Compliance Insights

Business Service Center – fast growing sector in the eye of compliance

European Shared Service Capital – an international news organization Reuters, used this term a few years ago to define the potential role of Poland after Brexit. Reuters was predicting that after the actual Brexit, companies from the London “City” will move their operations/back office services to the Central and Eastern Europe, in particular to Poland.

According to The Association of Business Service Leaders in Poland (ABSL) 2020 Business Service Sector Report, those predictions are being reflected in the reality. The business services/shared services center sector will shortly become a crucial part of the Polish economy as a whole. Having in mind the wider perspective, it is worth mentioning that during the last four years the total number of jobs in this particular sector has increased by 58% (as of June 2020).

“The industry employs 338,000 skilled professionals in 1,513 business services centres (including BPO, SSC/GBS, IT and R&D companies) in Poland.”

In the past two years, the number of entities entering the sector has declined, and the employ-ment growth rate has slowed down, however this is caused by the fact that the sector is entering a phase of mature development characterized by a consolidation of activities. 

Bearing in mind the continuous workload over standardization and specialization within this particular sector together with the unstoppable need of cost deduction, the business services centers sector is now, more than even before, concentrated on implementing new automation solutions into the services provided. 

According to the data provided by the abovementioned ABSL report:

59% of business services centers in Poland already use (to varying degrees) intelligence process automation. 33% of respondents intend to implement it in the future.

This process of continuous improvement and intelligent process automation will carry on, however according to the results of the survey conducted by the ABSL among sector representatives, business service organizations in Poland do face several barriers and challenges in relation to this modus operandi developments. 

About 1/4 of companies pointed to either a lack of interest on the part of their clients or to their inability to use client data due to contractual restrictions or the general provisions of law (the regulatory barrier).

The growing regulatory requirements, the need to adapt the organization’s operations not only to the requirements of generally applicable law, but also internal regulations, as well as appropriate risk management advice, also in the process of automation in the area of provided services, is inseparably connected with the establishment and proper empowerment of the compliance and/or risk management unit in this sector.

Compliance Management System is The Answer

Compliance Management System (ISO 19600:2014, Compliance Management System) is  considered as a role model description of the comprehensive approach to compliance risk  management within an organization. The proper setup of the risk management model constitutes  a fundamental role to company’s security in terms of conducting compliant business (providing  services).  

Shared Service Centers (hereafter: SSC) due to the fact that are considered as an internal  part of the international capital group, are falling into the company’s structure with its all  advantages and difficulties. In line with best practices as well as the above-mentioned  Compliance Management System and Three Lines of Defense – compliance within the SSC  fulfills the role of the second line of defense. 

Having in mind the fact that SSC are operating as non-regulated entities without  the direct supervision from the financial conduct authorities, the implementation of described  concepts of risk management arises from internal requirements, such as: group risk policy,  compliance framework etc. 

Following the statistics (regarding the percentage of scope of functions engagement  within the service activity) I’d like to focus on the role of compliance, together with risk in the  financial scope of service.  

Outsourcing of finance services, such as financial statutory reporting to shared  services are inevitably related to the risk of financial misstatement and obviously non-compliance  with respective accountancy and tax rules, which differ in every legal system. Having in mind  that the role of the SSC is to provide services to the wide range of customers (in order to fulfill  the cost efficiency assumptions and tasks) from various legal systems and jurisdictions, there is a  crucial need to assure the compliance with requirements such as: local GAAP (Generally  Accepted Accounting Principles) which in some of the jurisdictions might differ from the  commonly accepted – International Financial Reporting Standards. According to the research  conducted by the TMF Group – around 70% of legal systems, respective supervisory bodies  require the specific format of accounting reports. Bearing this in mind, the need to adhere to  the highest business standards and local requirements might be perceived as one of the biggest  challenges both from the business as well as compliance and risk perspective. 

