JFRM  Vol.9 No.3 , September 2020
Review of International Supply Chain Risk within Banking Regulations in Asia, US and EU Including Cost Efficiency Proposals
Abstract: Major financial institutions operate in different regions of the world facing different regulatory landscapes for Supply Chain risks. In this environment, the optimization issue arises how to best comply with the different regulations and reaching cost efficiency at the same time. In this research, the international regulatory landscape for Supply Chain risks of Financial Institutions is introduced and compared internationally. It is understood as an integral part of Supply Chain Risk Management of Financial Institutions, yet the latter is analysed as the research background. Additionally, expert interviews are conducted in order to link the regulation analysis to the current challenges that Financial Institutions face. Finally, recommendations are developed on how banks can be cost efficient, while remaining regulatory compliant, facing increased international regulation in the area of Supply Chain Risk Management. The outcome of the underlying research shows that banking regulation in the area of Supply Chain risks is an important lever in the banking sector to secure customers and financial markets. However, the regulatory landscape is heterogeneous and not consistent on an international scale. Regulation in Asia is highly diverse across different countries due to different states of economic development. The US applies a rather pragmatical approach towards supply chain risk regulation applying different standards of standard setting institutions. Lastly, the EU is very restrictive and strives to unify regulation across member states. Banks should follow a consistent management approach keeping in mind international locations and the strictest regulatory environment they are operating in, to improve cost efficiency yet being regulatory compliant. Also, collaboration with and amongst regulators and other banks internationally is recommended for improved cost efficiency.

1. Introduction

Banks all over the world face tremendous challenges nowadays. The influencing factors can be summarized as digitalization, increasing regulation, and higher pressure on efficiencies. Plus, the underlying business models will become more modular, as many new players enter the market that will overtake parts of the value chain ( Alessandrini , Fratianni, & Zazzaro, 2009; Allchin, Austen, Fine, & Moynihan, 2016). In the year 2020, this development can already be observed, but a large part is still to come (Brainard, 2020). Following, also the Supply Chains (SC) of banks are changing and are becoming continuously more complex. An increasing amount of services needs to be sourced from service providers. In line with this is the mutually influencing system of regulatory authorities and banks (Wieland, Steinmeyer, & Grüninger, 2014), as the Financial Services (FS) industry is one of the most regulated industries globally, aiming at securing customers and economic markets, as well as protecting and strengthening the FS sector (Fried, 2017). Evidence has proven that regulation has made American banks less innovative and less competitive compared to less-regulated Financial Institutions (FI) (Johnston, 2018). As speed and time to market have become one of the most important competitive advantages (Allchin et al., 2016), regulation has the power to shift advantages in the value chain (Expert Group on Regulatory Obstacles to Financial Innovation, 2019; Eceiza, Kristensen, Krivin, Samandari, & White, 2020). The appearing question is how banks can prepare to be cost-efficient and thereby not hindering their own innovative power and position in the market, while still being regulatory safe in a continuously faster and more international environment.

A gap in research exists with regard to Supply Chain Management (SCM) and banking regulation in this area, which are both an integral part of Supply Chain Risk Management (SCRM) of banks and interdependent, as the focus of banks has not been on SC activities in the past. The research will provide a literature analysis and will derive applicable definitions for SCRM and Outsourcing for banks. Moreover, baking regulation has not yet been scientifically analysed for the underlying topic, covering different international regulatory areas. Therefore, three regulatory systems will be highlighted and compared to each other: Asia, the United States of America (USA), and the European Union (EU); which are also the leading financial markets when it comes to digitalization and transformed business models ( Bajpai , 2019). In addition to a comprehensive literature research and a regulating frameworks analysis, the underlying research includes an inductive empirical investigation through the qualitative research method of explorative expert interviews according to Mayring (2000). The three-step research approach applied in this research is visualized in Figure 1.

Figure 1. Three-step research approach.

As the topic falls into the area of SCRM of banks and in particular examines Outsourcing regulation, these areas will firstly be accessed with the help of a systematic literature research. Therefore, books, journal articles, as well as reports of consulting companies are analysed.

The second research part will be an analysis and comparison of current regulatory frameworks and guidelines, in particular issued by the Monetary Authority of Singapore (MAS), representing Asia, the Federal Reserve System (FED) and the New York State Department of Financial Services (NYSDFS) in the USA, and the European Banking Authority (EBA) and the European Central Bank (ECB) in the EU. In addition to existing regulatory manuscripts, also standard setting guidelines by standard setting institutions are taken into account, where applicable, in order to validate the two hypotheses and analyse anomalies of standards being applied by banking regulating authorities.

Lastly, the third research method conducted is an empirical investigation through explorative interviews with subject matter experts. This is carried out by personal interviews, based on an interview guideline, with a small number of interviewees. As the research area is new and sufficient literature supporting the initially stated research question is not available an inductive qualitative research method is necessary, in order to work out recommendations for banks on how to be cost-efficient, while in the same time regulatory compliant and thereby answer the research question. Since this work focuses on the investigation of cost drivers and regulatory influences for a bank’s achievement of an efficient mix of cost efficiency and regulatory compliance, the qualitative method is applied. The investigation is concerned with finding causal mechanisms. Hence, the aim is not to derive correlations on the basis of statistical evaluations, which would be done within the framework of a quantitative survey ( Mayring , 2000).

In the end, recommendations for banks and regulatory authorities on how banks can achieve multi-regional regulatory compliance at cost-efficient levels, will be developed based on the outcome of the previous research.

