Business Service Center - fast growing sector in the eye of compliance

European Shared Service Capital – an international news organization Reuters, used this term a few years ago to define the potential role of Poland after Brexit. Reuters was predicting that after the actual Brexit, companies from the London “City” will move their operations/back office services to the Central and Eastern Europe, in particular to Poland.

According to The Association of Business Service Leaders in Poland (ABSL) 2020 Business Service Sector Report, those predictions are being reflected in the reality. The business services/shared services center sector will shortly become a crucial part of the Polish economy as a whole. Having in mind the wider perspective, it is worth mentioning that during the last four years the total number of jobs in this particular sector has increased by 58% (as of June 2020).

“The industry employs 338,000 skilled professionals in 1,513 business services centres (including BPO, SSC/GBS, IT and R&D companies) in Poland.”

In the past two years, the number of entities entering the sector has declined, and the employ-ment growth rate has slowed down, however this is caused by the fact that the sector is entering a phase of mature development characterized by a consolidation of activities.

Bearing in mind the continuous workload over standardization and specialization within this particular sector together with the unstoppable need of cost deduction, the business services centers sector is now, more than even before, concentrated on implementing new automation solutions into the services provided.

According to the data provided by the abovementioned ABSL report:

59% of business services centers in Poland already use (to varying degrees) intelligence process automation. 33% of respondents intend to implement it in the future.

This process of continuous improvement and intelligent process automation will carry on, however according to the results of the survey conducted by the ABSL among sector representatives, business service organizations in Poland do face several barriers and challenges in relation to this modus operandi developments.

About 1/4 of companies pointed to either a lack of interest on the part of their clients or to their inability to use client data due to contractual restrictions or the general provisions of law (the regulatory barrier).

The growing regulatory requirements, the need to adapt the organization’s operations not only to the requirements of generally applicable law, but also internal regulations, as well as appropriate risk management advice, also in the process of automation in the area of provided services, is inseparably connected with the establishment and proper empowerment of the compliance and/or risk management unit in this sector.

Compliance Management System is The Answer

Compliance Management System (ISO 19600:2014, Compliance Management System) is considered as a role model description of the comprehensive approach to compliance risk management within an organization. The proper setup of the risk management model constitutes a fundamental role to company’s security in terms of conducting compliant business (providing services).

Shared Service Centers (hereafter: SSC) due to the fact that are considered as an internal part of the international capital group, are falling into the company’s structure with its all advantages and difficulties. In line with best practices as well as the above-mentioned Compliance Management System and Three Lines of Defense – compliance within the SSC fulfills the role of the second line of defense.

Having in mind the fact that SSC are operating as non-regulated entities without the direct supervision from the financial conduct authorities, the implementation of described concepts of risk management arises from internal requirements, such as: group risk policy, compliance framework etc.

Following the statistics (regarding the percentage of scope of functions engagement within the service activity) I’d like to focus on the role of compliance, together with risk in the financial scope of service.

Outsourcing of finance services, such as financial statutory reporting to shared services are inevitably related to the risk of financial misstatement and obviously non-compliance with respective accountancy and tax rules, which differ in every legal system. Having in mind that the role of the SSC is to provide services to the wide range of customers (in order to fulfill the cost efficiency assumptions and tasks) from various legal systems and jurisdictions, there is a crucial need to assure the compliance with requirements such as: local GAAP (Generally Accepted Accounting Principles) which in some of the jurisdictions might differ from the commonly accepted – International Financial Reporting Standards. According to the research conducted by the TMF Group – around 70% of legal systems, respective supervisory bodies require the specific format of accounting reports. Bearing this in mind, the need to adhere to the highest business standards and local requirements might be perceived as one of the biggest challenges both from the business as well as compliance and risk perspective.