The assumption of the Three Lines of the Defense as well as the CMS model is  that as the owner of the particular risk is considered a respective business function (1st line of  defense representative). While the role of compliance is to: ―o monitor various specific risks such  as noncompliance with applicable laws and regulations. Together with the risk function (the second line representative), compliance is performing the assurance function over the proper  and accurate design of the first line of defense. Whether all risks are properly covered and  managed in order to avoid any potential losses to the company. 

Role of the compliance within the SSC 

Compliance as the second line of defense function performs a key role in transparent and  lawful service performance. The overriding role of the compliance unit is primarily the effective  supervision of the compliance process within the services provided, its adjustment to specific  requirements, standards, both external, resulting from global and national regulations, but also to  the internal regulations of the capital group of which the center is a part of. 

There are various ways of compliance performance and strategy within the particular  business, nevertheless the model of the compliance system needs to be adjusted to the company’s  processes and operations. Every business, every entrepreneurship does have its own risks  affecting the organization, its conduct, daily operations, administration, finance and reputation,  but while describing the particular SSC business model, based on author’s practice and  experience, the most essential compliance risks will be as follows:

  • dealing in securities,
  • bribery  and corruption,
  • conflict of interest,
  • data protection and privacy,
  • repoting improper conduct (whistleblowing).

Specifics of SSC modus operandi is quite unique, if we would compare it with typical  business activity. Lack of interactions with external markets(competitors, consumers, regulators)  and narrowing its relation in fact only to internal customers/stakeholders, vendors and suppliers  determines particular challenges and risks to be managed. It’s SSC management objective as well  as group operations goal to establish efficient measures in order to prevent potential  materialization of risks. 

Shared service centers, despite the fact that they do not operate on the free market, still  have to demonstrate an appropriate level of efficiency and effectiveness of their activities. The  exercising of due diligence to ensure an appropriate level of transparency of the services  provided, also by demonstrating appropriate attitudes to ensure compliance, affects the process of  brand building within the capital group. A stable business, compliant with the requirements and  standards, regardless of whether it is a free market or the provision of services within a given  capital group, shall be based on the principle of compliance.  

Compliance risks in the future of SSC 

Having in mind the fact that the future of SSC lays in automation, robotics and lean  management, the challenges of compliance as the second line function will be constantly changing. According to the 2019 Global Shared Services Survey Report conducted by Deloitte conducted on the sample of 379 respondents from nine SSC across the globe the future  of service providers within the capital group is inevitably connected with significant increase in  automations (robotics) usage, digital transformation and continuous improvement. 

According to KPMG, there are currently five factors that will contribute to the change in  BPO centers and make them no longer the same as today. These factors are: a shrinking number  of potential employees due to global demographic trends; rising labor costs in emerging markets;  growing capabilities of robotics technologies; the Internet of Things, which makes devices  increasingly intelligent and not requiring human intervention; the growing influence of cloud  platforms. 

Thanks to automation, the search for cheaper locations will no longer be necessary, which  may jeopardize the whole idea of offshoring, but it will not happen quickly. – The cost  effectiveness of location has been, and will soon be, the main criterion in making location  decisions. Even looking through the prism of the change that RPA brings with it. 

Together with the upcoming changes that will significantly affect the way and style of  services provided, the risks associated with the activities of shared services centers will change  their center of gravity. We can assume with a high degree of probability that in the face of  upcoming changes, the greatest challenge in terms of compliance monitoring, as well as the entire  risk management process, will be associated with the likelihood of irregularities and breaches in  the area of cyber security, data security and information protection and last but not least with all risks related to  potential human interference in designed automation solutions. 

Compliance as a function within an organization needs to be prepared for such changes,  more importantly, second line of defense functions as a whole do require to follow the business  needs and principles in order to timely and effectively respond to any kind of potential  irregularities and associated risks. Potential optimization, improvement and automation of  processes within the SSC, but without limitation to this very sector, apart from the requirement of the enhanced scrutiny and mitigation  activities may bring measurable benefits in terms of compliance monitoring.

Eventually – compliance is not only about here and now, it is about continuous improvement, responding to the expectations of the business together with acting in line with the rule of law and regulator’s demands.