Outsourcing, which means allowing a third party outside the company to perform activities or functions that the company has performed internally, is a strategic decision-making aimed at reducing costs, enhancing management efficiency, and strengthening core competencies, and this importance is the same in the financial services industry. In particular, outsourcing is becoming more important as the value chain of the financial services industry changes according to the recent rapid technological development called the ‘4th industrial revolution.’ However, in Korea, there have been opinions that the statutory regulations on outsourcing are rigidly operated, limiting financial services firms’ use of outsourcing, and thus failing to respond to rapidly changing environments, and outsourcing regulations are on the trend of easing.
Major foreign countries, such as the United States, European Union, United Kingdom, and Singapore do not regulate outsourcing of financial services firms by law. Instead, regulatory or supervisory agencies have created and provided guidelines or guidances for outsourcing management of financial services firms. The guidelines of these agencies commonly emphasize the roles and responsibilities of the board of directors and top management in making and managing outsourcing decisions. In addition, the management process leading to outsourcing risk management, due diligence and selection of outsourcing suppliers, design and conclusion of outsourcing contracts, and supplier monitoring is presented in a similar manner.
All global financial services firms have developed a ‘Code of Conduct’ to manage their outsourcing and apply them to their suppliers. The Code of Conduct commonly contains matters concerning business ethics and integrity, labor and human rights, environment and sustainability, diversity and inclusion. This report also introduces the contents of JP Morgan’s ‘Minimum Control Requirements’ as a specific internal guideline for outsourcing management, which are very specific and detailed as defining minimum control requirements to effectively control IT outsourcing and manage related risks.
If Korea’s outsourcing regulations are continuously eased and ultimately shifted to principle-based, guidelines as soft norms will be needed, and these guidelines should be specific and specialized to provide practical assistance to financial services firms. Financial services firms’ internal outsourcing management guidelines should also be specialized, detailed and technical, and efforts should be made to secure the technical capabilities of their own personnel to create and implement these internal guidelines. With the increase of IT outsourcing, the importance of risk management related to data and information of customers and firms is growing, and firms need to raise awareness of the responsibilities of the board and top management for outsourcing management.