Financial Services Outsourcing: New Roles and Risks under a Consumer Financial Protection Agency

May 18, 2010 by

The financial services industry is facing major regulatory changes following the global sub-prime credit crisis and ensuing recovery plans.  These changes will have a major impact on outsourcers that deal with consumer financial information or in back-office support for financial investment transactions that are deemed unfair, deceptive or abusive.  The adoption of a new Consumer Financial Protection Agency Act would have a significant negative impact on the risks and costs of outsourcing of IT and business process functions by companies that deal with consumers.  It would invite a new view of risk allocation between enterprise customers and independent contractors as outsourcers, increasing the costs of doing business by putting the service provider into a new role of whistleblower.  It remains to be seen whether the analysis of public policy in this arena will spill over into other industries and other types of outsourcing.

Draft Consumer Financial Protection Agency Act

As of mid-May 2010, the U.S. Congress was considering possible enactment of financial regulatory reform.   Among the proposals is the draft “Consumer Financial Protection Agency Act,” as inserted into another draft law, H.R. 4173, “Wall Street Reform and Consumer Protection Act of 2009,” referred to Senate committee after being enacted by the House.  This consumer protection bill was originally H.R. 3126, 111th Cong., 1s Sess.; H. Rept. No. 111-367 (Dec. 9, 2009) (“Draft CFPAA”).  As the dissenting Republicans observed in that December 2009 House report:

    Rather than address the failure of banking regulations related to consumer protection and the failure of the States to police activities under their purview (e.g., mortgage brokers and real estate agents), the proposed legislation to create the CFPA seeks to consolidate the consumer protection jurisdiction of all banking regulators into one new agency and regulate many new activities and persons that largely are unrelated to the financial markets or the crisis of 2008. (Dissenting views).

General Scope. If enacted, this proposed reform would transfer enforcement of consumer financial protection laws from various existing agencies (including the SEC). The new commission would regulate:

    (1) brokers and dealers registered under the Securities Exchange Act of 1934;
    (2) investment advisers under the Investment Advisers Act of 1940;
    (3) investment companies (mutual funds) under the Investment Company Act of 1940;
    (4) national securities exchanges under the ‘34 Act;
    (5) a transfer agent under the ’34 Act;
    (6) clearing corporations under the ’34 Act;
    (7) municipal securities dealers and self-regulatory organizations registered with the SEC;
    (8) national securities exchanges and the Municipal Securities Rulemaking Board.

Regulation of “Financial Activity.” Under H.R. 4173, Sec. 4002 (19) (A), the term `financial activity’ means any of  many activities.  (The list is long, so we have put it in a separate document.) 1

Liability of “Covered Persons” and “Related Persons.” Under the proposed law, a “covered person” subject to regulation would include “any person who engages directly or indirectly in a financial activity, in connection with the provision of a consumer financial product or service.” This definition is so broad, and governmental involvement in financial operations so extensive, the draft specifically excludes the Secretary, the Department of the Treasury, any agency or bureau under the jurisdiction of the Secretary (H.R. 4173, Sec. 4002 (9)(A)(B)), or any federal tax collector.

Vicarious Liability on Certain “Consultants” and “Independent Contractors.” The proposed law would treat “related persons” in the same manner, and impose the same punishments, as for “covered persons.” By adopting a sweeping definition of “covered person” and an equally sweeping definition of “related person,” the proposed law puts outsourcers at risk of direct liability and for merely doing the tasks assigned under a Master Services Agreement in the ordinary course of business. There would be a distinction between consultants and service providers. A “related person” would include either:

  • a “consultant” that, in the view of the new Consumer Financial Protection Commission determines (whether by regulation or on a case-by-case basis), “materially participates in the conduct of the affairs of such covered person” (H.R. 4173, Sec. 4002 (33)(A)(ii)); or
  • “any independent contractor (including any attorney, appraiser, or accountant), with respect to such covered person, who knowingly or recklessly participates in any–(I) violation of any law or regulation; or (II) breach of fiduciary duty.” ( H.R. 4173, Sec. 4002 (33)(A)(iii)).

Liability of Outsourcers for “Unfair, Deceptive or Abusive Acts or Practices.” The proposed Consumer Financial Protection Agency Act would not require “related persons” to register with the commission. However, they would be liable for “unfair, deceptive or abusive act or practice in connection with any transaction with a consumer for a consumer financial product or service, or the offering of a consumer financial product or service.” (H.R. 4173, Sec. 4301(a)).  The proposed law would impose federal criminal liability on anyone (including outsourcers as “related persons”) if they are shown to “knowingly or recklessly provide substantial assistance to another person in violation” of the new statute and regulations on “unfair, deceptive or abusive acts or practices.” “Related persons” would be “deemed to be in violation of that section to the same extent as the person to whom such assistance is provided.” (H.R. 4173, Sec. 4308(3)).