Hence, the underlying hypotheses, which will be analysed in the further outline of this research paper, are provided in the following:

Hypothesis 1: Many regulatory frameworks and standards by internationally diverse standard setting authorities exist, which are not consistent, yet overlapping; leading to a lacking applicability, as well as a non-transparent and time-consuming banking regulation and SCRM for banks;

Hypothesis 2: Regulators apply standards of standard setting institutions to the SC activities of banks, in order to protect customers and economic markets.

In addition to that, the underlying research will provide answers to the following research question by formulating recommendations for banks, as well as regulatory authorities:

· How can banks achieve multi-regional regulatory compliance at efficient cost levels?

2. Literature Review

In order to conduct the literature research, the terms “SC”, “SC of banks”, “SCM”, “SCM of banks”, “SCRM”, “SCRM of banks”, “Outsourcing”, “Services Outsourcing”, “Outsourcing in banks”, and “Information Technology (IT)-Outsourcing”, have been reviewed using different scientific databases. There is a gap in research when it comes to SCRM for banks. The existing literature does provide a few useful definitions and applications of SCM, SCRM and Outsourcing in general. However, SCRM and especially Outsourcing applied to banks are not sufficiently covered yet. The information available becomes even more scarce when searching for the effects of increasing sourced digital products and services to the SC risk profile of a bank. An analysis of SC and Outsourcing risks management for banks related to new requirements due to digitalization is thereby an exceptional innovation in research.

2.1. Introduction to Supply Chain Risk Management of Banks

Generally spoken, risks have always been an important factor when it comes to SCs (Kessinger & McMorrow, 2011; Olson, 2014; Ho, Zheng, Yildiz, & Talluri, 2015). The importance of SCRM has increased in the past years and continues to be crucially important in a fast changing environment (Singhal, Argawal, & Mittal, 2011; Colicchia & Strozzi, 2012). These risks can range from natural disasters, environmental accidents, technology mishaps, recessions, and man-made crises to newly arising cyber-risks (Kessinger & McMorrow, 2011; Singhal et al., 2011). Therefore, it is important for any company, including banks, to not only focus on the core business, but extend the view to the whole SC. Even if a bank’s SC at the first glance might not seem to be as important as the customer interface, it covers a large part of a bank’s risks (Blome & Schoenherr, 2011). In the past, due to the reason that a bank is not dependent on direct materials for delivering its core products and services, it did not consist of large supplier networks overarching multiple tier suppliers (Neuberger, 1998). Nevertheless, due to the ongoing digitalization and an increasing need for external digital services, the number of suppliers also increases, and mutually the importance of the bank’s SC. Thereby, also the risks associated with it increase. This can be seen in Figure 2 based on the Supply Chain Operating Reference Model by the Supply Chain Council (2010).

Further support is provided by Figure 3, which underlines the increasingly complex supplier side of a bank. Regulation applies right at the interconnection

Figure 2. Supply Chain Risk Environment (source: own representation based on Olson, 2014; Supply Chain Council, 2010).

Figure 3. Supply Chain Network of Banks (source: own representation based on Supply Chain Council, 2010).

between a bank and a supplier and aims at accessing risks and performing classifications at this interconnection, in order to additionally protect customers and economic markets (Wieland et al., 2014).

Based on this understanding, the following types of risk refer to a bank’s SC according to the Supply Chain Council:

· Market Risk;

· Disaster Risk;

· Political/Country Risk;

· Regulatory Risk;

· Relationship Risk;

· Supplier Performance Risk;

· Operational Risk;

· Supply Chain Disruption Risk;

· Reputational Risk (Supply Chain Council, 2010; Kessinger & McMorrow, 2011; Chen, Sohal, & Prajogo, 2013).

In order to further classify these risks, an additional division into two risk clusters, internal and external SC risks, according to Olsen, can be followed and will be applied for the further outline of the research paper (Olson, 2014).Table 1 provides an exemplified overview of different risk types and its classification applied to a bank’s supply structure.

To a bank, not all of the mentioned risk factors are of the same importance, due to less direct supply dependencies (Neuberger, 1998). Summed up, if not managed effectively, the use of suppliers may expose banks to risks that can result in regulatory action, financial loss, litigation, and loss of reputation (Division of Banking Supervision and Regulation, Division of Consumer and Community Affairs, Board of Governors of the Federal Reserve System, 2013). Based on this classification, the underlying research will primarily focus on guidelines and standards of international regulation as part of Regulatory Risk of the external SC risk. In addition to that, the research is about the internal operational risk factor of regulatory compliance. Banks are strongly regulated in order to protect customers and economic markets (Wieland et al., 2014; Fried, 2017). Due to this, to be regulatory compliant is one of the main risk factors of a bank’s SC and can lead to immense capital add-ons for banks, if not managed appropriately (Lowell, 1992; Division of Banking Supervision and Regulation et al., 2013).

SCRM in the context of this research work can therefore be defined as:

The management of any type of risk related to the supplier’s environment that is able to disrupt the bank’s organizational environment. The underlying goal of SCRM is to remain cost-efficient, being able to further support the bank’s organisation and the customer, and being regulatory compliant to remain and further strengthen the bank’s market position.

2.2. Introduction to Outsourcing

According to Lacity and Hirschheim (1993), Outsourcing refers to companies

Table 1. External vs. Internal Supply Chain Risk (source: own representation based on Chen et al., 2013; Colicchia & Strozzi, 2012; Division of Banking Supervision and Regulation, Division of Consumer and Community Affairs, & Board of Governors of the Federal Reserve System, 2013; Olson, 2014; Singhal et al., 2011).

purchasing a good or service, which was previously or cannot be provided internally. Related to banks this definition could be limited to services, which could theoretically be delivered by the bank itself and are related to the banking business1 (Auerbach, 2015) and which did not have to be carried out by the bank itself in the past (European Banking Authority, 2019). Thereby, Outsourcing occurs when another company is entrusted with the performance of activities and processes linked to the execution of banking transactions, financial services, or other typical services that would otherwise be provided by the institution itself (Auerbach, 2015).

