The UK has around 5.4 million small and medium-sized enterprises (SMEs), just under half of the UK private sector, and these businesses are increasingly looking overseas to improve their prospects. At a time when Britain’s continued membership of the EU is in doubt, SMEs need to ensure they have considered all the challenges of ‘internationalisation’ in order to succeed.
Outsourcing is one of the simplest options for foreign expansion. The first steps beyond British boarders mean a number of unknowns. The political and socio-economic risks, in the long and short term, must be considered before an SME decides about their overseas venture. Once overseas, the standards, quality and performance of third parties are the next set of unknowns to address.
It is important to note that PRA and FCA expect the control and oversight of the overseas company to be the same as if the activity were performed internally at the UK regulated business. Companies must perform the due diligence which will determine the suitability of the brand and values of the overseas partner, ensuring the two are culturally aligned.
Small companies must also ensure that the right contracts and agreements are in place. Not only must these reflect the role, responsibility and obligation of each party, the SME at home must ensure that these agreements are properly articulated and understood – minimising the risk of being lost in translation. This should be supported by appropriate metrics to monitor and maintain quality and performance.
When going global, the SME must ensure the UK business has management oversight of their overseas partner and provide the guidance to ensure their output and behaviour is up to standard.
Appropriate supervision and oversight of overseas’ businesses are key elements of effective governance. Introducing (i) clear accountabilities and reporting lines; (ii) oversight structures through a defined committee hierarchy; (iii) a robust, forward looking risk management system; and (iv) relevant and reliable management information are the basics that must be in place.
Training of overseas employees is a must and SMEs at home should take the time to explain the governance and risk management processes and reiterate the values of the parent company. The frameworks that work best are those backed by a consistent message from those at the top.
SMEs should not assume that data breaches are exclusive to multinational organisations. For smaller firms, assuring data security that is likely to be shared between multiple servers is essential – a risk that is especially present when working with overseas partners. When choosing cloud or shared services, UK SME’s should ensure that these risks are firstly identified and then managed properly.
Off-the-shelf systems that provide basic IT structure to a company are used by more and more organisations. For example, an outsourced operation might use Microsoft 365, or email might be routed through a shared service on the cloud. So, even if an organisation is wary of these kinds of systems, they might already be using it via the overseas partner. Businesses need to be aware of the extent of their use and exposure to data security risks when using any shared system and perform robust due diligence of service providers where cloud technology is used. Other data security hygiene factors include ensuring encryption of emails where documents pass across servers with either sensitive financial or customer data.
Managing the physical distance is the first base to cover for UK SMEs setting up offices overseas. Face to face connection is key to ensure the culture and governance of the overseas operation is properly aligned to the SME’s expectations. Video conferencing facilities have improved in recent years but nothing beats being on the ground to fully understand a company and their employees.
Where managers travel less, clear accountabilities and frequent communication to support the overseas operation is essential. The parent SME needs to strike a fine line between rigorous oversights, to be fully informed about their partners’ activity abroad, and building trust, so that their partner adopts the parent culture voluntarily. Once there is trust between both parties, distance becomes far less relevant.
Get it right at the start
The best governance and risk management frameworks only work effectively with a consistent and appropriate culture supporting them.
Business leaders need to define their cultural expectations, setting the ‘tone from the top’ and ensure that their ‘people processes’ support this cultural aspect. From recruitment to remuneration to measuring performance, the SME in the UK must ensure these elements reflect the expectations of the overseas business.
With a shared standard and expectation between partners, the two sides are far better placed to trust each other and succeed.
By Ian Gardner, Partner of Internal Audit at Moore Stephens LLP