Outsourced Business Functions that Would be Exempt. The draft law would exclude certain functions that are typically outsourced from the scope of “financial activity “ that would be regulated.

  • “Financial data processing” would be excluded from the definition of “financial activity.” H.R. 4371, Sec. 4002(19)(A)(xi). However, even assuming that the mechanical conditions of processing were satisfied under this exclusion, there remains a subjective standard that could ensnare the outsourcer in an ITO or BPO context:  Does the outsourcer provide “a material service to any covered person in connection with the provision of a consumer financial product or service.”  (H.R. 4173, Sec. 4002 (19)(A)(xi)(II)(cc))
  • Providing certain “information products or services” that are “incidental and complementary” to any activity that the new commission defines as a “financial activity” would be excluded.  (H.R. 4173, Sec. 4002 (19)(A)(xvi)(I)(bb))  Specifically, there would be no regulation of such ITO or BPO services that are for identity authentication, fraud or identify theft detection, prevention, or investigation; document retrieval or delivery services; public records information retrieval; or for anti-money laundering activities. That exposes BPO providers of other business functions, such as mortgage and credit card origination, credit verification, and virtually everything else that is not clearly excluded by the draft law.

Neither of these exclusions addresses the growing use by the financial services industry of third party ITO, BPO and LPO services for labor-intensive or labor-value services. This draft law could bring vicarious liability for providers of such services as due diligence for investment banking and finance usually has some consumer financial impact, either in the design of analytics, the design and structuring of financial products or services, document review in an acquisition, divestiture or financing (where “consumers” might be investors in one of the deal participants).

Outsourcers as Auditors and Whistleblowers: The “Knowing or Reckless” Standard of Care for Outsourcers. The draft law would cover independent contractors providing services in support of “financial activity,” but only if their conduct were “knowing” or “reckless.” This standard could establish vicarious liability when the outsourcer “knew” that its actions would be unfair, deceptive or abusive, or because the outsourcer failed to become informed on the legality of its support for its financial institution customer’s unfair, deceptive or abusive practices. In effect, the consultants and outsourcers (other than data transmitters) are enlisted as surrogate auditors and whistleblowers with a duty to cease rendering their services if they “knowingly” or “reckless” participate in their customer’s unfair, deceptive or abusive practices.

Additional Costs of Outsourcing. This role would be a new one.  It would entail additional costs of legal reviews and audits by the service provider’s own independent regulatory experts (more lawyers and accountants) and additional premiums for new “directors and officers” liability insurance (if indeed such insurance would cover such vicarious liability). It would add hidden costs on the outsourcer that would have be added to the service charges in order to segregate service costs from legal compliance costs.

Additional Risks of Termination. Under these circumstances, regulated financial institutions and financial service enterprises would face the risk that a whisteblowing outsourcer could unilaterally terminate an ITO or BPO services agreement. Lawyers would argue about the conditions and consequences of when an outsourcer could do so.  Relationship governance would involve a new discussion about illegality.

  • Service providers would want the right to terminate if, in their good faith opinion, the enterprise customer was engaged in any violation of this draft law or its regulations.
  • Financial services enterprises would want a slower trigger.  One can imagine a series of steps that delay termination, with notices, opportunity to cure, maybe an independent legal opinion as a letter of comfort (thus escaping “recklessness” as a risk but not necessarily escaping “knowingly” risk).

Due Diligence Process. If this draft law is enacted, it would force service providers to clients engaged in any “financial activity” to conduct due diligence into the legality of the proposed customer’s business practices for the protection of consumers’ financial rights. Such an investigation would normally include questions about existing and future practices as well as information on the actions or recommendations of incumbent service providers who might have sought termination to avoid vicarious liability.

Adverse Impact on Business Process Transformation, Process Change and Operational Innovation. The draft law would impose direct liability on “consultants” who “materially participate” in a financial business.  The concepts of “materiality” and “participation” are so broad that any outsourcer who administers any of the “affairs” of its enterprise customer will be treated as such a “consultant” if the outsourcer proposes changes in the “covered person’s” business. This would stifle any proposals by outsourcers for business process transformation, even simple process changes, since the outsourcer might no longer be treated under the “independent contractor” standard of knowing or reckless violation or breach of fiduciary duty.

Spill Over to Other Industries and Outsourcing Services. For perhaps the first time, the draft CFPAA raises the specter of service providers worrying about the risk of vicarious liability because they support a criminal enterprise. “Aider and abettor” liability exists already in relation to the sale or distribution of “securities.” The question now is whether service providers should change their current practices and contract risk allocation in light of such a specter. Informed executives will get more information as this political process unfolds.

