Nearshore companies engaging with outsourcers in the US must be aware of the compliance and data protection laws to which the US-based company is subject, participants heard at Nearshore Americas’ Nexus 2019 conference in New York earlier this month.
It is essential for companies in Latin America and the Caribbean entering into outsourcing contracts with companies in the US to comply with US compliance laws, given that those laws often differ to those in their home countries, Gabriela Smith, the managing attorney at The Smith Law Group, which has offices in Dallas and Lima, explained during her presentation at the event.
Furthermore, nearshore companies need to ensure that all of their employees, at all levels, are well versed in such issues, she said.
“When engaging in a cross-border outsourcing contract, the nearshore company needs to ensure that there is compliance, in addition to a confidentiality contract, at all levels of the company, and at its affiliates where applicable.”
“Nearshore companies need to implement internal policies and train their workforce in order to ensure compliance and protect confidentiality, as well as teaching their employees about US client expectations,” she said.
“It’s a question of culture,” she added, and of companies ensuring they understand the local laws applicable to the company they are contracting with, and how that company expects the services and processes it is outsourcing to be delivered.
In addition to compliance laws differing between Latin American countries and the US, they also differ widely across the continent. A 2018 study by Netherlands-based consultancy and accounting firm TMF Group found, for example, that Argentina has the most complex corporate compliance policies in the Americas.
That complexity arises from new regulations introduced that are aimed at streamlining business and investment in the country, and which it is expected will reduce complexity in the long term, according to the report.
Confidentiality is also a major issue given that, by the nature of the contract, companies engaged for outsourcing will be party to information and data that is protected by laws.
“The biggest question is confidentiality,” she said. “Companies need to protect their data, and this applies particularly to industries that are highly regulated in the US, such as the healthcare sector.”
“Companies need to be aware of the laws applying to each sector,” she said, citing finance as an example of a sector governed by specific compliance and confidentiality laws.
Nearshore companies also need to be prepared to be audited by the US company it partners with, Smith, who routinely counsels Latin American companies on contractual and compliance issues when doing business in the US, said.
Nearshore companies have been known to fall foul of compliance because, in outsourcing business processing, US companies have assumed that they are also outsourcing compliance, an assumption that can be very costly, as it will be ultimately responsible for any compliance breach committed by the company contracted for the process being outsourced.
Such situations can be avoided by carrying out due diligence, as an essential means of risk avoidance, rather than carrying out risk mitigation later, she said.
“Non-compliance by an outsourced partner could result in the outsourcing company having to spend a large amount on risk control, and which can be avoided by first making sure the outsourced partner is fully aware of the US laws applying to the sector in which it is active.”
Such considerations need to be made when drawing up a contract for outsourcing, and which should include a register of compliance, clearly stating the obligations for the third party, including the legislation, regulations and standards for the industry that are applied in the US. And contracts should also state how the contractor is to demonstrate compliance, she said.
“Doing due diligence is a way of ensuring that a company can continue to grow,” she said.