who can deliver on a bundled BPO agreement? Even then, at least one of your functional leaders will be unhappy with the final choice of providers. Many procurement organizations, and even legal departments, have major problems when RFPs arent going out to at least 6 to10 vendors. Working with only two or three providers makes them nervous and feeling like they lack control.

Seventh, do you already have a multi-functional shared-service center in place? If you do, the benefits of the existing interdependencies and integration are very valuable and it is usually unwise to unbundle these services into separate BPO agreements.

Finally, do you feel you that you have to learn the outsourcing process over time instead of all at once? Many clients feel more comfortable initially outsourcing one business function, getting it into production, and letting it run for a year or more before they tackle the next business function. Right or wrong, many clients feel this is less risky and increases their probability of BPO success over time. However, if your company is comfortable with the big bang approach, then bundled BPO works just fine.

Ultimately, determining whether outsourcing a single business function is more effective than bundling is not a simple decision; it depends on a multitude of factors. Make sure you understand your companys organizational capacity, culture, and decision-making processes before you select one BPO route versus anotherit will save you time, energy, and your sanity!

Continue reading →

Developing Operating Standards

Part 1 in a 3-part series on developing acceptable HRO standards.

by Michel Janssen

Establishing operating standards for business processes is the foundation for a successful HR outsourcing industry. In HRO, buyers and suppliers are now coming to grips with the need to develop standard operating practices in their relationships. As HRO suppliers acquire their fourth or fifth client, they begin to think about how to scale operations and where to make investments to drive operating leverage.

< ?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /> 

This first of three articles about HRO standards addresses the historic parallel between industries before outsourcing, and why outsourcing, by its nature, tends to lead to the establishment of a set of acceptable operating standards for outsourced business models.

 

Out of necessity, HR developed as a support function within many companies. There was no compelling reason to drive operating standards across firms since they were based primarily on the internal needs and cultures of each company. But the environment is changing due to the availability of new business models and corresponding new options from a still-emerging supplier community.

 

There has been significant precedent from more mature outsourcing industry segments on this issue. In the early days of IT outsourcing, the world was full of custom-built tools and processes. As outsourcing took off, economic reality forced buyers to make decisions about which security system, which scheduling system, and which database system to utilize, along with restrictions surrounding what versions they would support. There is every indication the HRO industry will follow a similar path during the next two to four years.

 

Since the ERP system is often a focusing agent for process standardization, the buyers lack of appropriate technology to facilitate HRO is often the starting point in the design deliberationsdetermining where it is, relative to its needs. Accepting that processes are truly not all that different and recognizing that economics can help drive decisions about where to invest money are factors that drive standards. In the IT example above, a supplier would sell you anything you wanted, but it also would demand significant additional dollars for utilizing non-standard systems or processes. When executives are presented with hard-dollar alternatives, tough decisions emerge to identify what really needs to be unique.

 

Ultimately, this produces an environment that can lead to a set of standards between buyers and HRO suppliers that produces the following objectives:

 

Reduced costs (through optimal standardization)

 

Movement to acceptable practices that reduce both legal and regulatory risk

 

Reduced risk of collateral change, once the relationship passes the introductory phase

 

Leverage of future technology investments across a broader spectrum of the buyers industry

 

Improved service, both 24×7 and enhanced global delivery

 

Acceptance of a need for standards, coupled with an understanding of the buyers culture produces, by definition, a series of self-fulfilling acceptable practices, which establish an environment for HRO to flourish.

 

So what HR functional areas would benefit from better operating standards? As documented in the chart, we asked the top HRO executives at each of the leading suppliers the same question, and they were virtually unanimous in suggesting that regulatory and compliance were key opportunity areas. Another area, which they suggested would continue to be more company specific, was compensation, something many firms believe is a key differentiator and critical element in producing the right business results.

 

But like any journey, knowing where you are and where you want to be are two pieces of the puzzle. The roadmap to the desired destination is found with a discussion about different types of standards, which will be addressed in the next installment.  