Outsourcing Law & Business Journal™: January 2009

January 1, 2009 by

OUTSOURCING LAW & BUSINESS JOURNAL (™) : Strategies and rules for adding value and improving legal and regulation compliance through business process management techniques in strategic alliances, joint ventures, shared services and cost-effective, durable and flexible sourcing of services. www.outsourcing-law.com. Visit our blog at http://blog.outsourcing-law.com for commentary on current events.

Insights by Bierce & Kenerson, P.C., Editors.  www.biercekenerson.com

Vol. 9, No. 1 (January, 2009)
___________________________

1.  Identity Theft in 2009: Compliance by Business Owners and Government Agencies under Draft Federal Data Breach Notification Act.

2. Codes of Conduct in the Outsourcing Environment: Practical Scenarios after Wipro Debarment and Raju / Satyam Fraud.

3.  Humor.

4.  Conferences.
___________________________

1.  Identity Theft in 2009: Compliance by Business Owners and Government Agencies under Draft Federal Data Breach Notification Act. Personally identifiable information is the core to the global economy. All businesses, large and small, rely upon information technology, outsourced to external service providers, to process such information for a wide range of uses, including HR payroll and administration, purchase orders, accounting, finance, credit card payments, debt collection, tax compliance, records management, procurement, engineering, market analytics, business intelligence, e-discovery, legal services, and logistics.   All businesses must comply with data breach notification laws.  In the U.S.,these laws will likely be extended and federalized in 2009. For more information on pending federal legislation as of January 2009, click here for the full article, and, for a copy of the draft 2009 federal Data Breach Notification Act, click here.

2. Codes of Conduct in the Outsourcing Environment: Practical Scenarios after Wipro Debarment and Raju / Satyam Fraud. Implementing lessons learned from Enron and the Sarbanes-Oxley Act, “codes of conduct” have become an integral ongoing concern in supply chain management applicable to employees, suppliers, contractors, consultants, captive affiliates, outsourcers and joint venture partners. When a trusted supplier breaches that code of trust, the enterprise customer needs to identify available remedies and make informed choices about enforcing legal rights and effectively mitigating the risks. This article makes recommendations for best practices in risk management, business continuity planning, disaster recovery, and legal rights and remedies in case of adverse events associated with a breach of a code of conduct or code of ethics due to senior management fraud or innocent “improprieties” that were fully disclosed but not permitted. It takes inspiration from the Raju /Satyam fraud in early 2009 and the debarment of Satyam Computer Servers Ltd., Wipro Technologies and Megasoft Consultants from the World Bank list of eligible contractors for corrupt practices. For the full article, click here.

3. Humor.

Change Control, (n). (1) a majority of voters on election day; (2) lobbyist’s draft legislation to block competitors from changing the rules of the marketplace; (3) Darwinian Evolution of Species, applied to business process transformation; (4) periodic brain dump.

4. Conferences

February 9-10, 2009, 9th Annual e-Services Philippines Conference and Exhibition and Next Wave Cities for Global Sourcing Council’s Multi-National Teleconference in Manila, Philippines and Hoboken, New Jersey.  The Global Sourcing Council will join with a session at the 9th Annual eServices Global Sourcing Conference and Exhibition taking place in Manila, The Philippines, to focus on “Next Wave Cities”. In the U.S., this event will take place at the Stevens Institute in Hoboken, New Jersey, beginning at 7PM; refreshments will be served, followed by an international video conference at 8PM. A keynote speaker and panel will be present in each location. The Stevens Institute site will focus on key factors that client companies seek in their sourcing locations. In a bid to be the next e-Services hub, invited cities present their development plans and competitive advantages. Vendors and buyers/influencers will exchange perspectives on current demand and supply requirements; presentations from new eligible locations in the Philippines, Asia and Europe will be given and this conference will provide business matching and lead development opportunities. To register, click here.  For more info on the 9th Annual e-Services Philippines Conference and Exhibition, visit their website.

February 10-11, 2009, American Conference Institute (ACI) Reducing Legal Costs, New York, New York. Corporate legal departments are under the gun to reduce costs, and the pressure on them to do so will only mount as the economy struggles. American Conference Institute’s 2nd Annual Corporate Counsel Forum on Reducing Legal Costs has been tailored to provide in-house counsel with the knowledge they need to successfully employ cost-reducing procedures both internally and externally.  Don’t miss this unique cross-industry benchmarking forum on keeping legal department costs in check, led by a spectrum of leading companies. For more info, click here.

February 11-13, 2009 NASSCOM Leadership Forum 2009, Mumbai, India. The NASSCOM India Leadership Forum 2009, a milestone event that will mark NASSCOM’s 20th year, will bring under one roof industry leaders, thought gurus, analysts, Government decision makers, academia and IT users from across the world. For the very first time, the global conclave will journey through three key themes-one for each day-to completely transform the experience for delegates. For more info, click here.

