The word of the day for many business process outsourcing (BPO) and technology services companies is growth. This is particularly true for firms operating in nearshore markets. The outsourcing industry in Latin America and the Caribbean is booming with more investment, job creation and general interest than ever before.
Expansion brings excitement and opportunity, but more clients and employees also increase operational challenges. This adds to the continued negative effects of the Covid-19 pandemic, supply chain disruptions, inflation and policy changes across jurisdictions. Companies today have to function under more adverse conditions and manage new risks.
How can companies incorporate new compliance needs as they grow? What has changed for nearshore firms in their relationship with their insurance providers? How has the pandemic impacted compliance requirements and insurance policies across nearshore markets?
Nearshore Americas spoke with Susana Sierra, CEO of BH Compliance, a firm with over a decade of experience in the compliance market, and with Natalia Delisser, Business Manager at itel, to address some of these questions.
Bigger Needs in Health and Cyber Insurance
Latin America and the Caribbean remain one of the most affected regions by cybersecurity threats. The pandemic-induced remote working conditions have exacerbated this risk.
“With respect to cyber insurance cover, external threats like scamming, phishing and ransomware have escalated,”said Natalia Delisser. “Cyber insurance policies have been under-priced for the level of exposure, and the markets suffered massive losses, which resulted in shrinking capacity, increased retention by the insureds and reduction in limits that markets were prepared to offer.”
For Delisser, the markets for cyber and other financial lines are becoming more restricted in terms of pricing and availability of underwriters due to the incidents of security breach ransomware claims. Ransomware attacks have grown in size and frequency in the last two years in the nearshore.
“Underwriting cyber insurance policies have begun to take on a new level of due diligence, and high-levels of security control. In addition, the scope of cover is also being rolled back,” Delisser pointed out.
“With more work from home operations, there is more emphasis from underwriters on system security such as Multi Factor Authorization (MFA). Without certain security standards, underwriters will withdraw cover. Clients are also more vigilant; they follow up on contractual requirements by ensuring they see paperwork. And during the business development or sales process, insurance is a part of the focus of how vendors are selected,” she added.
When it comes to cybersecurity, the BPO industry is heavily sensible to data protection, as most companies manage third party data across jurisdictions. Delisser explains that Data Protection Acts now place a substantial level of exposure on entities, including those in the BPO industry. There is more emphasis on reporting data breaches; therefore, the need to have cover for third party claims arising from such breaches has increased dramatically.
“These are often a contracted client requirement because client data is also at risk. Clients want to ensure that they are adequately covered, and in many cases require full indemnification from BPOs for any act that they may be considered liable for without recourse against them. The waiver of subrogation clause requests we have been seeing are an example of this,” explained Delisser.
“In many cases, [clients] require full indemnification from BPOs for any act that they may be considered liable for without recourse against them”–Natalia Delisser
While the general insurance industry is experiencing complex changes, employers and providers alike have had to focus on one issue in particular: health care. The pandemic forced employers to act and place employees’ health at the center. Companies and their workers paid more attention to insurance policies as the health crisis significantly changed the way people interact with their workplace.
“In general, employees are more interested in wellness and have requested things like gym memberships,” said Delisser. “In Jamaica, our employees have access to an online fitness club which offers 24/7 access to a wellness portal as a part of new more holistic cover. In Guyana, workers have enhanced benefits, and employees pay less for healthcare for themselves and their families. For employee health cover in St. Lucia, we procure the policy from the provider directly; they provide virtual onboarding and enrollment.”
Adapting to Post-Scandal Compliance Standards
The pandemic has not been the sole factor driving significant changes in business practices. With the health crisis, as well as new economic and political realities, there’s also been a shift in the regulatory and compliance climate.
During the last few years, Latin America and the Caribbean have been the epicenter of major corruption cases. This impacted the general perception of businesses among policy makers and the public.
“There is growing strength of an anti-business sentiment in social movements and the population. This is mainly due to a perceived notion of corruption or just wrongdoings, but I think it is also about how companies in the region don’t properly know how to present what they do,” said Susana Sierra.
Sierra leads BH Compliance to assist companies in their anti-corruption efforts. The firm now uses Artificial Intelligence (AI) and blockchain technology to monitor and diagnose compliance issues, allowing it to have a comprehensive view of how the private sector looks and enforces regulatory requirements.
For Sierra, the issue of corruption is not generally about malicious intent but more related to how much attention companies place on results, often ignoring processes and protocols.
“When you’re selling more or if suddenly your operating cost goes down or you finally got that contract, nobody asks questions. But in these interactions with vendors or public officials is where we also need to put attention. By doing that, companies create a culture of integrity that really helps business,” explained Sierra.
“There is growing strength of an anti-business sentiment in social movements and the population”–Susana Sierra
BH Compliance often finds that even when companies have internal channels to file complaints about acts of corruption or other violations, those channels are regularly underutilized due to corporate and country-specific cultural patterns.
“In Latin America, people generally don’t want to file complaints, but sometimes it goes beyond that. For example, we find that around 20% of companies don’t comply with their own policies to interact with public officials,” added Sierra.
For Sierra, there needs to be more social punishment for companies and public officials that engage in acts of corruption.
“Chile approved the law on criminal liability of companies in 2010, and other countries followed, but these legislations continue to be too reactive. We need more on data protection, consumer rights and anti-corruption,” she concluded.