Recent research report from Lockton and AIG highlights the new risks faced by business process management firms (BPM) and information technology outsourcing (ITO) companies. They have also come up with some possible solutions to overcome this chaotic and risky situation.
Lockton is a global insurance broking firm having more than 15,000 clients around the world. Their client services are not restricted to insurance brokerage but also provide risk management services and employee benefits services, as well. Business Insurance has recognized Lockton as a ‘Best Place to Work in Insurance’. AIG, another leading firm in global insurance, serve more than 70 million clients across the globe.
Lockton and AIG reports mainly points out the shifting of business process management firms as well as information technology outsourcing companies from data entry and document management services. These companies seem to shift their operations to financial processing and customer services. There is a higher risk exposure attached to the vendors offering these more core kind of services compared to support services which they were handling earlier.
According to Emily Freeman of Lockton and Robert Ballerini of AIG, the major risk factors that attribute to this increased risk exposure include professional liability, security liability and privacy liability.
The fact seems obviously clear in case of high-compliance industries and governmental organizations. Companies dealing with financial services, healthcare, energy or telecommunication can be tagged under the banner of high-compliance industries. Professional liability in these firms occurs mainly due to errors and emissions in performance of IT or BPM services. Security and Privacy Liability arises due to risks of security breaches. Failure to stick on to privacy rights, laws or regulations in the performance of BPM or Information Technology Outsourcing services also contributes to this risk.
Lockton and AIG suggest certain practical solutions to come out of these risks. They suggest BPM and ITO companies to reduce their exposure. They must try to deliver services in such a way that both shareholders and clients got equally satisfied. They also propose a six-point plan in the report to reduce the risks incurred due to professional liability. Along with these, these firms also put out 10 recommendations for improving IT security in business process management firms and information technology outsourcing companies.
Six-point plan for managing risks
- Be careful in making promises to customers and make sure whether targets can be achieved within the time.
- High risk projects need a ‘red team’ review involving experienced people. It checks out whether the proposal is to be accepted and also how the customer might score the bid against such an evaluation criteria.
- Make arrangements in such a way that sales team does not make any untrue statements at any stage of the bid process. Also ask them to keep away from any assignments which seem cannot be delivered on time.
- Before signing any bid documentation with customer, make sure whether it can be substantiated (in court if necessary). More precisely, everything from planning process to decisions must be captured in written documents.
- Before signing any project with customer, keep track of an internal risk list that identifies material risks and potential risks which may have arisen in other similar projects.
- During recruitment process, it is better to have some background checks on the experience and qualifications mentioned by the candidate in their resume.
10 recommendations for IT Security
- Keep unprotected/sensitive data in encrypted form
- Keep protected data in segregate form
- Monitor and track on event logs
- Keep protective measures for data leakage and intrusion detection
- Evaluate threats and make arrangements to overcome the same
- Go with secure software development and coding practices
- Check whether essential controls are met regularly
- Stick on to complex authentication methods
- Keep tracking on security issues as an ongoing and multifunctional responsibility
- Always keep some key experienced data breach experts (like forensics, privacy legal experts) at easy reach for ensuring security
All these risk factors along with possible suggestions are included in their report entitled as ‘Claim Trends and Best Practices for Reducing Professional Liability and Data Protection Risks’.