The primary reasons why companies in general perform Outsourcing are to gain cost advantages and higher market share, as well as flexibility and efficiency (Insinga & Werle, 2000; Tang, 2006; Zhao & She, 2012; European Banking Authority, 2018b). Therefore, an increasing tendency by all companies, including banks, to outsource activities can be observed on a global scale (Zhao & She, 2012). Outsourcing is profitable due to economies of scale on the supplier’s side that lead to a cost advantage for the Outsourcing institution (Chang, 2012). Besides cost-savings, Outsourcing also allows firms to access newer technologies and expert knowledge, as most companies face internal shortages when it comes to providing up-to-date technology in the fast-changing age of digitalization (Nyameboame & Haddud, 2017). Access to technology providers may enable companies thereby, to being able to constantly meet changing customer needs and adapt to new technology easily and fast (Insinga & Werle, 2000; Weigelt, 2009). Coupled with the trends in banking, as presented in the introduction of this research, quality and growth potential becomes an additional important decision factor for Outsourcing in banks. This increases the strategic importance of SCRM for banks due to the vertical disintegration of value chains, which is linked to the modularisation of banks (Insinga & Werle, 2000; Weigelt, 2009; Colicchia & Strozzi, 2012; Bartholmes, Heuermann, Elgeti, & Schmidt, 2018).

Outsourcing is understood as the most critical part of SCM for banks due to naturally limited supply dependencies (Neuberger, 1998), with the two most important categories shown in Figure 3. Therefore, the same risks occur as the baseline and it is applied as the underlying research focus within SCRM (Tang, 2006). Especially the increase in Outsourcing of Information Technology additionally bears increased cyber security risks, amongst other things (Fjermestad & Saitta, 2005; Babin & Saunderson, 2016). These require increased regulatory guidance with regard to Outsourcing, which will be implemented in regulatory frameworks and make regulatory compliance a huge risk factor (Wieland et al., 2014). Therefore, a definition for the further outline of the research is provided.

Summed up, the author defines Outsourcing as:

Outsourcing means the purchase of a banking business-related product or service, which could also be provided internally but is outsourced due to internal shortages or external efficiency increase. Generally speaking, Outsourcing activities are still increasing due to a higher importance of IT for banks, as well as increasing cost pressures. Hence, Outsourcing can provide both, access to new technologies, as well as a reduction of internal cost drivers.

To conclude, for this research, the risks of activities classified as Outsourcing, are the same as presented in Table 1, but are substantially higher, which justifies the analysis of Outsourcing related regulation in order to be able to give recommendations on SCRM for banks.

3. International Regulatory Approach

For time reasons, a sample of three regulatory environments is chosen for this research. Thereby, the author has taken into consideration to choose the three predominating financial markets (Gleissle, 2014; Bajpai, 2019) and take peer representors out of these. Moreover, these three are considered to be the most important determinants of international SCRM regulation, as further proven by the answers to the expert interviews, presented in chapter 4. For the modular market of Asia, the peer representor Singapore was chosen, as it is the prevailing regulatory system when it comes to opening up data interfaces and performing Outsourcing linked to IT services. Hence, the MAS is the pioneer for Outsourcing regulation, leading to the fact that even the Hong Kong Monetary Authority is highly oriented on the approach by the MAS (Creehan & Li, 2018; Hammond & Hung, 2018). As the People’s Republic of China (PRC), as a huge financial marketplace, only recently opened up its economy and financial market according to “The 13th Five-Year Plan for Economic and Social Development of the People’s Republic of China” (Central Committee of the Communist Party of China, 2015), the regulation in the prevailing regulatory environments is crucial to be understood and followed, as banks face an increased exposure to international banking regulation.

Yet, the divergent authorities chosen are the MAS in Singapore, the FED/NYSDFS in the USA, and the EBA/ECB in the EU.

The research has been conducted by taking into account the websites of the Monetary Authority of Singapore (MAS), the Federal Reserve Bank (FED), the New York State Department of Financial Services (NYSDFS), the European Banking Authority (EBA), the European Central Bank (ECB), and the German Federal Financial Supervisory Authority (BaFin), as well as the analysis of the following guidelines issued as per April 2019, which could be accessed through the internet:

· Final Report on EBA Guidelines on Outsourcing arrangements (EBA/GL/2019/02) (European Banking Authority, 2019);

· Draft Guidelines on Outsourcing arrangements by the EBA (EBA/CP/2018/11) (European Banking Authority, 2018b);

· Payment Service Directive 2 (EU 2015/2366/EU) by the European Commission, European Banking Authority (2015);

· MiFID/MiFID II Markets in Financial Instruments Directive (2014/65/EU) by the European Parliament and Council (2014);

· MaRisk by the BaFin (Bundesanstalt für Finanzdienstleistungsaufsicht, 2018);

· Guidance on Managing Outsourcing Risk by the FED (FED 13.19) (Division of Banking Supervision and Regulation et al., 2013);

· IT Examination Handbook: Outsourcing Technology Services by the Federal Financial Institutions Examination Council (FFIEC) (2004);

· Cyber Security Regulation by the NYSDFS (23 NYCRR 500) (New York State Department of Financial Services, 2017);

· Supply Chain Risk Management Practices for Federal Information Systems and Organizations by the National Institute of Standards and Technology (NIST) of the US Department of Commerce (National Institute of Standards and Technology, 2015);

· Guidelines on Outsourcing by the MAS (Monetary Authority of Singapore, 2016);

· Outsourcing by Banks and Merchant Banks—Consultation Paper by the MAS (Monetary Authority of Singapore, 2019);

· Technology Risk Management Guideline (TRMG) by the MAS (Monetary Authority of Singapore, 2013).

