Just When You Think You Have Seen It All...

After spending more than a decade working in and around the third-party Shared Services space, I thought I had seen it all, by now: Floods in offshore operations, data breaches, third parties trying to sell me on locating facilities in the middle of drug cartel or warlord locations, and more. Yet few, if any, could anticipate the impact of COVID-19 on the global marketplace – and more specifically, on third parties and Shared Services.

Inattentional blindness (aka perceptual blindness) is a more formal way of saying “plain sight” blindness. According to the definition in Wikipedia, this is where one fails to perceive an unexpected stimulus in plain sight, purely as a result of a lack of attention rather than any vision defects or deficits. Another term for such lack of awareness around a global pandemic is Scotoma (mental blind spots). [My wife would agree that I have such an affliction when I cannot find the mustard in the refrigerator.]

For those of us working with third parties and concerned about associated vulnerabilities, we tend to look for and see the obvious risks: operational, physical security, information security, contingency planning, reputation, etc. Pandemics were not something we generally considered. Until now.

Global Impact Of Using Third Parties

The global, sweeping risk of COVID-19 falls into all the above, but few – if any – saw it coming. The scotoma is evidenced by the lack of preparedness of many third-party operations, which is resulting in unprecedented negative impacts.

According to a recent article by economic forecaster Dr. Daniel Bachman, COVID-19 could affect the global economy in three main ways:

1. by directly affecting production
2. by creating supply chain and market disruption, and
3. by its financial impact on firms and financial markets.

An August 2019 analysis from Fortunly regarding predictions for outsourcing in 2020 highlighted:

• Almost 54% of all companies use third-party support teams to connect with customers
• Globally, businesses spent U$75.2 billion on outsourcing security last year
• There are 53 million freelance workers in the U.S.
• 78% of businesses all over the world feel positive about their outsourcing partners
• About 300,000 jobs get outsourced out of the US each year
• 71% of financial service executives outsource or offshore some of their services.

Bringing things closer to home, according to the Fortunly research, California leads the nation when it comes to jobs lost to outsourcing, mainly because of Silicon Valley and the shrinking of the state’s apparel industry. A quick look at jobs lost by industry illustrates why California, as the home of most US tech giants, suffered so much: Of 3.36 million jobs that the United States has lost to China since 2001, 1.2 million are in IT and electronics parts manufacturing.

Companies are increasing their use of outsourcing, with an anticipated U$130 billion global market in financial services alone. Combining all industries, the reliance on third party global support will be far greater, which means the operational and financial impact of pandemics such as COVID-19 cannot be underestimated.

While there is talk of reassessing and reducing the use of third parties and Shared Services, this is unlikely a long-term play given the model’s many benefits – economies of scale, intellectual capital benefit without the capital expenditure, and higher skill for lower cost, to name a few – and companies’ dependence on them.

What You Can Do Now

With so much riding on third parties, COVID-19 is having far-reaching risk impacts that must be addressed in both the short- and long-term.

So, what can you do about it? How do we respond now that we see what we couldn’t have just months ago?

While the pandemic is here and companies are in firefighting mode, there are new habits and ways to operate that should be implemented to avoid operational blind spots.

1. Stop the bleeding. Clearly the first step, if you haven’t already done it, is to assess the human impact of your third parties and to ensure steps are being taken to protect workers from harm. Close quartered, secure rooms are ripe for contagions to flourish. Physical security in terms of room and surface cleanliness, checking workers before they come into protected areas, and then providing enough physical separation between them is key. Obviously, it will impact productivity if you limit the number of people in the workspace. Determining and focusing on mission-critical outsourced operations is a must.

2. Review your framework. Once the most immediate operational issues are addressed, it’s a good time to go back over both your overall Operational Risk Management Framework, as well as your Third-Party Risk Management Framework, if you have these established. If you don’t, I highly recommend you implement them – and I recommend the Risk Management Association frameworks at www.rmahq.org.

3. Lastly, work with your third parties to implement and frequently conduct war-gaming and scenario testing to prevent or at least reduce the likelihood of scotoma.

Actionable Takeaways

• Assess the impact of COVID-19 on your outsourced operations across all types of risk and adjust your contingency plans and actions.
• Implement a robust Operational Risk Management Framework (ORMF) or shore up if you already have one in place related to your Third-Party Risk Management Framework.
• Implement and conduct regular war game scenario exercises and modeling with your third parties to test current procedures and contingency plans to include pandemics.

Summary

COVID-19 is reminding us that we all have blind spots in our third-party operations. Even with many years of experience, few could have anticipated the impact and risk it is exposing globally. Thinking ahead, constantly asking “what if…” questions, and preparing in advance, may reduce your third party and operational blind spots.

As for me, I am still looking for the mustard. I better ask my wife.