Banking has changed since the global financial crisis in 2008. The steady increase in regulations from Washington, the states and international organizations are now impacting IT leaders. As regulators examine vendor relationships and outsourcing arrangements more closely, there is a significant risk that poorly managed IT could trigger an audit finding, a fine or negative publicity. As IT leaders plan to review and renew IT service providers in 2016, here are some of the risks to manage.\nIn 2013, the Federal Reserve published a document that became required reading for IT leaders. This publication \u2013 Guidance on Managing Outsourcing Risk \u2013 highlighted the fact that outsourcing a service to a third party does not eliminate responsibility. What happens if a bank fails to properly manage a third party service provider? The Federal Reserve has identified six risks that arise from outsourcing: compliance risk, concentration risk, country risk, legal risk, operational risk and reputational risk.\nThe Office of the Comptroller of the Currency (OCC), another key U.S. financial regulator, also published guidance related to outsourcing in 2013. In OCC BULLETIN 2013-29, the organization stated, \u201cThe OCC is concerned that the quality of risk management over third-party relationships may not be keeping pace with the level of risk and complexity of these relationships.\u201d Specifically, the OCC has noted ineffective practices such as entering into outsourcing without a contract and incentivizing a third party provider to \u201ctake risks that are detrimental to the bank.\u201d In the view of regulators, rushing into an outsourcing arrangement to cut expenses is likely to trigger unpleasant regulatory attention.\nRegulatory trends: increased enforcement, higher standards\nPrior to the financial crisis, many regulatory agencies lacked the resources and support to carry out enforcement actions. In recent years, there\u2019s much greater support for regulatory agencies to impose fines and impose other actions on companies who run afoul of regulations.\n\u201cRegulators have taken a deeper interest in outsourcing services that have an impact on either the regulatory posture of the organization or on cyber security and cyber-crime,\u201d explains Bala Pandalangat, president and CEO of Centre for Outsourcing Research & Education (CORE), an organization that provides outsourcing advice and training based in Toronto. CORE\u2019s membership includes Deloitte, IBM, Xerox, large banks, universities and law firms such as Torys LLP.\n[Related: 10 outsourcing trends to watch in 2016]\n\u201cWe see several common mistakes when it comes to outsourcing arrangements,\u201d says Pandalangat. \u201cThe number one mistake is viewing risk management is an after-thought. Many deals emphasize the financial benefit of outsourcing at the expense of risk management. If risk management is not built into the contract, costly adjustments may be required to address that concern.\u201d\nCountry risk and supplier diversity are other areas where mistakes are commonly made. \u201cWe have seen certain major financial institutions being caught off guard with severe disruptions during the reason historic floods in Chennai, India,\u201d says Pandalangat. In late 2015, Chennai suffered the heaviest rainfall of a century which disabled the region\u2019s cellular networks, disrupted travel, closed companies and cost injuries and deaths. Having suppliers based in multiple locations and thoroughly understanding disaster recovery capabilities are ways to address this risk.\nLooking ahead to the future, increased regulatory expectations are likely. \u201cSome regulators are working with some of the large advisory firms on developing more stringent guidelines,\u201d says Pandalangat. These new guidelines will likely relate to data breaches, security and related matters.\nResponding to due diligence requirements: the Infosys perspective\nInfosys is one of the world\u2019s largest outsourcing companies and is widely used by many of America\u2019s largest companies, including banks. In some circles, Infosys is controversial because it\u2019s based in India, which suggests the company\u2019s part of the \u201coffshoring\u201d problem. Nevertheless, Infosys is rapidly gaining in popularity. The company has taken a proactive approach to responding to regulatory demands in the financial industry.\n\u201cWe are seeing greater interest on due diligence activities for new clients and clients who are renewing agreements with us,\u201d explains Dennis Gada, vice president at Infosys. \u201cI view the guidelines on outsourcing from the Federal Reserve and other regulatory agencies as helpful \u2013 it clarifies what is expected.\u201d\nContinued development of internal training is a major reason for Infosys\u2019s continued success in the highly regulated financial sector. \u201cWe have enhanced the training we do on our side. The internal training program shows our teams what is required in documentation, audit requirements and privacy. Before we assign staff to a financial services clients, they have to pass internal tests and certifications,\u201d says Gada.\n[Related: The top 10 IT outsourcing service providers of the year]\nIncreased due diligence in selecting outsourcing providers goes beyond evaluating a provider\u2019s financial viability. \u201cCurrent and potential clients are looking at our knowledge management processes, our employee background checks process, internal incident reporting process and process to use sub-contractors,\u201d says Gada. IT managers in banking who work with outsourcing providers can ask similar questions to stay in alignment with regulatory expectations.\nBeyond cost reduction: the outsourcing trend for the future\nThe first wave of outsourcing in IT was driven largely by cost considerations. IT leaders saw the potential to reduce staff costs by assignment activities to developing countries such as India. Cost reduction remains an important reason to consider outsourcing. Yet it\u2019s no longer the only consideration: improving productivity and customer service are now part of the mix.\n\u201cFor a regional bank in the U.S., we are performing part of their mortgage process. Initially, it was a broken process that took a long time to onboard customers. We used a design thinking approach to transform the process. The result: onboarding now takes two days instead of over 30 days,\u201d says Dennis Gada. Such improvements directly improve the customer experience.\n\u201cFor banking clients, we are also seeing increasing demand for new services. For example, we are getting involved in mortgage origination and KYC (\u201cKnow Your Client\u201d) services,\u201d adds Gada. KYC requirements often include verifying a client\u2019s identity, ensuring compliance with anti-corruption laws and ensuring that appropriate services are provided.\nWhether you are planning to expand outsourcing or reviewing existing arrangements, take a broad view. Regarding risk, regulators may ask for evidence that you have conducted effective due diligence in selecting and managing the provider. Infosys\u2019s recent work also shows that outsourcing providers are capable of delivering significant productivity gains. Outsourcing IT and other services is a complex decision that deserves careful thought.