Continue reading →

New Privacy Rules

Big Brother is watching–HRO users and providers beware.

by William B. Bierce

As it turns out, Big Brother is watchingHRO users and providers beware.

< ?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /> 

Federal privacy law is expanding with the Security Rule under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the privacy and civil liberties procedures established under the Intelligence Reform and Terrorism Prevention Act of 2004 (IRATPA) one for electronic health information, the other for virtually all personal information that could be discovered in homeland security and anti-terrorism investigations. For HRO customers, employees, and service providers, each law will impose new obligations and safeguards.

 

HIPAA SECURITY RULE

 

The HIPAA Security Rule reinforces the Transactions Rule and the Privacy Rule, which focus on the privacy of protected health information. The HIPAA Security Rule takes effect on April 21, 2005, for all covered entities except small health plans. In the private sector, all private health plans, healthcare providers, and healthcare clearinghouses must assure their customers that the integrity, confidentiality, and availability of electronic health information that they collect, maintain, use, or transmit will be protected. The goal is to ensure the integrity and confidentiality of the information and to protect against any reasonably anticipated threat or hazards to security or integrity of the information and unauthorized use or disclosure of the information. The HIPAA Security Rule will be an additional compliance requirement for HRO deals. There is no specific federal security standard, but only one that adopts reasonable and appropriate precautions. The enterprise customer cannot simply dump the HIPAA compliance obligation upon the service provider. As a best practice, HRO customers and their providers should review the design and implementation of the processes involved in compliance, and establish periodic reviews to deal with changes that might be needed. The costs of such periodic changes should be discussed as well.

 

PRIVACY AND CIVIL LIBERTIES

 

Under IRATPA, executive departments and agencies must appoint a bevy of new privacy and civil liberties officers to protect against abuses of constitutional and statutory rights. Within the National Intelligence Department, a Civil Liberties Protection Officer, reporting directly to the Director of National Intelligence, will be appointed to meet constitutional, technological, and statutory mandates. To protect constitutional freedoms, this officer will be responsible for compliance, review, and assessment of complaints and other information indicating possible abuses of civil liberties and privacy in the administration of national intelligence programs. As a counterbalance to the increasing centralization of powers in the war on terrorism, a Privacy and Civil Liberties Oversight Board will be established within the Executive Office of the President as part of an enhanced system of checks and balances to protect the precious liberties that are vital to our way of life. In addition, Congress recommended each executive department or federal agency with law enforcement or anti-terrorism functions designate a privacy and civil liberties officer.

 

PRIVATE SECURITY OFFICERS

 

In the private sector, enterprises that either hire their own private security officers or rely upon service providers to do so will now be subject to new regulation. A private security officer is an individual other than an employee of a Federal, State, or local government, whose primary duty is to perform security services, full or part time, for consideration, whether armed or unarmed and in uniform or plain clothes. IRATPA authorizes prospective employers, after getting written consent from the prospective employee, to submit fingerprints for an authorized criminal history record information check for prospective private security officers. The employer must disclose the results to the prospective employee.

 

CRIMINAL HISTORY CHECKS

 

The new law opens the door to new regulation of access to criminal records in support of lawful employment beyond private security officers. The IRATPA law calls on the Attorney General to recommend to Congress any legislative improvements for the conduct of criminal history record checks for non-criminal justice purposes. As part of this process, commercially available databases will be reviewed as possible supplements to government records. Privacy rights will need further consideration, based on principles of employee consent, access to the records used if employment was denied, the disposition of fingerprint submissions after records are searched, an appeal mechanism, and penalties for misuse of the information. Employerswhether or not they outsource any HR administrative functionshould review and update their employee handbooks and the rules applicable to third parties having access to HR information.    

