Malzahn Strategic - Minneapolis, MN skyline

Outsourcing HR in a Hybrid Work Environment - Part 1

Outsourcing HR in a Hybrid Work Environment

A recent topic our client base is asking about lately concerns outsourcing HR in a hybrid work environment. The question of “should we outsource HR”? may be discussed in your strategic planning sessions also. Community financial institutions should focus on what they do best—banking and banking products. However, institutions also need to focus on attracting, retaining, and developing top talent in a hybrid work environment and that requires an investment of time, systems, and resources. In Part I of this two-part blog, we’ll focus on what activities to outsource and why. We will then focus on what HR functions to keep in-house in Part II.

Even though the institution where I was Director of HR outsourced several of the administrative tasks to various vendors, I still spent considerable time managing the vendors and logging in to multiple sites. This is a common challenge for HR professionals in institutions across the nation. Instead, I should have spent time on the “people side” of HR. The answer? Centralized outsourcing! Notice it’s not only about simply outsourcing but to centralize it with one vendor that can do most or all the administrative tasks while keeping the people side of HR in-house. With COVID-19 and the global trend of allowing staff to work from home all or most of the time, outsourcing the administrative part of HR is making more and more sense.

Reasons to Outsource:

  • Your HR staff only has time to do the administrative tasks.
  • There is no time to develop a formal Talent Management Program.
  • You need to digitize and automate employee onboarding processes for both local and staff who may never make it to the office.
  • You want all HR documents in one central system.
  • Employees want electronic access to their personal information such as paystubs, W-2, health insurance information and setup/changes to dependents, timecards, etc.
  • Your institution wishes to automate applicant tracking to simplify the hiring process.
  • Your institution needs a Learning Management System (LMS) to expand the availability of learning tools to local and remote workers.
  • Your HR staff needs legal counsel on employee matters such as employment contract review, and legal counsel on terminations, etc.
  • Your HR staff logs into multiple vendor sites and systems are not integrated.

Below is a list of activities that your institution can outsource:

Payroll Processing: Most community banks and credit unions are already outsourcing this key function. However, the system they are using is not integrated to anything else which creates a challenge for HR staff.

Timekeeping Software: Most institutions transitioned to automated timekeeping software. However, we still hear about institutions that have an internal manual time tracking system or the timekeeping software does not talk to the payroll system.

Recruitment Process: Even though it is crucial for the institution staff to interview candidates, you can outsource and automate the recruitment “process.”

Performance Evaluation Process: Ideally, you can automate and streamline the performance review process to eliminate manual forms and store all employee records in one central repository system.

Workers’ Compensation Insurance: HR vendors typically can provide better rates for Workers’ Compensation Insurance so you may want to check that out too.

Onboarding: Once your new employees are officially hired, then the onboarding process begins. This process can be cumbersome for the new employees if it’s not automated and if they must complete forms manually, let alone if they are remote. It is best to outsource the complete administrative onboarding process and focus on welcoming them to the team.

Training Tracking: Many institutions still track employee training in spreadsheets which is time consuming and difficult to maintain. Instead, outsource this task and allow employees to enter their own training or ensure the system tracks automatically based on employee logon information.

Benefits and 401K Administration: Managing the enrollment process for the health insurance benefits and retirement plans is time consuming. Even though you may have a third-party provider, you still have to collect all the forms and submit them, conduct informational meetings, and send multiple reminders to employees to sign up by the deadline. You can automate and streamline this entire process by outsourcing to a vendor platform that integrates to the payroll, timekeeping, and onboarding platforms. Remember the goal is to have centralized outsourcing!

One great company that helps you with your outsourcing needs is AssetHR. We know them and hear excellent testimonials about their services. They become an extension of your HR department. Another company that helps centralize your 401K administration is Fringe Benefits Design. We also know them and they help you with the three key aspects of 401K management: 1) Investment Performance; 2) Service Provider Fees; and 3) Quality of Service.