The results of the analysis are presented as a comparison of the distinctive approaches towards the topic SCRM, with a focus on Outsourcing. In order to do so the following comparison variables, which have been deductively derived from the analysis carried out, are taken into consideration:

1) Overview of regulatory/supervisory bodies in the area of SCRM;

2) Regulatory/supervisory system concerning the area of SCRM;

3) History of regulatory/supervisory system;

4) Guidelines issued in the area of SCRM and Outsourcing;

5) Application of guidelines in the field of Outsourcing;

6) Definitions of “Outsourcing” and “service provider”;

7) Existence of standards.

An overview of the results can be found in Table 2.

Table 2. Comparison of International Regulatory System based on SCRM (source: own representation based on Division of Banking Supervision and Regulation et al., 2013; Monetary Authority of Singapore, 2013; Gleissle, 2014; Monetary Authority of Singapore, 2016, 2017; Bartholmes et al., 2018; BBC, 2018; Creehan & Li, 2018; DFSNY, 2018; European Banking Authority, 2018a, 2018b; European Central Bank, 2018, 2019; Majaski, 2019; Sahni & Byrne, 2018; CIA, 2019; European Banking Authority, 2019; European Commission, 2019; Monetary Authority of Singapore, 2019).

Due to this comparison of the regulatory system’s approach in the field of SCRM based on Outsourcing, the two hypotheses can be partly verified for the

international regulatory landscape as a whole. Based on the underlying case of an internationally operating bank, it can for sure be said that many regulatory framework and standards by internationally diverse standard setting authorities exist. Also, the regulatory frameworks are not consistent, and overlapping, which can be verified already by the fact that there are multiple Outsourcing guidelines and additions internationally, which all address the same risks, yet are different in the definition, interpretation, choice of standards, and requirements. This may lead to a non-transparent and time-consuming SCRM for banks, as validated during the third research step in the next chapter by multiple experts. Therefore, the first hypothesis can only be partly verified at his point. The second hypothesis can be verified on an international level. Nevertheless, for the Singaporean regulatory environment individually, it needs to be rejected.

4. Set-Up and Findings of Expert Interviews

Besides a literature analysis and the regulatory systems comparison, the research conducted is qualitative research based on expert interviews (Bogner & Menz, 2002; Meuser & Nagel, 2009; Gläser & Laudel, 2010; Döring & Bortz, 2016; Lamnek & Krell, 2016). The interviews are intentionally carried out as step three of the three-step research approach chosen for this research, as the aim is to collect specific knowledge from subject matter experts that will provide sufficient information to work out recommendations for banks and regulatory authorities. Before an interview, the author has provided the expert with an introduction into the research area, as well as an interview guideline.

Based on this, a sample of eight experts has been chosen, who have been in contact with Outsourcing regulation. Due to the international regulatory approach, the author has chosen experts from different regulatory areas and fields of knowledge, in order to get a holistic picture of the challenges that banks face, while trying to achieve an efficient mix of cost efficiency and regulatory compliance. The distribution of the experts has been the following: six from eight experts have worked in internationally operating banks based in Singapore, in the USA and in the EU; one expert worked for a consultancy specialized in SCRM for Financial Institutions; one expert worked for a supervisory authority in one of the analysed regulatory systems. The evaluation has been conducted applying the maximum openness to bias.

The interviews have been conducted based on an interview guideline, due to the underlying nature of systematic expert interviews, using a semi-structured approach of questionnaire type of closed and open questions (Mayring, 2000). The questions for the interview have been derived primarily from the research question as well as from the hypotheses and the earlier conducted research.

4.1. Qualitative Content Analysis

The qualitative content analysis is being applied to the examination of material, which results out of any form of communication (Mayring, 2000). This type of content analysis is used for the extraction of information from the interview transcripts and is, during the whole analysis process, still open for further realisations. The following steps according to Meuser and Nagel (2009) have been performed, in order to evaluate the outcome of the interview, based on the research question:

1) Transcription;

2) Translation (if applicable);

3) Paraphrasing;

4) Coding;

5) Thematic comparison;

6) Sociologic conceptualism;

7) Theoretical generalisation.

Steps three to five have been conducted with the use of the software QCAmap2.

In the underlying research, a mixture of a deductive and an inductive approach to the content analysis of the interview transcript has been applied (Muskat et al., 2012). Firstly, categories have been deductively formulated based on the research question. Afterwards, they have been tested and inductively adjusted. Categories, which have been used, are: “internal cost characteristics”, “external cost characteristics”, and “challenges”. By being inverted, the categories referring to “cost characteristic” become categories for “value increasing characteristics”. The same is true for the category ‘challenges”, which inverts into “success factors”. These categories have been directly used to formulate recommendations for banks (“internal cost characteristics”; “challenges”), as well as for regulators (“external cost characteristics”; “challenges”), which will be presented in chapter 5.

Summed up, based on the research question, several variables have to be analysed, in order to be able to give recommendations for banks on how to be cost-efficient and regulatory compliant in an effective way, and in order to formulate recommendations for regulatory authorities. Firstly, the underlying cost characteristics of the current international regulatory environment, as well as the cost characteristics of the current internal management approach are extracted. From there on, value increasing characteristics can be derived, which will subsequently find their way into the recommendations, given in chapter 5. The last column then provides the derived value increasing characteristics, for both, the regulatory environment, as well as the internal management approach. An overview of how cost increasing characteristics have been assigned is provided in Table 3.