Continue reading →

Cuppa Joe: Reference Standards Board Fills Market Need

The newly-established Reference Standards Board is organized as a central source for the outsourcing industry.

by Joseph Vales

Executive references can often be a decisive factor in major outsourcing contract awards that can run into the tens and hundreds of millions, or even billions of dollars. Yet few service providers have a process for providing complete, accurate, and relevant client references on a timely basis. Recognizing this market need, Eva Schmatz has co-founded the Reference Standards Board. As President of Summus, a preeminent market research firm, Eva Schmatz is well known for the pioneering market research work she has done to guide companies in corporate branding, marketing/sales strategies, and new business development. Eva has directed several hundred market research studies for Global 1000 companies and interviewed thousands of C-level executives. She is the best one-on-one interviewer in the business.

< ?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /> 

JV: Why are references so important in the sales process?

 

ES: References are critically important. Companies and executives have found it more and more difficult over the years to be able to clearly specify and then source solutions to their problems. They have indicated their need for more independent, objective, and unbiased client reference information. They want a more reliable and credible basis for selecting the best-value service providers to manage their complex outsourcing programs. This is true in the world of IT and the world of outsourcing and true in the world of strategy. The ability to measure and assess an organizations delivery in areas that have a much bigger component of variability becomes a challenge. The reference becomes more and more important because high-value results are only going to be delivered if you have the right people working with you. The reference helps you ensure that you have people that can not only deliver what you ask them to deliver, but also tell you what it is that you are not thinking about. The key is the ability to do all of this in a way that supports your organization and its culture.

 

JV: What is the mission of the Reference Standards Board?

 

ES: Our mission is to establish and maintain high standards for the way that executive references are used in the sales proposal process. We provide independent and objective reports, with our established strict standards for the interview process and criteria for selecting client reference givers. In the end, our goal is to give corporate buyers much more useful information, enabling them to select the right firms to meet their needs and requirements.

 

JV: Why do you see the Reference Standards Board as an industry solution?

 

EV: Buyers who review references will have efficiencies and a higher level of confidence if they have the ability to look at them in a standardized form. We believe that the methodology used by the Reference Standards Board (RSB) will set the bar and expectations on how references should be handled in all stages of the reference gathering process. What we hear from executives in all industries is that if you can create a process that is repeatable and learnable, it will be more effective, more efficient, and more broadly used. And to ensure that we are representing the full spectrum of industry needs, we are creating an Advisory Board consisting of leading buyers, providers, and consultants.

 

JV: The name of the organization is the Reference Standards Board, but what kind of standards are you establishing?

 

ES: We are establishing standards in a number of areas that we have observed to have too much variability in delivery and performance. One area of standards is simply the structure of the reference. We are establishing a clear and structured way of delivering information and a standardized way of supporting it. A second area of standards is the ability to identify correctly the type of people that provide references. The reference giver should be of a sufficient level within the organizationable to speak to issues and claims that are being made about the success of the engagement. We have a series of standards that we use as a screening device for every reference that we certify. In addition, we have standards that we apply within our own organization on how we conduct interviews as it relates to our larger research practice. All of these standards are fundamental to us and make a given reference more textually helpful and interesting to the ultimate leader.

 

JV: How does the reference validation process work?

 

ES: The validation process has a series of steps. Initially, the service provider will articulate their key successes achieved for a given engagement. Thats very important because every engagement has certain objectives, and the nature of these successes is going to vary engagement by engagement. We want to give them the right to say on a given engagement this is what we achieved for a client. Then we go to those reference givers and talk with them to determine their degree of involvement in a certain engagement. We want to ascertain from them whether they have the in-depth information and hands-on experience to allow them to answer these questions confidently. So we check that kind of information first. Then, in advance of the interview, we let them know the nature of the key successes that the service provider claims regarding the engagement. Now why would we do that? We want them to be fully prepared and have every opportunity to feel that theyve really given their most accurate and thoughtful response. Our objective is simply to find out from them whether the service provider has accurately reflected the success of the engagements and how they would comment on the claims that the service provider has made. Once we have gathered the reference from them in the individual interview, we will provide them with a transcript of their reference for review and comment. Why do we do that? We want to give the reference giver 100 percent confidence that we have accurately reflected not only what they say, but also how they say it. We want them to be willing to go on record with this reference, so we show them the transcript of their reference. They have the opportunity to indicate that they fully concur with their statements. The service provider may then see the reference but may not in any way alter the reference.

