Joseph A. McCahery

F. Alexander De Roode

Tilburg University and ECGI

Robeco Asset Management

Governance of Financial Services Outsourcing : Managing Misconduct and Third-Party Risks


With financial institutions increasingly outsourcing their activities, they face a record number of fraud and misconduct cases arising from third-party services. We survey financial institutions to better understand which governance mechanisms may improve the monitoring and management of third-party relationships. Overall, our results suggest that there are gaps in traditional governance arrangements.

We find that financial institutions rely mainly on internal monitoring to detect fraud and that whistleblowing plays an important role in mitigating misconduct risks.

Finally, we report evidence that vendor dependency and product complexity play a pronounced role in delaying termination of agreements.


Financial institutions have become highly reliant on outsourcing critical business processes to external service providers. Institutions are increasingly taking advantage of outsourcing to lower costs and acquire higher-quality services to sustain their competitive advantage. The financial services outsourcing market is estimated to be worth $130 billion and is predicted to grow by an annual rate of 7.46% between 2016 and 2020. Although the growth and expansion of outsourcing in past decades have increased productivity and, thus, benefited institutions, there is also evidence that outsourcing has generated new risks. Some of these risks also stem from the fact that more financial institutions are relying on a small group of vendors. For example, companies outsourcing cybersecurity functions can select from only a small number of third-party suppliers for IT-related tasks.

Read more