In order to being able to better understand the distribution of the above-mentioned variables, the following figures provide an overview of the percentage distribution. Taking the interview answers of all experts into consideration,

Table 3. Variable derivation of qualitative content analysis.

inappropriate represents the amount of different regulation for SCRM on an international scale for the underlying risk profile in this area. Unclear reflects the content of rules of different regulation which need to be followed or could be overruled by a higher authority. It is to a certain extend not clear to a bank, which rule to follow on an international scale. The variable divergent stands for diverse regulation in mostly every area a bank is operating in. This is stressed even by divergent regulation in Germany and on an EU level, which even already a German focused bank may need to follow. Lastly, the variable in transparent reflects the transparency of existing regulation and standards to follow. It refers to a big extend to additional standards that become important on an international level but are not necessarily issued from the regulatory/supervisory authority or from the same standard-setting institutions.

In Figure 4, it can be seen, that inappropriateness, unclarity, and divergence are the most prevailing cost drivers for banks towards the international regulatory environment, which make up 95% in total already. Nevertheless, the variable “in transparency” is also mentioned and a crucial variable of the first Hypothesis. Based on this, the most important value increasing factors are: firstly applicable, followed by understandable, and unified. Lastly, transparency also caters to value creation on the bank’s side.

According to Figure 5, the cost drivers resulting from the internal management approach of banks, the attributes decentral, and inadequate make up about three quarters, followed by complex, and atomistic.

Looking at all answers to the interview questions, decentral stands for an internal management approach, which is not centrally executed for managing

Figure 4. Cost characteristics related to internal management.

Figure 5. Cost characteristics of current international regulatory requirements.

supply chain risk regulation and therefore impedes communication and understanding. Following, inadequate represents the not suitable SCRM and regulation approach for every location to be covered by only securing regulatory compliance to a minimum extend locally. The variable complex stands for the internal set-up of international SCRM and banking regulation, which often consists of many processes and additional checks, which to a certain extent do not serve the purpose of securing customers and economic markets anymore. Lastly, the variable atomistic represents an approach of not having management measures in place to detect all necessary external regulatory requirements and changes that might happen early enough. Yet, the following value increasing factors are derived for the internal management approach of banks towards Outsourcing: central, adequate, simple, and holistic.

In a new coding round, applying the same method, challenges for banks have been analysed, and subsequently success factors derived. The two most prevailing success factors are shown below:

· Centralised SCRM approach (23.4%);

· Common understanding within the bank and with international locations (25.5%).

The percentage values indicate how many percent of all variables, the two variables account for. All other suggestions are highly diversified, so that they will not be taken into further account.

In addition to this, the importance of a collaboration between different partners has been evaluated based on the Likert Scale with 1 = unimportant to 5 = important. The importance of the collaboration between banks and associations such the European Banking Federation or the International Monetary Fund has given a mean importance of 4.3. This means that the interviewees consider the collaboration between banks and associations as important as 4.3, when adding all values given as an answer and dividing the result by the number of interviewees. Further, the importance of the intra-industry collaboration between a bank and other banks is evaluated a little higher by 4.5 using the same approach. The importance of the collaboration between banks and supervisory authorities is given a mean importance of 4.3. As the importance of collaboration between banks and advisory/consultancy institutions has only been given a mean value of 3.6, and the main focus of research relates to banks and regulatory authorities, it is not further betrayed in the following evaluation. The following Figure 6 provides an overview of all collaboration models.

Figure 6. Evalution of collaboration models for banks.

Moreover, the applicability and the manageability of international regulation is betrayed in detail. The interviewees from banks agree that the regulatory frameworks and standards are rather not easily applicable. Only the answers from experts working in a bank have been taken into account here, as these experts are actually applying the regulation on a regular basis. In total, this is true for six of the experts. Figure 7 provides an overview of the value distribution of all answers. It can be seen that the mean applicability is denoted with 40%. This is indicated by the cross. However, the median value, which is resistant to outliers is only 25%, indicated by the middle line of the boxplot diagram.

In addition to the applicability, also the value of manageability of international regulation for banks is betrayed separately, as it supports the applicability by

Figure 7. Value distribution of the applicability of international regulation for banks.

going one step further. The manageability is denoted with 0% amongst all participants from banks. Again, only the answers from experts working in banks have been taken into account based on the same reasoning as before. Figure 8 gives an overview of the answer distribution.

Figure 8. Measurement of the manageability of international regulation for banks.

Furthermore, the power distribution of SCRM regulation from different regulatory environments on a global scale is taken into the evaluation as well. The experts agree on the following order when it comes to the importance of regulations in the field of SCRM for international banks:

Singapore, USA and EU regulatory system.

These are followed by:

1) United Kingdom (UK);

2) HK;

3) PRC, which is supposed to catch up quickly.

These results need to be betrayed individually, as naturally each expert puts the regulatory system, he/she is in, on top. Due to the given distribution, a weighting mechanism is not suitable, so that Singapore, the USA, and the EU are considered to be on the same level. This further underlines the justification of the choice for regulatory systems for the comparison in chapter 3.

In addition, all participants have agreed that a more unified approach to SCRM on an international level would definitely be helpful for banks. Aligned with this, four experts have given “a more globally unified approach” as direct answer to what helped banks in order to be cost-efficient and internationally compliant.