 

JV: Whats unique about your methodology for validating references?

 

ES: Our methodology is an individual in-depth interviewing approach that is very friendly to its respondents. It allows respondents to dig deep and articulate not only the objective reasons for their decisions, but the more subjective influences that prompt those decisions and color their ultimate evaluation. Client reference reports reflect the actual thinking and language of the reference giver, with his/her own verbatim quotes and responses to specific questions. These reports are both substantive and informative.

 

JV: Does the reference interviewing process require a special type of researcher with a unique background or mix of experiences?

 

ES: Essential to our success is not the mix of background of our researchers but their ability to listen well and understand the information. This means people who can be on the receiving end of information without feeling the need to participate in it at some level. In order to become successful in business, we are usually required to develop a habit of forming our own opinions, indicating them, and verbalizing them. We start to express outwardly and neglect our ability to reflect inwardly and listen to the ideas of others. But when you are doing a diagnostic report, you need to have people who have that interesting combination of being able to put themselves aside and listen. At the same time, they need to understand enough about the business to know when they hear something interesting or unusual, and exactly when to respond or pursue an issue. That just happens to be a rare combination and we are fortunate to have built an exceptional team over the years.

 

JV: So what has been the reaction of the outsourcing industry to the formation of the Reference Standards Board?

 

ES: We announced the formation of the RSB at the most recent Sourcing Interests Group Conference. We were overwhelmed by the positive response from the industry and have followed up by seeking the counsel of, and endorsement of, so many industry leaders. During the first quarter of 2005, we will begin pilot tests for market leaders, work with our advisory board, and expand our service in < ?xml:namespace prefix = st1 ns = "urn:schemas-microsoft-com:office:smarttags" />North America during the second quarter of 2005.

 

JV: How can you and your co-founders be reached?

 

ES: The Reference Standards Board is located at 708 3rd Ave, New York, New York, 10017, or can be reached by telephone at 212-777-0666 and e-mail at Info@ReferenceStandardsBoard.org.  

Continue reading →

Do You Have a Preferred BPO Provider?

Dont let vendor fatigue leave you too tired to recognize your providers accomplishments.

by Mark Hodges

Many clients have a preferred BPO provider. These clients appreciate the existing relationship, the value delivered over time, and the trust that has been built over a number of years. When new BPO requirements emerge, these clients like to steer business towards the incumbenta BPO provider with a proven track record. What often occurs, however, is that the clients preferred BPO provider doesnt actually win the work. Why does this happen?

The existing BPO provider describes a BPO opportunity that the client feels is worth exploring. The BPO provider submits a high-level proposal for a discovery process or assessment with a high-level business case as the final deliverable. The business case allows the client to determine whether to move forward with a BPO agreement or not. This discovery process is often provided for free, or at significant discounts to the BPO providers usual fee structure. This makes it extremely attractive to the client, with little perceived risk on their part.

The free (or near free) assessment is performed, and as both parties suspected, there is a very compelling business caseusually on the order of 30 percent (or more) annual run rate savings. Both the client and BPO provider get excited and go into detailed due diligence. As the due diligence unfolds, hidden costs are revealed (technology costs are usually higher than anticipated) and other issues are detected. Almost all of the findings during due diligence eat into the business case. The further due diligence progresses, the less certain the projected cost savings appear. There is a still a decent business case, but it is not nearly of the magnitude described in the assessment.

Since formal requirements were not documented and due diligence continues to find warts, it is no surprise that two or three months progress and the agreement that the client is asked to sign shows less than 20 percent savings (not the original 30 percent) and contains all kinds of caveats to protect the BPO provider. This is a classic case in which the BPO provider is perceived to hold all the cards and the client feels unsophisticated in comparison and becomes increasingly reluctant to sign on the dotted line. Trust begins to erode. The client often revolts Youre asking me to sign an agreement that barely resembles the business case in your assessment and puts the requirements out to bid in a competitive RFP. This is the first major symptom of vendor fatigue.

