Level 10, 189 Kent St, Sydney NSW 2000 | Level 1, Suite 2 Harrington Plaza, Harrington Park NSW 2567 & affiliated offices throughout Australia.

How to manage offshoring risks for your business

Written by AMGI on . Posted in Blog.

The promise of efficiency resulting in reduced costs is the main reason Australian businesses offshore part of their operations overseas. They can do this through contracting, subcontracting or setting up a division outside of Australia.  

But, as the COVID-19 pandemic has highlighted, it’s risky. Telecommunications, banking, governments, aviation and other service-led sectors have taken a hit. Risks of offshoring include miscommunication, data security, geopolitical unrest, unexpected shutdowns, power failures, and more. And, even if you survive those vulnerabilities, your operations here and overseas must still comply with Australian regulations.  

Legally obligated 

While the Australian Prudential Regulatory Authority (APRA) regulates the financial services industry, they provide useful information on the matters to consider when outsourcing business activities to a third party located offshore. 

These include: 

  • Having service-level agreements, such as being able to test your business continuity and disaster recovery processes 
  • Doing your due diligence to assess, consider and develop risk management processes before you sign an agreement to outsource your material business activities offshore 
  • Once those legally binding agreements with third parties are signed, having a board-approved policy to monitor and supervise those activities. 

Due to the pandemic’s shutdowns, the ‘material business activities’ of many banks, insurance and financial companies were disrupted. That’s why they had to bring their overseas call centres back to Australia. APRA says such entities are unlikely to resume their previous offshoring arrangements.  

Risks of offshoring 

So, before you look to offshore core business functions, consider these risks

  • The other country’s economic, political or social risks and whether you’ll need to bridge the cultural gap. An example is the fractured Australian-Chinese trade relations that simmer despite mutual dependence.  
  • Your preferred model: Whether you’ll closely manage the overseas team or outsource that role to a vendor  
  • The ability of your business to comply with relevant Australian foreign laws and regulations 
  • The contractual and access risks: This could mean the Australian regulator has limited or no power to enforce the offshoring deal or can’t get the information it needs to do a prudential review 
  • A counterparty risk where a party fails to meet the terms of an agreement with the Australian regulator 
  • The bribery & corruption risk which is prevalent in some countries 

APRA offers lessons from the pandemic. Their and CIO Australia’s tips are useful for all sectors and include: 

  • Thinking more broadly about possible disruptions in your business continuity planning 
  • Detailing the impact outsourcing could have on your capability to meet your obligations 
  • Clearly documenting in a contract each party’s roles and responsibilities 
  • Getting on top of your anti-money laundering/counter-terrorism financing risks, as AUSTRAC requires 
  • Prioritising your support needs and assessing opportunities for harnessing technology to automate those support functions where possible 
  • Maintaining cyber safe practices for data privacy and security whether you’re outsourcing core or non-core activities to an overseas third-party provider 
  • Boosting communication with internal and external stakeholders 
  • Using agile risk governance to manage your end-to-end processes, which means keeping your documentation current.  

Getting good governance right 

Set out in your agreement with the other party(ies) which legal jurisdiction will apply if there are disputes. Use Australian law and regulations to guide you on the security and confidentiality of information.  

APRA is actually touted as a resource for good governance, whatever industry you’re in. For instance, check out their prudential standards, CPG 232 and CPG 233, for businesses they regulate that may face unexpected shutdowns. It requires they have: 

  • A serious pandemic plan covering governance, structure, timing, business continuity management (BCP) processes. This plan should link to existing plans for business continuity, crisis management, communication, and liquidity management, etc. It will cover business contingencies when there’s an alert about a pandemic, during one and in between them.  

Whether you’ve started offshoring or not, talk to us as your broker/adviser to help you better manage your risks and find best-fit insurance. 

Useful links: 

Protecting your critical infrastructure asset from foreign involvement risks, such as involving your outsourced/offshored supply chains 

https://cicentre.gov.au/document/P50S025

The Trusted Information Sharing Network – the Federal Government’s main channel for business-government information sharing and resilience-building initiatives on critical infrastructure 

https://cicentre.gov.au/tisn

Interested in our services?

Claims are never pleasant when they occur, however PSC AMGI is here to help! With fast, decisive action we can assist to get you back on track ASAP.

Call us on:

1300 737 531

PSC Insurance Brokers endorse the Insurance Brokers Code of Practice.
To obtain a copy of the code, click here.

PSC AMGI WSC Pty Ltd t/a PSC AMGI Insurance Brokers ABN 82 619 631 579. PSC AMGI WSC Pty Ltd is a Corporate Authorised Representative No. 001255492 of PSC Insurance Brokers (Aust) Pty Ltd which holds a current Australian Financial Services Licence No. 342385.

Copyright © 2018 AGMI