4.2. Evaluation of Qualitative Content Analysis

Before the author gives recommendations for banks on how to achieve multi-regional regulatory compliance at cost-efficient levels, and thereby answers the research question in chapter 5, the outcome of the interview is transferred to the outcome after chapter 3 and the first hypothesis, as the second has already been fully verified after chapter 2 and 3 on an international level.

The cost increasing as well as value increasing characteristics, derived from the interviews, support a further verification of hypothesis 1, which has already been partly verified after the international regulatory approach. The author could already verify that:

· Many regulatory frameworks and standards by internationally diverse standard setting authorities exist, which are not consistent, yet overlapping, by analysing the international regulatory systems in the Singapore, the USA, and the EU.

The second part of the hypothesis refers to the causes for the SCRM management of banks, which are the following:

· (…) a lacking applicability as well as a non-transparent and time-consuming banking regulation and SCRM for banks.

The causes can be verified by the answers of the experts and a median applicability of only 25%, coupled with a mean manageability of 0% as well as by the identified cost variable of in transparency as presented in chapter 4.1.

In addition, it can be further validated that the regulatory requirements in Singapore, the USA, and the EU, are determining in an international approach, closely followed by the UK, HK and the PRC.

The research question will be finally answered in chapter 5, as it is directly linked to the recommendations for banks.

5. Recommendations and Outlook

Summed up, the two hypotheses could be completely verified for an international regulatory environment with different implications for the regulatory systems individually. All three regulatory systems analysed in this research taken together, divergent regulatory frameworks exist with distinctive differences in the definition of Outsourcing as well as the risk management approach. Additionally, diverse standards are taken into consideration by regulatory and supervisory authorities especially with regard to IT-Outsourcing in order to protect customers and economic markets. This has been proven to lead to a lacking applicability for banks, resulting in a non-transparent and time-consuming SCRM for banks. Hence, the answers to the research question are represented by the recommendations given below.

1) Internationally operating banks, with operations equally distributed amongst various countries, should go for a “one-size-fits-all” approach for their international SCRM. Thereby, they should orient on the strongest regulation in the countries operating in and apply this centralised and group-wide as the standard for all their Outsourcing arrangements.

2) Banks should further collaborate within their own industry, mainly with other banks, on even further centralised approaches on SCRM.

3) Banks and banking federations should collaborate more extensively with supervisory authorities (regulatory authorities, in case no distinction is made) on common solutions, in order to raise further synergies and strengthen the banking industry.

4) Regulatory authorities should discuss on an international level a valid framework for SCRM of banks in order to protect customers and economic markets, thereby agreeing on an internationally valid glossary.

5) Regulatory authorities should discuss on an international level the use of external standards to the SC activities of banks, such as IT security standards. They should further agree on a common understanding of which standards are mutually accepted.

6) Regulatory authorities should also include Asian regulatory environments in an international collaboration, as they are more and more aligned with the international approach, and the MAS already serves as a role-model in the Asian-Pacific Region.

5.1. Innovations

The following innovations have been reached by this research work:

1) The determining risk factor of regulatory compliance has been worked out and applied to an international regulatory environment, based on three regulatory systems;

2) A comparison of Asia’s (with a focus on Singapore), the USA’s, and the EU’s regulatory system, based on the approach to SCRM/Outsourcing, has been conducted and presented in Table 2. Thereby, divergent definitions and interpretations have been highlighted;

3) Recommendations for banks have been formulated, on how to be cost-efficient and regulatory compliant when operating in an international regulatory environment. In addition, recommendations for regulatory authorities have been given on how to improve international regulation in the field of SCRM for banks, in order to mutually strengthen the banking industry.

5.2. Limitations and Outlook

Due to the high complexity of the topic, the research also has some limits, which opens the possibility for further research in this area. They sum up to be:

1) Only generally valid recommendations have been formulated for banks, which do not go into detail. This is due to the reason that possibilities for internationally operating banks in general have been worked out. It would be recommended to perform a deeper analysis and a business case for specific banks taking into consideration international locations and the Outsourcing portfolio as well as an evaluation of the current Outsourcing management approach, as recommendation 1 is only applicable to truly international banks.

2) Only three regulatory systems have been included in the research. Nevertheless, banks are usually operating in more international locations, which have additional regulatory requirements, such as other countries in the Asian-Pacific Region, or national regulation within the EU. When evaluating the suitability of the outcome for a specific bank, these factors additionally have to be applied.

3) Also, further research should focus on the regulatory requirements of the UK, HK and the PRC, as these have been evaluated to be the next important determinants of international SCRM and yet might have an effect on the outcome of the underlying research.

4) The research question only covers the part of being multi-regionally regulatory compliant at effective cost levels in the underlying international regulatory environment. Further research could work out recommendations for banks, on how to be innovative and regulatory compliant in the underlying international regulatory environment, as the introduction to the topic already reveals disruptions and changes in the FS industries, which forces banks to be innovative.


1On the basis of Section 25a and 25b of the German Banking Act (KWG), which regulate the organisational duties of institutions with regard to internal risk management and Outsourcing, the Minimum Requirements for Risk Management (MaRisk) provide an integrated framework for the management of all material risks. Bundesanstalt für Finanzdienstleistungsaufsicht (2018).

2“QCAmap is an open access web application for systematic text analysis in scientific projects based on the techniques of qualitative content analysis” Letz (2019); Mayring (2000); Muskat, Blackman, & Muskat (2012).

Cite this paper: Seipp, V. , Michel, A. and Siegfried, P. (2020) Review of International Supply Chain Risk within Banking Regulations in Asia, US and EU Including Cost Efficiency Proposals. Journal of Financial Risk Management, 9, 229-251. doi: 10.4236/jfrm.2020.93013.