As RFP responses come back, many of them look attractive, and the newcomers have a honeymoon period with the client. The BPO providers account team gets increased pressure by its management to close the business, which leads them to exert more pressure on the client to forget about the other BPO providersprecisely what the client does not want to hear. The competing BPO providers are willing to spend more time with the client and spend additional dollars in the pursuit while the incumbent (which has already invested a significant sum) is not. Thus the client becomes even more frustrated with its preferred provider. This is the second symptom of vendor fatiguethe client feels as if its preferred provider is taking them for granted and not trying hard enough compared to other BPO competitors.

The incumbent BPO provider then tries to match (or beat) the competing bids, but the client says You fooled me once, youre not going to fool me twice, and selects one of the newcomers. This is a fatal case of vendor fatigue. The incumbent has spent 12 months trying to get a deal, but the client got tired of them and would not sign.

How do you avoid a case of vendor fatigue? First, if you want to award additional business to your existing BPO provider, dont let them do free studies that only deliver happy words based upon limited information. Second, remember that as the incumbent BPO provider, spending millions of dollars for the free study and due diligence does not always win business. Third, the client should be sure that service levels, volumetrics, and a robust financial business case are formal and complete before they allow their BPO provider to perform due diligence this will limit nasty surprises and give both the client and incumbent a much higher probability of signing a good BPO agreement. Finally, recognize the symptoms of vendor fatigue and intervene before the malady becomes fatal.

Continue reading →

Renewing Benefits Outsourcing Contracts

Tips for Getting the Most Out of Your Next Contract Renegotiation

by Robert Crow

With many first-generation total benefits and HR outsourcing contracts up for renewal in the next 12 months, employers may be losing money if they arent taking advantage of the changes taking place in the market. Based on our experiences at Watson Wyatt, we have found that one way to improve efficiencies is to drive more employee benefits transactions to the Web. Another tool that employers now have in their favor (that they may not have had several years ago) is several years of data that allow them to renegotiate contract terms based on actual employee usage patterns and customer service trends.

Research shows that many of the companies who first signed HRO contracts five to seven years ago are likely to renew their deals. However, doing so without significant renegotiation could be a serious financial mistake. Many early-stage HRO adopters experienced higher than expected outsourcing costs because of certain elements in their original contracts. Locking in long terms, for example, prevented employers from negotiating lower rates after just a few years. Not including reasonable transition fees in the event the employers population size changed dramatically, also proved to be to employers detriment.

Nowadays, employers have more leverage and information than when they negotiated their first contracts, and they should capitalize on this opportunity to reduce costs and improve customer service. Companies are in a much stronger position due to the consolidation occurring among multiple outsourcing service providers and recent research on usage trends, companies have more leverage in renegotiating contracts.

This makes it a great time for organizations to negotiate their next outsourcing contracts. But lowering costs and improving service quality isnt automatic. Companies must be proactive in their contract renewals to get the most competitive deal.

NEGOTIATING KNOW HOW: FOUR FACTORS TO SUCCESS

SO HOW DO YOU GET THE MOST OUT OF YOUR NEXT CONTRACT NEGOTIATION? BEFORE YOU RE-SIGN ON THE DOTTED LINE, TRY THESE TIPS.

1) Focus on service needs.

With advances in technology and growing employee comfort with Web-based transactions, many of the service provisions necessary five years ago may no longer be needed. Because more workers use the Web to conduct benefits-related transactions, this means fewer employees are calling outsourcers customer service call centers than in the past, lowering the vendors staffing requirements and costs. Companies should capture these types of shifts and potential savings during contract renewal negotiations.

2) Use acquired data.

Original outsourcing contracts were negotiated without much information on usage levels and other factors. Now, after years of data collection, companies have real numbers at their fingertips to help them negotiate contracts that closely align with their needs. By looking at measures such as call volume, content, and call resolution rates over a period of time (12-24 months), companies can better predict future service center usage for leveraging in the negotiations.

3) Solicit stakeholder input.

