Contributors

Peeling The Compliance Onion

Consider all that a service provider can bring to the table in ensuring you meet all of your compliance mandates.

by William B. Bierce

If you scratch a lawyer who negotiates complex outsourcing deals, you’ll probably find a soul who loves the subject of laws, regulations, and legal compliance. The standard contract provision on legal compliance is short and sweet. The service provider must comply with all applicable laws.

Unfortunately, this bedrock principle of “truth in outsourcing” is more like an onion. Peeling the onion not only produces a lot of layers, but with each deeper layer your eyes water more, your nose aches, and you just want relief. Resolving the need for “fast relief” can mask a lot of serious underlying issues. 

Like any other process, legal compliance consists of a suite of sub-layers that reflect the sources of law and the particular type of operations. These compliance slices consist of:

  • Provider’s Internal Operations: corporate existence, regulatory filings, employment filings and processes, and financial and accounting transactions;
  • Provider’s Contract Service Operations: ensuring that the in-scope service such as proper computations, timely notifications, timely and accurate reporting to customer and government, managing the defined business processes so that customer is not in violation of laws;
  • Customer-unique Regulatory Environment: industry-specific regulations that subject the customer to risk of operational stoppage due to potential injury to its customers or society;
  • Supply Chain-driven “Flow Down” Regulations: rules imposed on the service provider because a supplier or customer up the provider’s supply chain needs to impose some regulation on the service provider’s customer, who could be a subcontractor to a regulated business.

Enterprises outsourcing important business processes  understand the dynamics of legal compliance. New laws and regulations are issued daily.

Service providers committed to their niche will gladly assume the risks and costs of changing the business process to adapt to future laws and regulations. But they need to distinguish between generic changes affecting their entire spectrum of core customers. Consider these time slices:

  • Today’s Generic Compliance: current standard rules applicable broadly to most commercial segments;
  • Today’s Niche Compliance: current rules applicable to the enterprise customer’s particular niche;
  • Tomorrow’s Generic Compliance: future generally applicable rules governing a broad range of actors;
  • Future Updates, New Rules, and New Industry Compliance: future new rules applicable to enterprise customers and “generic” business operations that create new, major burdens on everyone within a new legislative classification, which could apply either to a new niche or to a new “industry”;
  • Tomorrow’s “Force Majeure”: changes in the law that are so drastic that the service provider cannot lawfully perform the service;
  • Tomorrow’s “Regulatory and Tax Burdens”: changes in the law that fall short of a force majeure but materially increase the costs of doing business or materially increase penalties for minor or other inadvertent errors.

TRANSITIONAL ISSUES
Most customers don’t admit that their compliance efforts are less than perfect. For those who have a real train wreck, hiring a service provider willing to commit to legal compliance offers peace of mind and a predictable budget for compliance.

Lawyers have a special knack for evoking grisly hypothetical cases. What if a customer’s government mandates an action that would be illegal under regulations applicable in the service provider’s country, and vice versa?

Sometimes an enterprise customer might see a service provider as a means of circumventing local employment laws. I call this “compliance arbitrage,” since the customer is seeking a better deal abroad than it might otherwise at home.    

Outsourcing works somewhat like a trade association. A good outsourcer will target a niche market and become intimately familiar with all laws and rules. In that case, who is better than the service provider to lobby for law reform? Enterprise customers might want to know the provider’s views on lobbying and law reform.

RISK MANAGEMENT
Ultimately, compliance programs and commitments address the enterprise customer’s internal and external needs for risk management. The quality of a service provider’s compliance can add great value, but success depends on a holistic approach, which could involve both peeling and “slicing and dicing” the compliance onion.

Tags: Contributors

Related Articles

Menu