[1]   Alessandrini, P., Fratianni, M., & Zazzaro, A. (2009). The Changing Geography of Banking and Finance: The Main Issues. In A. Zazzaro, M. Fratianni, & P. Alessandrini (Eds.), The Changing Geography of Banking and Finance (pp. 1-11). Dordrecht: Springer.

[2]   Allchin, C., Austen, M., Fine, A., & Moynihan, T. (2016). Modular Financial Services: The New Shape of the Industry. publications/2016/jan/OliverWyman_ModularFS.pdf

[3]   Auerbach, D. (2015). MaRisk—Mindestanforderungen an das Risikomanagement. München: Beck.

[4]   Babin, R., & Saunderson, S. (2016). Governance of Outsourcing: Building a Better Relationship. Journal of Information Systems Applied Research, 9, 16-25.

[5]   Bajpai, P. (2019). The World’s Leading Financial Cities.

[6]   Bartholmes, N., Heuermann, K., Elgeti, C., & Schmidt, F. (2018). Outsourcing in der Finanzindustrie: Trends und Herausforderungen für Banken, Dienstleister und FinTechs.

[7]   BBC (2018). Singapore Country Profile.

[8]   Blome, C., & Schoenherr, T. (2011). Supply Chain Risk Management in Financial Crises: A Multiple Case-Study Approach. International Journal of Production Economics, 134, 43-57.

[9]   Bogner, A., & Menz, W. (2002). Das theoriegenerierende Experteninterview. In A. Bogner, B. Littig, & W. Menz (Eds.), Das Experteninterview (pp. 33-70). Wiesbaden: VS Verlag für Sozialwissenschaften.

[10]   Brainard, L. (2020). The Future of Retail Payments in the United States. Board of Governors of the Federal Reserve System.

[11]   Bundesanstalt für Finanzdienstleistungsaufsicht (2018). Mindestanforderungen an das Risikomanagement. management_node.html;jsessionid=B8772D0C753A61CE470603203BC8819F.2_cid361#doc 7852092bodyText1

[12]   Central Committee of the Communist Party of China (2015). The 13th Five Year Plan for Economic and Social Development of the People’s Republic of China 2016-2020 (pp. 141-151).

[13]   Chang, W. W. (2012). The Economics of Offshoring. Global Journal of Economics, 1, Article ID: 1250009.

[14]   Chen, J., Sohal, A. S., & Prajogo, D. I. (2013). Supply Chain Operational Risk Mitigation: A Collaborative Approach. International Journal of Production Research, 51, 2186-2199.

[15]   CIA (2019). The World Factbook: East Asia/Southeast Asia, Singapore.

[16]   Colicchia, C., & Strozzi, F. (2012). Supply Chain Risk Management: A New Methodology for a Systematic Literature Review. Supply Chain Management: An International Journal, 17, 403-418.

[17]   Creehan, S., & Li, C. (2018). Asia’s Open Banking Push. utm_content=buffer63a47&utm_medium=social& =buffer

[18]   DFSNY (2018). Department of Financial Services: The State of New York.

[19]   Division of Banking Supervision and Regulation, Division of Consumer and Community Affairs, Board of Governors of the Federal Reserve System (2013). Guidance on Managing Outsourcing Risk.

[20]   Döring, N., & Bortz, J. (2016). Forschungsmethoden und Evaluation in den Sozial-und Humanwissenschaften. Berlin: Springer.

[21]   Eceiza, J., Kristensen, I., Krivin, D., Samandari, H., & White, O. (2020). The Future of Operational Risk Management in Financial Services. management-in-financial-services

[22]   European Banking Authority (2018a). About Us: EBA at a Glance.;jsessionid=0D023C25758A4538E0E1FD495BCB5EDD

[23]   European Banking Authority (2018b). EBA Draft Guidelines on Outsourcing Arrangements Consultation Paper. 74d6-4caf-931e-29ba9e3be899/Consultation%20Paper%20on%20draft%20Guidelines%20on% 20outsourcing%20arrangements%20%28EBA-CP-2018-11%29.pdf?retry=1

[24]   European Banking Authority (2019). Final Report on EBA Guidelines on Outsourcing Arrangements. f5d7-4855-8ba3-702423665479/EBA%20revised%20Guidelines%20on%20outsourcing%20 arrangements.pdf

[25]   European Central Bank (2018). European System of Financial Supervision.

[26]   European Central Bank (2019). Single Supervisory Mechanism.

[27]   European Commission (2019). European System of Financial Supervision. and-risk-management/european-system-financial-supervision_en

[28]   European Commission, European Banking Authority (2015). Directive (EU) 2015/2366. Official Journal of the European Union, 58, 35-127.

[29]   European Parliament and Council (2014). Directive 2014/65/EU. Official Journal of the European Union, 57, 349-496.

[30]   Expert Group on Regulatory Obstacles to Financial Innovation (2019). 30 Recommendations on Regulation, Innovation and Finance: Final Report to the European Commission. documents/191113-report-expert-group-regulatory-obstacles-financial-innovation_en.pdf

[31]   Federal Financial Institutions Examination Council (FFIEC) (2004). Outsourcing Technology Services.

[32]   Fjermestad, J., & Saitta, J. A. (2005). A Strategic Management Framework for IT Outsourcing: A Review of the Literature and the Development of a Success Factors Model. Journal of Information Technology Case and Application Research, 7, 42-60.

[33]   Fried, N. (2017). Innovating in a Highly Regulated Industry like Health Care. Harvard Business Review.