Input from employees, benefits staff, and other key stakeholders can help companies get a better perspective of actual service quality and cost savings and translate this knowledge into action. If, for example, employees report frustration with long wait times during service-center calls, the new contract should modify existing performance guarantees to address the changing requirements.

4) Consider shorter contract lengths.

By negotiating shorter contracts or contracts that allow for midterm renegotiation, companies can obtain the flexibility they need to update their contract terms to reflect the changing environment. Locking into a long-term contract may not provide the best deal because of reductions in various service charges. Its important for companies to have the option to adjust their outsourcing strategies to use new technologies, incorporate new groups of workers added through mergers or acquisitions, and capture any benefits and savings associated with further consolidation within the outsourcing industry.We have seen a continued reduction in various service charges over the last six years. Because we expect this trend to continue, locking into a long-term contract may not provide the best deal.

Continue reading →

HR Post Sarbanes-Oxley

Help is on the way: A quick guide to compliance through HRO.

by William B. Bierce

Your HR departments legal compliance burden is heavy and growing, but as Senator Kerrys campaign speech notes, Help is on the way. Who would have thought that an opponent of outsourcing could define a compelling mantra justifying HRO?

In this issue, the editors have assembled a directory of HRO resources. As a companion to that resource directory, this months column focuses on the legal framework for enterprise customers and their service providers in managing legal compliance.

HRO resources can support your fiduciary and compliance obligations. However, you cannot transfer your basic fiduciary duty as a director or officer, your liability for non-compliance with legal mandates governing the relationship between an employer and an employee (or retiree), your duty to design and manage all essential business processes, or your criminal liability for your intentional acts that constitute white-collar crime. Fiduciary duties arise under corporation laws, tax collection laws, retirement benefit administration laws, and under special written agreements.

Contractual Duty. Normally, a contract to perform services does not automatically create a fiduciary duty. But by agreeing to perform certain functions, the service provider could be subject by statute to a degree of liability and to the same protective measures that are normally associated with being a fiduciary.

Fiduciary Duty Within Scope of HRO. Service providers and customers need a common understanding of the borders between the providers services and the customers liability. This allocation of liability starts with the definition of the scope of outsourced services. Certain functions will automatically create statutory liability for the service provider. For example, handling a clients money may make an HR service provider liable for statutory compliance, whether or not that obligation is assumed by contract.

Under ERISA, HR service providers will be treated as fiduciaries and subject to the bonding requirement if they disburse (or authorize disbursement of) plan funds, sign checks for the plan, handle cash or property of the plan, or act on behalf of the plan in its financial matters. Similarly, if anyone authorized to pay payrolls fails to withhold and pay required state and federal withholding tax, they will be subject to applicable statutory penalties under the tax laws. To avoid fiduciary duty, some HRO providers choose a limited scope of services, where they do not handle a clients money and do not agree to withhold and pay taxes. As a customer, you can still contract to have them provide essential administrative support; alternatively, you can shop for a provider that assumes specific roles and liabilities.

Process Management. Sarbanes-Oxley requires transparency in virtually all material business processes. The outsourcing provider is expected to hew to the same standards of transparency, process control, and auditability. Where the service provider brings superior process management, this will facilitate the customers fulfillment of its legal compliance obligations. Where neither the customer nor the provider is in compliance, the providers contract could give the customer an added deep pocket for recourse incase of liability.

Outsourcers are regularly audited regarding the design and operational effectiveness of the processes, procedures, and general controls of their operations. In HRO, such audits might include computer operations, security, monitoring, change management, service level agreements, help desk support, and records management.

Records Management. Sarbanes-Oxley requires that publicly-owned companies maintain and manage the integrity of their business records. The federal obstruction-of-justice statute now makes it a crime to knowingly alter, destroy, mutilate, conceal, or falsify any document or tangible object with the intent to impede, obstruct, or influence proceedings involving federal agencies or bankruptcy proceedings. HRO providers need to identify how they will support compliance, particularly in light of new white-collar criminal penalties. Since Sarbanes-Oxley was born out of a public perception of lax ethical standards by lawyers and accountants, parties to an HRO agreement should establish ethics and compliance standards.