February 16-18, 2009 IAOP 2009 Outsourcing World Summit, Carlsbad, California. In its 12th year educating the world’s outsourcing professionals, IAOP™’s 2009 Outsourcing World Summit is a one-of-a-kind opportunity. Come to learn the very latest in how to create competitive advantages for your company through outsourcing. For more info, visit their website.

February 23-24, 2009, American Conference Institute LPO Summit, New York, New York. ACI’s Legal Process Outsourcing Summit is designed for both in-house counsel and law firms who are still evaluating the viability of offshore outsourcing, plus those who already have outsourcing operations in place but who want to stay ahead of the latest industry developments to optimize their business practices. For more info, click here.

February 23-25, 2009, IQPC 6th Annual Procure-to-Pay Summit, Miami, Florida. SSON and IQPC’s Procure-to-Pay series returns with the 6th installment this February!  Following the tremendous success of the last events and traction from leaders in the space, the 2-track agenda promises to deliver tools to help bridge purchasing with payables and enable process excellence throughout each and every segment of the P2P cycle, including improving the bottom line, optimizing available resources and managing process change. For more info, click here.

February 26, 2009, Global Services Conference, New York, New York. This year’s theme is “Revisiting Global Sourcing in a Challenging Economy”.  The financial crisis and the economic meltdown have put pressure on organizations of all types. In a more globalized world, the dimensions of global engagement have increased and so has the impact.  In challenging economic conditions, global sourcing of services throws up new opportunities.  The 2009 Global Services Conference will have expert discussions around how customers of business and technology services can revisit their global sourcing strategies to tap into these opportunities. In a jam-packed day filled with thought-leaders, peer discussions, workshops and real-world case studies, the 2009 Global Services Conference breaks new ground in providing content to help executives determine how to establish business value in outsourcing engagements. Global Services will also present the findings of its annual Global Services 100 research study at an awards and cocktail reception. Click here for more info.

March 22-26, 2009, IQPC’s 13th Annual Shared Services Week, Orlando, Florida. SSON’s Shared Services Week™ is the community event for all levels of Shared Services professionals around the globe. With over 900+ past attendees from 22+ countries each year, it is the “Can’t Miss” event for everyone involved with shared services. In it’s 13th year, the event is bigger than ever! We have added additional tracks, more expert speakers, a larger exhibit hall and new content. Experience the most renowned Shared Services conference ever and take away key insights you will learn no where else. Network with experts in the industry and create contacts for life. Receive a 30% discount when you register by using code IUS_OSL_#3. Call 1-800-882-8684 or visit us online.

April 27-29, 2009, IQPC’s 7th Annual e-Discovery Conference, San Francisco, California. Join this year’s conference to learn more about managing the process of electronic discovery files and to explore options that are available for this task. Proactive e-discovery solutions are more critical to legal departments yet the solutions for costs, implementation, and management are still widely unknown. This conference will provide strategies for e-discovery success including proactive strategies for record management; global privacy issues, data security laws, regulations; specific cost control options; judicial perspective; and cutting edge software solutions. For more info, click here.

May 5-6, 2009, 7th Annual HRO World TM Conference & Expo at NY HR Week , New York, New York. Hear from the HR outsourcing industry’s most respected practitioners, analysts and vendors. Register by April 10 with Source code HROL and save $100. Register here online or call 1-800-727-1227.

May 18-20, 2009, 6th Annual HR Shared Services & Outsourcing Summit, Denver, Colorado. The 6th Annual HR Shared Services Summit is the most important event of the year for HR leaders seeking to re-align their services with the strategic requirements of the business. This successful event brings together senior HR leaders in an exciting interactive forum, delivering best practice case studies aimed at optimizing every stage within the HR transformation process. Given historic economic conditions, it’s more important than ever that HR leaders exploit the dramatic economies of scale that are available to them through shared service structures. And for more mature companies – those that have already made the transition to an HR shared service model – there is an urgent need to re-align the kinds of services they offer with increasingly tough business challenges. Click here for more info.

******************************************

FEEDBACK: This newsletter addresses legal issues in sourcing of IT, HR, finance and accounting, procurement, logistics, manufacturing, customer relationship management including outsourcing, shared services, BOT and strategic acquisitions for sourcing. Send us your suggestions for article topics, or report a broken link at: webmaster@outsourcing-law.com The information provided herein does not necessarily constitute the opinion of Bierce & Kenerson, P.C. or any author or its clients. This newsletter is not legal advice and does not create an attorney-client relationship. Reproductions must include our copyright notice. For reprint permission, please contact: publisher@outsourcing-law.com . Edited by Bierce & Kenerson, P.C. Copyright (c) 2009, Outsourcing Law Global LLC. All rights reserved.  Editor in Chief: William Bierce of Bierce & Kenerson, P.C. located at 420 Lexington Avenue, Suite 2920, New York, NY 10170, 212-840-0080.