[34]   Glöser, J., & Laudel, G. (2010). Experteninterviews und qualitative Inhaltsanalyse als Instrumente rekonstruierender Untersuchungen (4th ed.). Wiesbaden: VS Verlag für Sozialwissenschaften.

[35]   Gleissle, S. K. (2014). Comparing and Contrasting the US and German Banking System with Emphasis on the Financial Crisis in 2008 (p. 56). University Honors Program Theses.

[36]   Hammond, B., & Hung, C. (2018). Hong Kong. In P. Hsu, & R. Bahar (Eds.), Banking Regulation 2018 (5th ed., pp. 96-107). London: Global Legal Group.

[37]   Ho, W., Zheng, T., Yildiz, H., & Talluri, S. (2015). Supply Chain Risk Management: A Literature Review. International Journal of Production Research, 53, 5031-5069.

[38]   Insinga, R. C., & Werle, M. J. (2000). Linking Outsourcing to Business Strategy. The Academy of Management Executive (1993-2005), 14, 58-70.

[39]   Johnston, M. (2018). A Brief History of U.S. Banking Regulation. asp

[40]   Kessinger, C., & McMorrow, J. (2011). Supply Chain Risk Management: A Perspective from Practice. In P. Kouvelis (Ed.), The Handbook of Integrated Risk Management in Global Supply Chains (pp. 515-535). Hoboken, N.J.: Wiley.

[41]   Lacity, M. C., & Hirschheim, R. (1993). The Information Systems Outsourcing Bandwagon. MIT Sloan Management Review, 35, 73-86.

[42]   Lamnek, S., & Krell, C. (2016). Qualitative Sozialforschung: Mit Online-Materialien (6th ed.). Weinheim: Beltz.

[43]   Letz, F. (2019). Qualitative Content Analysis Programm [Computer Software]. Klagenfurt: Alpen-Adria University, Institute of Psychology and Center for Evaluation and Research Council.

[44]   Lowell, M. (1992). Managing Your Outsourcing Vendor in the Financial Services. Journal of Systems Management, 43, 23-36.

[45]   Majaski, C. (2019). European Banking Authority (EBA).

[46]   Mayring, P. (2000). Qualitative Content Analysis. Qualitative Social Research, 1, Art. 20.

[47]   Meuser, M., & Nagel, U. (2009). Das Experteninterview: Konzeptionelle Grundlagen und methodische Anlage. In S. Pickel, G. Pickel, H.-J. Lauth, & D. Jahn (Eds.), Methoden der vergleichenden Politik-und Sozialwissenschaft: Neue Entwicklungen und Anwend- ungen (pp. 465-479). Wiesbaden: VS Verlag für Sozialwissenschaften.

[48]   Monetary Authority of Singapore (2013). Technology Risk Management Guidelines. Supervisory-Framework/Risk-Management/TRM-Guidelines--21-June-2013.pdf

[49]   Monetary Authority of Singapore (2016). Guidelines on Outsourcing. Supervisory-Framework/Risk-Management/Outsourcing-Guidelines_Jul-2016.pdf?la=en&hash= DF8D56B486A629243279A30AC6FA6729F6836F7D

[50]   Monetary Authority of Singapore (2017). About Us.

[51]   Monetary Authority of Singapore (2019). Outsourcing by Banks and Merchant Banks Consultation Paper. Banks.pdf

[52]   Muskat, M., Blackman, D., & Muskat, B. (2012). Mixed Methods: Combining Expert Interviews, Cross-Impact Analysis and Scenario Development. The Electronic Journal of Business Research Methods, 10, 9-21.

[53]   National Institute of Standards and Technology (2015). Supply Chain Risk Management Practices for Federal Information Systems and Organizations.

[54]   Neuberger, D. (1998). Industrial Organization of Banking: A Review. International Journal of the Economics of Business, 5, 97-118.

[55]   New York State Department of Financial Services (NYSDFS) (2017). Cybersecurity Requirements for Financial Services Companies.

[56]   Nyameboame, J., & Haddud, A. (2017). Exploring the Impact of Outsourcing on Organizational Performance. Journal of Global Operations and Strategic Sourcing, 10, 362-387.

[57]   Olson, D. L. (2014). Supply Chain Risk Management (2nd ed.). New York: Business Expert Press.

[58]   Sahni, R. A., & Byrne, T. J. (2018). USA. In P. Hsu, & R. Bahar (Eds.), Banking Regulation 2018 (5th ed., p. 329). London: Global Legal Group.

[59]   Singhal, P., Argawal, G., & Mittal, M. L. (2011). Supply Chain Risk Management: Review, Classification and Future Research Directions. International Journal of Business Science and Applied Management, 6, 15-42.

[60]   Supply Chain Council (2010). Supply Chain Operations Reference Model SCOR: Supply Chain Risk Environment.

[61]   Tang, C. S. (2006). Perspectives in Supply Chain Risk Management. International Journal of Production Economics, 103, 451-488.

[62]   Weigelt, C. (2009). The Impact of Outsourcing New Technologies on Integrative Capabilities and Performance. Strategic Management Journal, 30, 595-616.

[63]   Wieland, J., Steinmeyer, R., & Grüninger, S. (2014). Handbuch Compliance-Management: Konzeptionelle Grundlagen, praktische Erfolgsfaktoren, globale Herausforderungen (2nd ed.). Berlin: Schmidt.

[64]   Zhao, R.-K., & She, J.-N. (2012). The Impact of Commercial Bank Service Outsourcing on Bank Performance. Journal of Shanghai University (Social Sciences Edition), No. 5, 8.