USA Law and Practice Contributed by: Jeffrey Harvey, Randall Parks, Andrew Geyer and Cecilia Oh, Hunton Andrews Kurth LLP
2. Regulatory Environment 2.1 Restrictions on Technology Transactions or Outsourcing Private Sector Despite law-makers’ efforts to pass sweeping legis - lation to regulate offshore outsourcing, there is cur - rently no overarching federal framework in the USA that specifically prohibits outsourcing in the private sector. However, it is anticipated that both federal and state law-makers will continue to introduce legisla - tion to discourage the outsourcing of certain func - tions to offshore locations. For example, a federal bill, the “Keep Call Centers in America Act of 2025”, proposes to disqualify certain US call centre providers that relocate their call centre operations to a location outside the US from federal grant and guaranteed loan programmes, and to introduce civil penalties if they fail to self-report such relocation. Similar state laws addressing relocation of call centres have already been enacted at the state level in New York and New Jersey. As discussed in 2.2 Industry-Specific Restrictions , certain regulated industries – such as the financial services, energy, insurance and healthcare industries – are subject to federal and state regulatory frame - works that extend to the regulated entities’ third-party vendor relationships, including outsourcing arrange - ments. Generally, regulated entities that outsource operational responsibility of regulated functions to third-party vendors continue to be primarily respon - sible for compliance with those laws. Public Sector Public contracts are highly regulated at the federal, state and local levels. In addition to explicit restrictions on the performance of certain government functions by non-government employees and offshore resourc - es, the highly complex public contract framework imposes onerous solicitation, review and approval procedures on government outsourcing initiatives. Even where offshore outsourcing is not prohibited outright, these requirements often have the practical effect of restricting large outsourcing arrangements in the public sector. Public contracts are often subject to scrutiny by elected officials, watchdog organisations,
consumer groups and the media, which can compli - cate and delay negotiations. 2.2 Industry-Specific Restrictions Financial Services In the USA, various state and federal regulators over - see financial institutions and other financial service companies through a system of functional regula - tions. Financial regulators have issued interpretative guidance regarding outsourcing to third parties. For decades, prudential regulators have charged banks with establishing and maintaining risk management practices – designed to ensure the safety and sound - ness of their activities and protect consumers – that are commensurate with the level of risk involved. The application of these practices extends not only to the bank’s own activities but also to those of any third party engaged by the bank, including outsourcing providers. The Consumer Financial Protection Bureau (CFPB) imposes third-party risk management guid - ance embodying similar principles on certain non- banks in the consumer financial markets, including credit unions, mortgage originators and servers, and private lenders that fall under the CFPB’s supervision. In June of 2023, the Federal Reserve, the Office of the Comptroller of the Currency (OCC) and the Federal Deposit Insurance Corporation (FDIC) jointly released guidance on the effective management of risks asso - ciated with third-party relationships by banking organ - isations. The final Interagency Guidance on Third-Par - ty Relationships: Risk Management (the “Interagency Guidance”), which substantially tracks the interagen - cies’ proposed guidance published in July 2021, rein - forces the prudential regulators’ increased scrutiny on risks associated with banking organisations’ busi - ness arrangements with third parties, including in its arrangements with outsourcing providers. The Interagency Guidance provides a multidisciplinary framework and objectives for each stage of the third- party risk management life cycle, namely: • planning – examination of risks and develop - ment of a plan to manage the relationship and related risks, particularly when critical activities are involved;
93 CHAMBERS.COM
Powered by FlippingBook