Invisible Employees: Is the screening of your third-party labor (BPO) up to the same standards

By: David Robillard, CEO, MultiLatin Background Screening

For more than twenty years companies have sought to improve profitability and efficiency through the outsourcing of their non-core processes. Because of their proximity and shared time zones Mexico and other countries in Latin America have become attractive to many US companies for such offshoring or “nearshoring” requirements.

What is lost on some companies is the fact that by virtue of outsourcing these processes they are creating a new category of “Invisible Employee” who may represent potential risks in a region whose compliance measures haven’t caught up to speed with those in the US.

By design, client companies, rarely know who the individuals are responsible for conducting outsourced processes, yet these knowledge workers handle confidential and sometimes sensitive personal data.

Third parties who provide outsourcing services for business processes need to comply with the same compliance standards that affect their clients. The Business Process Outsourcing (BPO) industry, which is increasingly driven by technology, has evolved from low-end services such as customer support to high-level services such as software development, research, and IT operations support.

The capacity to meet data protection and fraud prevention regulations will be an important differentiator for the BPO sector when it comes to competing in the market.

Technology now plays an important part in helping BPO teams comply with multiple regulations involved in each outsourced contract: monitoring processes for IT spending, change management, system security, service level agreements (SLAs), etc. This technology should be set up together with policies and procedures that guarantee compliance in all areas of the company.

Most BPOs clearly understand the value of complying with regulations in order to maintain certification levels that back their operations. They are increasingly aware of the importance of observing laws on data protection and information security. And the integrity of employees plays a definitive role.

There are two main segments in the BPO industry:
Internal Providers or Shared Services Center. Subcontracting decisions are made by the parent organization. Business activities can be located in high-quality, low-cost offshore locations. The offshore center is viewed as an extension of the company, and the organization itself must make sure that the offshore center complies with all regulatory matters inherent to operations.

External providers. External providers must self-regulate in order to stay competitive in the market. This means observing the highest standards of compliance aligned with the latest regulations that impact technology providers as well as maintaining high-quality services.

Issues of privacy and integrity in handling data are the main concerns related to outsourcing. This is especially relevant for companies that have intellectual property (IP) and private data to protect, such as banks, telecommunications companies or companies in the healthcare sector. These must be very careful to maintain the confidentiality of their clients’ records.

Contractors that are conscientious in following regulations can more successfully attract interest from local and global companies if they make sure their employee selection process includes high screening standards by establishing a background check program.

If BPOs do not guarantee the required level of information security and risk prevention, they will lose important business opportunities. Best practices to safeguard the confidentiality of a client are a minimum requirement for these types of companies. They must also ensure compliance in their operations both locally and abroad.

1. Incorporate prevention programs in the candidate selection process. A risk matrix will allow for background checks that verify each candidate’s information based on their degree of responsibility in handling client information.
2. Have clearly documented policies and procedures. This helps satisfy both the client and the regulatory or certification authority and increases the company’s own confidence level for landing new business opportunities.
3. Provide regular training programs to internal users. Knowledge of compliance policies should permeate from top management to operations.
4. Have detailed security policies and an appropriate structure, from controlling levels of access to data to the configuration of firewalls and intrusion detection systems (IDS). It is useful to supplement this with internal and external auditing mechanisms.
5. Prepare, document and test incident management and escalation procedures.

• Lowers the company’s risk of being fined for non-compliance.
• Significantly reduces information leaks and unauthorized access.
• Provides greater preparedness for compliance audits.

1. People manage technology. Outsourcing the candidate selection process not only affects the effectiveness of the process itself but also raises your confidence level when you have a provider who adheres to international quality standards and complies with local regulations.
2. Reinforcing the candidate selection process reduces the risk of fraud and mismanagement of sensitive personal data as well as confidential company information. Internal staff commits the greatest number of frauds in most industries.
3. A well-defined risk matrix will take into account different levels of responsibility and access to information for each position and will define the most appropriate variables to review or verify during the background check process.

In Latin America the practice of using socioeconomic studies in the candidate selection process is still widespread. In order for BPOs to upgrade their screening measures, such studies will not do. Companies must insist on verifying candidate supplied information instead of compiling information. The following explains some of the major differences between socioeconomic studies and background checks as a prevention tool for HR compliance.

1. Only compile information.
2. Not all information requested is relevant for mitigating risks.
3. Information handling tends to manual.
4. Can easily lead to discrimination.

1. Verify whether the information provided by the candidate is true.
2. Are based on a risk matrix that defines different scopes for different positions.
3. Information handling is encrypted and can be monitored at any time by the company’s HR area.
4. Non-discriminatory, respects the candidate’s privacy and starts with their consent.

If your company is considering the outsourcing of business processes make sure that the employees of your third parties are screened to the same level of diligence as you would use for employees who work directly for you. This way you will avoid hiring invisible employees.

ABOUT THE AUTHOR: David is President of MultiLatin and has more than 20 years of experience advising boards of directors and senior management on integrity and corporate reputational risk issues in Latin America. David is Chairman of the Latin American Task Force for NAPBS. You can contact David at

Post By Ken Shafton (486 Posts)