We hope this provided you with ideas on what activities to outsource and why. We’ll discuss what functions to keep in-house and why in Part II of this two-part blog.

 

Some of the links on this page are affiliate links. This means if you click on the link and purchase an item or subscribe to a service, we will receive a small commission at no extra cost to you.

Synthetic Identity Fraud Risk Assessment

Synthetic Identity Fraud Risk Assessment

Synthetic Identity Fraud Risk Assessment is a key component of your Enterprise Risk Management risk assessment. Identity theft is not new. In fact, is as old as checks being stolen from a mailbox to apply for credit using the victim’s name or to make purchases using the checks. When conducting an Enterprise Risk Management Risk Assessment, ensure to include this new risk category that I call “Customer and Synthetic Identity Fraud.”

The Federal Reserve formally defines Synthetic Identity Fraud as the use of a combination of personally identifiable information (PII) (Off-site) to fabricate a person or entity in order to commit a dishonest act for personal or financial gain. There are two primary ways your institution could be dealing with Customer Risk:

  • Identity Theft: Someone stole another person’s identity.
  • Fraudulent Entities: A company is completely fraudulent and conducts business as if they were legitimate.

In the most common way of identity theft, your institution provides banking services such as depository accounts or loans to persons who stole someone else’s identity. They use the Personal Identifiable Information (PII) to open accounts and apply for loans.

Dealing with fraudulent entities is a different matter and they are harder to identify as such. They establish the entire scheme from beginning to end. They organize a company, hire real employees, create fictitious sales and produce Accounts Receivable records—including legitimate invoices. They even pay bills just like any other legitimate company—except it’s all fake. Some employees have no idea they are working for a fictitious organization until the Feds show up at their doors after years of investigation.

Protecting Your Institution from Synthetic Identity Fraud/Customer Risk

So, how does your institution protect itself from these two types of Customer Risk? Below are some questions you should include in your Risk Assessment when assessing “Customer Risk:”

  • What other risks are impacted when Customer Risk occurs in your institution? Typically, you may have reputational risk as well as earnings, regulatory, and legal risk.
  • What mitigating factors do you have in place? Mitigating factors can be your software solutions to automate the CIP processes.
  • Is your BSA Program strong and include robust CIP, KYC, OFAC checks, CDD, and EDD (see key below)? Your BSA Program must include all these elements.
  • Do you have an ongoing training program for your employees and how often do you train them? Without the appropriate and timely ongoing training your employees will miss important cues to identify and prevent fraud.
  • Do you offer training for your customers? Regulators are increasingly asking institutions to provide some type of identity theft training for your customers.
  • Are dual controls and segregation of duties in place for new deposit and loan accounts? For example, one employee opens the account, a second employee makes the deposit, and a third person reviews the core system’s Daily Activity Log?
  • Have you implemented a BSA Fraud Software to automate the process? Automation is the trend to avoid the intensive manual monitoring and reporting processes.
  • Are procedures in place to monitor kiting suspect activities and filing SARs and CTRs on potential AML activities?
  • Do you monitor daily overdrafts regardless of the amount, high risk customers, and mobile banking deposit activity?
  • Are monitoring systems in place to alert your employees of potential fraudulent transactions in your customers’ accounts?

As mentioned above, the Synthetic Identity Fraud Risk Assessment is a key component of your Enterprise Risk Management risk assessment. I hope these questions will help you complete a Customer/Synthetic Identity Fraud Risk Assessment. If you need help conducting this type of risk assessment, feel free to reach out to us.

Below is a key to all the acronyms used above for your reference:

  • BSA = Bank Secrecy Act
  • CIP = Customer Identification Program
  • OFAC = Office of Foreign Assets Control
  • AML = Anti-Money Laundering
  • KYC = Know Your Customer
  • CDD = Customer Due Diligence
  • EDD = Enhanced Due Diligence
  • SAR = Suspicious Activity Report
  • CTR = Currency Transaction Report

Books by Marcia Malzahn