Conclusion. Legal compliance duties are at the core of any well-designed BPO relationship. Achieving full compliance depends on appropriate design, definition, and interplay of the outsourced scope with retained operations and retained supervisory roles. The consequences of a compliance failure need to be considered within the framework of the enterprise customer’s own legal liability and risk management procedures.

Continue reading →

6 Steps to LAW & HR-ORDER

Avoiding some of the most common legal pitfalls.

by Michael S. Mensik, Brian L. Hengesbaugh

Outsourcing your HR functions can be a step toward improving HR costs and services. But it could also be a step down a slippery slope of snowballing legal concerns. Here’s how to avoid some of the most common legal pitfalls of HRO

As more and more companies seek to outsource and offshore business activities, employees and employee organizations are becoming increasingly concerned. Among other things, employee organizations might seek to use the emerging data privacy rights to stem the tide of these outsourcing and offshoring activities. One situation where such privacy rights are particularly relevant is where the transaction relates to the collection, use, or disclosure of personal information about the employees themselves, such as in the case of HR business process outsourcing (BPO). Employees who remain with the employer or who are transferred to the HR service provider may have privacy rights that can be used to directly interfere with the transaction, because it is their personal information that will be disclosed to the provider. In order to help address the regulatory requirements, a global employer who is looking to outsource or offshore all or part of its HR business function should take at least the following steps:

1) Establish a Privacy Contract with the HR Service Provider. Many privacy laws expressly require the employer to establish a specialized privacy contract with the provider, often called a data processing contract. The required contents of the data processing contract will vary depending on the jurisdictions at issue, but they generally include confidentiality and use limitations, obligations to provide appropriate technical or organizational security, and other provisions.

2) Review the Employee Privacy Policy. Many privacy laws require employers to provide privacy policies or notices to employees that explain how and why the employer collects, uses, and discloses personal information about them. In some jurisdictions, such as parts of the European Union, the notice must provide the actual identities of the third parties that may access the information. The employer should therefore review such privacy notices, and make sure they are properly updated where appropriate to reflect the planned outsourcing activities.

3) Consider Whether Employee Consent Is Required. Under many privacy regimes, the transaction can probably be completed without obtaining the express consent of individual employees, as long as the employer has established an appropriate data processing contract with the provider, and other conditions are met. However, there are several situations where consent might be required. For example, consent might be required under local law if the employers privacy policy is overly restrictive or otherwise inappropriately drafted, especially with respect to disclosures to third parties.

4) Consider the Rights of Employee Representative Bodies. The employer should also consider the rights of any works councils, trade unions, or other employee representative bodies. In many jurisdictions, the employer will have obligations to engage in prior consultations with these bodies with respect to the privacy issues associated with the transaction, and seek their non-binding recommendations. The rights of these bodies might be enhanced, however, if the transaction involves the cross-border transfer of personal information (as discussed below), or if the employer will ask individual employees to provide express consent.

5) Consider Any Cross-border Transfer Restrictions. Many privacy laws restrict the transfer of personal information to foreign jurisdictions, unless there is adequate protection for such data in the place where it is received. There are generally several approaches to addressing these issues. For U.S. providers, one option would be for the provider to join the U.S.-E.U. Safe Harbor Data Privacy Arrangement. However, this might be only a partial solution, because some form of data processing contract would probably still be required.

6) Penalties and Practical Issues. As noted above, affected employees and/or their representative bodies may have direct rights to pursue actions against the employer for the failure to meet these obligations, as well as to file complaints with local data protection authorities (who have powers to investigate and take other enforcement actions). Moreover, privacy laws generally contain significant potential consequences for violations, such as fines, injunctive relief, and even potential criminal penalties for corporate officers. All these potential penalties could pose significant obstacles to the transaction, as well as affect employee relations and other business concerns. Therefore, it is worthwhile to take the time to address these issues properly.

Continue reading →