The assumption of the Three Lines of the Defense as well as the CMS model is that as the owner of the particular risk is considered a respective business function (1st line of defense representative). While the role of compliance is to: ―o monitor various specific risks such as noncompliance with applicable laws and regulations. Together with the risk function (the second line representative), compliance is performing the assurance function over the proper and accurate design of the first line of defense. Whether all risks are properly covered and managed in order to avoid any potential losses to the company.

Role of the compliance within the SSC

Compliance as the second line of defense function performs a key role in transparent and lawful service performance. The overriding role of the compliance unit is primarily the effective supervision of the compliance process within the services provided, its adjustment to specific requirements, standards, both external, resulting from global and national regulations, but also to the internal regulations of the capital group of which the center is a part of.

There are various ways of compliance performance and strategy within the particular business, nevertheless the model of the compliance system needs to be adjusted to the company’s processes and operations. Every business, every entrepreneurship does have its own risks affecting the organization, its conduct, daily operations, administration, finance and reputation, but while describing the particular SSC business model, based on author’s practice and experience, the most essential compliance risks will be as follows:

dealing in securities,
bribery and corruption,
conflict of interest,
data protection and privacy,
repoting improper conduct (whistleblowing).

Specifics of SSC modus operandi is quite unique, if we would compare it with typical business activity. Lack of interactions with external markets(competitors, consumers, regulators) and narrowing its relation in fact only to internal customers/stakeholders, vendors and suppliers determines particular challenges and risks to be managed. It’s SSC management objective as well as group operations goal to establish efficient measures in order to prevent potential materialization of risks.

Shared service centers, despite the fact that they do not operate on the free market, still have to demonstrate an appropriate level of efficiency and effectiveness of their activities. The exercising of due diligence to ensure an appropriate level of transparency of the services provided, also by demonstrating appropriate attitudes to ensure compliance, affects the process of brand building within the capital group. A stable business, compliant with the requirements and standards, regardless of whether it is a free market or the provision of services within a given capital group, shall be based on the principle of compliance.

Compliance risks in the future of SSC

Having in mind the fact that the future of SSC lays in automation, robotics and lean management, the challenges of compliance as the second line function will be constantly changing. According to the 2019 Global Shared Services Survey Report conducted by Deloitte conducted on the sample of 379 respondents from nine SSC across the globe the future of service providers within the capital group is inevitably connected with significant increase in automations (robotics) usage, digital transformation and continuous improvement.

According to KPMG, there are currently five factors that will contribute to the change in BPO centers and make them no longer the same as today. These factors are: a shrinking number of potential employees due to global demographic trends; rising labor costs in emerging markets; growing capabilities of robotics technologies; the Internet of Things, which makes devices increasingly intelligent and not requiring human intervention; the growing influence of cloud platforms.

Thanks to automation, the search for cheaper locations will no longer be necessary, which may jeopardize the whole idea of offshoring, but it will not happen quickly. – The cost effectiveness of location has been, and will soon be, the main criterion in making location decisions. Even looking through the prism of the change that RPA brings with it.

Together with the upcoming changes that will significantly affect the way and style of services provided, the risks associated with the activities of shared services centers will change their center of gravity. We can assume with a high degree of probability that in the face of upcoming changes, the greatest challenge in terms of compliance monitoring, as well as the entire risk management process, will be associated with the likelihood of irregularities and breaches in the area of cyber security, data security and information protection and last but not least with all risks related to potential human interference in designed automation solutions.

Compliance as a function within an organization needs to be prepared for such changes, more importantly, second line of defense functions as a whole do require to follow the business needs and principles in order to timely and effectively respond to any kind of potential irregularities and associated risks. Potential optimization, improvement and automation of processes within the SSC, but without limitation to this very sector, apart from the requirement of the enhanced scrutiny and mitigation activities may bring measurable benefits in terms of compliance monitoring.

Eventually – compliance is not only about here and now, it is about continuous improvement, responding to the expectations of the business together with acting in line with the rule of law and regulator’s demands.